Abstract

Malicious cyber-attacks over networks pose an extreme threat to national security. The ability to mitigate and prevent them from occurring can help ensure the safety of critical infrastructure. Many novel techniques have been created to help defeat these attacks such as intrusion detection system (IDS) and intrusion prevention system (IPS).In this research, we utilize a novel nonlinear phase space algorithm (NLPSA) and analyze whether it is effective in detecting network anomalies. Using packet data that are captured on monitored networks using traditional collection applications, we utilized features of NetFlow data created from PCAP files to train our NLPSA algorithm. Given a normalized and pre-processed time serial collection of benign (non-malicious) and event (malicious) data, we trained the NLPSA algorithm with an average of around 1200 NLPSA parameters for each of 20 NetFlow features. Our experiments using 30 malicious and 10 benign NetFlow data files successfully detected malicious network sequences with 100% true positive and true negative rates (detection distance = 0.0) using NetFlow features. Based on our empirical study of the CICDS-2018 data set, we conclude that NLPSA has great promise for future studies in detecting network intrusions based on real-time network flows.