A Machine Learning Approach to network Security Classification utilizing NetFlow Data

As an increasing amount of information is passed over physical and wireless networks, opportunities and attempts to steal that information are on the rise. The ever-growing volume of digital information has resulted in a corresponding increase in network traffic to accommodate information flow. This creates an opportunity for adversaries to monitor massive amount of network traffic and steal vital information many times being detected too late or not at all. All computer network traffic can be associated with a specific signature based on a given feature set within its metadata information. Establishing a baseline of normal secure network characteristics provides an observer the ability to determine any deviations from baseline operations and make an educated decision as to the relative security status of the network at any given time. These deviations from normalcy are considered anomalies and could identify unsecure practices within a network exposing significant vulnerabilities to potential malicious actors. The focus of this paper is to develop a machine learning approach to classify and analyze metadata within network traffic to determine the characteristics of a network and the level and degree of secure practices within.