Network Anomaly Detection Engine (NADE)

Abstract

IT environments are growing ever more distributed, complex, and difficult to manage whereas cyber-attacks are becoming more and more common. Attackers constantly look to exploit any gap in IT systems, applications, and hardware to compromise confidentiality, integrity, and availability of information. With rapidly increasing cyber-attacks, the old preventative, and defensive techniques of simply using firewalls, antivirus software and conventional IDS stand incapacitated to detect advanced network attacks. This accentuates the need to come up with an elaborate NextGen Network Anomaly Detection Engine which monitors the attack and threat landscape in real-time using advanced techniques. A Network Anomaly Detection Engine can detect advanced network attacks in real-time with the help of Machine Learning techniques. It would improve security visibility and actionability along with an in-depth analysis of incoming and outgoing traffic. NADE will use custom Zeek[1] scripts to extract useful features from network traffic that will include both attack and benign network data. Then NADE will use Machine Learning driven techniques to detect advanced threats which includes scanning, DoS attacks and other Network layer attacks. Moreover, our solution, the Network Anomaly Detection Engine (NADE) will provide a platform where all logs are gathered, and unusual behavior is detected.