ATTACK DETECTION IN ENTERPRISE NETWORKS BY MACHINE LEARNING
Journal Title: Современные информационные технологии и ИТ-образование - Year 2018, Vol 14, Issue 3
Abstract
Detection of network attacks is currently one of the most important problems of secure use of enterprise networks. Network signature-based intrusion detection systems cannot detect new types of attacks. Thus, the urgent task is to quickly classify network traffic to detect network attacks. The article describes algorithms for detecting attacks in enterprise networks based on data analysis that can be collected in them. The UNSW-NB15 data set was used to compare machine learning methods for classifying attack or-normal traffic, as well as to identify nine more popular classes of typical attacks, such as Fuzzers, Analysis, Backdoors, DoS, Exploits, Generic, Reconnaissance, Shellcode and Worms. Balanced accuracy is used as the main metric for assessing the accuracy of the classification. The main advantage of this metric is an adequate assessment of the accuracy of classification algorithms given the strong imbalance in the number of marked records for each class of data set. As a result of the experiment, it was found that the best algorithm for identifying the presence of an attack is RandomForest, to clarify its type - AdaBoost.
Authors and Affiliations
Nadezhda Bakhareva, Veniamin Tarasov, Aleksandr Shukhman, Petr Polezhaev, Yuri Ushakov, Artem Matveev
Keywords
Related Articles
- EP ID EP520887
- DOI 10.25559/SITITO.14.201803.626-632
- Views 130
- Downloads 0
HASH ALGORITHM WITH THE CONTROLLING TREE-LIKE STRUCTURE AND THE METHOD OF ITS IMPLEMENTATION ON PARALLEL ARCHITECTURES
The article is devoted to research and development of new hashing methods that have the ability to adapt to increased requirements for cryptographic stability, and also support parallelization of computations, which is e...
RESEARCH OF PROHIBITED CONTENT DISTRIBUTION MECHANISMS IN THE DARKNET
In this paper was researched such an issue as prohibited content spreading in the Darknet. Author reviews different ways of data distribution and effective actions against them. The article describes an experiment which...
ON ARCHITECTURE OF AUTONOMOUS (DRIVERLESS) CARS AND INFRASTRUCTURE FOR THEIR OPERATION
The article is devoted to the architecture of autonomous (unmanned) vehicles, as well as the infrastructure for their operation. Automated vehicles have great potential to transform our lives, create smart cities and ens...
INTERNATIONAL CLUSTER MODEL OF TEACHING GEOMETRIC HERITAGE OF AL-FARABI
The paper considers the features of the international cluster model of teaching geometric heritage of al-Farabi. Also, it describes an experience of organization and conducting of international integrated megalessons on...
INTELLECTUAL METHODS OF ANALYSIS OF GEOGRAPHIC INFORMATION INFRASTRUCTURE OF THE REGION
Fuzzy methods of exploration of geo-informational space as a system of systems are considered. The areas of application of digital specialized plan-schemes as fuzzy projections of geo-informational space are discussed. I...