Predictive Network Defense: Using Machine Learning Algorithms to Protect an Intranet from Cyberattack

Predictive Network Defense: Using Machine Learning Algorithms to Protect an Intranet from Cyberattack

Misha Voloshin (Mighty Data, Inc., USA)
DOI: 10.4018/978-1-5225-1759-7.ch039
OnDemand PDF Download:
No Current Special Offers


Maintaining electronic devices in today's networked world is not for the faint of heart. The modern network administrator is tasked not only with keeping machines running but also with standing a constant and unerring vigil against cyberattack. A skilled admin learns to identify telltale signs that the network is in trouble, and to quickly evict intruders, repair damage, and reinforce the network's fortifications. No software today can replicate a trained admin's experience and talent. However, just as viruses and rootkits grow progressively more sophisticated with each passing year (Parikka, 2007), so too do the tools to combat them. The information security industry provides admins with alert systems, dashboards, and traffic analysis tools to the tune of $100B per year and growing (Selma Institute of Technology, 2010). This chapter explores ways that algorithms from the fields of machine learning and predictive analytics can be added to this arsenal of the network administrator, helping digital defenders tip the scales of cybersecurity in their favor.
Chapter Preview

1. Training Firewalls To Filter Packets With Id3 Decision Trees

When it comes to protecting the network against external threats, the standard first line of defense is the network’s firewall (Stewart, 2010). This device guards the border between the network and the Internet, monitoring packets as they enter and leave and directing them according to programmable rules. Administrators typically spend countless hours configuring their firewalls, crafting highly specialized rule sets to allow or deny packets of specific types from specific sources. This section explores how to use a type of machine learning algorithm called a decision tree to help the admin automate part of this firewall configuration process.

Complete Chapter List

Search this Book: