Machine learning for classifying anomalies and intrusions in communication networks

Cyber attacks are becoming more sophisticated and, hence, more difficult to detect. Using efficient and effective machine learning techniques to detect network anomalies and intrusions is an important aspect of cyber security. A variety of machine learning models have been employed to help detect malicious intentions of network users. In this dissertation, we have applied various machine learning algorithms to classify known network anomalies such as Internet worms, denial of service attacks, power outages, and ransomware attacks. We have proposed novel Broad Learning System-based algorithms with and without incremental learning. Generalized models have been developed by using subsets of input data based on selected features and by expanding the network structure. Furthermore, a Border Gateway Protocol anomaly detection tool BGPGuard has been developed to integrate various stages of the anomaly detection process.