Network Anomalies Detection Approach Based on Weighted Voting

Network Anomalies Detection Approach Based on Weighted Voting

Sergey Sakulin (Bauman Moscow State Technical University, Russia), Alexander Alfimtsev (Bauman Moscow State Technical University, Russia), Konstantin Kvitchenko (Moscow Credit Bank, Russia), Leonid Dobkacz (Bauman Moscow State Technical University, Russia), Yuri Kalgin (Bauman Moscow State Technical University, Russia) and Igor Lychkov (Bauman Moscow State Technical University, Russia)
Copyright: © 2022 |Pages: 17
DOI: 10.4018/IJISP.2022010105
OnDemand PDF Download:
Available
$37.50
No Current Special Offers
TOTAL SAVINGS: $37.50

Abstract

To avoid information systems malfunction, their integrity disruption, availability violation as well as data confidentiality, it is necessary to detect anomalies in information system operation as quickly as possible. The anomalies are usually caused by malicious activity – information systems attacks. However, the current approaches to detect anomalies in information systems functioning have never been perfect. In particular, statistical and signature-based techniques do not allow detection of anomalies based on modifications of well-known attacks, dynamic approaches based on machine learning techniques result in false responses and frequent anomaly miss-outs. Therefore, various hybrid solutions are being frequently offered on the basis of those two approaches. The paper suggests a hybrid approach to detect anomalies by combining computationally efficient classifiers of machine learning with accuracy increase due to weighted voting. Pilot evaluation of the developed approach proved its feasibility for anomaly detection systems.
Article Preview
Top

1. Introduction

It is highly important to quickly detect anomalies in complex computer networks, the ones that can be caused by malicious attacks. Such attacks can result in network inability to function properly, data loss or misrepresentation or even its leak. For early detection of anomalies special software systems are used to detect and classify them. Similar systems are built on the basis of the traditional signature-based techniques to detect anomalies (Afek et al., 2019; AlYousef & Abdelmajeed, 2019), as well as machine learning techniques (Sultana et al., 2019; Yu et al., 2017). Signature-based techniques do not allow detection of anomalies caused by attacks that are some modifications of well-known attacks (Chakravarty et al., 2019), and approaches based on machine learning can result in false responses and anomaly miss-outs (Gao et al., 2019; Umer et al., 2017).

Many specialists have been working to overcome these drawbacks (Xu et al., 2018; Raman et al., 2017; Le et al., 2017). In particular, the signatures are used as a training set to train classifiers (Hoang & Nguyen, 2019). There are hybrid approaches based on ensembles of classifiers (Khraisat et al., 2019; Zhang et al., 2018). The existing approaches however do not allow detection of anomalies that are relevant to new or formally known modified attacks with high accuracy and low number of false positive responses at the same time.

In these conditions the search for more reliable approaches to detect anomalies has become urgent. The paper offers a hybrid approach to detect anomalies by signature analysis and weighted voting of classifiers that are built on the basis of machine learning. The classifiers were chosen to be logistic regression, stochastic gradient descent and decision tree. Such a choice is explained by relatively low computational complexity of algorithms, because the anomaly detection system is designed to operate in real time. The experiments carried out proved that the suggested approach features high accuracy of detection of well-known and new anomalies as well as high repetitiveness.

Further, the paper is organized as follows: section 2 considers some studies about anomaly detection where we will choose suitable components to implement the combined approach as well as view various datasets and choose a suitable to investigate the suggested approach; section 3 describes the suggested approach; section 4 fully considers the experiment carried out and draws the conclusion about the effectiveness of the suggested approach and the potential of the research in this field.

Complete Article List

Search this Journal:
Reset
Open Access Articles
Volume 16: 4 Issues (2022): 1 Released, 3 Forthcoming
Volume 15: 4 Issues (2021)
Volume 14: 4 Issues (2020)
Volume 13: 4 Issues (2019)
Volume 12: 4 Issues (2018)
Volume 11: 4 Issues (2017)
Volume 10: 4 Issues (2016)
Volume 9: 4 Issues (2015)
Volume 8: 4 Issues (2014)
Volume 7: 4 Issues (2013)
Volume 6: 4 Issues (2012)
Volume 5: 4 Issues (2011)
Volume 4: 4 Issues (2010)
Volume 3: 4 Issues (2009)
Volume 2: 4 Issues (2008)
Volume 1: 4 Issues (2007)
View Complete Journal Contents Listing