Analysis of application a methods of machine learning based on artificial neural networks in the tasks of detecting cybersecurity threats

Authors

DOI:

https://doi.org/10.20535/2411-1031.2019.7.1.184327

Keywords:

Machine learning, artificial intelligence, artificial neural networks, methods of anomalies detection, detection of cyber threats, cybersecurity

Abstract

The article analyzes the application of methods of machine learning based on artificial neural networks in applied problems of detection and classification of cyber threats. The topic of gender is associated with a significant increase in the implementation of the information technology and cybersecurity technologies of the machine learning. The interdependence between the concepts of “artificial intelligence”, “machine learning”, “deep learning” is revealed. In the article, according to the results of the information sources analysis, the main methods of ML, which have been used in the field of cybersecurity, as follows: Bayes’ networks, artificial neural networks, support vector machine, fuzzy logic, and others are highlighted. A brief analysis of methods for detecting cybersecurity threats using information security and cybersecurity, as follows: statistical, signature, heuristic and abnormal detection methods, has been carried out. The general characteristic is given and the advantages and problems that solve the ML methods for the detection of abnormal events are outlined. The paper considers the main types of artificial neural networks that are used in the tasks of detecting cyber threats. In the article, the basis for considering the general application of machine learning methods is taken by artificial neural networks based on multilayered perceptron with a backpropagation. The general structure of artificial neural networks is selected and the basic mathematical expressions of its functioning are presented, the basic types of activation functions of artificial neurons are considered, the general mathematical expression of the calculation cost function for unsupervised machine learning is presented. More substantially consider the issues of the input data choice for systems machine learning (artificial neural networks). It is proposed to use informative data of attack compromise indicators as input to machine learning systems (artificial neural networks). The main data that can be used by the monitoring subsystem of information security and cyber defense can be used to perform detection, classification and forecasting incidents of cybernetic security. The main stages of the process of data processing and detection of cybersecurity incidents using the (artificial neural networks) are identified. The main systems of information protection and cybersecurity in which machine learning systems are implemented are described. According to the results of the article, the main implementation problems of the machine learning methods in the information security systems are highlighted, the main directions of further scientific research are outlined. This work can be used to highlight the subject area during the development and implementation of machine learning technologies in information security and cybersecurity systems

Author Biographies

Andrii Shevchenko, Metinvest Digital Ltd., Kyiv,

candidate of technical sciences,
security operation center senior analyst

Herman Zastelo, Institute of special communication and information protection of National technical university of Ukraine “Igor Sikorsky Kyiv polytechnic institute”, Kyiv,

candidate of technical sciences,
associate professor, associated
professor of Information and
cyber defense academic department

Yevhen Shpachinskiy, Institute of information technologies, The National defence university of Ukraine named after Ivan Cherniakhovskyi, Kyiv,

student

References

O. Shelukhin, D. Sakalema, and A. Filipova, Intrusion detection in computer networks (network anomalies). Moskow, Russia: Hotline-Telecom, 2016.

Leslie F. Sikos. AI in Cybersecurity. New York, USA: Springer, 2018. doi: 10.1007/978-3-319-98842-9.

R. V. Yampolskiy, and М. S. Spellchecker. “Artificial Intelligence Safety and Cybersecurity: a Timeline of AI Failures”. [Online]. Available: https://arxiv.org/abs/1610.07997. Accessed on: Febr 08, 2019.

S. Bhutada, and P. Bhutada, “Applications of Artificial Intelligence in Cyber Security”, International Journal of Engineering Research in Computer Science and Engineering, vol. 5, iss. 4, pp. 214-219, 2018.

A. Panimalar, G. Pai, and S. Khan, “Artificial Intelligence Techniques for Cyber Security”, International Research Journal of Engineering and Technology, vol. 05, iss. 03, pp. 122-124, 2018.

“Churning Out Machine Learning Models: Handling Changes in Model Predictions”. [Online]. Available: https://www.fireeye.com/blog/threat-research/2019/04/churning-out-machine-learning-models-handling-changes-in-model-predictions.html. Accessed on: Febr. 08, 2019.

