Title | An Ensemble Approach for Suspicious Traffic Detection from High Recall Network Alerts |
Publication Type | Conference Paper |
Year of Publication | 2019 |
Authors | Sattar, Naw Safrin, Arifuzzaman, Shaikh, Zibran, Minhaz F., Sakib, Md Mohiuddin |
Conference Name | {2019 IEEE International Conference on Big Data (Big Data |
Keywords | feature extraction, Forestry, graph mining, Kernel, machine learning, Metrics, predictive security metrics, pubcrawl, search engines, security, Support vector machines, Training, web spam, webgraphs |
Abstract | Web services from large-scale systems are prevalent all over the world. However, these systems are naturally vulnerable and incline to be intruded by adversaries for illegal benefits. To detect anomalous events, previous works focus on inspecting raw system logs by identifying the outliers in workflows or relying on machine learning methods. Though those works successfully identify the anomalies, their models use large training set and process whole system logs. To reduce the quantity of logs that need to be processed, high recall suspicious network alert systems can be applied to preprocess system logs. Only the logs that trigger alerts are retrieved for further usage. Due to the universally usage of network traffic alerts among Security Operations Center, anomalies detection problems could be transformed to classify truly suspicious network traffic alerts from false alerts.In this work, we propose an ensemble model to distinguish truly suspicious alerts from false alerts. Our model consists of two sub-models with different feature extraction strategies to ensure the diversity and generalization. We use decision tree based boosters and deep neural networks to build ensemble models for classification. Finally, we evaluate our approach on suspicious network alerts dataset provided by 2019 IEEE BigData Cup: Suspicious Network Event Recognition. Under the metric of AUC scores, our model achieves 0.9068 on the whole testing set. |
DOI | 10.1109/BigData47090.2019.9005988 |
Citation Key | sattar_detecting_2019 |