| dc.description.abstract | Malware refers to Computer Viruses, Worms, Trojans, Spyware, Malicious Ads, Browser Kidnappings, and Backdoor Programs. The Ransomware that have been most frequently heard in recent years and cause major harm. The main purpose of those malware outputs is nothing more than grabbing the potential commercial profit or the competitive advantages through distributing malicious programs to users′ devices or deceive the users to execute those destructive programs that lead to the system be destructed and kidnapped. Of course, companies with vast commercial data and cash flow will certainly be the primary targets of hacker attacks.
In recent years, besides the intrusions from the external malicious programs, the most serious threats to corporate information security are the infringement from the unlawful employees and intentional or unintentional information leaked caused by the vendors. These internal and external threats tend to greatly affect the corporate to lose their competitiveness and hard to prevent. However, most of the traditional security software that adopted in the company is only for the detection of malicious programs and the prevention of intruding actions and there is only a few software have abilities to monitor and track the users or systems behaviors within the corporate network.
In order to solve the problems mentioned above and save the cost of implementing professional information security systems, the research aims to use combinations of open source software to collect corporate internal network traffic data for network behavior statistics and analysis. The research will identify each operation from the collected data and use the most popular machine learning method, such as C4.5 Decision tree, Support Vector Machine, and Naive Bayes classifier to classify each operation and find out the abnormal network behavior (operations combinations) in the corporate internal network.
In this study, the operations will be divided into three categories: Warn, Critical, and Good. The operations that will be categorized as the “Warn” category are due to those operations that do not have sufficient characteristics to be classified as “Good” or “Critical” categories. Otherwise, the other operations will be classified as “Good” or “Critical” depends on the operation characteristics
In this study, the Decision Tree calculation leads to a high accuracy result. Using a single Decision Tree classification method could not really achieve the preset goal, but only figure out the major abnormal network behavior. In order to achieve the goal of establishing a true enterprise information security alert system, we still need more operation characteristics for doing the detailed operation classification and then finally enhance the accuracy of each operation classification. Meanwhile, we could also leverage more kinds of machine learning algorithms to complement the current decision model and identify more various types of ambiguous network behaviors (operations combinations) in the corporate internal network. | en_US |