Suspicious Network Event Recognition Leveraging on Machine Learning

Network log events produced by network probes are used by security analyzers to detect traffic anomalies and threats. While it is relatively trivial for a probe to mark specific events as suspicious, it is much more challenging for log analyzers to create a comprehensive picture of the overall network. Machine learning can potentially help in this, however there is no specific solution for analyzing network event logs. This paper covers the experiments and design choices that have been made to create a machine learning-based tool able to analyze network event logs. The tool has been evaluated in the Suspicious Network Event Recognition Cup at IEEE BigData 2019, achieving an AUC (Area Under the Curve) of over 90%, making it accurate enough for deployment in real life scenarios.