Research of multiclass fuzzy classification of traffic for attacks identification in the networks

Abstract

Currently, data mining methods such as neural networks, decision trees, genetic algorithms, restricted search algorithms, evolutionary programming, reasoning systems based on similar cases, rule induction, analysis with selective action, logical regression, algorithms for determining associations and sequences, data visualization, combined methods are actively used in various specialized areas. The introduction of analytical methods of data mining is primarily aimed at adapting existing solutions to solve new problems related to the informatization of business processes. One of the actively developing areas that use data mining and artificial intelligence methods is network security. To identify and detect anomalies in networks, it is most effective to create profiles of data flow behavior depending on current conditions. In this work, we developed a method that allows us to identify Exploits, Fuzzers, and Generic attacks based on multiclass fuzzy classification. In the experimental part of the study, it was found that the proposed solution is comparable in accuracy to the Naïve Bayes, SVM, and KNN methods, but it has higher performance and less resource consumption for large data flows. This is quite effective for networks with many devices.