Author:
Sakulin S. A.,Alfimtsev A. N.,Lomanov A. A.,Dobkacz L. Ya.,Nedashkovskii V. M.
Abstract
The bulk move of employees to a remote mode of work, as well as the intensified information confrontation, led to the emergence and aggravation of many problems related to security in corporate networks. Cases of attacks on local area networks, in particular, using phishing and social engineering techniques, distribution of malicious code, and DDoS attacks, have become more frequent. To ensure the security of corporate networks, layered protection systems, including intrusion detection systems, firewalls, antivirus protection tools, various system analyzers etc., are increasingly being used. The use of several types of information protection tools not only reduces the load on individual tools, but also facilitates ability to identify actual attacks on the protected system. This article proposes a hybrid approach to anomaly detection, taking into account the parameters of the end nodes of the network. Enriching with values of these parameters makes it possible to detect low-intensity distributed attacks, thereby increasing the accuracy of the defense system. The transformation of parameters of network end nodes to the format of network session parameters is implemented using regrouping and dimensionality reduction. Ensembles of classifiers which inputs receive the session parameters and the parameters of the network nodes respectively, provide determining anomalies. Ensembles are based on logistic regression, stochastic gradient descent and decision trees. Combining of the classification results is accomplished through the weighted aggregation with anxiety threshold as a weighting factor. An experimental evaluation of the developed approach showed its advantages in comparison with the detection of anomalies without taking into account the parameters of the nodes.
Publisher
Izdatel'skii dom Spektr, LLC
Subject
General Materials Science
Reference13 articles.
1. Borkovich Borkovich D. J., Skovira R. J. (2020). Working from Home: Cybersecurity in the Age of COVID-19. Issues in Information Systems, Vol. 21, (4), pp. 234 – 246.
2. Matveeva A. A., Kim Yu. V., Viksnin I. I. (2019). Methods for ensuring information security of communication channels in multi-agent robotic systems. Nauchno-tekhnicheskiy vestnik informatsionnyh tekhnologiy, mekhaniki i optiki, Vol. 19, (1), pp. 102 – 108. [in Russian language]
3. Sakulin S. A., Alfimtsev A. N., Kvitchenko K. N. et al. (2020). Network traffic anomalies detection using an ensemble of classifiers. Vestnik komp'yuternyh informatsionnyh tekhnologiy, Vol. 17, 196(10), pp. 38 – 46. [in Russian language] DOI: 10.14489/vkit.2020.10.pp.038-046
4. Olad'ko V. S., Sadovnik E. A. (2015). Algorithms for detection of abnormal activity processes. Vestnik komp'yuternyh informatsionnyh tekhnologiy, (8), pp. 35 – 39. [in Russian language] DOI: 10.14489/vkit.2015.08.pp.035-039
5. Abudalfa S. I., Isleem E. S., Khalil M. J. E. et al. (2022). Evaluating Performance of Supervised Learning Techniques for Developing Real-Time Intrusion Detection System. International Journal of Engineering and Information Systems (IJEAIS), Vol. 6, (2), pp. 103 – 119.