Detection of network intelligence features with the decision tree model
O b j e c t i v e s . Early detection of network intelligence allows to reduce the risks of information security of organizations. The study was carried out to develop software module for detecting the features of network intelligence by machine learning methods.M e t h o d s . Analysis of open dat...
Saved in:
Main Authors: | , |
---|---|
Format: | Article |
Language: | Russian |
Published: |
National Academy of Sciences of Belarus, the United Institute of Informatics Problems
2022-03-01
|
Series: | Informatika |
Subjects: | |
Online Access: | https://inf.grid.by/jour/article/view/1164 |
Tags: |
Add Tag
No Tags, Be the first to tag this record!
|
_version_ | 1832543429351964672 |
---|---|
author | N. P. Sharaev S. N. Petrov |
author_facet | N. P. Sharaev S. N. Petrov |
author_sort | N. P. Sharaev |
collection | DOAJ |
description | O b j e c t i v e s . Early detection of network intelligence allows to reduce the risks of information security of organizations. The study was carried out to develop software module for detecting the features of network intelligence by machine learning methods.M e t h o d s . Analysis of open datasets of appropriate destination; formation of metrics characteristic of network intelligence; development of a dataset based on certain metrics; study of the effectiveness of machine learning methods for classification task.R e s u l t s . The topology was designed and a test segment was created in the corporate network of RUE "Beltelecom" to create a dataset. A monitoring tool has been developed for detecting and analyzing the events, the results of which were used as the basis for a new dataset.The implementation of the decision tree method in the form of program code allowed to increase the speed of the module by about 2 times (0,147 ms). Practical tests of the developed module have shown the alarm on all types of network scanning using Nmap and Masscan utilities.Co n c l u s i o n. The analysis of the dataset by principal component method showed the presence of a border area between the events of legal traffic and network intelligence traffic, which had a positive effect on the training of the model. The most promising machine learning methods have been studied and tested using various hyperparameters. The best results were shown by the decision tree method with the parameters criterion = gini and splitter = random and speed as 0,333 ms. |
format | Article |
id | doaj-art-79256c2441874f2f8327ac2e5b291293 |
institution | Kabale University |
issn | 1816-0301 |
language | Russian |
publishDate | 2022-03-01 |
publisher | National Academy of Sciences of Belarus, the United Institute of Informatics Problems |
record_format | Article |
series | Informatika |
spelling | doaj-art-79256c2441874f2f8327ac2e5b2912932025-02-03T11:40:30ZrusNational Academy of Sciences of Belarus, the United Institute of Informatics ProblemsInformatika1816-03012022-03-01191193110.37661/1816-0301-2022-19-1-19-31992Detection of network intelligence features with the decision tree modelN. P. Sharaev0S. N. Petrov1Belarusian State University of Informatics and RadioelectronicsBelarusian State University of Informatics and RadioelectronicsO b j e c t i v e s . Early detection of network intelligence allows to reduce the risks of information security of organizations. The study was carried out to develop software module for detecting the features of network intelligence by machine learning methods.M e t h o d s . Analysis of open datasets of appropriate destination; formation of metrics characteristic of network intelligence; development of a dataset based on certain metrics; study of the effectiveness of machine learning methods for classification task.R e s u l t s . The topology was designed and a test segment was created in the corporate network of RUE "Beltelecom" to create a dataset. A monitoring tool has been developed for detecting and analyzing the events, the results of which were used as the basis for a new dataset.The implementation of the decision tree method in the form of program code allowed to increase the speed of the module by about 2 times (0,147 ms). Practical tests of the developed module have shown the alarm on all types of network scanning using Nmap and Masscan utilities.Co n c l u s i o n. The analysis of the dataset by principal component method showed the presence of a border area between the events of legal traffic and network intelligence traffic, which had a positive effect on the training of the model. The most promising machine learning methods have been studied and tested using various hyperparameters. The best results were shown by the decision tree method with the parameters criterion = gini and splitter = random and speed as 0,333 ms.https://inf.grid.by/jour/article/view/1164network intelligencenetwork traffic anomaliesmachine learningintelligence feature metricsdatasets |
spellingShingle | N. P. Sharaev S. N. Petrov Detection of network intelligence features with the decision tree model Informatika network intelligence network traffic anomalies machine learning intelligence feature metrics datasets |
title | Detection of network intelligence features with the decision tree model |
title_full | Detection of network intelligence features with the decision tree model |
title_fullStr | Detection of network intelligence features with the decision tree model |
title_full_unstemmed | Detection of network intelligence features with the decision tree model |
title_short | Detection of network intelligence features with the decision tree model |
title_sort | detection of network intelligence features with the decision tree model |
topic | network intelligence network traffic anomalies machine learning intelligence feature metrics datasets |
url | https://inf.grid.by/jour/article/view/1164 |
work_keys_str_mv | AT npsharaev detectionofnetworkintelligencefeatureswiththedecisiontreemodel AT snpetrov detectionofnetworkintelligencefeatureswiththedecisiontreemodel |