Detecting Stealth-based Attacks in Large Campus Networks

Abstract

Detecting and classifying new malicious network traffic is a high priority concern for cybersecurity practitioners. New stealth or zero-day attack can make companies go out of businesses in the digital transformation era. Despite the plethora of studies that have explored different machine-learning (ML) techniques to address this issue, the most popular used approach remains traditional ML with legacy datasets and small campus network. The difficulty in data collection considers the biggest impediment of using ML. This paper examines the possibility of exposing zero-day malicious network traffic in large campus networks based on cloud environments by presenting a lightweight framework. An experiment was devised for the analysis. However, before that, the characteristics of the network were examined based on the flow level. The framework showed an outperformed accuracy rate of 100% for a specific type of attack and 97.97% as a comprehensive detection mechanism.