ISSN 2071-8594

Russian academy of sciences

Editor-in-Chief

Gennady Osipov

A. O. Suvorov, V. A. Suvorova Intelligent network traffic analysis for computer intrusion detection

Abstract.

The article considers the process of building an intrusion detection system using intelligent network traffic analysis. The requirements for the developed system of intrusion detection are formulated, as well as its architecture is proposed. As a mechanism for making decisions about the presence of attacks, it is suggested to use methods of inductive machine learning, namely, artificial neural networks. The paper proposes the construction of a neural network model based on a multilayer perceptron, for which the most significant input parameters are determined. The technique of constructing the intelligent network traffic analysis module, its logic of work are considered. The client-server application for network traffic analysis on the generated parameters was developed ang the results of testing are given in the paper. The created module of intelligent network traffic analysis shows high accuracy of attacks identification. To increase the accuracy of network attack classification, in future studies, it is planned to supplement the intelligent network traffic analysis module with other methods of machine learning, in particular, the machine classifier.

Keywords:

intrusion detection system, artificial neural networks, network attacks, intelligent traffic analysis.


PP. 62-73.

DOI 10.14357/20718594190106

References

1. Laboratoriya Kasperskogo. Statistika setevykh atak [Kaspersky Lab. Statistics of network attacks]. Available at: https://securelist.ru/statistics/ (accessed July 30, 2018).
2. Olifer V.G., Olifer N.A. 2016. Komp'yuternye seti. Printsipy, tekhnologii, protokoly [Computer networks. Principles, technologies, protocols]. St. Petersburg: Peter. 996 p.
3. Shangin V.F. 2011. Informatsionnaya bezopasnost' komp'yuternykh sistem i setej [Information security of computer systems and networks]. Moscow: ID FORUM: INFRA-M. 416 p.
4. Timofeev A.V., Bronitsky A.A. 2012. Issledovanie i modelirovanie nejrosetevogo metoda obnaruzheniya i klassifikatsii setevykh atak [Investigation and simulation of the neural network method for detecting and classifying network attacks]. International Journal "Information Technologies & Knowledge". 6 (3): 257-265.
5. Ilgun K., Kemmerer R.A, Porras P.A. 1995. State Transition Analysis: A Rule-Based Intrusion Detection System. IEEE Trans. Software Eng. 21 (3): 181-199.
6. Lindqvist U., Porras P.A. 1999. Detecting Computer and Network Misuse with the Production-Based Expert System Tools. IEEE Symp. Security and Privacy, IEEE CS Press, Los Alamitos, Calif. 146-161.
7. Yasnitsky L.N. 2016. Intellektual'nye sistemy [Intelligent Systems]. Moscow: Laboratoriya znanij. 221 p.
8. KDD Cup 1999 Data. Available at: http://kdd.ics.uci.edu/databases/kddcup99 (accessed June 3, 2018).
9. Suvorova V.A. Suvorov A.O. 2017. Razrabotka modeli obnaruzheniya setevykh atak na osnove iskusstvennoj nejronnoj seti [Development of a model for detecting network attacks based on an artificial neural network]. Iskusstvennyj intellekt v reshenii aktual'nykh sotsial'nykh i ehkonomicheskikh problem XXI veka: sb. st. po materialam Vtoroj vseross. nauch.-prakt. konf. Perm. gos. nats. issled. un-t. [Artificial intelligence in solving urgent social and economic problems of the XXI century: Sat. Art. based on the Second All-Russian. scientific-practical. Conf. Perm. state. nat. Issled. un-t]. Perm. 129-135.
