DOI: https://doi.org/10.15802/stp2018/130797

IDENTIFYING THREATS IN COMPUTER NETWORK BASED ON MULTILAYER NEURAL NETWORK

I. V. Zhukovyts’kyy, V. M. Pakhomovа

Abstract


Purpose. Currently, there appear more often the reports of penetration into computer networks and attacks on the Web-server. Attacks are divided into the following categories: DoS, U2R, R2L, Probe. The purpose of the article is to identify threats in a computer network based on network traffic parameters using neural network technology, which will protect the server. Methodology. The detection of such threats as Back, Buffer_overflow, Quess_password, Ipsweep, Neptune in the computer network is implemented on the basis of analysis and processing of data on the parameters of network connections that use the TCP/IP protocol stack using the 19-1-25-5 neural network configuration in the Fann Explorer program. When simulating the operation of the neural network, a training (430 examples), a testing (200 examples) and a control sample (25 examples) were used, based on an open KDDCUP-99 database of 500000 connection records. Findings. The neural network created on the control sample determined an error of 0.322. It is determined that the configuration network 19-1-25-5 copes well with such attacks as Back, Buffer_overflow and Ipsweep. To detect the attacks of Quess_password and Neptune, the task of 19 network traffic parameters is not enough. Originality. We obtained dependencies of the neural network training time (number of epochs) on the number of neurons in the hidden layer (from 10 to 55) and the number of hidden layers (from 1 to 4). When the number of neurons in the hidden layer increases, the neural network by Batch algorithm is trained almost three times faster than the neural network by Resilient algorithm. When the number of hidden layers increases, the neural network by Resilient algorithm is trained almost twice as fast as that by Incremental algorithm. Practical value. Based on the network traffic parameters, the use of 19-1-25-5 configuration neural network will allow to detect in real time the computer network threats Back, Buffer_overflow, Quess_password, Ipsweep, Neptune and to perform appropriate monitoring.


Keywords


: network traffic; threat; neural network; sampling; hidden layer; hidden neurons; training algorithm; number of epoch; error

Full Text:

PDF

References


Grishin, A. V. (2011). Neyrosetevye tekhnologii v zadachakh obnaruzheniya kompyuternykh atak. Informa-tsionnye tekhnologii i vychislitelnye sistemy, 1, 53-64. (in Ukranian).

Zhulkov, Y. V. (2007). Postroenie modulnykh neyronnykh setey dlya obnaruzheniya klassov setevykh atak (Dysertatsiia kandydata tekhnichnykh nauk). Peter the Great St. Petersburg Polytechnic University, Saint Petersburg. (in Russian)

Korpan, Y. V. (2015). Kompleks metodiv ta zasobiv zakhystu informatsii v kompiuternykh systemakh. Mir nauki i innovatsiy, 3, 31-35. (in Ukrainian)

Marchenko, A. A., Matvienko, S. V., & Nesteruk, F. G. (2007). Obnaruzhenie atak v sistemakh neyrosetevymi sredstvami. Scientific and Technical Journal of Information Technologies, Mechanics and Optics, 7(5), 83-93. (in English)

Pakhomоva, V. N. (2015). The possibilities of upgrading the computer network of information-telecommunication system of Dnieper railway. Informatsiino-keruiuchi systemy na zaliznychnomu transporti, 5, 32-38. (in Ukranian)

Piliugina, K. N. (2016). Artificial neural network approaches to intrusion detection. Modern Scientific Researches and Innovations, 2. Retrived from http://web.snauka.ru/issues/2016/02/63248 (in Russian)

Pisarenko, I. (2009). Neyrosetevye tekhnologii v bezopasnosti . Information Security, 4. Retrived from http://www.itsec.ru/articles2/Oborandteh/neyrosetevye-tehnologii-v-biznese (in Russian)

Postarnak, D. V. (2012). Kriticheskiy analiz modeley neyronnykh setey. Vestnik Tyumenskogo gosudarstvennogo universiteta. Fiziko-matematicheskie nauki. Informatika, 4, 162-167. (in Russian)

Amini, M., Rezaeenour, J., & Hadavandi, E. (2015). Effective Intrusion Detection with a Neural Network Ensemble using Fuzzy Clustering and Stacking Combination Method. Journal of Computing and Security, 1(4), 293-305. (in English)

Amini, M. A., Rezaeenour, J., & Hadavandi, E. (2016). Neural Network Ensemble Classifier for Effective Intrusion Detection using Fuzzy Clustering and Radial Basis Function Networks. International Journal on Artificial Intelligence Tools, 25 (02), 1550033. doi: 10.1142/s0218213015500335 (in English)

Hua Yang, Tao Li, Xinlei Hu, Feng Wang, & Yang Zou. (2014). A Survey of Artificial Immune System Based Intrusion Detection. The Scientific World Journal, 2014, 1-11. doi: 10.1155/2014/156790 (in English)

Branitskiy, A., & Kotenko, I. (2015). Network attack detection based on combination of neural, immune and neuro-fuzzy classifiers. The 18th IEEE Intern. Conf. on Computational Science and Engineering (IEEE CSE2015), 152-159. doi: 10.1109/cse.2015.26 (in English)

Cannady, J. (1998). Artificial Neural Networks for Misuse Detection. Proceedings of the 21st National Information Systems Security Conference (NISSC) (October 58, 1998), 443-456. (in English)

