@inproceedings{146e3c8532a044e686c3be0932ce8c12,
title = "Network traffic classification for security analysis",
abstract = "We used unsupervised machine learning to identify anomalous patterns of network traffic that suggest intrusion. Such techniques allow one to classify network traffic into clusters that emerge from the training data and do not require that signatures already be known. Data is from the National Collegiate Cybersecurity Defense Competition (NCCDC). All but the TCP connections were filtered out, and the features extracted from the remaining data included characteristics of individual connections as well as patterns across time within a sliding window. The learning technique was k-means, with k = 5 giving the most natural and revealing partition of the data. The results bore out the following two hypotheses consistent with the literature: (1) most network traffic is normal, only a certain percentage being malicious; (2) the traffic from an attack is statistically different from normal traffic.",
keywords = "Cyber security, Intrusion Detection, Machine Learning",
author = "Mark Boger and Tianyuan Liu and Jacqueline Ratliff and William Nick and Xiaohong Yuan and Albert Esterline",
note = "Publisher Copyright: {\textcopyright} 2016 IEEE.; SoutheastCon 2016 ; Conference date: 30-03-2016 Through 03-04-2016",
year = "2016",
month = jul,
day = "7",
doi = "10.1109/SECON.2016.7506668",
language = "English",
series = "Conference Proceedings - IEEE SOUTHEASTCON",
publisher = "Institute of Electrical and Electronics Engineers Inc.",
booktitle = "SoutheastCon 2016",
}