IEEE MASCOTS 2022
Gelenbe E, Nakip M.
Malicious network attacks are a serious source of concern, and machine learning techniques have been widely used to build Attack Detectors. In particular, network based attacks have been widely studied since attacks try to compromise systems as network packets that enter network ports. Attack Detectors are trained off-line with real attack data as well as with real non-attack data, and used online to monitor system entry points connected to networks, so that an alarm is raised when the arrival of attack traffic is detected. Many machine learning based Attack Detectors are typically trained to identify certain specific attacks, and the training of such algorithms to cover many different types of attacks may be excessively time consuming. G-Networks are queueing networks with product form solution, which were proven to be universal approximators of continuous and bounded functions. In this paper a specific instance of the “G-Network with triggers” is organized as a multilayer network, then trained with “normal” (non-attack) traffic from a well known DARPA attack traffic data repository. It is then shown to accurately detect several different attack types contained in the same DARPA traffic repository.