Anticipated Network Surveillance -- An extrapolated study to predict cyber-attacks using Machine Learning and Data Analytics
Aviral Srivastava, Dhyan Thakkar, Sharda Valiveti, Pooja Shah, Gaurang Raval
TL;DR
This paper investigates predicting network attacks by leveraging ML and data mining on continuous real-time network data. It proposes a threat-intelligence architecture with four phases: data preprocessing, model selection, feature extraction, and event-space-based attack prediction, then evaluates on UNSW-NB15 and CICIDS-17 datasets; XGBoost variants deliver best accuracy and fast training. The authors address class imbalance through resampling and demonstrate how principal feature extraction yields a reduced, more generalizable feature set. They produce a probabilistic forecast of attack classes by constructing a domain of possible events and computing their distributions, enabling proactive network hardening. The work advances practical intrusion forecasting and outlines future work on real-time deployment and explainable attack-path reasoning.
Abstract
Machine learning and data mining techniques are utiized for enhancement of the security of any network. Researchers used machine learning for pattern detection, anomaly detection, dynamic policy setting, etc. The methods allow the program to learn from data and make decisions without human intervention, consuming a huge training period and computation power. This paper discusses a novel technique to predict an upcoming attack in a network based on several data parameters. The dataset is continuous in real-time implementation. The proposed model comprises dataset pre-processing, and training, followed by the testing phase. Based on the results of the testing phase, the best model is selected using which, event class which may lead to an attack is extracted. The event statistics are used for attack