Artificial Intelligence / Machine Learning for Anomaly Detection in Cloud

Hybrid Anomaly Detection Model (HADM) is a platform that filters network traffic and identifies malicious activities on the network. The platform applies data mining algorithms to effectively detect cyber attacks in high load networks. The platform uses combination of linear and learning algorithms together with protocol analyzer. The supervised algorithms filter and extract distinctive attributes and features of the cyber attacks while the unsupervised algorithms use these attributes and features to identify new types of attacks. The protocol analyzer in this platform classifies and filters vulnerable protocols to avoid unnecessary computation load. Different feature selection methods are applied to find the best features for applied algorithms. The feature selection methods are selected based on the algorithms computation time and detection rate. The best algorithms are then selected through a benchmark on applied datasets based on the metrics such as cross entropy loss, precision, recall and computation time. The use of linear algorithms in conjunction with learning algorithms and protocol analyzer allows the HADM to achieve improved efficiency in terms of accuracy and computation time over existing solutions. The HADM efficiency (accuracy and computation time) has been compared against existing mechanisms. HADM scalability and robustness is evaluated via applying five recent public datasets containing various size and diverse attacks. In this demo, a custom dataset that is extracted from ISCX 2017 and UNSW 15 is used.