Stand H7

About the Project

The project makes use of Machine Learning to teach AI models how to predict cyber attacks in real time. Two ensembles (or groups) of AI models are used together to predict on incoming network traffic. The first is used to determine if the network traffic is an attack or not, while the second is used to determine the specific attack. If the second ensemble is not certain about the specific attack, the attack is seen as an unknown or new attack. Both the incoming and outgoing network traffic is grouped together into flows based on their source and destination IPs and ports, as well as the protocol used. The AI models make their predictions on the flows of network packets, and not single packets. The flows are constantly monitored while collecting packets, and once it is inactive or reach a set limit it is sent to the models for their predictions. The ensembles consist of a Decision Tree and a Random Forest. The ensemble's final prediction is determined by applying weights based on the models stand-alone performance to their predictions. Any AI model trained on a subset of the features used for the training can be added to the ensemble. All the features used in training the models are present in the packets' headers. Finally, network traffic that are predicted as attacks are stored in a database along with the related information about the ensemble's predictions for future analysis.