IDENTIFICATION OF ROOTKITS IN NETWORK TRAFFIC WITH USING THE BAGGING OF CLASSIFIERS

Abstract

The paper proposes an approach to identify anomalies in network traffic based on the use of machine learning classifiers. The solution allows you to determine the resulting state class by averaging the votes of individual classifiers. The approach was evaluated on the NSL-KDD public dataset. A compar- ison of the performance of classifiers and their averaged evaluation using the Weka tool was performed. The NSL-KDD set has been optimized, with an emphasis on "rootkit" type attacks, as one of the most diffi- cult types of attacks to detect. Using the bagging-based approach implemented in the Weka application, it was possible to obtain accuracy results – 99.94%. During the experiment, a tendency of increasing accu- racy in the application of bagging on open data was revealed as the volume of training data increases. The proposed approach can be applied in the design of systems for detecting attacks and other abnormal states of information systems. The results of the accuracy of the average assessment require further re- search in order to improve the indicators. It is possible to modernize the approach of averaging the votes of classifiers by excluding/adding other classifiers, qualitative selection of attributes and their features, in- creasing the number of training samples for classification.