ATTACK DETECTION IN ENTERPRISE NETWORKS BY MACHINE LEARNING

Abstract

Detection of network attacks is currently one of the most important problems of secure use of enterprise networks. Network signature-based intrusion detection systems cannot detect new types of attacks. Thus, the urgent task is to quickly classify network traffic to detect network attacks. The article describes algorithms for detecting attacks in enterprise networks based on data analysis that can be collected in them. The UNSW-NB15 data set was used to compare machine learning methods for classifying attack or-normal traffic, as well as to identify nine more popular classes of typical attacks, such as Fuzzers, Analysis, Backdoors, DoS, Exploits, Generic, Reconnaissance, Shellcode and Worms. Balanced accuracy is used as the main metric for assessing the accuracy of the classification. The main advantage of this metric is an adequate assessment of the accuracy of classification algorithms given the strong imbalance in the number of marked records for each class of data set. As a result of the experiment, it was found that the best algorithm for identifying the presence of an attack is RandomForest, to clarify its type - AdaBoost.

Authors and Affiliations

Nadezhda Bakhareva, Veniamin Tarasov, Aleksandr Shukhman, Petr Polezhaev, Yuri Ushakov, Artem Matveev

Keywords

Related Articles

ANALYSIS OF VISUAL RECOGNITION BY MAN ISOLATED WORDS OF ORAL RUSSIAN SPEECH IN THE CONDITIONS OF UNCERTAINTY

The article is devoted to the problems of visual perception by a person of separately spoken words of spoken speech. The factors leading to phonetic and articulatory uncertainty in the pronunciation of words are investig...

DISTRIBUTION OF THE NEURAL NETWORK BETWEEN MOBILE DEVICE AND CLOUD INFRASTRUCTURE SERVICES

Neural networks become the only way to solve problems in some areas. Such tasks as recognition of images, sounds, classification require serious processor power and memory for training and functioning of the network. Mod...

FEATURES OF TRAINING TEACHERS OF COMPUTER GRAPHICS IN THE CONDITIONS OF FUNDAMENTALIZATION OF EDUCATION

The article outlines the main directions of the fundamentalization of the system of training teachers on computer graphics. The main approaches to the fundamentalization of teaching computer science, information technolo...

COMPARATIVE ANALYSIS OF RELATED SEQUENCES AND THEIR INCREMENTS ON THE BASIS OF DISCRIMINANT ANALYSIS

The article is devoted to the study of the relationship between the lengths of orthologous proteins of four organisms, one of which is taken as the basic one ( more than 1200 proteins in total). The methods of multivaria...

THE EXTRACTION OF LEXICAL AND METRORHYTHMIC FEATURES WHICH ARE CHARACTERISTIC FOR THE GENRE AND THE STYLE AND FOR THEIR COMBINATIONS WITHIN THE PROCESS OF AUTOMATED PROCESSING OF TEXTS IN RUSSIAN

This paper describes the algorithm of automatic extraction of the characteristic features for the genre and the style. This work was carried out in the framework of the development of a software system created in the Ins...

Download PDF file
  • EP ID EP520887
  • DOI 10.25559/SITITO.14.201803.626-632
  • Views 131
  • Downloads 0

How To Cite

Nadezhda Bakhareva, Veniamin Tarasov, Aleksandr Shukhman, Petr Polezhaev, Yuri Ushakov, Artem Matveev (2018). ATTACK DETECTION IN ENTERPRISE NETWORKS BY MACHINE LEARNING. Современные информационные технологии и ИТ-образование, 14(3), 626-632. https://europub.co.uk/articles/-A-520887