Application of machine learning methods for automated detection of network intrusions

Abstract

Objective. Development of automated network attack detection systems capable of adapting to the ever-changing nature of network attacks and new types of threats. Such systems should be based on machine learning algorithms and models that are able to identify complex dependencies between data in the learning process.Method. To train the models, a sample with signs of normal and abnormal traffic was prepared, and it was thinned and balanced as a result of preliminary statistical analysis. Five machine learning algorithms were selected and tested, both on a training set of features and on a real test set obtained experimentally. Based on the results of the experiments, a random forest classifier was selected, which showed the best results.Result. A model for detecting network intrusions has been developed, which showed a detection accuracy of 0.99 on real traffic.Conclusion. It is shown that a machine learning-based network intrusion detection system can solve the problem of flexible protection that could adapt to the ever-changing nature of network attacks, since one of the most important advantages of machine learning in detecting network intrusions is the ability to learn the signs of attacks and identify cases that are uncharacteristic of those that were observed earlier.