RESEARCH OF TWO APPROACHES TO DETECT NETWORK ATTACKS USING NEURAL NETWORK TECHNOLOGIES

Abstract

Purpose. At the present stage, network attack detection systems based on the following neural networks are most often offered: multilayer perceptron, Kohonen network or self-organizing map and their combinations. The efficiency problem of two approaches to detect attacks on a computer network using neural network technology based on the normalized data of the open NSL-KDD database is considered. Methodology. As an architectural solution to the network attack detection system, it is proposed to consider the following approaches: based on one neural network determining the attack class (first approach) and an ensemble of five neural networks (second approach), which at the first stage determines the attack category (DoS, Probe, U2R , R2L), and in the second stage, the attack class belonging to a certain category. Findings. Based on the neural networks created in the MatLAB program, a study was conducted of their error on the length of the training sample using various training algorithms: Levenberg-Marquardt; Bayesian Regularization; Scaled Conjugate Gradient with different numbers of hidden neurons (minimum, average and maximum). Certain optimal parameters of neural networks with two approaches were determined. Originality. In the course of conducting experiments with various approaches, the results obtained were: TP (True Positive); FP (False Positive); FN (False Negative); TN (True Negative), based on which the following indicators were calculated for assessing the quality of solutions: correct determination of network attacks; false positives; reliability; accuracy and completeness, which prove the feasibility of using an ensemble of neural networks (second approach). Practical value. On the created neural networks with various approaches, studies were conducted: the operating time of neural networks; errors of the first kind; errors of the second kind. According to the results of the first study, the average operating time of an ensemble of neural networks is 0.92 s, and the operating time of a neural network (according to the first approach) is 2.21 s. According to the results of the second study, the error of the first kind using an ensemble of neural networks is 2.17%, and using the neural network (the first approach) – 7.39%. According to the results of the third study, the error of the second kind using an ensemble of neural networks is 3.91%, and using the neural network (the first approach) – 6.96%, which is confirmed by the efficiency of using an ensemble of neural networks (second approach).