G-Networks Can Detect Different Types of Cyberattacks

Abstract

Malicious network attacks are a serious source of concern and machine learning techniques are widely used to build Attack Detectors with off-line training with real attack and non-attack data and used online to monitor system entry points connected to networks. Many machine learning based Attack Detectors are typically trained to identify specific types attacks and the training of such algorithms to cover several types of attacks may be excessively time consuming. This paper shows that G-Networks which are queueing networks with product form solution and special customers such as negative customers and triggers can be trained just with non-attack traffic can accurately detect several different attack types. This is established with a special case of G-Networks with triggerred customer movement. A DARPA attack and non-attack traffic repository is used to train and test the the G-Network yielding comparable or clearly better accuracy than most known attack detection techniques.