Journal
Scientific and Technical Journal of Information Technologies, Mechanics and Optics
UDK
Issue:2 (132)
Download PDF0 Kbyte
Applying bagging in finding network traffic anomalies
Annotation
The authors consider approaches to solving the problem of identifying anomalous situations in information and telecommunication systems, based on artificial intelligence methods that analyze the statistical information on traffic packets in various modes and states. We propose a method for detecting an anomalous situation based on the obtained tuples of values of network traffic packets by applying bagging classifying algorithms of machine learning. The network traffic is treated as a set of tuples of packet parameters, distributed over sample time. In contrast to the existing ones, the method does not require special data preparation; the errors in the classification of tuples of package values by individual classification algorithms are averaged by “collective” voting of the classifying algorithms. The given solution to the increase of the accuracy index makes it possible to use the classifying algorithms optimized for different types of events and anomalies, trained on various training samples in the form of tuples of network packet parameters. The difference between the algorithms is achieved by introducing an imbalance to the training sets. We describe an experiment conducted by using Naïve Bayes, Hoeffding Tree, J48, Random Forest, Random Tree and REP Tree classification algorithms of machine learning. The evaluation was performed on the open NSL-KDD dataset while searching for parasitic traffic. The paper presents the results of evaluation for each classifier individually and with bagging classifying algorithms. The method can be used in information security monitoring systems to analyze network traffic. The peculiarity of the proposed solution is the possibility of scaling and combining it by adding new classifying algorithms of machine learning. In the future, in the course of operation, it is possible to make changes in the composition of the classifying algorithms, which will improve the accuracy of the identification of potential destructive impact.
Keywords
Постоянный URL
Articles in current issue
- Designing a side-emitting lens usingthe composing method
- Laser multiparameter method for incoming inspection of the mounting elements used in the volume of sealed neodymium laser emitters
- Adaptive anti-thermal imaging protection for moving objects
- The parametric convergence performance improvement in the direct adaptive multi-sinusoidal disturbance compensation problem
- The modal sensitivity, robustness and roughness of dynamic systems(review article)
- Numerical simulation of functional characteristics of solar elements InGaAsN/Si
- Solgel synthesis of Gd2O3:Nd3+ nanopowders and the study of their luminescent properties
- Detection of a small target object in blurry images affected by affine distortions
- An information system for spatial visualization of prognostic and retrospective data on the probability of observing auroras
- Applying bagging in finding network traffic anomalies
- An analysis of the ways to reduce the vulnerability of networks based on the sequential removal of key elements
- The robust distributed ledger model for a multidimensional blockchain security analysis
- Building knowledge graphs of regulatory documentation based on semantic modeling and automatic term extraction
- Influence of the temperature factor on the deformation properties of polymer filaments and films
- A one-step optimization method for a compressor wheel of a microturbine engine
- The influence of viscosity and turbulence on the supersonic flow compression and expansion corner
- Modeling the relationship between the hardness and wear resistance of materials during their comparative testing by the “block-on-ring” method
- Application of a short-pulse ultra-wideband probing signal for estimating reflective characteristics