ATTACK DETECTION IN ENTERPRISE NETWORKS BY MACHINE LEARNING
Journal Title: Современные информационные технологии и ИТ-образование - Year 2018, Vol 14, Issue 3
Abstract
Detection of network attacks is currently one of the most important problems of secure use of enterprise networks. Network signature-based intrusion detection systems cannot detect new types of attacks. Thus, the urgent task is to quickly classify network traffic to detect network attacks. The article describes algorithms for detecting attacks in enterprise networks based on data analysis that can be collected in them. The UNSW-NB15 data set was used to compare machine learning methods for classifying attack or-normal traffic, as well as to identify nine more popular classes of typical attacks, such as Fuzzers, Analysis, Backdoors, DoS, Exploits, Generic, Reconnaissance, Shellcode and Worms. Balanced accuracy is used as the main metric for assessing the accuracy of the classification. The main advantage of this metric is an adequate assessment of the accuracy of classification algorithms given the strong imbalance in the number of marked records for each class of data set. As a result of the experiment, it was found that the best algorithm for identifying the presence of an attack is RandomForest, to clarify its type - AdaBoost.
Authors and Affiliations
Nadezhda Bakhareva, Veniamin Tarasov, Aleksandr Shukhman, Petr Polezhaev, Yuri Ushakov, Artem Matveev
Keywords
Related Articles
- EP ID EP520887
- DOI 10.25559/SITITO.14.201803.626-632
- Views 120
- Downloads 0
SIMPLE HEURISTIC ALGORITHM FOR DYNAMIC VM REALLOCATION IN IAAS CLOUDS
The rapid development of cloud technologies and its high prevalence in both commercial and academic areas have stimulated active research in the domain of optimal cloud resource management. One of the most active researc...
PROPAEDEUTICS OF PARALLEL COMPUTING IN SCHOOL INFORMATICS: THE COMPUTER GAME «FIREFIGHTING VEHICLES»
The article contains the methodological materials for inclusion of the topic “Parallel Computing” in the school informatics. The computer games “Tank crew”, “Swarm of robots”, “Firefighting vehicles” are considered. The...
MODEL OF FUNCTIONING OF TELECOMMUNICATION EQUIPMENT FOR SOFTWARE-CONFIGURATED NETWORKS
A mathematical model of the functioning of the switch of a software defined networks is constructed in the form of a queuing network consisting of two queuing systems: the first simulates an input data buffer and a devic...
ABOUT THE PROGRAMMING TECHNIQUES, ORIENTED TO MINIMIZE ERRORS
The article focuses on the idea of creating a language for the description of the problem, not an algorithm. It talks about how by using it one can minimize software errors and simplify the process of programming. It als...
IMPROVING THE EFFICIENCY OF MASTERING DISTRIBUTED INFORMATION SYSTEMS IN A VIRTUAL COMPUTER LAB BASED ON THE USE OF CONTAINERIZATION AND CONTAINER ORCHESTRATION TECHNOLOGIES
This article discusses issues surrounding the training of specialists in distributed information systems using innovative methods and technologies in a virtual computer lab environment with an integrated knowledge manage...