Multivalued Classification of Computer Attacks Using Artificial Neural Networks with Multiple Outputs

Abstract

Modern computer networks (CN), having a complex and often heterogeneous structure, generate large volumes of multi-dimensional multi-label data. Accounting for information about multi-label experimental data (ED) can improve the efficiency of solving a number of information security problems: from CN profiling to detecting and preventing computer attacks on CN. The aim of the work is to develop a multi-label artificial neural network (ANN) architecture for detecting and classifying computer attacks in multi-label ED, and its comparative analysis with known analogues in terms of binary metrics for assessing the quality of classification. A formalization of ANN in terms of matrix algebra is proposed, which allows taking into account the case of multi-label classification and the new architecture of ANN with multiple output using the proposed formalization. The advantage of the proposed formalization is the conciseness of a number of entries associated with the ANN operating mode and learning mode. Proposed architecture allows solving the problems of detecting and classifying multi-label computer attacks, on average, 5% more efficiently than known analogues. The observed gain is due to taking into account multi-label patterns between class labels at the training stage through the use of a common first layer. The advantages of the proposed ANN architecture are scalability to any number of class labels and fast convergence.