Approach to intelligent monitoring of cyber attacks

Alexey N. Nazarov,
Expert ITU, Russia, a.nazarov06@bk.ru

Dmitry V. Pantiukhin,
National Research University Higher School of Economics;
Moscow Institute of Physics and Technology, Moscow, Russia

Ilya M. Voronkov,
International Centre of Informatics and Electronics, ICIE;
National Research University Higher School of Economics, Moscow, Russia

Mikhail A. Nazarov,
CEO LLC “SmartTech”, Moscow, Russia

DOI: 10.36724/2664-066X-2020-6-6-2-9

SYNCHROINFO JOURNAL. Volume 6, Number 6 (2020). P. 2-9.

Abstract

The results of many years of research on the subject of intellectual counteraction to cyberattacks are presented. Cloud solutions for the synthesis of the monitoring cluster of cyberattacks are based on the latest achievements with the use of neuron-fuzzy formalism. The main features of the synthesis of protection functions are determined and the features of the implementation of the security system of the object of risk in cyberspace are analyzed. Methodological approaches to solving the system problem of determining all ways of penetration of the attack on the object of risk and the formation of variants of their coatings are proposed. The peculiarities of applicability of the branch and boundary method for solving this problem are discussed.

Keywords: security function, cluster, method, Hadoop, neural network, monitoring.

