Detection of network intelligence features with the decision tree model

O b j e c t i v e s .  Early detection of network intelligence allows to reduce the risks of information security of organizations. The study was carried out to develop software module for detecting the features of network intelligence by machine learning methods.M e t h o d s . Analysis of open dat...

Full description

Saved in:
Bibliographic Details
Main Authors: N. P. Sharaev, S. N. Petrov
Format: Article
Language:Russian
Published: National Academy of Sciences of Belarus, the United Institute of Informatics Problems 2022-03-01
Series:Informatika
Subjects:
Online Access:https://inf.grid.by/jour/article/view/1164
Tags: Add Tag
No Tags, Be the first to tag this record!
_version_ 1832543429351964672
author N. P. Sharaev
S. N. Petrov
author_facet N. P. Sharaev
S. N. Petrov
author_sort N. P. Sharaev
collection DOAJ
description O b j e c t i v e s .  Early detection of network intelligence allows to reduce the risks of information security of organizations. The study was carried out to develop software module for detecting the features of network intelligence by machine learning methods.M e t h o d s . Analysis of open datasets of appropriate destination; formation of metrics characteristic of network intelligence; development of a dataset based on certain metrics; study of the effectiveness of machine learning methods for classification task.R e s u l t s .  The  topology was  designed and  a  test  segment  was  created  in  the  corporate  network of RUE "Beltelecom" to create a dataset. A monitoring tool has been developed for detecting and analyzing the events, the results of which were used as the basis for a new dataset.The implementation of the decision tree method in the form of program code allowed to increase the speed of the module by about 2 times (0,147 ms). Practical tests of the developed module have shown the alarm on all types of network scanning using Nmap and Masscan utilities.Co n c l u s i o n. The analysis of the dataset by principal component method showed the presence of a border area between  the  events  of  legal  traffic  and  network  intelligence  traffic,  which  had  a  positive  effect  on  the training of the model. The most promising machine learning methods have been studied and tested using various hyperparameters. The best results were shown by the decision tree method with the parameters criterion = gini and splitter = random and speed as 0,333 ms.
format Article
id doaj-art-79256c2441874f2f8327ac2e5b291293
institution Kabale University
issn 1816-0301
language Russian
publishDate 2022-03-01
publisher National Academy of Sciences of Belarus, the United Institute of Informatics Problems
record_format Article
series Informatika
spelling doaj-art-79256c2441874f2f8327ac2e5b2912932025-02-03T11:40:30ZrusNational Academy of Sciences of Belarus, the United Institute of Informatics ProblemsInformatika1816-03012022-03-01191193110.37661/1816-0301-2022-19-1-19-31992Detection of network intelligence features with the decision tree modelN. P. Sharaev0S. N. Petrov1Belarusian State University of Informatics and RadioelectronicsBelarusian State University of Informatics and RadioelectronicsO b j e c t i v e s .  Early detection of network intelligence allows to reduce the risks of information security of organizations. The study was carried out to develop software module for detecting the features of network intelligence by machine learning methods.M e t h o d s . Analysis of open datasets of appropriate destination; formation of metrics characteristic of network intelligence; development of a dataset based on certain metrics; study of the effectiveness of machine learning methods for classification task.R e s u l t s .  The  topology was  designed and  a  test  segment  was  created  in  the  corporate  network of RUE "Beltelecom" to create a dataset. A monitoring tool has been developed for detecting and analyzing the events, the results of which were used as the basis for a new dataset.The implementation of the decision tree method in the form of program code allowed to increase the speed of the module by about 2 times (0,147 ms). Practical tests of the developed module have shown the alarm on all types of network scanning using Nmap and Masscan utilities.Co n c l u s i o n. The analysis of the dataset by principal component method showed the presence of a border area between  the  events  of  legal  traffic  and  network  intelligence  traffic,  which  had  a  positive  effect  on  the training of the model. The most promising machine learning methods have been studied and tested using various hyperparameters. The best results were shown by the decision tree method with the parameters criterion = gini and splitter = random and speed as 0,333 ms.https://inf.grid.by/jour/article/view/1164network intelligencenetwork traffic anomaliesmachine learningintelligence feature metricsdatasets
spellingShingle N. P. Sharaev
S. N. Petrov
Detection of network intelligence features with the decision tree model
Informatika
network intelligence
network traffic anomalies
machine learning
intelligence feature metrics
datasets
title Detection of network intelligence features with the decision tree model
title_full Detection of network intelligence features with the decision tree model
title_fullStr Detection of network intelligence features with the decision tree model
title_full_unstemmed Detection of network intelligence features with the decision tree model
title_short Detection of network intelligence features with the decision tree model
title_sort detection of network intelligence features with the decision tree model
topic network intelligence
network traffic anomalies
machine learning
intelligence feature metrics
datasets
url https://inf.grid.by/jour/article/view/1164
work_keys_str_mv AT npsharaev detectionofnetworkintelligencefeatureswiththedecisiontreemodel
AT snpetrov detectionofnetworkintelligencefeatureswiththedecisiontreemodel