Author:
Sakulin S. A.,Alfimtsev A. N.,Kvitchenko K. N.,Dobkach L. Ya.,Kalgin Yu. A.
Abstract
Network technologies have been steadily developing and their application has been expanding. One of the aspects of the development is a modification of the current network attacks and the appearance of new ones. The anomalies that can be detected in network traffic conform with such attacks. Development of new and improvement of the current approaches to detect anomalies in network traffic have become an urgent task. The article suggests a hybrid approach to detect anomalies on the basis of the combined signature approach and computationally effective classifiers of machine learning: logistic regression, stochastic gradient descent and decision tree with accuracy increase due to weighted voting. The choice of the classifiers is explained by the admissible complexity of the algorithms that allows detection of network traffic events for the time close to real. Signature analysis is carried out with the help of the Zeek IDS (Intrusion Detection System) signature base. Learning is fulfilled by preliminary prepared (by excluding extra recordings and parameters) CICIDS2017 (Canadian Institute for Cybersecurity Intrusion Detection System) signature set by cross validation. The set is roughly divided into ten parts that allows us to increase the accuracy. Experimental evaluation of the developed approach comparing with individual classifiers and with other approaches by such criteria as part of type I and II errors, accuracy and level of detection, has proved the approach suitable to be applied in network attacks detection systems. It is possible to introduce the developed approach into both existing and new anomaly detection systems.
Publisher
Izdatel'skii dom Spektr, LLC
Reference13 articles.
1. Mikova S. Yu., Olad'ko V. S. (2015). Estimation of the accuracy and completeness of the Brodsky – Darkhovsky network anomaly detection algorithm. Vestnik komp'yuternyh i informatsionnyh tekhnologiy, (12), pp. 44 – 49. [in Russian language] doi: 10.14489/vkit.2015.12.pp.044-049
2. Olad'ko V. S., Sadovnik E. A. (2015). Algorithm for detecting processes with abnormal activity. Vestnik komp'yuternyh i informatsionnyh tekhnologiy, (8), pp. 35 – 39. [in Russian language] doi: 10.14489/vkit.2015.08. pp.035-039
3. Demina R. Yu., Azhmuhamedov I. M. (2018). Improving the efficiency of heuristic analysis in the Stronghold AntiMalware antivirus package. Vestnik Tambovskogo gosudarstvennogo tekhnicheskogo universiteta, Vol. 24, (1), pp. 6 – 15. [in Russian language] doi: 10.17277/ vestnik.2018.01.pp.006-015
4. Chistyakova M. A., Il'in M. V. (2019). Methods for identifying attacks on a Wi-Fi network based on data mining. Promyshlennye ASU i kontrollery, (7), pp. 41 – 51. [in Russian language] doi: 10.25791/ asu.07.2019.749
5. Ermakov R. N. (2019). Detection of network protocols using machine learning methods and fuzzy logic algorithms in traffic analysis systems. Avtomatizatsiya protsessov upravleniya, 57(3), pp. 53 – 64. [in Russian language] doi: 10.35752/1991-2927-2019-3-57-53-64
Cited by
1 articles.
订阅此论文施引文献
订阅此论文施引文献,注册后可以免费订阅5篇论文的施引文献,订阅后可以查看论文全部施引文献