DOI: https://doi.org/10.15802/stp2020/218318

DETECTION OF ATTACKS ON A COMPUTER NETWORK BASED ON THE USE OF NEURAL NETWORKS COMPLEX

I. V. Zhukovyts'kyy, V. M. Pakhomova, D. O. Ostapets, O. I. Tsyhanok

Abstract


Purpose. The article is aimed at the development of a methodology for detecting attacks on a computer network. To achieve this goal the following tasks were solved: to develop a methodology for detecting attacks on a computer network based on an ensemble of neural networks using normalized data from the open KDD Cup 99 database; when performing machine training to identify the optimal parameters of the neural network which will provide a sufficiently high level of reliability of detection of intrusions into the computer network. Methodology. As an architectural solution of the attack detection module, a two-level network system is proposed, based on an ensemble of five neural networks of the multilayer perceptron type. The first neural network to determine the category of attack class (DoS, R2L, U2R, Probe) or the fact that there was no attack; other neural networks – to detect the type of attack, if any (each of these four neural networks corresponds to one class of attack and is able to identify types that belong only to this class). Findings. The created software model was used to study the parameters of the neural network configuration 41–1–132–5, which determines the category of the attack class on the computer network. It is determined that the optimal training speed is 0.001. The ADAM algorithm proved to be the best for optimization. The ReLU function is the most suitable activation function for the hidden layer, and the hyperbolic tangent function – for the output layer activation function. Accuracy in test and validation samples was 92.86 % and 91.03 %, respectively. Originality. The developed software model, which uses the Python 3.5 programming language, the integrated development environment PyCharm 2016.3 and the Tensorflow 1.2 framework, makes it possible to detect all types of attacks of DoS, U2R, R2L, Probe classes. Practical value. Graphical dependencies of accuracy of neural networks at various parameters are received: speed of training; activation function; optimization algorithm. The optimal parameters of neural networks have been determined, which will ensure a sufficiently high level of reliability of intrusion detection into a computer network.


Keywords


architectural solution; neural network; training speed; activation function; optimization algorithm

References


Branitskiy, A. A. (2018). Obnaruzhenie anomalnykh setevykh soedineniy na osnove gibridizatsii metodov vychislitelnogo intellekta (Extended abstract of PhD dissertation). St. Petersburg, Russia. (in Russian)

Zhulkov, Ye. V. (2007). Postroenie modulnykh neyronnykh setey dlya obnaruzheniya klassov setevykh atak (Extended abstract of PhD dissertation). St. Petersburg, Russia. (in Russian)

Pakhomova, V. M., & Konnov, M. S. (2020). Research of two approaches to detect network attacks using neural network technologies. Science and Transport Progress, 3(87), 81-93. DOI: https://doi.org/10.15802/stp2020/208233 (in Ukrainian)

Frolov, P. V., Chukhraev, I. V., & Grishanov, K. M. (2018). Application of artificial neural networks in intrusion detection systems. System administrator, 9(190). Retrieved from samag.ru/archve/article/3724 (in Russian)

Amini, M., Rezaeenour, J., & Hadavandi, E. (2016). A Neural Network Ensemble Classifier for Effective Intrusion Detection Using Fuzzy Clustering and Radial Basis Function Networks. International Journal on

Artificial Intelligence Tools, 25(02), 1-32. DOI: https://doi.org/10.1142/s0218213015500335 (in English)

Esteban, J. (2008). A New GHSOM Model applied to network security. Artificial Neural Networks-ICANN 2008 (pp. 680-689). (in English)

Grill, M., Pevný, T., & Rehak, M. (2017). Reducing false positives of network anomaly detection by local adaptive multivariate smoothing. Journal of Computer and System Sciences, 83(1), 43-57. DOI: https://doi.org/10.1016/j.jcss.2016.03.007 (in English)

Hadi, A. A. A. (2018). Performance Analysis of Big Data Intrusion Detection System over Random Forest Algorithm. International Journal of Applied Engineering Research, 13(2), 1520-1527 (in English)

KDD Cup 1999 Data. Retrieved from http://kdd.ics.uci.edu/databases/kddcup99/kddcup99.html (in English)

