I. Zhukovytskyy, V. Pakhomova, D. O. Ostapets, O. Tsyhanok
{"title":"检测计算机网络上的攻击基于复杂的神经网络","authors":"I. Zhukovytskyy, V. Pakhomova, D. O. Ostapets, O. Tsyhanok","doi":"10.15802/stp2020/218318","DOIUrl":null,"url":null,"abstract":"Purpose. The article is aimed at the development of a methodology for detecting attacks on a computer network. To achieve this goal the following tasks were solved: to develop a methodology for detecting attacks on a computer network based on an ensemble of neural networks using normalized data from the open KDD Cup 99 database; when performing machine training to identify the optimal parameters of the neural network which will provide a sufficiently high level of reliability of detection of intrusions into the computer network. Methodology. As an architectural solution of the attack detection module, a two-level network system is proposed, based on an ensemble of five neural networks of the multilayer perceptron type. The first neural network to determine the category of attack class (DoS, R2L, U2R, Probe) or the fact that there was no attack; other neural networks – to detect the type of attack, if any (each of these four neural networks corresponds to one class of attack and is able to identify types that belong only to this class). Findings. The created software model was used to study the parameters of the neural network configuration 41–1–132–5, which determines the category of the attack class on the computer network. It is determined that the optimal training speed is 0.001. The ADAM algorithm proved to be the best for optimization. The ReLU function is the most suitable activation function for the hidden layer, and the hyperbolic tangent function – for the output layer activation function. Accuracy in test and validation samples was 92.86 % and 91.03 %, respectively. Originality. The developed software model, which uses the Python 3.5 programming language, the integrated development environment PyCharm 2016.3 and the Tensorflow 1.2 framework, makes it possible to detect all types of attacks of DoS, U2R, R2L, Probe classes. Practical value. Graphical dependencies of accuracy of neural networks at various parameters are received: speed of training; activation function; optimization algorithm. The optimal parameters of neural networks have been determined, which will ensure a sufficiently high level of reliability of intrusion detection into a computer network.","PeriodicalId":120413,"journal":{"name":"Science and Transport Progress. Bulletin of Dnipropetrovsk National University of Railway Transport","volume":"1 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2020-12-08","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"2","resultStr":"{\"title\":\"DETECTION OF ATTACKS ON A COMPUTER NETWORK BASED ON THE USE OF NEURAL NETWORKS COMPLEX\",\"authors\":\"I. Zhukovytskyy, V. Pakhomova, D. O. Ostapets, O. Tsyhanok\",\"doi\":\"10.15802/stp2020/218318\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"Purpose. The article is aimed at the development of a methodology for detecting attacks on a computer network. To achieve this goal the following tasks were solved: to develop a methodology for detecting attacks on a computer network based on an ensemble of neural networks using normalized data from the open KDD Cup 99 database; when performing machine training to identify the optimal parameters of the neural network which will provide a sufficiently high level of reliability of detection of intrusions into the computer network. Methodology. As an architectural solution of the attack detection module, a two-level network system is proposed, based on an ensemble of five neural networks of the multilayer perceptron type. The first neural network to determine the category of attack class (DoS, R2L, U2R, Probe) or the fact that there was no attack; other neural networks – to detect the type of attack, if any (each of these four neural networks corresponds to one class of attack and is able to identify types that belong only to this class). Findings. The created software model was used to study the parameters of the neural network configuration 41–1–132–5, which determines the category of the attack class on the computer network. It is determined that the optimal training speed is 0.001. The ADAM algorithm proved to be the best for optimization. The ReLU function is the most suitable activation function for the hidden layer, and the hyperbolic tangent function – for the