ATTACK DETECTION IN ENTERPRISE NETWORKS BY MACHINE LEARNING
Journal Title: Современные информационные технологии и ИТ-образование - Year 2018, Vol 14, Issue 3
Abstract
Detection of network attacks is currently one of the most important problems of secure use of enterprise networks. Network signature-based intrusion detection systems cannot detect new types of attacks. Thus, the urgent task is to quickly classify network traffic to detect network attacks. The article describes algorithms for detecting attacks in enterprise networks based on data analysis that can be collected in them. The UNSW-NB15 data set was used to compare machine learning methods for classifying attack or-normal traffic, as well as to identify nine more popular classes of typical attacks, such as Fuzzers, Analysis, Backdoors, DoS, Exploits, Generic, Reconnaissance, Shellcode and Worms. Balanced accuracy is used as the main metric for assessing the accuracy of the classification. The main advantage of this metric is an adequate assessment of the accuracy of classification algorithms given the strong imbalance in the number of marked records for each class of data set. As a result of the experiment, it was found that the best algorithm for identifying the presence of an attack is RandomForest, to clarify its type - AdaBoost.
Authors and Affiliations
Nadezhda Bakhareva, Veniamin Tarasov, Aleksandr Shukhman, Petr Polezhaev, Yuri Ushakov, Artem Matveev
Keywords
Related Articles
- EP ID EP520887
- DOI 10.25559/SITITO.14.201803.626-632
- Views 129
- Downloads 0
DIGITAL ECONOMY TECHNOLOGIES IN SMART CITY PROJECTS: PARTICIPANTS AND PROSPECTS
Nowadays the smart city concepts focus on the quality improvement of a citizen’s life by using the ICT. Meanwhile, the consideration of possible participants of smart city projects and the assessment of their potential r...
USE OF THE ARTIFICIAL IMMUNE SYSTEM IN DESIGNING A HYBRID TRAINING SYSTEM
The article presents a model of the system of training and control, including theoretical and practical parts. The universality of the system lies in its independence from the specific subject content, which allows the i...
THE BASIC MODES OF THE INTRUSION PREVENTION SYSTEM (IDS/IPS SURICATA) FOR THE COMPUTING CLUSTER
This article aims to test the Suricata intrusion prevention system and consider its use as a primary or additional tool for securing the computing cluster. For solve this task, we tested the operation of this system in t...
SYNTHESIS OF FAULT ESTIMATION OBSERVER, BASED ON SPECTRAL MIMO H2 OPTIMIZATION
This paper is devoted to slowly varying additive fault detection with implementation of the observer-filter to be designed. Sensitivity of the observer to the external disturbance is to be minimized by the choice of its...
THE FORMALIZED MATHEMATICAL CONTENT COGNITIVE MANAGEMENT
Problem of the formalized mathematical content management for any given subject domain is considered. The content represented by domain ontology as the unified variety of elementary knowledge classes and relations for su...