Analysis of application a methods of machine learning based on artificial neural networks in the tasks of detecting cybersecurity threats
Keywords:Machine learning, artificial intelligence, artificial neural networks, methods of anomalies detection, detection of cyber threats, cybersecurity
The article analyzes the application of methods of machine learning based on artificial neural networks in applied problems of detection and classification of cyber threats. The topic of gender is associated with a significant increase in the implementation of the information technology and cybersecurity technologies of the machine learning. The interdependence between the concepts of “artificial intelligence”, “machine learning”, “deep learning” is revealed. In the article, according to the results of the information sources analysis, the main methods of ML, which have been used in the field of cybersecurity, as follows: Bayes’ networks, artificial neural networks, support vector machine, fuzzy logic, and others are highlighted. A brief analysis of methods for detecting cybersecurity threats using information security and cybersecurity, as follows: statistical, signature, heuristic and abnormal detection methods, has been carried out. The general characteristic is given and the advantages and problems that solve the ML methods for the detection of abnormal events are outlined. The paper considers the main types of artificial neural networks that are used in the tasks of detecting cyber threats. In the article, the basis for considering the general application of machine learning methods is taken by artificial neural networks based on multilayered perceptron with a backpropagation. The general structure of artificial neural networks is selected and the basic mathematical expressions of its functioning are presented, the basic types of activation functions of artificial neurons are considered, the general mathematical expression of the calculation cost function for unsupervised machine learning is presented. More substantially consider the issues of the input data choice for systems machine learning (artificial neural networks). It is proposed to use informative data of attack compromise indicators as input to machine learning systems (artificial neural networks). The main data that can be used by the monitoring subsystem of information security and cyber defense can be used to perform detection, classification and forecasting incidents of cybernetic security. The main stages of the process of data processing and detection of cybersecurity incidents using the (artificial neural networks) are identified. The main systems of information protection and cybersecurity in which machine learning systems are implemented are described. According to the results of the article, the main implementation problems of the machine learning methods in the information security systems are highlighted, the main directions of further scientific research are outlined. This work can be used to highlight the subject area during the development and implementation of machine learning technologies in information security and cybersecurity systems
O. Shelukhin, D. Sakalema, and A. Filipova, Intrusion detection in computer networks (network anomalies). Moskow, Russia: Hotline-Telecom, 2016.
Leslie F. Sikos. AI in Cybersecurity. New York, USA: Springer, 2018. doi: 10.1007/978-3-319-98842-9.
R. V. Yampolskiy, and М. S. Spellchecker. “Artificial Intelligence Safety and Cybersecurity: a Timeline of AI Failures”. [Online]. Available: https://arxiv.org/abs/1610.07997. Accessed on: Febr 08, 2019.
S. Bhutada, and P. Bhutada, “Applications of Artificial Intelligence in Cyber Security”, International Journal of Engineering Research in Computer Science and Engineering, vol. 5, iss. 4, pp. 214-219, 2018.
A. Panimalar, G. Pai, and S. Khan, “Artificial Intelligence Techniques for Cyber Security”, International Research Journal of Engineering and Technology, vol. 05, iss. 03, pp. 122-124, 2018.
“Churning Out Machine Learning Models: Handling Changes in Model Predictions”. [Online]. Available: https://www.fireeye.com/blog/threat-research/2019/04/churning-out-machine-learning-models-handling-changes-in-model-predictions.html. Accessed on: Febr. 08, 2019.
Rasool Abdulkader A. Alfantookh, “DoS Attacks Intelligent Detection using Neural Networks”, Journal of King Saud University - Computer and Information Sciences, vol. 18, pp. 31-51, 2006. doi: 10.1016/S1319-1578(06)80002-9.
P. Ganesh Kumar, and D. Devaraj, “Intrusion detection using artificial neural network with reduced input features”, ICTACT Journal on Soft Computing, vol. 01, iss. 01, pp. 30-36, 2010. doi: 10.21917/ijsc.2010.0005.
