DETECTION OF ATTACKS OF THE U2R CATEGORY BY MEANS OF THE SOM ON DATABASE NSL-KDD

Abstract

Creating an effective system for detecting network attacks requires the use of qualitatively new approaches to information processing, which should be based on adaptive algorithms capable of self-learning. The mathematical apparatus of the Kohonen self-organizing map (SOM) was used as a research method. Python language with a wide range of modern standard tools was used as a software implementation of the Kohonen SOM addition, this section compiles the Python software model «SOM_U2R» using a Kohonen SOM. Created «SOM_U2R» software model on database NSL-KDD an error research was performed for different number of epochs with different map sizes. On the «SOM_U2R» model the re-search of parameters of quality of detection of attacks is carried out. It is determined that on the «SOM_U2R» created software model the error of the second kind of detection of network classes of attacks Buffer_overflow and Rootkit is 6 %, and for the class Loadmodule reached 16 %. In addition, a survey of the F-measure was conducted for a different number of epochs of learning the Kohonen SOM. It is determined that for all network attack classes (except Buffer_overflow) the F-measure increases, reaching its maximum value at 50 epochs.