Automated Big Traffic Analytics for Cyber Security

TL;DR

This paper reviews advanced techniques for automated big traffic analytics in cyber security, focusing on real-time classification, unknown traffic detection, and classifier efficiency to enhance intrusion detection, malware analysis, and botnet detection.

Contribution

It introduces new statistical, discovery, and correlation techniques tailored for big traffic data challenges in cyber security applications.

Findings

Promising potential of new techniques for big traffic data analysis

Effective real-time traffic classification methods

Improved detection of unknown traffic types

Abstract

Network traffic analytics technology is a cornerstone for cyber security systems. We demonstrate its use through three popular and contemporary cyber security applications in intrusion detection, malware analysis and botnet detection. However, automated traffic analytics faces the challenges raised by big traffic data. In terms of big data's three characteristics --- volume, variety and velocity, we review three state of the art techniques to mitigate the key challenges including real-time traffic classification, unknown traffic classification, and efficiency of classifiers. The new techniques using statistical features, unknown discovery and correlation analytics show promising potentials to deal with big traffic data. Readers are encouraged to devote to improving the performance and practicability of automatic traffic analytic in cyber security.