ATTACK DETECTION IN ENTERPRISE NETWORKS BY MACHINE LEARNING
Abstract
Detection of network attacks is currently one of the most important problems of secure use of enterprise networks. Network signature-based intrusion detection systems cannot detect new types of attacks. Thus, the urgent task is to quickly classify network traffic to detect network attacks. The article describes algorithms for detecting attacks in enterprise networks based on data analysis that can be collected in them. The UNSW-NB15 data set was used to compare machine learning methods for classifying attack or-normal traffic, as well as to identify nine more popular classes of typical attacks, such as Fuzzers, Analysis, Backdoors, DoS, Exploits, Generic, Reconnaissance, Shellcode and Worms. Balanced accuracy is used as the main metric for assessing the accuracy of the classification. The main advantage of this metric is an adequate assessment of the accuracy of classification algorithms given the strong imbalance in the number of marked records for each class of data set. As a result of the experiment, it was found that the best algorithm for identifying the presence of an attack is RandomForest, to clarify its type - AdaBoost.
References
[2] Tarasov Ya.V. Investigation of the Use of Neural Networks for Detecting Low-Intensive DDоS-Atak of Applied Level. Voprosy kiberbezopasnosti. 2017; 5(24):23-29. (In Russian) DOI: 10.21681/2311-3456-2017-5-23-29
[3] Vorobeva Y.N., Kataseva D.V., Katasev A.S., Kirpichnikov A.P. Neural network model of detecting DDоS-Attacks. Vestnik tekhnologicheskogo universiteta. 2018; 21(2):94-98. Available at: https://elibrary.ru/item.asp?id=32683897 (accessed 24.06.2018). (In Russian)
[4] Bodström T., Hämäläinen T. State of the Art Literature Review on Network Anomaly Detection with Deep Learning. O. Galinina, S. Andreev, S. Balandin, Y. Koucheryavy (Eds.) Internet of Things, Smart Spaces, and Next Generation Networks and Systems. NEW2AN 2018, ruSMART 2018. Lecture Notes in Computer Science. Vol. 11118. Springer, Cham, pp. 64-76, 2018. DOI: 10.1007/978-3-030-01168-0_7
[5] Yin C., Zhu Y., Fei J., He X. A Deep Learning Approach for Intrusion Detection Using Recurrent Neural Networks. IEEE Access. 2017; 5:21954-21961. DOI: 10.1109/ACCESS.2017.2762418
[6] Yuan X., Li C., Li X. DeepDefense: Identifying DDoS Attack via Deep Learning. 2017 IEEE Interna-tional Conference on Smart Computing (SMARTCOMP). Hong Kong, pp. 1-8, 2017. DOI: 10.1109/SMARTCOMP.2017.7946998
[7] Aygun R.C., Yavuz A.G. Network Anomaly Detection with Stochastically Improved Autoencoder Based Models. 2017 IEEE 4th International Conference on Cyber Security and Cloud Computing (CSCloud). New York, NY, pp. 193-198, 2017. DOI: 10.1109/CSCloud.2017.39
[8] Van N., Thinh T., Sach L. An anomaly-based network intrusion detection system using Deep learning. 2017 International Conference on System Science and Engineering (ICSSE). Ho Chi Minh City, pp. 210-214, 2017. DOI: 10.1109/ICSSE.2017.8030867
[9] Baek S., Kwon D., Kim J., Suh S.C., Kim H., Kim I. Unsupervised Labeling for Supervised Anomaly Detection in Enterprise and Cloud Networks. 2017 IEEE 4th International Conference on Cyber Securi-ty and Cloud Computing (CSCloud). New York, NY, pp. 205-210, 2017. DOI: 10.1109/CSCloud.2017.26
[10] Thing V.L.L. IEEE 802.11 Network Anomaly Detection and Attack Classification: A Deep Learning Approach. 2017 IEEE Wireless Communications and Networking Conference (WCNC). San Francisco, CA, pp. 1-6, 2017. DOI: 10.1109/WCNC.2017.7925567
[11] Wang W., Zhu M., Zeng X., Ye X., Sheng Y. Malware traffic classification using convolutional neural network for representation learning. 2017 International Conference on Information Networking (ICOIN). Da Nang, pp. 712-717, 2017. DOI: 10.1109/ICOIN.2017.7899588
[12] Viet H.N., Van Q.N., Trang L.L.T., Nathan S. Using Deep Learning Model for Network Scanning Detection. Proceedings of the 4th International Conference on Frontiers of Educational Technolo-gies (ICFET '18). ACM, New York, NY, USA, pp. 117-121, 2018. DOI: 10.1145/3233347.3233379
[13] Teoh T.T., Nguwi Y.Y., Elovici Y., Ng W.L., Thiang S.Y. Analyst intuition inspired neural network based cyber security anomaly detection. International journal of innovative computing information and control. 2018; 14(1):379-386. DOI: 10.24507/ijicic.14.01.379
[14] Apruzzese G., Colajanni M., Ferretti L., Guido A., Marchetti M. On the effectiveness of machine and deep learning for cyber security. 2018 10th International Conference on Cyber Conflict (CyCon). Tal-linn, pp. 371-390, 2018. DOI: 10.23919/CYCON.2018.8405026
[15] Makkar G., Jayaraman M., Sharma S. Network Intrusion Detection in an Enterprise: Unsupervised Analytical Methodology. V. Balas, N. Sharma, A. Chakrabarti (Eds.) Data Management, Analytics and Innovation. Advances in Intelligent Systems and Computing. Vol. 808. Springer, Singapore, pp. 451-463, 2019. DOI: 10.1007/978-981-13-1402-5_34
[16] Moustafa N., Jill S. UNSW-NB15: a comprehensive data set for network intrusion detection systems (UNSW-NB15 network data set) 2015 Military Communications and Information Systems Conference (MilCIS). Canberra, ACT, pp. 1-6, 2015. DOI: 10.1109/MilCIS.2015.7348942
This work is licensed under a Creative Commons Attribution 4.0 International License.
Publication policy of the journal is based on traditional ethical principles of the Russian scientific periodicals and is built in terms of ethical norms of editors and publishers work stated in Code of Conduct and Best Practice Guidelines for Journal Editors and Code of Conduct for Journal Publishers, developed by the Committee on Publication Ethics (COPE). In the course of publishing editorial board of the journal is led by international rules for copyright protection, statutory regulations of the Russian Federation as well as international standards of publishing.
Authors publishing articles in this journal agree to the following: They retain copyright and grant the journal right of first publication of the work, which is automatically licensed under the Creative Commons Attribution License (CC BY license). Users can use, reuse and build upon the material published in this journal provided that such uses are fully attributed.
