Initially, the model will be tasked with distinguishing between malicious versus benign network traffic. Categories of malignant traffic in this case will be any one of the following:
Backdoor, Bot, Brute Force, DoS, DDoS, Exploits, Fuzzers, Infiltration, Injection, MITM, Ransomware, Reconnaissance, Scanning, Shellcode, Theft, Worm, XSS.
Attacks of different kinds will be grouped together so as to prevent some "loss" to the business. Obviously, to remediate a ransomware atack would be costlier than the a threat actor simply scanning a network. The impetus is on identifying malicious traffic, however, so network personnel can respond.
The value to the business then is twofold:
Better response time and more advantageous interaction with identified threats (time spent looking at true attacks versus benign traffic)
Decreased costs in replacing compromised assets
The average cost of a data breach/cyber incident in the United States is well over $1 million (IBM Cost of a Data Breach). According to Indeed, the average salary of a Network Engineer in the US is roughly $88,000. In general, the goal will be to better allocate the resources of network/IT employees and, also, prevent spending to recover from an incident. Depending on the size of the business, this could result in 5% savings in network defense budget.
An area for growth with this model will be to track the cost of cyber incidents as they increase. The percentage of correctly predicted incidents will have to increase to offset rising costs.