SECURE RULE MATCHING OF SIGNATURES IN DATA TRAFFIC WITH MACHINE LEARNING APPROACHES

Abstract

Due to its enormous capabilities, machine learning has been applied to various disciplines since its emergence. Cybersecurity is no exception in this regard. However, the effectiveness of machine learning classifiers comes at a cost. Although these classifiers’ complexity is the reason they are accurate, it is also the reason for their relative slowness. In this thesis, we try to propose a method that can be used to generate a Snort-like signature from a trained classifier. By doing this, we can get a signature (or usually multiple ones) that approximates the classifier and helps us do the filtering more efficiently. Apart from efficiency, this method can help us gain some insight into the inner-workings of the classifier. After deriving the signatures from the classifier, we have to have an environment to evaluate our signatures. This environment should be able to simulate a real-life scenario to make the evaluation as veracious as possible. For this evaluation, we have also proposed multiple methods that can be used for signature evaluation without divulging any confidential information inside the signature. These methods are then compared to see, which is the most suitable in different circumstances.