AI-Powered Threat Detection

AI-Powered Threat Detection

연구 분야: Safety

학회: International Conference on Big Data Analytics

As the volume and complexity of network traffic continue to grow, traditional threat detection methods often struggle to monitor vast amounts of data, making real-time identification of attacks a challenging task. Modern intrusion detection and prevention tools generate rich and detailed event data enabling effective monitoring and analysis of network activity. However, distinguishing between normal and malicious alarms can be complex and time-consuming for security analysts. This paper will focus on leveraging AI techniques to enhance the capabilities of threat detection systems, using Suricata as a primary tool for generating detailed network event data. We will discuss data preprocessing and feature extraction techniques necessary to convert Suricata’s EVE JSON data into formats suitable for training models. We will delve into feeding transformed data into various supervised and unsupervised learning models, evaluating and comparing their performance for classification and predictive analytics. Additionally, the paper will explore how this approach helps to improve overall network security posture by identifying patterns, detecting abnormal behaviors, reducing false positives, and enhancing response time. We will also discuss future trends and developments for AI in threat detection.