Using Semi-Supervised Learning of Exploits and Exploit Kits (SLEEK) for Flow-Based Network Intrusion Detection.
- Speaker: Dr. Nandi Leslie
- US Army Research Lab
- Date: Friday, March 1, 2019
- Time: 1:00pm - 2:00pm
- Location: Room T3 (NVC)
In a distributed and semi-autonomous environment, network breaches must be detected prior to reaching the highly-valued targets or networked devices-this requires proactive adversarial modeling that is behavior or anomaly-based and capable of operating in a high-speed network environment. Using an intelligent agent architecture and machine learning, I propose a network intrusion detection system (NIDS) that is flow-based to produce alerts on malicious and/or anomalous traffic. With this proposed semi-supervised learning approach, I detect botnet traffic and distinguish it from the normal and background network traffic in the network session or flow datasets (i.e., NetFlow files). I evaluate the prediction performance and computational resource utilization results for the flow-based NIDS algorithms and compare these results with signaturebased NIDS that are reactive by design. With this approach, I show an improvement in detection accuracy and NIDS efficiency when compared with traditional signature-based NIDS and other probabilistic modeling approaches examined on these network traffic datasets. In addition, the model improvements reduce the burden on the human analysts to sift through NIDS alerts that are often riddled with false alarms.
Dr. Nandi Leslie is a Senior Principal Cyber Engineer at Raytheon, serving as an Applied Mathematician and contractor at the ARL. Since 2015, Dr. Leslie has supported the ARL as a researcher and Principal Investigator on projects related to machine learning and cyber and electromagnetic activities for the NSB. Her current research interests are machine learning, network resilience, anomaly-based intrusion detection, and security and privacy. Before joining ARL and Raytheon, Dr. Leslie served as a Senior Operations Research Analyst and Program Manager on submarine force security projects for the U.S. Navy at Systems Planning and Analysis, Inc. from 2007 to 2015. In addition, she spent two years as a Lecturer and Postdoctoral Researcher at the University of Maryland, College Park in Department of Mathematics from 2005 to 2007, where her research focused on dynamical systems and complex systems. In 2005, she received the National Science Foundation, Vertical Integration of Research and Education in the Mathematical Sciences Award to support her postdoctoral research. She earned her Ph.D. in Applied and Computational Mathematics from Princeton University in 2005, where her research on developing and analyzing spatially-explicit stochastic models of deforestation in the forest ecosystems was awarded the Ford Foundation Predoctoral Fellowship and Burrough's Wellcome Fund Awards. She received her B.S. in Mathematics from Howard University in 1999.