ATTACK DETECTION IN ENTERPRISE NETWORKS BY MACHINE LEARNING

Abstract

Detection of network attacks is currently one of the most important problems of secure use of enterprise networks. Network signature-based intrusion detection systems cannot detect new types of attacks. Thus, the urgent task is to quickly classify network traffic to detect network attacks. The article describes algorithms for detecting attacks in enterprise networks based on data analysis that can be collected in them. The UNSW-NB15 data set was used to compare machine learning methods for classifying attack or-normal traffic, as well as to identify nine more popular classes of typical attacks, such as Fuzzers, Analysis, Backdoors, DoS, Exploits, Generic, Reconnaissance, Shellcode and Worms. Balanced accuracy is used as the main metric for assessing the accuracy of the classification. The main advantage of this metric is an adequate assessment of the accuracy of classification algorithms given the strong imbalance in the number of marked records for each class of data set. As a result of the experiment, it was found that the best algorithm for identifying the presence of an attack is RandomForest, to clarify its type - AdaBoost.

Author Biographies

Надежда Федоровна Бахарева, Povolzhskiy State University of Telecommunications & Informatics

Doctor of Technical Sciences, Professor

Вениамин Николаевич Тарасов, Povolzhskiy State University of Telecommunications & Informatics

Doctor of Technical Sciences, Professor

Александр Евгеньевич Шухман, Orenburg State University

Candidate of Pedagogic Sciences, Associate Professor, Head of the Department of Geometry and Computer Science

Петр Николаевич Полежаев, Orenburg State University

Lecturer at the Department of Computer Security and Mathematical Maintenance of Information Systems

Юрий Александрович Ушаков, Orenburg State University

Candidate of Engineering Sciences, Associate Professor at the Department of Geometry and Computer Science

Артем Алексеевич Матвеев, Orenburg State University

Student, Department of Computer Security and Mathematical Maintenance of Information Systems

