Detecting attacks on servers using machine learning models

Abstract

With today's storage of information moving from paper to physical hard drives and the cloud, safety of these new information platforms are of great importance. Today an average server suffers several instances of abuse weekly, or even daily. The purpose of this project is to design a system for detecting abusive data traffic coming to or from a server by using machine learning algorithms. Also of importance is the new GDPR guidelines and how they affect the future development of data usage in AI. This project is aiming to use data already gathered by industry to check performance of their networks and systems. That is why a metrics based system using sequential data to see patterns in the network flow is investigated. The project is a combined effort between UiT Narvik and Arctic Circle Data Center, hereby called ACDC, where the data is provided by ACDC and the development is done by UiT. Included in this thesis is: a review of today's threat profile and how this effects industry, a review of today's research into anomaly detection using machine learning, a risk evaluation of the project and a review of the different attack data sets viable for machine learning on this topic. It concludes with a recommendation for the best models and data sets for an anomaly detection tool. The thesis includes an in depth explanation of the relevant theory and machine learning models as well as a simplified review of the different anomaly types.