Учебный стенд для анализа методов обнаружения аномалий на основе теории машинного обучения

A training device for the analysis of anomaly detection methods based on machine learning theory

UDC 004.023
DOI: 10.26102/2310-6018/2022.36.1.019

Abstract
List of references
About authors

Nowadays, the timely detection of new malicious attacks on computer networks appears to be a relevant issue. In this regard, it is necessary to develop anomaly detection methods that enable the identification of unknown attacks. The paper presents a model of a training device for analyzing anomaly detection methods in reliance on machine learning theory. A model has been developed for generating datasets with characteristics of real network traffic by means of a generative adversarial neural network. The generated dataset can be employed to train and test detection models while the sample emulates the features of a real network, which increases the efficiency of anomaly detection. The training device can also use publicly available datasets: NSL-KDD, CICIDS2017. Support vector machine, k-nearest neighbors, naive Bayes, logistic regression, decision trees, random forest, k-means are utilized as training methods, and a multilayer neural network, based on the PyTorch library, is implemented. The training device simplifies the process of analyzing machine learning methods, applied to obtain anomaly detection models. The developed software product facilitates not only training and testing with the aid of publicly available datasets, but also provides the ability to collect network traffic and supplements it with generated data with the characteristics of real traffic.

1. Buczak Anna L. and Erhan Guven. A survey of data mining and machine learning methods for cyber security intrusion detection. IEEE Communications surveys & tutorials. 2015;18.2:1153-1176.

2. Rashka S., and Mirjalili V. Python and machine learning. Machine and deep learning with Python, scikit-learn and TensorFlow. St. Petersburg: Dialectics LLC; 2019. (In Russ.)

3. Scikit-learn. URL: https://scikit-learn.org/stable/index.html (accessed on 11.12.2021).

4. PyTorch. URL: https://pytorch.org (accessed on 11.12.2021).

5. Goodfellow Ian, et al. Generative adversarial nets. Advances in neural information processing systems. 2014;27.

6. Arjovsky Martin, Soumith Chintala and Léon Bottou. Wasserstein generative adversarial networks. International conference on machine learning. PMLR; 2017.

7. Brauckhoff Daniela, Arno Wagner and Martin May. FLAME: A Flow-Level Anomaly Modeling Engine. CSET. 2008.

8. NSL-KDD. URL: https://www.unb.ca/cic/datasets/nsl.html (accessed on 11.12.2021).

9. CICIDS2017. URL: https://www.unb.ca/cic/datasets/ids-2017.html (accessed on 11.12.2021).

10. Shelukhin O.I. Network anomalies. Detection, localization, forecasting. Moscow: Hotline-Telecom; 2019. (In Russ.)

Grekov Mikhail Mikhailovich

Email: grekov.web@yandex.ru

ORCID |

Tula State University

Tula, Russia

Keywords: anomaly detection systems, datasets, generative adversarial neural networks, machine learning, computer network security

For citation: Grekov M.M. A training device for the analysis of anomaly detection methods based on machine learning theory. Modeling, Optimization and Information Technology. 2022;10(1). URL: https://moitvivt.ru/ru/journal/pdf?id=1122 DOI: 10.26102/2310-6018/2022.36.1.019 (In Russ).

662

Received 23.12.2021

Revised 15.02.2022

Accepted 04.03.2022

Published 31.03.2022