Learn what machine learning is. Jungwoo goes over basic machine learning concepts and steps in the context of network security.
- [Instructor] Machine learning is a technique that allows a computer to make a decision on behalf of human operators. When given a data set, it uses statistics and pattern matching to arrive at a conclusion. In the context of detecting a network anomaly, such as an intrusion attempt, a machine learning algorithm can zip through numerous network events logged by various sources and identify an unusual activity that can lead to a security breach. To implement the machine learning solution, it is necessary to have a relevant data set, machine learning algorithm, and a computing platform.
For the purpose of intrusion detection, it is sufficient to have network event logs capturing the details of packets that are either coming into or going out of the network of interest. Machine learning algorithm uses multiple features of the data set and builds a learning model that enables eventual decision making. In our example of intrusion detection, the features include when each packet was captured, the source and destination IP address, and port number of the packet, etc.
These features should be carefully selected to improve the accuracy of the outcome of the decision making process. To teach the machine learning algorithm how to intercept the data according to their features a training data is necessary. For example, based on the historical data, let's say that a security attack is more probable when it occurs between 2 to 4 AM. This is then factored into the machine learning algorithm to classify the affected packets as being potentially malicious.
Once the training phase is over, the machine learning algorithm is ready to process the data it has never seen which is called test data. In our example, the machine learning algorithm uses the time period of 2 to 4 AM as one of its factors when processing the test data and making a decision on whether an event is an intrusion attempt or not. The power of machine learning lies in its ability to process this test data and reach a decision. In intrusion detection, this means the machine learning algorithm can independently make a decision on what network event is malicious solely based on the test data once it's trained.
- Network security concepts
- The basic functions of a firewall
- Intrusion detection and prevention systems
- Using network data to improve security
- Using log servers to collect data
- Collecting application data
- Collecting OS data
- Network forensics
- Network security visualization