Instead of having device-level network security, we wanted security to be a fundamental part of the network itself; we built a machine learning tool that can be run at the router level to detect malicious network traffic.
What it does
MalDetect predicts network intrusion probability depending on which packets are detected as they are captured live from the computer.
How we built it
MalDetect is a k-means model trained on normal and malicious traffic using TensorFlow. At prediction time, the program continuously sniffs packets and classifies them into clusters. From this, it will send the client a message via Twilio if the packet is predicted to be malicious.
Challenges we ran into
Debugging TensorFlow is difficult due to the nature of the error tracebacks. Other challenges we ran into included lack of public malicious data to train on as well as trouble with the parsing of the .pcap files.
Accomplishments that we're proud of
MalDetect accurately predicts whether a sequence of packets is malicious or not in realtime, and sends a message with the probability of network intrusion!
What we learned
We learned how network packets are structured, as well as how to capture network activity using WireShark. We also learned how to efficiently use TensorFlow, as well as effective model selection for modeling network activity (k-means). We also learned how locality-sensitive hashes work and why they are useful.
What's next for MalDetect
- Support for multiple types of malware
- Supervised learning implementation in place of clustering
- Integration with router (i.e. pfSense)