Identification of Hostile TCP Traffic using Support Vector Machines

In this book we combine the fields of supervised machine learning and computer security. Our goal is to teach a computer to be able to recognise malicious or hostile network traffic based on previous examples of such behaviour. Whilst intrusion detection using machine learning is nothing new, the majority of existing approaches discard the payload and focus on finding patterns in the packet headers (due to the curse of dimensionality). In this book we demonstrate that calculating a few simple metrics from payload data to use as classification features can give excellent results.