DOI: https://doi.org/10.15802/stp2020/208233

RESEARCH OF TWO APPROACHES TO DETECT NETWORK ATTACKS USING NEURAL NETWORK TECHNOLOGIES

V. M. Pakhomova, M. S. Konnov

Abstract


Purpose. At the present stage, network attack detection systems based on the following neural networks are most often offered: multilayer perceptron, Kohonen network or self-organizing map and their combinations. The efficiency problem of two approaches to detect attacks on a computer network using neural network technology based on the normalized data of the open NSL-KDD database is considered. Methodology. As an architectural solution to the network attack detection system, it is proposed to consider the following approaches: based on one neural network determining the attack class (first approach) and an ensemble of five neural networks (second approach), which at the first stage determines the attack category (DoS, Probe, U2R , R2L), and in the second stage, the attack class belonging to a certain category. Findings. Based on the neural networks created in the MatLAB program, a study was conducted of their error on the length of the training sample using various training algorithms: Levenberg-Marquardt; Bayesian Regularization; Scaled Conjugate Gradient with different numbers of hidden neurons (minimum, average and maximum). Certain optimal parameters of neural networks with two approaches were determined. Originality. In the course of conducting experiments with various approaches, the results obtained were: TP (True Positive); FP (False Positive); FN (False Negative); TN (True Negative), based on which the following indicators were calculated for assessing the quality of solutions: correct determination of network attacks; false positives; reliability; accuracy and completeness, which prove the feasibility of using an ensemble of neural networks (second approach). Practical value. On the created neural networks with various approaches, studies were conducted: the operating time of neural networks; errors of the first kind; errors of the second kind. According to the results of the first study, the average operating time of an ensemble of neural networks is 0.92 s, and the operating time of a neural network (according to the first approach) is 2.21 s. According to the results of the second study, the error of the first kind using an ensemble of neural networks is 2.17%, and using the neural network (the first approach) – 7.39%. According to the results of the third study, the error of the second kind using an ensemble of neural networks is 3.91%, and using the neural network (the first approach) – 6.96%, which is confirmed by the efficiency of using an ensemble of neural networks (second approach).


Keywords


attack; ensemble; neural network; error of the first kind; error of the second kind; reliability; accuracy; completeness

References


Krjzijzanovsky, A. V. (2008). Application of artificial neural networks in systems of attacks detection. Doklady TUSUR, 2(18), 104-105. (in Russian)

Mustafaev, A. G. (2016) Neyrosetevaya sistema obnaruzheniya kompyuternykh atak na osnove analiza setevogo trafika. Voprosy bezopasnosti,2, 1-7. DOI: https://doi.org/10.7256/2409-7543.2016.2.18834 (in Russian)

Tarasov, Ya. V. (2014). Metod opredelennya nizkointensivnykh DDOS atak na osnove gibridnoy neyronnoy seti. Izvestiya sfedu. Engineering sciences, 8, 47-58. (in Russian)

A Deeper Dive into the NSL-KDD Data Set. Retrieved from https://towardsdatascience.com/a-deeper-dive-into-the-nsl-kdd-data-set-15c753364657

Chaivat, J., Naruemon, W., & Prasert, K. (2002). Hybrid Neural Networks for Intrusion Detection System. Retrieved from https://www.researchgate.net/publication/266608342 (in English)

CIC DATASET FORM for «NSL-KDD». Retrieved from http://205.174.165.80/CICDataset/NSL-KDD/Dataset/ (in English)

Grill, M., Pevný, T., & Rehak, M. (2017). Reducing false positives of network anomaly detection by local adaptive multivariate smoothing. Journal of Computer and System Sciences, 83(1), 43-57. DOI: https://doi.org/10.1016/j.jcss.2016.03.007 (in English)

Gunes, K. H., Nur, Z.-H. A., & Heywood, M. I. (2007). A hierarchical SOM-based intrusion detection system. Engineering Applications of Artificial Intelligence, 83(1), 439-451. (in English)

Kruti, C., Bhavin, S., & Ompriya, K. (2015). Improving user-to-root and remote-to-local attacks using growing hierarchical self organizing map. International Journal of Engineering Sciences & Research Technology, 4(6), 611-618. (in English)

NSL-KDD dataset. Canadian Institute for Cybersecurity. Retrieved from https://www.unb.ca/cic/datasets/nsl.html (in English)

Ortiz, A. (2011). Improving Network Intrusion Detection with Growing Hierarchical Self-Organizing Maps. Retrieved from https://pdfs.semanticscholar.org/f3fb/cf7dfd84d9f2f2ace73580c32eb7c469b6e7.pdf(in English)

