ATTACK DETECTION IN ENTERPRISE NETWORKS BY MACHINE LEARNING
Journal Title: Современные информационные технологии и ИТ-образование - Year 2018, Vol 14, Issue 3
Abstract
Detection of network attacks is currently one of the most important problems of secure use of enterprise networks. Network signature-based intrusion detection systems cannot detect new types of attacks. Thus, the urgent task is to quickly classify network traffic to detect network attacks. The article describes algorithms for detecting attacks in enterprise networks based on data analysis that can be collected in them. The UNSW-NB15 data set was used to compare machine learning methods for classifying attack or-normal traffic, as well as to identify nine more popular classes of typical attacks, such as Fuzzers, Analysis, Backdoors, DoS, Exploits, Generic, Reconnaissance, Shellcode and Worms. Balanced accuracy is used as the main metric for assessing the accuracy of the classification. The main advantage of this metric is an adequate assessment of the accuracy of classification algorithms given the strong imbalance in the number of marked records for each class of data set. As a result of the experiment, it was found that the best algorithm for identifying the presence of an attack is RandomForest, to clarify its type - AdaBoost.
Authors and Affiliations
Nadezhda Bakhareva, Veniamin Tarasov, Aleksandr Shukhman, Petr Polezhaev, Yuri Ushakov, Artem Matveev
Keywords
Related Articles
- EP ID EP520887
- DOI 10.25559/SITITO.14.201803.626-632
- Views 102
- Downloads 0
THE FORMATION OF THE COMPONENTS OF THE FUZZY KNOWLEDGE BASE FOR DIGITAL PLAN-SCHEMES OF THE RESULTS OF SATELLITE MONITORING OF AGRICULTURAL LANDS
The methods of forming the components of fuzzy knowledge base in the form of basic digital plan-scheme of territories determined by the morphology of satellite images, natural data and the results of subjective assessmen...
DYNAMIC ONTOLOGY BASED RETRIEVAL AND ANALYSIS OF INFORMATION ON SCIENCE AND ENGINEERING
RDF ontologies are proposed as modelling pattern for associations of innovation cycles being performed by science-intensive technical products. An appropriate ontology is applied as framework of personalized archives of...
PSYCHOLOGICAL PREDICTORS COMPLEX CHARACTERIZING HUMAN BEHAVIOR ONLINE DEFINITION, ANALYSIS, DESCRIPTION, USE
Current political situation in the world needs elaboration of approaches to ensuring a psychologically safe behavior of users in the information space. That is why significant problem is to analyze the complex of socio-p...
GAMIFICATION TECHNOLOGIES FOR THE EARLY EDUCATION OF OBJECT-ORIENTED PROGRAMMING
The article describes the issues of teaching programming in the school at computer science (Computing) lessons. The authors have analyzed how the school computer science (computing) course has changed in recent years. In...
HASH ALGORITHM WITH THE CONTROLLING TREE-LIKE STRUCTURE AND THE METHOD OF ITS IMPLEMENTATION ON PARALLEL ARCHITECTURES
The article is devoted to research and development of new hashing methods that have the ability to adapt to increased requirements for cryptographic stability, and also support parallelization of computations, which is e...