10. Suvorova V.A. 2017. Razrabotka prilozheniya dlya obnaruzheniya i klassifikatsii atak na osnove nejrosetevoj modeli [Development of an application for detecting and classifying attacks based on a neural network model]. Lomonosov – 2017: XXIV Mezhdunarodnaya nauchnaya konferentsiya studentov, aspirantov, molodykh uchenykh: sb. tezisov. Izdatel'skij otdel fakul'teta VMiK MGU [Lomonosov – 2017: XXIV International Scientific Conference of Students, Postgraduates, Young Scientists: Sat. theses. Publishing Department of the Faculty of Computer Science and Computer Science of Moscow State University]. Moscow. 117-119.
11. Mustafayev A.G. 2016. Nejrosetevaya sistema obnaruzheniya komp'yuternykh atak na osnove analiza setevogo trafika [Neural network system for detecting computer attacks based on network traffic analysis] Voprosy bezopasnosti [Security issues]. 2: 1-7. Available at: http://e-notabene.ru/nb/article_18834.html (accessed January 3, 2017).
12. Zhigulin PV, Maltsev AV, Melnikov MA, Podvorchan D.E. 2013. Аnaliz setevogo trafika na osnove nejronnykh setej [Analysis of network traffic based on neural networks]. Elektronnye sredstva i sistemy upravleniya [Electronic means and control systems]. 2: 44-48.
13. Yemelyanova Yu.G., Talalayev A.A., Tischenko I.P., Fralenko V.P. 2011. Nejrosetevaya tekhnologiya obnaruzheniya setevykh atak na informatsionnye resursy [Neural network technology for detecting network attacks on information resources]. Programmnye sistemy: Teoriya i prilozheniya [Software Systems: Theory and Applications]. 3 (7): 3-15.
14. L'ıdio Mauro, Roberto C'elio Lima ao de Oliveira, Mauro Roisenberg. 2012. Network Intrusion Detection System Using Data Mining. Communications in Computer and Information Science. Chapter: Engineering Applications of Neural Networks, Publisher: Springer Berlin Heidelberg. 104-113.
15. Zubkov E.V. 2016. Аlgoritmy i metodiki intellektual'nogo analiza sobytij informatsionnoj bezopasnosti v setyakh i sistemakh telekommunikatsij [Algorithms and techniques of the intellectual analysis of events of information safety in networks and systems of telecommunications]. PhD Diss. Novosibirsk. 179 p.
16. Ireland E. 2013. Intrusion Detection with Genetic Algorithms and Fuzzy Logic. UMM CSci Senior Seminar Conference. Morris. 1-6.
17. Moustafa Nour, Jill Slay. 2015. UNSW-NB15: a comprehensive data set for network intrusion detection systems (UNSW-NB15 network data set). Military Communications and Information Systems Conference (MilCIS). IEEE. 1-6.
18. Moustafa Nour, Jill Slay. 2016. The evaluation of the Network Anomaly Detection Systems: Statistical analysis of the UNSW-NB15 data set and the comparison with the KDD99 data set. Information Security Journal: A Global Perspective. 1-14.
19. Le Thi Chang Lin. 2016. Mnogoslojnaya nejronnaya set' v zadache obnaruzheniya atak, predstavlennykh v sovremennoj baze dannykh UNSW-NB15 [Multilayer neural network in the task of detecting attacks presented in the modern database UNSW-NB15]. Sb. Tezisov Mezhdunarodnoj konferentsii «Inzhiniring & Telekommunikatsii – En&T 2016». [Sat. Theses of the International Conference "Engineering & Telecommunications – En&T 2016"]. Moscow. Dolgoprudny. MIPT. 163-164.
20. Zhe Wu, Chris Nicholson, Charlie Berger. Build Recommender Systems, Detect Network Intrusion, and Integrate Deep Learning with Graph Technologies. BIWA 2017. Available at: https://download.oracle.com/otndocs/products/spatial/pdf/biwa2017/Biwa2017_Build_Recommenders_DeepLearning_Graph_Wu_Berger_Nicholson_842439.pdf (accessed June 3, 2018).
21. Dipali Gangadhar Mogal, Sheshnarayan R. Ghungrad, Bapusaheb B. Bhusare. 2017. NIDS using Machine Learning Classifiers on UNSW-NB15 and KDDCUP99 Datasets. International Journal of Advanced Research in Computer and Communication Engineering. 6 (4): 533-537.