Rasool Abdulkader A. Alfantookh, “DoS Attacks Intelligent Detection using Neural Networks”, Journal of King Saud University - Computer and Information Sciences, vol. 18, pp. 31-51, 2006. doi: 10.1016/S1319-1578(06)80002-9.

P. Ganesh Kumar, and D. Devaraj, “Intrusion detection using artificial neural network with reduced input features”, ICTACT Journal on Soft Computing, vol. 01, iss. 01, pp. 30-36, 2010. doi: 10.21917/ijsc.2010.0005.

M. Amini, J. Rezaeenoor, and E. Hadavandi, “Effective Intrusion Detection with a Neural Network Ensemble Using Fuzzy Clustering and Stacking Combination Method”, Journal of Computing and Security, vol. 1, no. 4, pp. 293-305, 2014.

D. Land, I. Subach, and Y. Boyarinova, Fundamentals of the theory and practice of intellectual data analysis in the field of cybersecurity. Kyiv, Ukraine: ISZZI Igor Sikorsky Kyiv Polytechnic Institute, 2018.

M. Stamp, Introduction to Machine Learning with Applications in Information Security. Boca Raton, USA : Chapman and Hall/CRC, 2018.

S. Dua, and X. Du, Data Mining and Machine Learning in Cybersecurity. Boca Raton, USA : Chapman and Hall/CRC, 2011.

J. Goodfellow, I. Bengio, and A. Courville, Deep learning. Moskow, Russia: DMK Press, 2018.

C. M. Bishop, Pattern Recognition and Machine Learning. New York, USA: Springer Science +Business Media, 2006.

T. Rashid, Create a neural network. Saint Petersburg, Russia: Alfa-Kniga LLC, 2017.

L. Yasnitsky, Intellectual systems. Moskow, Russia: Laboratory of knowledge, 2016.

A. Fedorchenko, D. Levshun, A. Chechulin, and I. Kotenko, “Analysis of methods for correlating security events in SIEM systems. Part 2”, Tr. SPIIRAN, iss. 49, pp. 208-225, 2016.

K. Marley, “Indicators of Compromise (IOCs): Definition and Examples”. [Online]. Available: https://gadellnet.com/indicators-of-compromise. Accessed on: Febr. 08, 2019.

“A definition of indicators of compromise”. [Online]. Available: https://digitalguardian.com/-blog/what-are-indicators-compromise. Accessed on: Febr. 08, 2019.

“IOC Security: Indicators of Attack vs. Indicators of Compromise”. [Online]. Available: https://www.crowdstrike.com/blog/indicators-attack-vs-indicators-compromise. Accessed on: Febr. 08, 2019.

“Incident response, signs of compromise, assessment of the capabilities of the attackers (ESC Experience”. [Online]. Available: https://www.ptsecurity.com/upload/corporate/ru-ru/ webinars/ics/ Webinar_220916.pdf. Accessed on: Febr. 08, 2019.

“How to work with cyber prospecting data: learn to collect and detect indicators of system compromise”. [Online]. Available: https://habr.com/ru/company/solarsecurity/blog/438798. Accessed on: Febr. 08, 2019.

“CS229 – Machine Learning”. [Online]. Available: https://see.stanford.edu/Course/CS229. Accessed on: Febr. 08, 2019.

K. Al-Nafjan, M. A. Al-Hussein, A. S. Alghamdi, M. A. Haque, and I. Ahmad, “Intrusion detection using PCA based modular neural network”, International Journal of Machine Learning and Computing, vol. 2, no. 5, pp. 583-587, 2012. doi: 10.7763/IJMLC.2012.V2.194.

Published

2019-06-30

How to Cite

Shevchenko, A., Zastelo, H., & Shpachinskiy, Y. (2019). Analysis of application a methods of machine learning based on artificial neural networks in the tasks of detecting cybersecurity threats. Collection "Information Technology and Security", 7(1), 79–90. https://doi.org/10.20535/2411-1031.2019.7.1.184327

Issue

Section

CYBERSECURITY AND CRITICAL INFRASTRUCTURE PROTECTION