Open AccessDevelopment of a model for detecting security incidents in event flows from various components in a network of telecommunication service providers
Author(s) -
Denis Parfenov,
Irina Bolodurina,
Маргарита Александровна Лапина
Publication year - 2020
Publication title -
iop conference series. materials science and engineering
Language(s) - English
Resource type - Journals
eISSN - 1757-899X
pISSN - 1757-8981
DOI - 10.1088/1757-899x/873/1/012020
Subject(s) - computer science , identification (biology) , event (particle physics) , boosting (machine learning) , data mining , network security , gradient boosting , service (business) , service provider , computer security , machine learning , random forest , physics , botany , economy , quantum mechanics , economics , biology
In the framework of this study, a technical solution was developed that makes it possible to detect network security incidents with a high probability using data arrays about device statuses, network events, and information stored in system logs. A model for identifying attacks on a network has been developed, using behavioral analysis and allowing the identification of suspicious network activity An algorithmic solution has also been built that allows aggregating data in a single store based on Cassandra and correlating events from specified sources using gradient boosting of decision trees in the CatBoost implementation. During the computational experiment, the study of the proposed hybrid solution for the accuracy of identification of individual types of attacks was conducted. It is proved that the proposed approach can effectively detect and repel attacks by reducing the response time to security incidents.