Modern challenges in processing vast amounts of data are solved with the help of complex distributed systems, which in turn require cyber protection, that has the instruments for managing security riskssuch as information acquisition, espionage, reduction of system productivity, etc. This article provides an overview of some approaches to detecting cyberattacks, which in particular use machine learning. Their advantages, disadvantages, work methods, vulnerabilities, and approaches to their protection are given. Approaches to using various machine learning modelsfor pre-processing input data, which is subsequently analyzed by intrusion detectors, and ways of improving the accuracy and effectiveness of cyberattack identification were also investigated.As a result of the analysis of research, it is shown that there is a need to combine data from various attack detection systems used at different layers of cyber defense. The use of attack detection systems in different layers of the system allows the detection of such attacks as SQL insertion, obtaining administrator rights, acquiring access to the node, DDoS, and Probe. This can be done by analyzing logs, or network packets in case of SQL insertion, or by monitoring Internet traffic during a DDoS attack. Taking into account the growing variety of attacks on distributed systems and the increase in the amount of information being processed, the use of machine learning in attack detection systems is becoming an increasingly attractive direction for study. Artificial intelligence can be involved in selecting the necessary features for analysis, detecting interven-tions, reducing the level of false attack detections, and improving the accuracy of their recognition. The ability to retrainthe model on new data is a significant advantage due to the small number of available test datasets dedicated to attacks on dis-tributed systems. There is a need to investigate the feasibility of using certain machine learning models and neural networks, based on available input data and requirements for accuracy and speed.It has been determined that anomaly detection is the most common approach to recognizing attacks using machine learning in the commercial product market. Analysis of attacks against machine learning-based defenses that use an anomaly detection approach has shown that there are weaknesses that can be minimized with additional protection; for example, time-distributed attacks can adapt to acceptable ranges of deviation of network indicators. An overview of the mechanisms for ensuring the resistance of protection systems tosuch influences, including the addition of various noises during training, range reduction of system parameter values, variations in retraining the model on misleading data, and the use of special classifiers, was performed
Read full abstract