Translator Disclaimer
Presentation + Paper
19 May 2017 Application of graph-based semi-supervised learning for development of cyber COP and network intrusion detection
Author Affiliations +
The United States increasingly relies on cyber-physical systems to conduct military and commercial operations. Attacks on these systems have increased dramatically around the globe. The attackers constantly change their methods, making state-of-the-art commercial and military intrusion detection systems ineffective. In this paper, we present a model to identify functional behavior of network devices from netflow traces. Our model includes two innovations. First, we define novel features for a host IP using detection of application graph patterns in IP’s host graph constructed from 5-min aggregated packet flows. Second, we present the first application, to the best of our knowledge, of Graph Semi-Supervised Learning (GSSL) to the space of IP behavior classification. Using a cyber-attack dataset collected from NetFlow packet traces, we show that GSSL trained with only 20% of the data achieves higher attack detection rates than Support Vector Machines (SVM) and Naïve Bayes (NB) classifiers trained with 80% of data points. We also show how to improve detection quality by filtering out web browsing data, and conclude with discussion of future research directions.
Conference Presentation
© (2017) COPYRIGHT Society of Photo-Optical Instrumentation Engineers (SPIE). Downloading of the abstract is permitted for personal use only.
Georgiy Levchuk, John Colonna-Romano, and Mohammed Eslami "Application of graph-based semi-supervised learning for development of cyber COP and network intrusion detection", Proc. SPIE 10206, Disruptive Technologies in Sensors and Sensor Systems, 102060D (19 May 2017);


Defense applications of disposable organic sensor networks
Proceedings of SPIE (November 30 2004)
Unified formalism for polarization optics: further developments
Proceedings of SPIE (September 14 1994)
Gain scheduled control of hysteretic systems
Proceedings of SPIE (March 30 2009)
Web LCCA an acquisition decision support tool for the...
Proceedings of SPIE (September 07 2001)
Reference And Description In Natural Language
Proceedings of SPIE (March 29 1988)

Back to Top