Improving Network Security by Applying Unsupervised Machine Learning Techniques

Abstract

        Computer networks are increasingly exposed to sophisticated and diverse attacks, threatening the security of data and services. The difficulty lies in detecting new and unknown attacks, especially with the increasing volume and size of network traffic. This research seeks to address this problem by developing a network event detection system based on unsupervised methods, which enables it to detect abnormal behavior patterns that may indicate the presence of an attack. This research aims to develop an innovative network event detection system using unsupervised learning techniques, It achieved 95% detection accuracy and reduced the false alarm rate by 30% compared to traditional systems. This method distinguishes itself from traditional event detection techniques in its ability to effectively detect new and previously unknown network behaviors. This is done by relying on unsupervised learning methods and analyzing bidirectional network flows. Comparing the performance of several algorithms within this method contributed to improving the detection accuracy. In addition, the method is designed to handle large amounts of data, making it suitable for real networks. The system relies on analyzing bidirectional network data flows (Biflow) to extract abnormal behaviour patterns that may indicate the presence of security threats. Unsupervised clustering algorithms, such as k-means, x-means, and self-organizing Kohonen neural networks, are used to achieve this goal.