METHODS AND MEANS TO IMPROVE THE EFFICIENCY OF NETWORK TRAFFIC SECURITY MONITORING BASED ON ARTIFICIAL INTELLIGENCE

Authors

DOI:

https://doi.org/10.20998/2079-0023.2023.02.11

Keywords:

cybersecurity, network security, malicious traffic identification, machine learning, generational adversarial networks, semi supervised learning

Abstract

This paper aims to provide a solution for malicious network traffic detection and categorization. Remote attacks on computer systems are becoming more common and more dangerous nowadays. This is due to several factors, some of which are as follows: first of all, the usage of computer networks and network infrastructure overall is on the rise, with tools such as messengers, email, and so on. Second, alongside increased usage, the amount of sensitive information being transmitted over networks has also grown. Third, the usage of computer networks for complex systems, such as grid and cloud computing, as well as IoT and “smart” locations (e.g., “smart city”) has also seen an increase. Detecting malicious network traffic is the first step in defending against a remote attack. Historically, this was handled by a variety of algorithms, including machine learning algorithms such as clustering.

However, these algorithms require a large amount of sample data to be effective against a given attack. This means that defending against zero‑day attacks or attacks with high variance in input data proves difficult for such algorithms. In this paper, we propose a semi‑supervised generative adversarial network (GAN) to train a discriminator model to categorize malicious traffic as well as identify malicious and non‑malicious traffic. The proposed solution consists of a GAN generator that creates tabular data representing network traffic from a remote attack and a classifier deep neural network for said traffic. The main goal is to achieve accurate categorization of malicious traffic with a few labeled examples. This can also, in theory, improve classification accuracy compared to fully supervised models. It may also improve the model’s performance against completely new types of attacks. The resulting model shows a prediction accuracy of 91 %, which is lower than a conventional deep learning model; however, this accuracy is achieved with a small sample of data (under 1000 labeled examples). As such, the results of this research may be used to improve computer system security, for example, by using dynamic firewall rule adjustments based on the results of incoming traffic classification. The proposed model was implemented and tested in the Python programming language and the TensorFlow framework. The dataset used for testing is the NSL‑KDD dataset.

Author Biography

Artem Dremov, National Technical University of Ukraine “Igor Sikorsky Kyiv Polytechnic Institute”

National Technical University of Ukraine “Igor Sikorsky Kyiv Polytechnic Institute”, Postgraduate Student of the Computer Engineering Department of the faculty of Informatics and Computer Science, Kyiv, Ukraine

References

Chasaki D., Wu Q. and Wolf T., Attacks on network infrastructure. In: 2011 20th international conference on computer communications and networks (ICCCN) 31 July–4 August 2011, Lahaina, HI, USA [online]. IEEE. [Viewed 1 November 2023]. Available from: doi: 10.1109/icccn.2011.6005919

Anderson R., Security engineering: a guide to building dependable distributed systems. 2nd ed. Indianapolis, IN: Wiley Technology Pub., 2008.

Kun-chan, L., Alefiya, H. and Debojyoti, D., Effect of malicious traffic on the network [online]. The ANT Lab: Analysis of Network Traffic. 2009, [Viewed 3 July 2023]. Available from: https://ant.isi.edu/~johnh/PAPERS/Lan03a.pdf

Dubrawsky I. and Noonan W., Firewall fundamentals. Cisco Press, 2006.

John W. and Olovsson T., Detection of malicious traffic on back‐bone links via packet header analysis. Campus Wide Information Systems [online]. 25(5), 2008, 342–358. [Viewed 14 August 2023]. Available from: doi: 10.1108/10650740810921484

Qadeer M. A., Iqbal A., Zahid M. and Siddiqui, M. R., Network traffic analysis and intrusion detection using packet sniffer. In: 2010 second international conference on communication software and networks, 26–28 February 2010, Singapore [online]. IEEE. [Viewed 12 September 2023]. Available from: doi: 10.1109/iccsn.2010.104

Wang W., Gombault S. and Guyet T., Towards fast detecting intrusions: using key attributes of network traffic. In: 2008 the third international conference on internet monitoring and protection, 29 June–5 July 2008, Bucharest, Romania [online]. IEEE. [Viewed 9 October 2023], 2008, Available from: doi: 10.1109/icimp.2008.13

Panda M. A., Iqbal A., Zahid M., Siddiqui M. R. Network intrusion detection system: a machine learning approach. Intelligent Decision Technologies [online]. 5(4), 2011, 347–356. [Viewed 27 October 2023]. Available from: doi: 10.3233/idt-2011-0117

Kelleher J. D., D'Arcy A., Namee B. M. Fundamentals of machine learning for predictive data analytics: algorithms, worked examples, and case studies. MIT Press, 2015.

Odena A. Semi Supervised learning with generative adversarial networks [online]. arXiv.org. [Viewed 14 October 2023]., 2016, Available from: https://arxiv.org/abs/1606.01583

Pasupa K., Tungjitnob S., Vatathanavaro S. Semi supervised learning with deep convolutional generative adversarial networks for canine red blood cells morphology classification. Multimedia Tools and Applications [online]. 79(45–46), 2020, 34209–34226. [Viewed 18 October 2023]. Available from: doi: 10.1007/s11042-020-08767 z

Langr J., Bok V. GANs in action: deep learning with generative adversarial networks. Manning Publications Company, 2019.

Zaib H. Nsl kdd [online]. Kaggle: Your Machine Learning and Data Science Community, 2018, [Viewed 05 September 2023]. Available from: https://www.kaggle.com/datasets/hassan06/nslkdd/data

Overview of GAN structure | machine learning | google for developers [online], Google for Developers [Viewed 20 October 2023]. Available from: https://developers.google.com/machine learning/gan/gan_structure

Downloads

Published

2023-12-19

How to Cite

Dremov, A. (2023). METHODS AND MEANS TO IMPROVE THE EFFICIENCY OF NETWORK TRAFFIC SECURITY MONITORING BASED ON ARTIFICIAL INTELLIGENCE. Bulletin of National Technical University "KhPI". Series: System Analysis, Control and Information Technologies, (2 (10), 73–78. https://doi.org/10.20998/2079-0023.2023.02.11

Issue

No. 2 (10) (2023)

Section

INFORMATION TECHNOLOGY

License

Creative Commons License

This work is licensed under a Creative Commons Attribution 4.0 International License.

Authors who publish with this journal agree to the following terms:

  • Authors retain copyright and grant the journal right of first publication with the work simultaneously licensed under a Creative Commons Attribution License that allows others to share the work with an acknowledgement of the work's authorship and initial publication in this journal.
  • Authors are able to enter into separate, additional contractual arrangements for the non-exclusive distribution of the journal's published version of the work (e.g., post it to an institutional repository or publish it in a book), with an acknowledgement of its initial publication in this journal.
  • Authors are permitted and encouraged to post their work online (e.g., in institutional repositories or on their website) prior to and during the submission process, as it can lead to productive exchanges, as well as earlier and greater citation of published work (See The Effect of Open Access).