• A
  • A
  • A
  • ABC
  • ABC
  • ABC
  • А
  • А
  • А
  • А
  • А
Regular version of the site
For visually-impairedUser profile (HSE staff only)SearchMenu

Development of an intelligent system for monitoring intrusions into information resources in web space

Priority areas of development: IT and mathematics
2019

Goal of research

Development of creation of a pilot version of the system for monitoring attacks on information resources in the web space, which uses intelligent technologies to solve monitoring problems.

Methodology

For detection and classification of computer attacks neural network methods are used, in particular fully connected neural networks, convolutional neural networks, etc. For the implementation of the monitoring system microservice-based architecture is used based on Docker, Zabbix, Kibana, Elasticsearch tools.

Empirical base of research

UNSW NB-15 and CICIDS datasets are used.

Results of research:

  • theoretical analysis of the application of intelligent methods for monitoring computer attacks in the web space, systematization of computer attacks features and characteristics of protected objects;

  • extensive analysis and review of existing publicly available computer attack datasets containing current computer attack scenario;

  • algorithms for detection and classification of computer attacks on information resources using intelligent machine learning methods are developed. Classification algorithms based on convolutional neural networks and "random forest" algorithm are proposed and tested;

  • an approach to balancing the training set is proposed, which allows to improve the quality of the classification algorithm on classes with a small number of examples. As a result, the classification quality (F-measure) is increased from 0.970 to 0.998, and the accuracy of attack recognition for classes with a small number of examples is increased (different level for each of the 6 small classes);

  • monitoring system infrastructure is developed which collects, stores and processes information about computer attacks and protected objects;

  • a pilot version of the computer attack detection system is developed and tested on current computer attack scenarios;

  • 2 articles are published on scientific conferences;

  • 1 Phd student internship is performed (HSE internship program).

Level of implementation, recommendations on implementation or outcomes of the implementation of the results

The degree of implementation is small, improvements are needed in terms of the interface and integration with existing systems for detecting computer attacks.

Publications:


AvdoshinS.M., Lazarenko A., Chichileva N., Naumov P., Klyucharev P. Machine Learning Use Cases in Cybersecurity // Труды Института системного программирования РАН. 2019. Vol. 31. No. 5. P. 191-202. doi
Pantiukhin D., Voronkov I. M., Nazarov A. Intelligent methods for intrusion detection in local area networks, in: Actual Problems of System and Software Engineering. Proceedings of the 6th International Conference Actual Problems of System and Software Engineering. Moscow, Russia, 12-14 November, 2019.: CEUR Workshop Proceedings, 2019. С. 138-149.