Open AccessDETECTION OF INVASION ON THE BASIS OF ANALYSIS OF ANOMALOUS BEHAVIOR OF A LOCAL NETWORK USING MACHINE-LEARNING ALGORITHMS WITH A TEACHER
Author(s) -
G. D. Asyaev,
Anton Sokolov
Publication year - 2020
Publication title -
vestnik urfo. bezopasnostʹ v informacionnoj sfere
Language(s) - English
Resource type - Journals
eISSN - 2225-5443
pISSN - 2225-5435
DOI - 10.14529/secur200109
Subject(s) - computer science , basis (linear algebra) , data mining , intrusion detection system , anomaly detection , decision tree , artificial intelligence , random forest , process (computing) , task (project management) , machine learning , precision and recall , algorithm , mathematics , engineering , geometry , systems engineering , operating system
The paper presents models of the intrusion detection process based on three machine learn-ing methods: the decision tree method, the nearest neighbor method and the random forest method. The main task in modeling is to classify the ACS states (abnormal, normal). Parameters affecting the detection of anomalous behavior are considered: protocol, service data, flags used, number of unsuccessful attempts to enter, duration of the attack. To simulate the process of anomaly detection, the data set of the transport and network level of the control system, consisting of raw TCP/IP dumps in a situation where the network has been subjected to multiple attacks, was selected. For each TCP/IP connection, 3 qualitative and 38 quantitative features were recorded, among which the most important features affecting the learning were high-lighted. The response was predicted in a control (test) sample. The main criteria for choosing a mathematical model for the task were the number of correctly recognized (accuracy) anoma-lies, accuracy (precision) and completeness (recall) of answers. The optimal algorithm for detec-tion of anomalies was chosen on the basis of the conducted research