A Heuristics and Machine Learning Hybrid Approach to Adaptive Cyberattack Detection

Cybersecurity is more significant now than ever, and the severity of the threat has escalated. One possible countermeasure is the Intrusion Detection and Prevention System (IDPS), which enables the detection of malicious activities in the network based on signature-matching and other detection methods. A signature represents the specific pattern of an attack. However, it occasionally misses malicious traffic or raises false alerts when the detection method is not carefully configured with the latest information. That is, it is susceptible to false positives or false negatives. This paper presents a highly accurate cyberattack detection method with the automatic generation of tailored signatures for a rapid response to emerging threats. We combine heuristics for known attacks and machine learning (ML) techniques to detect unforeseen attack patterns in traffic, i.e. a hybrid method. Rule-based judgment for heuristics and anomaly detection for ML are used, respectively. This study introduces a novel approach by employing machine learning with a packet-to-image conversion technique. We convert network packet data into images and utilize the image data for training and classifying attack patterns. By transforming the problem to anomaly detection in image data, the evaluation results revealed that the method has high accuracy.