Exploring RNNs for analyzing Zeek HTTP data

Cyber vulnerabilities pose a threat across systems in the Department of Defense. Finding ways to analyze network traffic and detect malicious behavior on a network will help keep these systems safe. This poster looks at the data collection techniques, model creation, and results of building a recurrent neural network to classify incoming traffic as normal or malicious. Additionally, it considers how the information will be best portrayed on a GUI to network administrators. The model's initial accuracy is 83.45% when trained on 500,017 connections. With increased accuracy, this tool may be used by the Department of Defense to help defend its networks.
Security and privacy, Intrusion/anomaly detection and malware mitigation
Daniel Andrews, Jennifer Behn, Danielle Jaksha, Jinwon Seo, Madeleine Schneider, James Yoon, Suzanne J. Matthews, Rajeev Agrawal, and Alexander S. Mentis. 2019. Exploring RNNs for analyzing Zeek HTTP data. In Proceedings of the 6th Annual Symposium on Hot Topics in the Science of Security (HotSoS '19). Association for Computing Machinery, New York, NY, USA, Article 18, 1–2. https://doi.org/10.1145/3314058.3317291