2021 IEEE International Conference on Cyber Security and Resilience

Full Program

Summary:

The generalization of deep learning has helped us, in the past, address challenges such as malware identification and anomaly detection in the network security domain. However, as often as it is, in the case of IoT devices, there is a scarcity of memory and processing power to discern anomalies from normal traffic accurately. In this research, we find an easy way out of this bottleneck by minimizing the need for feature engineering and subsequent processing by using the packet’s raw bytes as input data. In this study, we introduce a feature-engineering-less machine learning process to perform anomaly detection. It uses the unprocessed byte streams of packets as training data. Feature-less engineering enables a low cost and low memory time-series analysis of network traffic with the added benefit of eliminating the significant investment of subject matter expert time required for feature engineering.

Author(s):

Arshiya Khan    
University of Delaware
United States

Arshiya Khan is currently pursuing her Ph.D. in Electrical and Computer Engineering (Cybersecurity) at University of Delaware, Newark, DE, USA. Her areas of interest include network security, artificial general intelligence and fair machine learning. She wrote her M.S. thesis on feature taxonomy of network traffic for machine learning algorithms.

Chase Cotton    
University of Delaware
United States

Over the past 35 years, Chase Cotton (Ph.D. EE, UD, 1984; BS ME, UT Austin, 1975, CISSP) has held a variety of research, development, and engineering roles, mostly in telecommunications. In both the corporate and academic worlds, he has been involved in computer, communications, and security research in roles including communication carrier executive, product manager, consultant, and educator for the technologies used in Internet and data services.

Beginning in the mid-1980's Dr. Cotton's communications research in Bellcore's Applied Research Area involved creating new algorithms and methods in bridging, multicast, many forms of packet-based applications including voice & video, traffic monitoring, transport protocols, custom VLSI for communications (protocol engines and Content Addressable Memories), and Gigabit networking.

In the mid-1990s, as the commercial Internet began to blossom, he transitioned to assist carriers worldwide as they started their Internet businesses, including Internet Service Providers (ISPs), hosting and web services, and the first large scale commercial deployment of Digital Subscriber Line (DSL) for consumer broadband services. In 2000, Dr. Cotton assumed research, planning, and engineering for Sprint's global Tier 1 Internet provider, SprintLink, expanding and evolving the network significantly during his 8-year tenure. At Sprint, his activities include leading a team that enabled infrastructure for the first large-scale collection and analysis of Tier 1 backbone traffic and twice set the Internet 2 Land Speed World Record on a commercial production network.

Since 2008, Dr. Cotton has been at the University of Delaware in the Department of Electrical and Computer Engineering, initially as a visiting scholar, and later as a Senior Scientist, Professor of Practice, and Director of Delaware's Center for Intelligent CyberSecurity (CICS). His research interests include cybersecurity and high-availability software systems with funding drawn from the NSF, ARL, U.S. Army C5ISR, JPMorgan Chase, and other industrial sponsors. As Director, Cybersecurity Minor & MS Programs, he currently is involved in the ongoing development of a multi-faceted educational initiative at UD, where he is developing new security courses and degree programs, including a minor, campus and online graduate Master's degrees, and Graduate Certificates in Cybersecurity.

Dr. Cotton currently consults on communications and Internet architectures, software, and security issues for many carriers and equipment vendors worldwide.

 


Copyright © 2021 SUMMIT-TEC GROUP LTD