| CPC H04L 63/1425 (2013.01) [G06N 20/00 (2019.01)] | 15 Claims |
|
1. A method for detecting a cyberattack on a network being monitored comprising the steps of:
providing a training set of packet capture data with each data element labeled as cyberattack data or as normal data, each data element further having a plurality of metrics associated therewith;
identifying metrics associated with packet capture data elements that are indicative of either cyberattack data or normal data;
computing statistical measures based on the identified metrics in the training set of packet capture data that relate to either cyberattack data or normal data wherein computing statistical measures comprises computing a distribution of the identified metrics;
determining if linearization is necessary based on the computed statistical measures wherein determining if linearization is necessary comprises determining if the computed distribution is Gaussian and determining that linearization is necessary if the computed distribution is not Gaussian;
linearizing the identified metrics in the training set of packet capture data to obtain linearized training data;
training a machine learning network utilizing the linearized training data to classify packet capture data as either cyberattack data or normal data;
intercepting real packet capture data from the network being monitored, said intercepted real packet capture data having real metrics for the same parameters as the identified metrics;
linearizing the real metrics from the intercepted real packet capture data to obtain linearized real data;
utilizing the trained machine learning network to identify normal data and cyberattack data from the linearized real data; and
alerting a user if the trained machine learning network identifies cyberattack data in the linearized real data.
|