ISU Electrical and Computer Engineering Archives

Auto Red Team: A Network Attack Automation Framework based on Decision Tree

Lu, Song (2008) Auto Red Team: A Network Attack Automation Framework based on Decision Tree. Masters thesis, Iowa State University.

Full text available as:

PDF - Registered users only - Requires Adobe Acrobat Reader or other PDF viewer.

Abstract

In this thesis we discuss our research in incorporating Machine Learning into network attack automation. The key idea is to audit the traffic between the attacker and the target machine, then apply Decision Tree Learning methods on the audit data to generate a set of rules, and create a smart attacker that is guided by those rules and is capable of launching attack sequence according to the response from the target machine. By conducting experiments on Linux platform, we constructed a framework named Auto Red Team (ART ) that audits traffic, compose training data, and generate an smart attacker by feeding those training data into a Decision Learning Tree model. Experiments shows that the ART can realize an effective and accurate attack automation. Beside basic data analysis on the experiment data, we also apply a statistical method, Principle Component Analysis on the experiment data to verify the generated rules. Although the Principle Component Analysis can not completely explain the rules by the Decision Tree module, some convincing explanations on the relationship between those rules and certain Principal Components were given.

EPrint Type:Thesis (Masters)
Subjects:Computer Engineering > INFORMATION SYSTEMS SECURITY & NETWORKING > Computer Networking and Security
ID Code:453
Identification Number:Identification Number UNSPECIFIED
Deposited By:Song Lu
Deposited On:08 November 2008

Archive Staff Only: edit this record