Spanish ENTA project partner MTP is testing Machine Learning and Deep Learning models
The ITEA project ENTA (Encrypted Network Traffic Analysis for Cyber Security) aims to give more visibility to encrypted traffic which circulated through a corporate network. To achieve its goals, ENTA uses AI to detect if an encrypted traffic flow is being generated by a device performing an attack inside the network.
As part of the ENTA project, project partner MTP from Spain has been performing tests with Machine Learning and Deep Learning models, which are able to extract existing relationships between data, to differentiate whether a communication flow is being used to perform attacks from IoT devices or not.
The data set used to perform such tests is a binary class dataset that indicates, based on different characteristics (its IP, its port, the number of packets carried by that communication, etc.), whether it is being attacked or not.
MTP has relied on the following metrics for the comparison of the different tested models:
- Accuracy: proportion of predicted positive cases that are true positives
- Recall: proportion of true positives correctly classified
- Accuracy: proportion of true results among the total number of cases examined
- F1-Score: metric that combines the accuracy and recall of a model to compare its performance among several solutions
The main results of these tests:
- After a first test with different Machine Learning algorithms, it was found that, by using flow summaries, Machine Learning algorithms are able to detect whether or not an attack is occurring within a computer network.
- Among the tested algorithms, the models derived from decision trees have achieved the best results on the original dataset. When the dataset is enhanced to include more attack samples, the AdaBoost algorithm performs the best on both the original and the extended dataset.
These tests show that is possible to use Machine Learning algorithms to bring visibility into encrypted network traffic, nearing ENTA to its objectives.
Next steps
MTP will continue to conduct experiments and tests. The next step will be to test if there are Deep Learning algorithms capable of detecting attacks occurring in communication networks. In addition, their experiments will be focused on detecting IoT devices connected to encrypted communications networks, thus providing full visibility to the traffic generated by all devices connected to enterprise networks.
ENTA is part of the Eureka Cluster programme ITEA, in Spain the project is financed by CDTI.
More information
To learn more about how the ENTA project is developing as well as about MTP's participation, please visit its official website: https://project-enta.com/ or visit https://itea4.org/project/enta.html
