Cyber security risk analysis framework : network traffic anomaly detection

Moe, Lwin P

Author(s)

Moe, Lwin P

DownloadFull printable version (15.01Mb)

Other Contributors

Massachusetts Institute of Technology. Integrated Design and Management Program.

Advisor

Abel Sanchez.

Terms of use

MIT theses are protected by copyright. They may be viewed, downloaded, or printed from this source but further reproduction or distribution in any format is prohibited without written permission. http://dspace.mit.edu/handle/1721.1/7582

Metadata

Show full item record

Abstract

Cybersecurity is a growing research area with direct commercial impact to organizations and companies in every industry. With all other technological advancements in the Internet of Things (IoT), mobile devices, cloud computing, 5G network, and artificial intelligence, the need for cybersecurity is more critical than ever before. These technologies drive the need for tighter cybersecurity implementations, while at the same time act as enablers to provide more advanced security solutions. This paper will discuss a framework that can predict cybersecurity risk by identifying normal network behavior and detect network traffic anomalies. Our research focuses on the analysis of the historical network traffic data to identify network usage trends and security vulnerabilities. Specifically, this thesis will focus on multiple components of the data analytics platform. It explores the big data platform architecture, and data ingestion, analysis, and engineering processes. The experiments were conducted utilizing various time series algorithms (Seasonal ETS, Seasonal ARIMA, TBATS, Double-Seasonal Holt-Winters, and Ensemble methods) and Long Short-Term Memory Recurrent Neural Network algorithm. Upon creating the baselines and forecasting network traffic trends, the anomaly detection algorithm was implemented using specific thresholds to detect network traffic trends that show significant variation from the baseline. Lastly, the network traffic data was analyzed and forecasted in various dimensions: total volume, source vs. destination volume, protocol, port, machine, geography, and network structure and pattern. The experiments were conducted with multiple approaches to get more insights into the network patterns and traffic trends to detect anomalies.

Description

Thesis: S.M. in Engineering and Management, Massachusetts Institute of Technology, System Design and Management Program, 2018.

Cataloged from PDF version of thesis.

Includes bibliographical references (pages 84-86).

Date issued

2018

URI

http://hdl.handle.net/1721.1/118536

Department

Massachusetts Institute of Technology. Engineering and Management Program; Massachusetts Institute of Technology. Integrated Design and Management Program.

Publisher

Massachusetts Institute of Technology

Keywords

Engineering and Management Program., Integrated Design and Management Program.

Collections

Graduate Theses