DETECTION OF ATTACKS OF THE U2R CATEGORY BY MEANS OF THE SOM ON DATABASE NSL-KDD
DOI:
https://doi.org/10.34185/1562-9945-5-142-2022-03Keywords:
category; class; NSL-KDD; SOM; Python; error; epoch; F-measureAbstract
Creating an effective system for detecting network attacks requires the use of qualitatively new approaches to information processing, which should be based on adaptive algorithms capable of self-learning. The mathematical apparatus of the Kohonen self-organizing map (SOM) was used as a research method. Python language with a wide range of modern standard tools was used as a software implementation of the Kohonen SOM addition, this section compiles the Python software model «SOM_U2R» using a Kohonen SOM. Created «SOM_U2R» software model on database NSL-KDD an error research was performed for different number of epochs with different map sizes. On the «SOM_U2R» model the re-search of parameters of quality of detection of attacks is carried out. It is determined that on the «SOM_U2R» created software model the error of the second kind of detection of network classes of attacks Buffer_overflow and Rootkit is 6 %, and for the class Loadmodule reached 16 %. In addition, a survey of the F-measure was conducted for a different number of epochs of learning the Kohonen SOM. It is determined that for all network attack classes (except Buffer_overflow) the F-measure increases, reaching its maximum value at 50 epochs.
References
Branitskiy, A.A. (2018). Obnaruzhenie anomalnykh setevykh soedineniy na osnove gibridizatsii metodov vychislitelnogo intellekta (Extended abstract of PhD dissertation). St. Petersburg, Russia. (in Russian)
Pakhomova, V.M., & Pavlenko, I.I. (2022). Research of parameters of quality of definition of network attacks of the PROBE category with use of the self organizing map. SworldJournal, 11-1, 100-104. DOI: 10.30888/2663-5712.2022-11-01-022 (in Ukrainian)
Pakhomova, V. M., & Konnov, M. S. (2020). Research of two approaches to detect network attacks using neural network technologies. Science and Transport Progress, 3(87), 81-93. DOI: https://doi.org/10.15802/stp2020/208233 (in Ukrainian)
Amini, M., Rezaeenour, J., & Hadavandi, E. (2016). A Neural Network Ensemble Classifier for Effective Intrusion Detection Using Fuzzy Clustering and Radial Basis Function Networks. International Journal on Artificial Intelligence Tools, 25(02), 1-32. DOI: https://doi.org/10.1142/s0218213015500335 (in English)
Gunes, K., Zincir-Heywood, A., & Malcolm, I. H. (2007). A hierarchical SOM-based intrusion detection system. Engineering Applications of Artificial Intelligence, 439-451.
Kruti, C., Bhavin, S., & Ompriya, K. (2015). Improving user-to-root and remote-to-local attacks usinggrowing hierarchical self organizing map. International journal of engineering sciences and research technology, 4(6),
URL: http://paper.researchbib.com/view/paper/45808 (in English)
NSL-KDD dataset. URL: https://www.unb.ca/cic/datasets/nsl.html (in English)
Ortiz, A. (2011). Improving Network Intrusion Detection with Growing Hierar-chical Self-Organizing Maps. University of De La Plata Argentin. URL: https://www.semanticscholar.org/paper/Improving-Network-Intrusion-Detection-with-Growing-Ortiz-Ortega/f3fbcf7dfd84d9f2f2ace73580c32eb7c469b6e7 (in Eng-lish)
Ring, М., Wunderlich, S., Scheuring, D., Landes, D., & Hotho, A. (2019). A Survey of Network-based Intrusion Detection Data Sets. Komp’yuter and bezopasnost. DOI:
1016 / j.cose.2019.06.005 (in English)
Zhukovyts’kyy, I. V., & Pakhomova, V. M. (2018). Identifying threats in comput-er network based on multilayer neural network. Science and Transport Progress, 2(74), 114-123. DOI: https://doi.org/10.15802/stp2018/130797 (in English)
Zhukovyts’kyy, I.V., Pakhomova, V.M., Ostapets, D.O., & Tsyhanok, O. I. (2020). Detection of attacks on a computer network based on the use of neural net-work complex. Science and Transport Progress, 5(89), 68-79. URL:
https://doi.org/10.15802/stp2020/218318 (in English)
