IT infrastructures around the world are targeted by malicious entities that want to steal data or compromise services. Protection measures for complex computer networks are expensive to deploy and maintain, and often do not offer protection against zero-day exploits. In-depth analysis of incoming and outgoing traffic can be problematic from legal and technical perspectives. The current work explores the possibility of implementing reliable security measures using machine learning algorithms to perform traffic classification. The new framework is mapped on existing parallel hardware and aims to provide a versatile solution for the detection of anomalous behaviour in network traffic through k-means clustering and without performing deep packet inspection. Trace analysis metadata is obtained by exploiting the features available in the pcapng file format. K-means clustering is implemented using multiple parallel APIs and a comparative analysis is presented together with performance considerations.
scite is a Brooklyn-based organization that helps researchers better discover and understand research articles through Smart Citations–citations that display the context of the citation and describe whether the article provides supporting or contrasting evidence. scite is used by students and researchers from around the world and is funded in part by the National Science Foundation and the National Institute on Drug Abuse of the National Institutes of Health.