Automated Big Traffic Analytics for Cyber Security
This work addresses the problem of handling big traffic data for cyber security applications like intrusion detection, but it is incremental as it reviews and builds on existing techniques.
The paper tackles the challenges of automated big traffic analytics for cyber security, reviewing state-of-the-art techniques to address volume, variety, and velocity issues, with promising results using statistical features, unknown discovery, and correlation analytics.
Network traffic analytics technology is a cornerstone for cyber security systems. We demonstrate its use through three popular and contemporary cyber security applications in intrusion detection, malware analysis and botnet detection. However, automated traffic analytics faces the challenges raised by big traffic data. In terms of big data's three characteristics --- volume, variety and velocity, we review three state of the art techniques to mitigate the key challenges including real-time traffic classification, unknown traffic classification, and efficiency of classifiers. The new techniques using statistical features, unknown discovery and correlation analytics show promising potentials to deal with big traffic data. Readers are encouraged to devote to improving the performance and practicability of automatic traffic analytic in cyber security.