1. Technical Field
The present disclosure relates to a network security apparatus and, more specifically, to a method for detecting malicious behavior in computer networks via cost-sensitive and connectivity constrained classifications, and a network security apparatus making use of the same.
2. Discussion of Related Art
Every day, a large number of malicious attacks result in causing costly damage to large-scale computer networks. Accordingly, cybersecurity has been brought to the attention of researchers, enterprises, and government. One of the ways in which cybersecurity experts have been able to mitigate the damage associated with malicious attacks is by monitoring computer network data to determine when the security of one or more devices on the network has been compromised. For example, enterprises may analyze the flow of network traffic at core routers, Domain Name System (DNS) traffic at DNS servers, HyperText Transfer Protocol (HTTP) traffic through gateways or firewalls, Dynamic Host Configuration Protocol (DHCP) traffic at the DHCP server, and so on. However, due to the limited amount of ground truth and the issue of imbalanced label distributions, it is challenging to automatically detect malicious behavior and abnormal network activity.