Detecting and Permitting Legitimate Traffic from IPs with Malicious Reputation رسالة ماجستير

Abstract

In the current digital environment, detecting malicious activities within network traffic has become paramount for ensuring cybersecurity. This thesis introduced the Normal Traffic Detection (NTD) model, which differentiates between normal and abnormal IP address traffic. Drawing upon the collaborative strengths of Support Vector Machines (SVM), Sequential Artificial Neural Networks (ANN), and Decision Trees, it stands for Network Traffic as a beacon of innovation in anomaly detection. The methodology of the NTD model lies in its sophisticated approach to analyzing incoming traffic data. Initial scrutiny involves capturing and analyzing the nuances of the traffic, with particular emphasis on behavior. This data is scrutinized meticulously against an Anomaly Behavior Database (ABD), a repository teeming with previously identified aberrations in network behavior. Any matches with entries within the ABD are promptly flagged as malicious, warranting further investigation. However, not all traffic bears the hallmark of known anomalies. For those instances that evade identification within the ABD, NTD embarks on a journey of sequential classification. The traffic is subjected to the discerning scrutiny of SVM, Decision Trees, and ANN, each algorithm meticulously parsing through the data in pursuit of anomalous patterns. Upon detection of malicious intent, the traffic is promptly logged into the ABD, enriching its repository with newfound insights. The efficacy of NTD transcends mere theoretical conjecture; empirical validation using real-world cybersecurity datasets serves as a litmus test for its prowess. Comparative analyses against traditional single-algorithm methods reveal a resounding victory for NTD, boasting superior metrics. Whether measured by the F1 score, precision, or recall, NTD emerges as the undisputed champion, heralding a new era in network traffic anomaly detection. Beyond its immediate applications in cybersecurity, NTD's implications extend far and wide. Its robust performance underscores its potential to fortify defenses across various domains, from financial institutions safeguarding sensitive transactions to governmental agencies protecting critical infrastructure. The ripple effects of NTD's deployment resonate throughout the digital ecosystem, engendering a newfound sense of confidence in the face of ever evolving cyber threat