Predictive Modeling for Network Security Incidents Using AI on Layer 2 Data

This thesis presents a multimodal deep learning–based malware detectionframework for Layer 2 traffic. The approach integrates ConvolutionalNeural Networks (CNNs) for spatial packet analysis, Transformersfor temporal flow modeling, and BERT embeddings for semanticthreat intelligence. Unlike traditional rule- or signature-based systems,the model processes raw PCAP data and incorporates contextualknowledge from CVE and MITRE ATT&CK sources.The model was trained and validated using a proprietary datasetcomprising both benign and synthetically injected malicious traffic.Standard metrics achieved high values (Accuracy: 97%, Precision:96.7%, Recall: 97.8%, F1: 0.9536). However, due to class imbalance(benign 126 vs. malicious 5,135 in the test set), additional evaluationwas performed using per-class precision, recall, balanced accuracy,Matthews Correlation Coefficient (MCC), and ROC/PR curves. Comparisonsagainst trivial baselines (e.g., “always malware” classifier)and traditional machine learning algorithms (SVM, Random Forest)highlight the strengths and weaknesses of the proposed method.Real-time validation was conducted by comparing model predictionswith a Palo Alto firewall under controlled traffic scenarios. Themodel matched the firewall on known attacks while offering potentialadaptability to novel patterns. Overall, this work contributes anintegrated multimodal framework, demonstrates feasibility on Layer2 threats, and outlines limitations, including dataset imbalance, restrictedattack diversity, and computational cost.