Saied, A., Overill, R. E., & Radzik, T. (2016). Detection of known and unknown DDoS attacks using Artificial Neural Networks. Neurocomputing, 172, 385-393. DOI: https://doi.org/10.1016/j.neucom.2015.04.101 (in English)

Sikos, L. F. (2018). AI in Cybersecurity. New York: Springer. (in English)

TensorFlow. Retrieved from http://www.tensorflow.org (in English)

Zhukovyts’kyy, I. V., & Pakhomova, V. M. (2018). Identifying threats in computer network based on multilayer neural network. Science and Transport Progress, 2(74), 114-123. DOI: https://doi.org/10.15802/stp2018/130797 (in English)

Data Breach Investigations Report. Retrieved from https://enterprise.verizon.com/resources/reports/DBIR_2018_Report.pdf (in English)


GOST Style Citations


  1. Браницкий А. А. Обнаружение аномальных сетевых соединений на основе гибридизации методов вычислительного интеллекта : автореф. дис. ... канд. техн. наук. Санкт-Петербург, 2018. 18 с.
  2. Жульков Е. В. Построение модульных нейронных сетей для обнаружения классов сетевых атак : автореф. дис. ... канд. техн. наук. Санкт-Петербург, 2007. 16 с.
  3. Пахомова В. М., Коннов М. С. Дослідження двох підходів до виявлення мережних атак із використанням нейромережної технології. Наука та прогрес транспорту. 2020. № 3 (87). С. 81–93. DOI: https://doi.org/10.15802/stp2020/208233
  4. Фролов П. В., Чухраев И. В., Гришанов К. М. Применение искусственных нейронных сетей в системах обнаружения вторжений. Системный администратор. 2018. № 9 (190). URL: http://samag.ru/archive/article/3724 (дата звернення: 04.09.2020).
  5. Amini M., Rezaeenour J., Hadavandi E. A Neural Network Ensemble Classifier for Effective Intrusion Detection using Fuzzy Clustering and Radial Basis Function Networks. International Journal on Artificial Intelligence Tools. 2016. Vol. 25. Iss. 02. P. 1–32. DOI: https://doi.org/10.1142/s0218213015500335
  6. Esteban J. A New GHSOM Model applied to network security. Artificial Neural Networks-ICANN 2008. 2008. P. 680–689.
  7. Grill M., Pevný T., Rehak M. Reducing false positives of network anomaly detection by local adaptive multivariate smoothing. Journal of Computer and System Sciences. 2017. Vol. 83. Iss. 1. P. 43–57. DOI: https://doi.org/10.1016/j.jcss.2016.03.007
  8. Hadi, A. A. A. Performance Analysis of Big Data Intrusion Detection System over Random ForestAlgorithm. International Journal of Applied Engineering Research. 2018. Vol. 13, No. 2. P. 1520–1527.
  9. KDD Cup 1999 Data. URL: http://kdd.ics.uci.edu/databases/kddcup99/kddcup99.html (дата звернення: 04.09.2020).
  10. Saied A., Overill R. E., Radzik T. Detection of known and unknown DDoS attacks using Artificial Neural Networks. Neurocomputing. 2016. Vol. 172. P. 385–393. DOI: https://doi.org/10.1016/j.neucom.2015.04.101
  11. Sikos L. F. AI in Cybersecurity.New York : Springer, 2018. 205 p.
  12. TensorFlow. URL: http://www.tensorflow.org (дата звернення: 04.09.2020).
  13. Zhukovyts’kyy I. V., Pakhomova V. M. Identifying threats in computer network based on multilayer neural network. Наука та прогрес транспорту. 2018. № 2 (74). P. 114–123. DOI: https://doi.org/10.15802/stp2018/130797
  14. 2018 Data Breach Investigations Report. URL: https://enterprise.verizon.com/resources/reports/DBIR_2018_Report.pdf (дата звернення: 04.09.2020).




Creative Commons License
This work is licensed under a Creative Commons Attribution 4.0 International License.

 

ISSN 2307–3489 (Print)
ІSSN 2307–6666 (Online)