Palomo, E. J., Domínguez, E., Luque, R. M., & Muñoz, J. (2008). A new GHSOM Model applied to network security (pp. 680-689). Springer Berlin Heidelberg. DOI: https://doi.org/10.1007/978-3-540-87536-9_70 (in English)

Ring, M., Wunderlich, S., Scheuring, D., Landes, D., & Hotho, A. (2019). A survey of network-based intrusion detection data sets. Computers & Security, 86, 147-167. DOI: https://doi.org/10.1016/j.cose.2019.06.005 (in English)

Saied, A., Overill, R. E., & Radzik, T. (2016). Detection of known and unknown DDoS attacks using Artificial Neural Networks. Neurocomputing, 172, 385-393. DOI: https://doi.org/10.1016/j.neucom.2015.04.101(in English)

Zhukovyts’kyy, I. V., & Pakhomova, V. M. (2018). Identifying threats in computer network based on multilayer neural network. Science and Transport Progress, 2(74), 114-123. DOI: https://doi.org/10.15802/stp2018/130797 (in English)


GOST Style Citations


  1. Крыжановский А. В. Применение искусственных нейронных сетей в системах обнаружения атак. Доклады ТУСУР. 2008. № 2 (18). Ч. 1. С. 104–105.
  2. Мустафаев А. Г. Нейросетевая система обнаружения компьютерных атак на основе анализа сетевого трафика. Вопросы безопасности. 2016. № 2. С. 1–7. DOI: https://doi.org/10.7256.2409-7543.2016.2.18834
  3. Тарасов Я. В. Метод определення низкоинтенсивных DDOS-атак на основе гибридной нейронной сети. Известия ЮФУ : Технические науки. 2014. № 8. С. 47–48.
  4. A Deeper Dive into the NSL-KDD Data Set. URL: https://towardsdatascience.com/a-deeper-dive-into-the-nsl-kdd-data-set-15c753364657 (дата звернення: 14.05.2020).
  5. Chaivat J., Naruemon W., Prasert K. Hybrid Neural Networks for Intrusion Detection System. 2002. URL: https://www.researchgate.net/publication/266608342 (дата звернення: 14.05.2020).
  6. CIC DATASET FORM for «NSL-KDD». URL: http://205.174.165.80/CICDataset/NSL-KDD/Dataset/ (дата звернення: 14.05.2020).
  7. Grill M., Pevný T., Rehak M. Reducing false positives of network anomaly detection by local adaptive multivariate smoothing. Journal of Computer and System Sciences. 2017. Vol. 83. Iss. 1. P. 43–57. DOI: https://doi.org/10.1016/j.jcss.2016.03.007
  8. Gunes K. H., Nur Z.-H. A., Heywood M. I. A hierarchical SOM-based intrusion detection system. Engineering Applications of Artificial Intelligence. 2007. Vol. 20. Iss. 4. P. 439–451. DOI: https://doi.org/10.1016/j.engappai.2006.09.005
  9. Kruti C., Bhavin S., Ompriya K. Improving user-to-root and remote-to-local attacks using growing hierarchical self organizing map. International Journal of Engineering Sciences & Research Technology. 2015. Vol. 4, № 6. P. 611–618
  10. NSL-KDD dataset. Canadian Institute for Cybersecurity. URL: https://www.unb.ca/cic/datasets/nsl.html (дата звернення: 14.05.2020).
  11. Ortiz A. Improving Network Intrusion Detection with Growing Hierarchical Self-Organizing Maps. 2011. URL: https://pdfs.semanticscholar.org/f3fb/cf7dfd84d9f2f2ace73580c32eb7c469b6e7.pdf
  12. Palomo E. J., Domínguez E., Luque R. M., Muñoz J. A new GHSOM Model applied to network security. Springer, Berlin, Heidelberg, 2008. P. 680–689. DOI: https://doi.org/10.1007/978-3-540-87536-9_70
  13. Ring М., Wunderlich S., Scheuring D., Landes D., Hotho A. A Survey of Network-based Intrusion Detection Data Sets. Computers & Security. 2019. Vol. 86. P. 147–167. DOI: https://doi.org/10.1016/j.cose.2019.06.005 
  14. Saied A., Overill R. E., Radzik T. Detection of known and unknown DDoS attacks using Artificial Neural Networks. Neurocomputing. 2016. Vol. 172. P. 385–393. DOI: https://doi.org/10.1016/j.neucom.2015.04.101
  15. Zhukovyts’kyy I. V., Pakhomova V. M. Identifying threats in computer network based on multilayer neural network. Наука та прогрес транспорту. 2018. № 2 (74). С. 114–123. DOI: https://doi.org/10.15802/stp2018/130797




Creative Commons License
This work is licensed under a Creative Commons Attribution 4.0 International License.

 

ISSN 2307–3489 (Print)
ІSSN 2307–6666 (Online)