Feature extraction and feature selection for classifying cyber traffic threats

Cyber networks frequently encounter amounts of network traffic too large to process real-time threat detection efficiently. This research examines combined classification and feature selection using the artificial neural network (ANN) for cyber network threat detection. Examined network traffic data was from the 2003–2007 and 2009 Department of Defense Cyber Defense Exercises (CDXs). Firstly, a feature extraction process is developed using Fullstats to extract 248 features from the CDX dataset. Security Onion is used to determine class labels (cyber attack and severity of attack). Various threat detection scenarios are considered in analyzing the data: threats versus no-threats, severity of threats (low, medium, and high) for known threats, and complete (no-threat, low, medium, and high). ANN signal-to-noise ratio feature selection was used to remove non-salient features and determine an appropriate level of dimensionality for classifying cyber attack and normal operating conditions. Considering the set o...