output layer activation function. Accuracy in test and validation samples was 92.86 % and 91.03 %, respectively. Originality. The developed software model, which uses the Python 3.5 programming language, the integrated development environment PyCharm 2016.3 and the Tensorflow 1.2 framework, makes it possible to detect all types of attacks of DoS, U2R, R2L, Probe classes. Practical value. Graphical dependencies of accuracy of neural networks at various parameters are received: speed of training; activation function; optimization algorithm. The optimal parameters of neural networks have been determined, which will ensure a sufficiently high level of reliability of intrusion detection into a computer network.\",\"PeriodicalId\":120413,\"journal\":{\"name\":\"Science and Transport Progress. Bulletin of Dnipropetrovsk National University of Railway Transport\",\"volume\":\"1 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2020-12-08\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"2\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"Science and Transport Progress. Bulletin of Dnipropetrovsk National University of Railway Transport\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.15802/stp2020/218318\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"Science and Transport Progress. Bulletin of Dnipropetrovsk National University of Railway Transport","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.15802/stp2020/218318","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
引用次数: 2
摘要
目的。本文旨在开发一种检测计算机网络攻击的方法。为了实现这一目标,解决了以下任务:开发一种基于神经网络集合的计算机网络攻击检测方法,该方法使用来自开放KDD Cup 99数据库的规范化数据;在进行机器训练时,识别神经网络的最优参数,这将为检测入侵计算机网络提供足够高的可靠性。方法。作为攻击检测模块的体系结构解决方案,提出了一个基于多层感知器类型的五个神经网络集成的两级网络系统。第一个确定神经网络的攻击类别(DoS、R2L、U2R、Probe)或没有攻击的事实;其他神经网络-检测攻击类型,如果有的话(这四个神经网络中的每一个都对应于一类攻击,并且能够识别只属于该类的类型)。发现。利用建立的软件模型对神经网络配置41-1-132-5的参数进行了研究,确定了计算机网络上攻击类的类别。确定最佳训练速度为0.001。ADAM算法被证明是最优的优化算法。ReLU函数是最适合隐藏层的激活函数,而双曲正切函数-是最适合输出层的激活函数。试验样品和验证样品的准确度分别为92.86%和91.03%。创意。所开发的软件模型使用Python 3.5编程语言,集成开发环境PyCharm 2016.3和Tensorflow 1.2框架,可以检测DoS、U2R、R2L、Probe类的所有类型的攻击。实用价值。得到了不同参数下神经网络精度的图形依赖关系:训练速度;激活功能;优化算法。确定了神经网络的最优参数,保证了计算机网络入侵检测具有足够高的可靠性。
DETECTION OF ATTACKS ON A COMPUTER NETWORK BASED ON THE USE OF NEURAL NETWORKS COMPLEX
Purpose. The article is aimed at the development of a methodology for detecting attacks on a computer network. To achieve this goal the following tasks were solved: to develop a methodology for detecting attacks on a computer network based on an ensemble of neural networks using normalized data from the open KDD Cup 99 database; when performing machine training to identify the optimal parameters of the neural network which will provide a sufficiently high level of reliability of detection of intrusions into the computer network. Methodology. As an architectural solution of the attack detection module, a two-level network system is proposed, based on an ensemble of five neural networks of the multilayer perceptron type. The first neural network to determine the category of attack class (DoS, R2L, U2R, Probe) or the fact that there was no attack; other neural networks – to detect the type of attack, if any (each of these four neural networks corresponds to one class of attack and is able to identify types that belong only to this class). Findings. The created software model was used to study the parameters of the neural network configuration 41–1–132–5, which determines the category of the attack class on the computer network. It is determined that the optimal training speed is 0.001. The ADAM algorithm proved to be the best for optimization. The ReLU function is the most suitable activation function for the hidden layer, and the hyperbolic tangent function – for the output layer activation function. Accuracy in test and validation samples was 92.86 % and 91.03 %, respectively. Originality. The developed software model, which uses the Python 3.5 programming language, the integrated development environment PyCharm 2016.3 and the Tensorflow 1.2 framework, makes it possible to detect all types of attacks of DoS, U2R, R2L, Probe classes. Practical value. Graphical dependencies of accuracy of neural networks at various parameters are received: speed of training; activation function; optimization algorithm. The optimal parameters of neural networks have been determined, which will ensure a sufficiently high level of reliability of intrusion detection into a computer network.
求助内容:
应助结果提醒方式:
京公网安备 11010802042870号
