Detecting deviations in network processes using logistic regression

When considering issues related to computer network security, special attention should be paid to the tasks of identifying signs of undetectable attacks that may remain unnoticed by standard detection tools and pose a serious threat to the organization's information resources. Machine learning methods have acquired key importance in the field of cybersecurity, despite the existing difficulties in their implementation. The use of modern machine learning methods contributes to the timely detection of new types of threats, increasing the effectiveness of the protection system and reducing the risk of critical incidents. One of the machine learning methods is logistic regression, the use of which within the monitoring system allows you to automate the processes of analyzing large amounts of data, which is especially important in the context of modern high-speed networks and continuously evolving cyberattack methods. This paper is devoted to the use of the logistic regression method to detect anomalies in network traffic. This approach allows you to effectively evaluate and identify suspicious network activities, classifying objects as safe or potentially malicious. The paper presents an algorithm for creating a classifier model based on logistic regression for detecting network anomalies. The issues of choosing suitable metrics for model evaluation are discussed, and conclusions are made about the use of this method as a means of recognizing deviations in network processes.

1. Ershova E.E. Information Security as an Element of Economic Security. Education Management Review. 2022;12(6):225–230. (In Russ.). https://doi.org/10.25726/v8343-7232-2832-p

2. Vysotskaya I.A. Obnaruzheniya setevykh atak s ispol'zovaniem metodov statisticheskogo analiza. In: Informatika: problemy, metody, tekhnologii: Materialy XXI Mezhdunarodnoi nauchno-metodicheskoi konferentsii, 11–12 February 2021, Voronezh, Russia. Voronezh: Wellborn; 2021. P. 240–243. (In Russ.).

3. Shaukat K., Luo S., Varadharajan V., Hameed I.A., Xu M. A Survey on Machine Learning Techniques for Cyber Security in the Last Decade. IEEE Access. 2020;8:222310–222354. https://doi.org/10.1109/ACCESS.2020.3041951

4. Branitskiy A., Kotenko I. Analysis and Classification of Methods for Network Attack Detection. SPIIRAS Proceedings. 2016;(2):207–244. (In Russ.). https://doi.org/10.15622/sp.45.13

5. Bakhtin I.V. Model' lineinoi regressii s ispol'zovaniem biblioteki Scikit-Learn. Innovatsii. Nauka. Obrazovanie. 2021;27:939–951. (In Russ.).

6. Baev N.O. Using the Method of Support Vectors in Classification Tasks. Mezhdunarodnyi zhurnal informatsionnykh tekhnologii i energoeffektivnosti. 2017;2(2):17–21. (In Russ.).

7. Astapov R.L., Mukhamadeeva R.M. Selection's Automatization of Machine Learning Parameters and Training a Machine Learning Model. Aktual'nye nauchnye issledovaniya v sovremennom mire. 2021;(5–2):34–37. (In Russ.).

8. Matthies B. CRISP-DM: das Vorgehensmodell für Data Mining. WiSt. Wirtschaftswissenschaftliches Studium. 2022;51(5):42–44. (In German). https://doi.org/10.15358/0340-1650-2022-5-42

9. Marakhimov A.R., Kudaybergenov J.K., Khudaybergenov K.K., Ohundadaev U.R. A Multivariate Binary Decision Tree Classifier Based on Shallow Neural Network. Scientific and Technical Journal of Information Technologies, Mechanics and Optics. 2022;22(4):725–733. https://doi.org/10.17586/2226-1494-2022-22-4-725-733

10. Skrypnikov A.V., Berestovoy A.A., Nikulcheva O.S., Zinovieva V.V. Optimization of Information and Telecommunication Systems Using Neural Networks: Improving Efficiency and Safety. Vestnik Voronezhskogo instituta FSIN Rossii. 2024;(4):135–139. (In Russ.).