M. Amini, J. Rezaeenoor, and E. Hadavandi, “Effective Intrusion Detection with a Neural Network Ensemble Using Fuzzy Clustering and Stacking Combination Method”, Journal of Computing and Security, vol. 1, no. 4, pp. 293-305, 2014.
D. Land, I. Subach, and Y. Boyarinova, Fundamentals of the theory and practice of intellectual data analysis in the field of cybersecurity. Kyiv, Ukraine: ISZZI Igor Sikorsky Kyiv Polytechnic Institute, 2018.
M. Stamp, Introduction to Machine Learning with Applications in Information Security. Boca Raton, USA : Chapman and Hall/CRC, 2018.
S. Dua, and X. Du, Data Mining and Machine Learning in Cybersecurity. Boca Raton, USA : Chapman and Hall/CRC, 2011.
J. Goodfellow, I. Bengio, and A. Courville, Deep learning. Moskow, Russia: DMK Press, 2018.
C. M. Bishop, Pattern Recognition and Machine Learning. New York, USA: Springer Science +Business Media, 2006.
T. Rashid, Create a neural network. Saint Petersburg, Russia: Alfa-Kniga LLC, 2017.
L. Yasnitsky, Intellectual systems. Moskow, Russia: Laboratory of knowledge, 2016.
A. Fedorchenko, D. Levshun, A. Chechulin, and I. Kotenko, “Analysis of methods for correlating security events in SIEM systems. Part 2”, Tr. SPIIRAN, iss. 49, pp. 208-225, 2016.
K. Marley, “Indicators of Compromise (IOCs): Definition and Examples”. [Online]. Available: https://gadellnet.com/indicators-of-compromise. Accessed on: Febr. 08, 2019.
“A definition of indicators of compromise”. [Online]. Available: https://digitalguardian.com/-blog/what-are-indicators-compromise. Accessed on: Febr. 08, 2019.
“IOC Security: Indicators of Attack vs. Indicators of Compromise”. [Online]. Available: https://www.crowdstrike.com/blog/indicators-attack-vs-indicators-compromise. Accessed on: Febr. 08, 2019.
“Incident response, signs of compromise, assessment of the capabilities of the attackers (ESC Experience”. [Online]. Available: https://www.ptsecurity.com/upload/corporate/ru-ru/ webinars/ics/ Webinar_220916.pdf. Accessed on: Febr. 08, 2019.
“How to work with cyber prospecting data: learn to collect and detect indicators of system compromise”. [Online]. Available: https://habr.com/ru/company/solarsecurity/blog/438798. Accessed on: Febr. 08, 2019.
“CS229 – Machine Learning”. [Online]. Available: https://see.stanford.edu/Course/CS229. Accessed on: Febr. 08, 2019.
K. Al-Nafjan, M. A. Al-Hussein, A. S. Alghamdi, M. A. Haque, and I. Ahmad, “Intrusion detection using PCA based modular neural network”, International Journal of Machine Learning and Computing, vol. 2, no. 5, pp. 583-587, 2012. doi: 10.7763/IJMLC.2012.V2.194.
How to Cite
Copyright (c) 2020 Collection "Information technology and security"
This work is licensed under a Creative Commons Attribution 4.0 International License.
The authors that are published in this collection, agree to the following terms:
- The authors reserve the right to authorship of their work and pass the collection right of first publication this work is licensed under the Creative Commons Attribution License, which allows others to freely distribute the published work with the obligatory reference to the authors of the original work and the first publication of the work in this collection.
- The authors have the right to conclude an agreement on exclusive distribution of the work in the form in which it was published this anthology (for example, to place the work in a digital repository institution or to publish in the structure of the monograph), provided that references to the first publication of the work in this collection.
- Policy of the journal allows and encourages the placement of authors on the Internet (for example, in storage facilities or on personal web sites) the manuscript of the work, prior to the submission of the manuscript to the editor, and during its editorial processing, as it contributes to productive scientific discussion and positive effect on the efficiency and dynamics of citations of published work (see The Effect of Open Access).