AI 네트워크 방어 게임 (Cyber Shield) 4 by A to Z 영웅 (사이드 사이드 프로젝트)

3) methodology

The methodology of this research focuses on developing an enhanced AI-driven server system designed to autonomously respond to network security threats. The core functionality of this system revolves around making real-time predictions and dynamically determining appropriate actions based on those predictions. This section provides a detailed description of the processes involved, from data preprocessing to prediction and action execution.

 

Data Preprocessing

The initial step involves loading and preprocessing the network packet data. The dataset, comprising both categorical and numerical features, is preprocessed to facilitate effective training of the K-Nearest Neighbors (KNN) model. Categorical variables are encoded using one-hot encoding, transforming them into a binary format that can be easily processed by the model. Numerical features are scaled using the StandardScaler to standardize the values, ensuring that each feature contributes equally to the distance calculations in the KNN algorithm.

 

Model Training

Once the data is preprocessed, the KNN model is trained. The KNN algorithm is chosen for its simplicity and effectiveness in classification tasks. The training data is split into training and testing sets using an 80-20 split, ensuring that the model is evaluated on unseen data to assess its performance. The KNN model is then trained using the training data, with the number of neighbors set to five, which has been empirically determined to balance bias and variance.

 

Prediction and Action Mapping

After the model is trained, it is used to classify incoming data in real-time. The prediction outcomes are mapped to predefined actions using a dictionary. Specifically, if the prediction is "safe," the system performs no significant action other than logging the event. This ensures that benign network activity is not disrupted. For all other predictions, which indicate potential threats or anomalies, the system leverages the OpenAI API to dynamically generate contextually appropriate commands.

 

Dynamic Action Generation

The dynamic action generation process is achieved by constructing a prompt that describes the prediction and querying the OpenAI model to suggest an action. The prompt includes relevant details about the prediction, providing the context necessary for the AI to generate an appropriate response. The OpenAI API responds with a suggested action, which is then executed using the subprocess.run function. This ensures that the system can respond effectively to a wide range of potential threats or anomalies, balancing predefined security measures with the flexibility to handle unforeseen situations.

 

Algorithm Visualization

The following diagram illustrates the overall process of the enhanced AI-driven server system:

 

 

 

System Implementation

The system implementation involves several key components:

 

Data Handling: The system loads network packet data from CSV files and preprocesses it by encoding categorical variables and scaling numerical features. This prepares the data for effective use with the KNN model.

 

Model Training and Saving: The preprocessed data is used to train the KNN model, which is then saved for real-time prediction. The trained model is serialized using joblib for easy loading during prediction.

 

Prediction Function: A prediction function is defined to preprocess incoming data, use the trained KNN model to classify it, and map the prediction to a predefined action. If the prediction indicates an anomaly, the function constructs a prompt and queries the OpenAI API to dynamically generate a response.

 

Action Execution: The generated action is executed using the subprocess.run function. This ensures that the system can autonomously respond to threats by executing system commands or taking other predefined actions.

 

Server Setup: A server is set up to handle incoming network connections. The server listens on a specified port, receives data packets, and processes them using the prediction function. This setup allows the system to operate in real-time, providing immediate responses to potential security threats.

 

Performance Evaluation

 

 

 

ref ref

 

[1] Hello GPT-4o. (2024). Openai.com. https://openai.com/index/hello-gpt-4o/

‌

[2] The digital universe: Rich data and the increasing value of the internet of things. (2014). Journal of Telecommunications and the Digital Economy. https://search.informit.org/doi/abs/10.3316/informit.678436300116927

 

‌[3] Yaseen, A. (2023). AI-DRIVEN THREAT DETECTION AND RESPONSE: A PARADIGM SHIFT IN CYBERSECURITY. International Journal of Information and Cybersecurity, 7(12), 25–43. https://publications.dlpress.org/index.php/ijic/article/view/73

‌