A Technique for Creating and Training an Artificial Neural Network to Detect Network Traffic Anomalies

Abstract

The article presents a technique for creating and training an artificial neural network to recognize network traffic anomalies using relatively small samples of collected data to generate training data. Various data sources for machine learning and approaches to network traffic analysis are considered. There are data format and the method of generating them from the collected network traffic is described, as well as the steps of the methodology in detail. Using the technique, an artificial neural network was created and trained for the task of recognizing anomalies in the network traffic of the ICMP protocol. The results of testing and comparing various artificial neural network configurations and learning conditions for a given task are presented. The artificial neural network trained according to the method was tested on real network traffic. The presented technique can be applied without requiring changes to detect anomalies of various network protocols and network traffic using a suitable parameterizer and data markup.