Abstract
The paper presents models of the intrusion detection process based on three machine learn-ing methods: the decision tree method, the nearest neighbor method and the random forest method. The main task in modeling is to classify the ACS states (abnormal, normal). Parameters affecting the detection of anomalous behavior are considered: protocol, service data, flags used, number of unsuccessful attempts to enter, duration of the attack. To simulate the process of anomaly detection, the data set of the transport and network level of the control system, consisting of raw TCP/IP dumps in a situation where the network has been subjected to multiple attacks, was selected. For each TCP/IP connection, 3 qualitative and 38 quantitative features were recorded, among which the most important features affecting the learning were high-lighted. The response was predicted in a control (test) sample. The main criteria for choosing a mathematical model for the task were the number of correctly recognized (accuracy) anoma-lies, accuracy (precision) and completeness (recall) of answers. The optimal algorithm for detec-tion of anomalies was chosen on the basis of the conducted research
Sign-in/Register to access full text options 
Free) 
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a call
