Malicious traffic analysis using Markov chain

Abstract

A massive increase in cyber attacks during pandemics has made enterprise organizations around the world strive to find new ways to comprehend and detect unknown threats. A firewall has been devised specifically for these tasks, warding off external attacks on the enterprise perimeter network. Our research aims to identify these possible intrusions through firewall traffic analysis based on the Markov chain state transition graph. The research results show that our methods can clearly distinguish malicious traffic from anomaly traffic.