References

[1] Abramov E.S., Tarasov Y.V. Application of the combined neural network method for web-oriented low-rate DDoS-attack detection. Engineering journal of Don. 2017; 46(3):59. Available at: https://elibrary.ru/item.asp?id=30753050 (accessed 24.06.2018). (In Russian)
[2] Tarasov Ya.V. Investigation of the Use of Neural Networks for Detecting Low-Intensive DDоS-Atak of Applied Level. Voprosy kiberbezopasnosti. 2017; 5(24):23-29. (In Russian) DOI: 10.21681/2311-3456-2017-5-23-29
[3] Vorobeva Y.N., Kataseva D.V., Katasev A.S., Kirpichnikov A.P. Neural network model of detecting DDоS-Attacks. Vestnik tekhnologicheskogo universiteta. 2018; 21(2):94-98. Available at: https://elibrary.ru/item.asp?id=32683897 (accessed 24.06.2018). (In Russian)
[4] Bodström T., Hämäläinen T. State of the Art Literature Review on Network Anomaly Detection with Deep Learning. O. Galinina, S. Andreev, S. Balandin, Y. Koucheryavy (Eds.) Internet of Things, Smart Spaces, and Next Generation Networks and Systems. NEW2AN 2018, ruSMART 2018. Lecture Notes in Computer Science. Vol. 11118. Springer, Cham, pp. 64-76, 2018. DOI: 10.1007/978-3-030-01168-0_7
[5] Yin C., Zhu Y., Fei J., He X. A Deep Learning Approach for Intrusion Detection Using Recurrent Neural Networks. IEEE Access. 2017; 5:21954-21961. DOI: 10.1109/ACCESS.2017.2762418
[6] Yuan X., Li C., Li X. DeepDefense: Identifying DDoS Attack via Deep Learning. 2017 IEEE Interna-tional Conference on Smart Computing (SMARTCOMP). Hong Kong, pp. 1-8, 2017. DOI: 10.1109/SMARTCOMP.2017.7946998
[7] Aygun R.C., Yavuz A.G. Network Anomaly Detection with Stochastically Improved Autoencoder Based Models. 2017 IEEE 4th International Conference on Cyber Security and Cloud Computing (CSCloud). New York, NY, pp. 193-198, 2017. DOI: 10.1109/CSCloud.2017.39
[8] Van N., Thinh T., Sach L. An anomaly-based network intrusion detection system using Deep learning. 2017 International Conference on System Science and Engineering (ICSSE). Ho Chi Minh City, pp. 210-214, 2017. DOI: 10.1109/ICSSE.2017.8030867
[9] Baek S., Kwon D., Kim J., Suh S.C., Kim H., Kim I. Unsupervised Labeling for Supervised Anomaly Detection in Enterprise and Cloud Networks. 2017 IEEE 4th International Conference on Cyber Securi-ty and Cloud Computing (CSCloud). New York, NY, pp. 205-210, 2017. DOI: 10.1109/CSCloud.2017.26
[10] Thing V.L.L. IEEE 802.11 Network Anomaly Detection and Attack Classification: A Deep Learning Approach. 2017 IEEE Wireless Communications and Networking Conference (WCNC). San Francisco, CA, pp. 1-6, 2017. DOI: 10.1109/WCNC.2017.7925567
[11] Wang W., Zhu M., Zeng X., Ye X., Sheng Y. Malware traffic classification using convolutional neural network for representation learning. 2017 International Conference on Information Networking (ICOIN). Da Nang, pp. 712-717, 2017. DOI: 10.1109/ICOIN.2017.7899588
[12] Viet H.N., Van Q.N., Trang L.L.T., Nathan S. Using Deep Learning Model for Network Scanning Detection. Proceedings of the 4th International Conference on Frontiers of Educational Technolo-gies (ICFET '18). ACM, New York, NY, USA, pp. 117-121, 2018. DOI: 10.1145/3233347.3233379
[13] Teoh T.T., Nguwi Y.Y., Elovici Y., Ng W.L., Thiang S.Y. Analyst intuition inspired neural network based cyber security anomaly detection. International journal of innovative computing information and control. 2018; 14(1):379-386. DOI: 10.24507/ijicic.14.01.379
[14] Apruzzese G., Colajanni M., Ferretti L., Guido A., Marchetti M. On the effectiveness of machine and deep learning for cyber security. 2018 10th International Conference on Cyber Conflict (CyCon). Tal-linn, pp. 371-390, 2018. DOI: 10.23919/CYCON.2018.8405026
[15] Makkar G., Jayaraman M., Sharma S. Network Intrusion Detection in an Enterprise: Unsupervised Analytical Methodology. V. Balas, N. Sharma, A. Chakrabarti (Eds.) Data Management, Analytics and Innovation. Advances in Intelligent Systems and Computing. Vol. 808. Springer, Singapore, pp. 451-463, 2019. DOI: 10.1007/978-981-13-1402-5_34
[16] Moustafa N., Jill S. UNSW-NB15: a comprehensive data set for network intrusion detection systems (UNSW-NB15 network data set) 2015 Military Communications and Information Systems Conference (MilCIS). Canberra, ACT, pp. 1-6, 2015. DOI: 10.1109/MilCIS.2015.7348942
Published
2018-09-30
How to Cite
БАХАРЕВА, Надежда Федоровна et al. ATTACK DETECTION IN ENTERPRISE NETWORKS BY MACHINE LEARNING. Modern Information Technologies and IT-Education, [S.l.], v. 14, n. 3, p. 626-632, sep. 2018. ISSN 2411-1473. Available at: <http://sitito.cs.msu.ru/index.php/SITITO/article/view/427>. Date accessed: 16 sep. 2025. doi: https://doi.org/10.25559/SITITO.14.201803.626-632.
Section
Cognitive information technologies in control systems

Most read articles by the same author(s)