Abstract
Purpose. The article is aimed at the development of a methodology for detecting attacks on a computer network. To achieve this goal the following tasks were solved: to develop a methodology for detecting attacks on a computer network based on an ensemble of neural networks using normalized data from the open KDD Cup 99 database; when performing machine training to identify the optimal parameters of the neural network which will provide a sufficiently high level of reliability of detection of intrusions into the computer network. Methodology. As an architectural solution of the attack detection module, a two-level network system is proposed, based on an ensemble of five neural networks of the multilayer perceptron type. The first neural network to determine the category of attack class (DoS, R2L, U2R, Probe) or the fact that there was no attack; other neural networks – to detect the type of attack, if any (each of these four neural networks corresponds to one class of attack and is able to identify types that belong only to this class). Findings. The created software model was used to study the parameters of the neural network configuration 41–1–132–5, which determines the category of the attack class on the computer network. It is determined that the optimal training speed is 0.001. The ADAM algorithm proved to be the best for optimization. The ReLU function is the most suitable activation function for the hidden layer, and the hyperbolic tangent function – for the output layer activation function. Accuracy in test and validation samples was 92.86 % and 91.03 %, respectively. Originality. The developed software model, which uses the Python 3.5 programming language, the integrated development environment PyCharm 2016.3 and the Tensorflow 1.2 framework, makes it possible to detect all types of attacks of DoS, U2R, R2L, Probe classes. Practical value. Graphical dependencies of accuracy of neural networks at various parameters are received: speed of training; activation function; optimization algorithm. The optimal parameters of neural networks have been determined, which will ensure a sufficiently high level of reliability of intrusion detection into a computer network.
Highlights
Efficiency of modern information systems is largely related to the problem of protecting the information processed in them
Our study aims to develop a methodology for detecting attacks on a computer network
When processing a large amount of constantly changing network traffic, it is appropriate to use a two-level network system based on five neural networks of the following configurations: 41–1–132–5 to determine the category of attack class at the first level, as well as 41–1–160–7, 41–1–8–5, 41–1–111–9, 41–1–107–5 to detect the type of attack from the DoS classes, U2R, R2L, Probe respectively at the second level
Summary
Efficiency of modern information systems is largely related to the problem of protecting the information processed in them. According to the Verizon 2018 Data Breach Investigations Report [14], the problem of intrusion detection is relevant. The value of the average cost of hacking increases by 6 %. There are many algorithms for classification and detection of anomalies, each of which has its advantages and disadvantages [11]. Intrusion detection systems based on anomalies are used to detect new types of attacks. Based on a set of queries, a model of normal behavior is formed, with which each subsequent query to the system is compared
Sign-in/Register to view highlights & summary Sign-in/Register to access full text options 
Free) 
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a call