KDDCup1999Data (1999). Retrived from http://kdd.ics.uci.edu/databases/kddcup99/kddcup99.html. (in English)

Moradi, M. (2013). System for intrusion Detection and Classification of Attacks. Інформаційний портал університету Квінс. Retrived from http://research.cs.queensu.ca/moradi/148-04-mm-mz.pdf (in English)

Pakhomova, V. M. (2016). Network Traffic Forcasting in information-telecommunication System of Prydniprovsk Railways Based on Neuro-fuzzy Network. Science and Transport Progress, 6(66), 105-114. doi: 10.15802/stp2016/90485 (in English)


GOST Style Citations


  1. Гришин, А. В. Нейросетевые технологии в задачах обнаружения компьютерных атак / А. В. Гришин // Информационные технологии и вычислительные системы. – 2011. – № 1. – С. 53–64.
  2. Жульков, Е. В. Построение модульных нейронных сетей для обнаружения классов сетевых атак [Electronic resource] : автореф. дис. … канд. техн. наук : 05.13.19 / Жульков Евгений Владимирович ; Санкт-Петербург. гос. политехн. ун-т. – Санкт-Петербург, 2007. – 15 с. – Available at: http://elib.spbstu.ru/dl/1501.pdf/view – Title from the screen. – Accessed : 15.02.2018.
  3. Корпань, Я. В. Комплекс методів та засобів захисту інформації в комп’ютерних системах / Я. В. Корпань // Мир науки и инноваций. – 2015. – Т. 3. – С. 31–35.
  4. Марченко, А. К. Обнаружение атак в системах нейросетевыми средствами / А. А. Марченко, С. В. Матвиенко, Ф. Г. Нестерук // Науч.-техн. вестн. информационных технологий, механики и оптики. – 2007. – № 39. – С. 83–93.
  5. Пахомова, В. М. Можливості модернізації комп’ютерної мережі інформаційно-телекомунікаційної системи Придніпровської залізниці / В. М. Пахомова // Інформ.-керуючі системи на залізн. трансп. – 2015. – № 5. – С. 32–38.
  6. Пилюгина, К. Н. Применение нейронных сетей с целью обнаружения вторжений [Electronic resource] / К. Н. Пилюгина // Современные научные исследования и инновации. – 2016. – № 2. – Available at: http://web.snauka.ru/issues/2016/02/63248 – Title from the screen. – Accessed : 19.02.2018.
  7. Писаренко, И. Нейросетевые технологии в безопасности [Electronic resource] / И. Писаренко // Information Security. – 2009. – № 4. – Available at: http://www.itsec.ru/articles2/Oborandteh/neyrosetevye-tehnologii-v-biznese – Title from the screen. – Accessed : 19.02.2018.
  8. Постарнак, Д. В. Критический анализ моделей нейронных сетей / Д. В. Постарнак // Вестн. Тюмен. гос. ун-та. Физико-математ. науки. Информатика. – 2012. – № 4. – С. 162–167.
  9. Amini, M. Effective Intrusion Detection with a Neural Network Ensemble using Fuzzy Clustering and Stacking Combination Method / M. Amini, J. Rezaeenour, E. Hadavandi // Journal of Computing and Security. – 2015. – Vol. 1. – Iss. 4. – P. 293–305.
  10. Amini, M. A Neural Network Ensemble Classifier for Effective Intrusion Detection using Fuzzy Clustering and Radial Basis Function Networks / M. Amini, J. Rezaeenour, E. Hadavandi // Intern. Journal on Artificial Intelligence Tools. – 2016. – Vol. 25. – Iss. 02. – P. 1550033. doi: 10.1142/s0218213015500335
  11. A Survey of Artificial Immune System Based Intrusion Detection / Hua Yang, Tao Li, Xinlei Hu, Feng Wang, Yang Zou // The Scientific World Journal. – 2014. – Vol. 2014. – P. 1–11. doi: 10.1155/2014/156790
  12. Branitskiy, A. Network attack detection based on combination of neural, immune and neuro-fuzzy classifiers / A. Branitskiy, I. Kotenko // 2015 IEEE 18th Intern. Conf. on Computational Science and Engineering : Conf. Paper (21–23 Oct. 2015). – Porto, Portugal, 2015. – P. 152–159. doi: 10.1109/cse.2015.26
  13. Cannady, J. Artificial Neural Networks for Misuse Detection / J. Cannady // Proc. of the 21st National Information Systems Security Conference (October 5–8, 1998). – Arlington, Virginia, 1998. – P. 443–456.
  14. KDDCup1999Data [Electronic resource]. – Available at: http://kdd.ics.uci.edu/databases/kddcup99/kddcup99.html. – Title from the screen. – Accessed : 19.02.2018.
  15. Moradi, M. System for intrusion Detection and Classification of Attacks [Electronic resource] // Інформаційний портал університету Квінс. – 2013. – Available at: http://research.cs.queensu.ca/moradi/148-04-mm-mz.pdf – Title from the screen. – Accessed : 19.02.2018.
  16. Pakhomova, V. M. Network Traffic Forcasting in information-telecommunication System of Prydniprovsk Railways Based on Neuro-fuzzy Network / V. M. Pakhomova // Наука та прогрес транспорту. – 2016. – № 6 (66). – C. 105–114. doi: 10.15802/stp2016/90485




Creative Commons License
This work is licensed under a Creative Commons Attribution 4.0 International License.

 

ISSN 2307–3489 (Print)
ІSSN 2307–6666 (Online)