Supporting features for flow-level packet analysis towards subversive cyber threat detection: A pilot study

Supporting features for flow-level packet analysis towards subversive cyber threat detection: A pilot study

Author by Dr. Emmanuel C. Ogu

Journal/Publisher: International Journal Of Information And Computer Security (ijics)

Volume/Edition: 15

Language: English

Pages: 1 - 12

Abstract

Thousands of new threats and threat categories continue to emerge every second in cyberspace, even as known threats keep adapting robustly to existing solutions. This has challenged modern approaches and solutions to threat detection and potentially rendered some of these obsolete even before they are able to find applicability. Much contemporary cyber / network threat detection solutions rely largely on flow-level packet analysis, by monitoring trends and patterns of activity in supporting flow features of interest. However, while this has been the case, little attention has been paid to whether or not such supporting flow features still present an effective means of reaching accurate conclusions regarding imminent or occurrent cyber threat incidents, especially in the face of a rapidly evolving and adapting 21st century cyber threat landscape. This research is therefore a necessary pilot study to a larger research that aims to develop a state-of-the-art detection solution against a newly uncovered category of cyber threats known as subversive cyber threats. The goal of this pilot study being to reinvestigate four of the more commonly used supporting flow features in modern threat detection solutions, viz. Flow Packet Count, Flow Packet Throughput (bytes/s), Flow Packet Throughput (packets/s), and Average Flow Packet Size (bytes), in trying to ascertain / verify their continued relevance in the development of new cyber threat detection solutions. The study adopts the methodology of data simulation with descriptive infographic analysis using the recent UNSW-NB15 cybersecurity dataset.


Other Co-Authors