Application of machine learning methods for automated detection of network intrusions

Objective. Development of automated network attack detection systems capable of adapting to the ever-changing nature of network attacks and new types of threats. Such systems should be based on machine learning algorithms and models that are able to identify complex dependencies between data in the learning process.

Method. To train the models, a sample with signs of normal and abnormal traffic was prepared, and it was thinned and balanced as a result of preliminary statistical analysis. Five machine learning algorithms were selected and tested, both on a training set of features and on a real test set obtained experimentally. Based on the results of the experiments, a random forest classifier was selected, which showed the best results.

Result. A model for detecting network intrusions has been developed, which showed a detection accuracy of 0.99 on real traffic.

Conclusion. It is shown that a machine learning-based network intrusion detection system can solve the problem of flexible protection that could adapt to the ever-changing nature of network attacks, since one of the most important advantages of machine learning in detecting network intrusions is the ability to learn the signs of attacks and identify cases that are uncharacteristic of those that were observed earlier.

1. Sheluhin O. I. Comparative analysis of informative features quantity and composition selection methods for the computer attacks classification using the unsw-nb15 dataset. O. I. Sheluhin, V. P. Ivannikova. TComm. 2020; 14(10): 53-60. – DOI: 10.36724/2072-8735-2020-14-10-53-60.

2. Yang, W. Security detection of network intrusion: application of cluster analysis method. Computer Optics. 2020; 44( 4): 660-664. – DOI: 10.18287/2412-6179-CO-657.

3. Tretiakov I. A. Optimization of SQL queries / I. A. Tretiakov, E. N. Kozhokina, I. V. Zhuravlev. Bulletin of Donetsk National University. Series G: Technical Sciences. 2021;2: 39-49. – EDN: RPSKQQ. (In Russ)

4. Tretiakov, I. A. Security of cloud technologies on the tested WEB server / I. A. Tretiakov, E. N. Kozhikina, B. V. Gaivan. Bulletin of Donetsk National University. Series G: Technical Sciences. 2021;3: 49-62. – EDN: IVEBAS. (In Russ)

5. Safonov L. Unsupervised anomaly detection in network traffic using deep autoencoding gaussian mixture model / L. Safonov. International Journal of Open Information Technologies. 2021; 9( 9): 109-112.

6. Tretiakov, I. A. Identification of website security problems through DoS attacks / I. A. Tretiakov, E. N. Kozhekina, K. E. Lebedev. Bulletin of Donetsk National University. Series G: Technical Sciences. 2022;1: 19-32. – EDN: UOSGYS. (In Russ)

7. Chernikova E. I. Network traffic analysis using machine learning method. Alley of Science. 2019; 1(6(33)): 921-925. – EDN BSYXMW. (In Russ)

8. Kezhemsky, M. A. Multiclass classification of network attacks on information resources by machine learning methods / M. A. Kazhemsky, O. I. Shelukhin. Proceedings of educational institutions of communication. 2019; 5(1):107-115. – DOI: 10.31854/1813-324X-2019-5-1-107-115. (In Russ)

9. Liu, H. Machine Learning and Deep Learning Methods for Intrusion Detection Systems: A Survey / H. Liu, B. Lang. Applied Sciences. 2019; 9(20):4396. – DOI: 10.3390/app9204396.

10. Utkin, L. V. A deep forest classifier with weights of class probability distribution subsets / L. V. Utkin, M. S.Kovalev, A.A. Meldo.Knowledge-Based Systems. 2019;173:15-27. – DOI: 10.1016/j.knosys.2019.02.022.

11. Machine learning for analysis and classification of encrypted network traffic / V. A. Mulukha, L. Yu. Lapshin, A. A. Lukashin, N. V. Nashivochnikov. International Conference on Soft Computing and Measurements. 2020;1: 238-241. – EDN XYQCZP. (In Russ)

12. Ahmed H. A. Network intrusion detection using oversampling technique and machine learning algorithms / H.A. Ahmed, A. Hameed, N. Z. Bawany. PeerJ Computer science. 2022; 8(8):20. DOI: 10.7717/peerj-cs.820.

13. https://www.unb.ca/cic/datasets/ids-2017.html (accessed 22.12.2022)

14. https://scikit-learn.org/stable/modules/generated/sklearn.ensemble.RandomForestClassifier.html (accessed 22.12.2022)

15. https://proglib.io/p/metod-k-blizhayshih-sosedey-k-nearest-neighbour-2021-07-19 (accessed 22.12.2022)