Developing a framework for network security behavior integrated with the organization data management system to predict the threats

Abstract

Network security management becomes an essential task in all organizations to protect their information and communication. It became more critical, especially after the COVID 19 Pandemic, as most businesses and industries have moved to use more online technologies. This study aims to develop a framework for analyzing network security behavior integrated with the current data management system and to predict the threats for administrator remedial actions by using Machine-Learning techniques The primary objective of the study is to automatically provide an optimum set of rules that are summarized and generalized across various security devices for professionals to configure the best security solution with minimum configuration efforts. This is experimental analysis research method depends on collecting information from network security data flow based on selected events that matched with the actual organization's security rules and policies with a dataset of 123029 records collected from log files of the standard security system. Moreover, a framework is designed based on the network security events, including the threats prediction, which can be used to take proper actions by using the artificial intelligence method. The result of the studied framework showed that KNN and random forest models performed better with the precision of 91.84% and 91.48%, respectively, compared to the other models of SVM, decision tree, and Naïve Bayes. The future work of the study is to enhance the prediction of unknown threats and apply the model in the real world to establish a security baseline for similar organizations.