An Unsupervised Learning Approach for Network and System Analysis
Le, Duc Jr
MetadataShow full item record
This thesis investigates the capability of employing the SOM, an unsupervised learning technique as a network data analytics system. In doing so, the aim is to understand how far such an approach could be pushed to analyze the network traffic, and to detect malicious behaviours. To this end, three different unsupervised SOM training schemes for different data acquisition conditions are employed. The approach is tested against publicly available botnet and malicious web request data sets. The results show that SOMs possess high potential as a data analytics tool on unknown traffic, and unseen attack behaviours. They can identify the botnet and normal flows with high confidence approximately 99% of the time on the data sets employed in this thesis, which is comparative to that of popular supervised and unsupervised learning methods in the literature. Furthermore, it provides unique visualization capabilities for enabling a simple yet effective network data analytic system.