References

1. A. N. Nazarov. “Estimation of information safety level of modern infocommunication networks on basis of  logic-probability approach,” in Journal of Automation and Remote Control, Vol. 68. Issue 7, 2007, pp. 1165-1176.
2. A. N. Nazarov. “Logical-and-probabilistic model for estimating the level of information security of modern information and communication networks,” Journal of Telecommunications and Radio Engineering, USA, 2010. Vol. 69. No. 16, pp. 1453-1463.
3. A. Nazarov & K. Sychev 2011, Models and methods for calculating the indicators of quality of functioning of the equipment units and structural parameters of the network the next generation networks, 2th edn, LLC Policom, Russia, Krasnoyarsk, 491 p.
4. A. Nazarov 2016, “Assessment of security from information attacks”, Telecommunications, no. 5, pp. 23-33.
5. A. Nazarov, M. Nazarov, D. Pantiuhin, S. Pokrova & A Sychev 2015, “Automation of monitoring processes in web-based neuro-fuzzy formalism”, T-Comm. Vol. 9. No. 8, pp. 26-33.
6. A Nazarov 2017, “Syntez of security functions against cyber-attacks”, T-Comm. Vol. 11. No. 9, pp. 80-85.
7. V Kostin 2017, “Synthesis of the optimal placement of hardware for physical protection systems for critical facilities”, Information Technology. Vol. 23. No. 1, pp. 41-49.
8. N. Moustafa, J. Slay, 2016 “The evaluation of network anomaly detection systems: statistical analysis of the UNSW-NB15 data set and the comparison with the KDD99 data set,” Information Security Journal: A Global Perspective. Vol. 25. No. 1-3, pp. 18-31.
9. D. Pantiukhin, A. Nazarov, I. M. Voronkov, 2019. “Intelligent methods for intrusion detection in local area networks”, Proceedings of the 6th International Conference on Actual Problems of System and Software Engineering (APSSE 2019) / Ed. by B. Pozin, A. R. Cavalli, A. Petrenko. P. 138-149.
10. “Keras: The Python Deep Learning Library.” [Online]. Available: https://keras.io.
11. T. Janarthanan and S. Zargari, “Feature selection in UNSW-NB15 and KDDCUP’99 datasets,” 2017 IEEE 26th International Symposium on Industrial Electronics (ISIE), Edinburgh, 2017, pp. 1881-1886. doi: 10.1109/ISIE.2017.8001537
12. M. H. Kamarudin, C. Maple, T. Watson and N. S. Safa, “A LogitBoost-Based Algorithm for Detecting Known and Unknown Web Attacks,” IEEE Access, vol. 5, pp. 26190-26200, 2017. doi: 10.1109/ACCESS.2017.2766844
13. J. Friedman, T. Hastie, and R. Tibshirani, “Additive logistic regression: A statistical view of boosting,” Ann. Stat., vol. 28, no. 2, pp. 337-374, 2000.
14. H. Tribak, B. L. Delgado-Márquez, P. Rojas, O. Valenzuela, H. Pomares, and I. Rojas, “Statistical analysis of different artificial intelligent techniques applied to intrusion detection system,” Proc. Int. Conf. Multimed. Comput. Syst., 2012, pp. 434-440.
15. R. Primartha and B. A. Tama, “Anomaly detection using random forest: A performance revisited,” 2017 International Conference on Data and Software Engineering (ICoDSE), Palembang, 2017, pp. 1-6. doi: 10.1109/ICODSE.2017.8285847
16. V. Timčenko and S. Gajin, “Ensemble classifiers for supervised anomaly based network intrusion detection,” 2017 13th IEEE International Conference on Intelligent Computer Communication and Processing (ICCP), Cluj-Napoca, 2017, pp. 13-19. doi: 10.1109/ICCP.2017.8116977
17. B. Patel, Z. Somani, S. A. Ajila and C. Lung, “Hybrid Relabeled Model for Network Intrusion Detection,” 2018 IEEE International Conference on Internet of Things (iThings) and IEEE Green Computing and Communications (GreenCom) and IEEE Cyber, Physical and Social Computing (CPSCom) and IEEE Smart Data (SmartData), Halifax, NS, Canada, 2018, pp. 872-877. doi: 10.1109/Cybermatics_2018.2018.00167
18. N. Moustafa, B. Turnbull and K. R. Choo, “An Ensemble Intrusion Detection Technique Based on Proposed Statistical Flow Features for Protecting Network Traffic of Internet of Things,” IEEE Internet of Things Journal. Vol. 6. No. 3, pp. 4815-4830, June 2019. doi: 10.1109/JIOT.2018.2871719
19. H. Gharaee and H. Hosseinvand, “A new feature selection IDS based on genetic algorithm and SVM,” 2016 8th International Symposium on Telecommunications (IST), Tehran, 2016, pp. 139-144. doi: 10.1109/ISTEL.2016.7881798
20. S. Siddiqui, M. S. Khan and K. Ferens, “Multiscale Hebbian neural network for cyber threat detection,” 2017 International Joint Conference on Neural Networks (IJCNN), Anchorage, AK, 2017, pp. 1427-1434. doi: 10.1109/IJCNN.2017.7966020
21. N. Moustafa, G. Creech, E. Sitnikova and M. Keshk, “Collaborative anomaly detection framework for handling big data of cloud computing,” 2017 Military Communications and Information Systems Conference (MilCIS), Canberra, ACT, 2017, pp. 1-6. doi: 10.1109/MilCIS.2017.8190421
22. N. Moustafa, E. Adi, B. Turnbull and J. Hu, “A New Threat Intelligence Scheme for Safeguarding Industry 4.0 Systems,” IEEE Access, vol. 6, pp. 32910-32924, 2018. doi: 10.1109/ACCESS.2018.2844794
23. N. Moustafa, J. Slay and G. Creech, “Novel Geometric Area Analysis Technique for Anomaly Detection using Trapezoidal Area Estimation on Large-Scale Networks,” IEEE Transactions on Big Data. doi: 10.1109/TBDATA.2017.2715166
24. N. Moustafa, K. R. Choo, I. Radwan and S. Camtepe, “Outlier Dirichlet Mixture Mechanism: Adversarial Statistical Learning for Anomaly Detection in the Fog,” IEEE Transactions on Information Forensics and Security, vol. 14, no. 8, pp. 1975-1987, Aug. 2019. doi: 10.1109/TIFS.2018.2890808
25. J. Yan, D. Jin, C. W. Lee and P. Liu, “A Comparative Study of Off-Line Deep Learning Based Network Intrusion Detection,” 2018 Tenth International Conference on Ubiquitous and Future Networks (ICUFN), Prague, 2018, pp. 299-304. doi: 10.1109/ICUFN.2018.8436774
26. F. A. Khan, A. Gumaei, A. Derhab and A. Hussain, “A Novel Two-Stage Deep Learning Model for Efficient Network Intrusion Detection,” IEEE Access, vol. 7, pp. 30373-30385, 2019. doi: 10.1109/ACCESS.2019.2899721
27. Q. Tian, J. Li and H. Liu, “A Method for Guaranteeing Wireless Communication Based on a Combination of Deep and Shallow Learning,” IEEE Access, vol. 7, pp. 38688-38695, 2019. doi: 10.1109/ACCESS.2019.2905754
28. S. Xiao, J. An and W. Fan, “Constructing an Intrusion Detection Model based on Long Short-term Neural Networks,” 2018 IEEE/ACIS 17th International Conference on Computer and Information Science (ICIS), Singapore, 2018, pp. 355-360. doi: 10.1109/ICIS.2018.8466445
29. S. Yang, “Research on Network Behavior Anomaly Analysis Based on Bidirectional LSTM,” 2019 IEEE 3rd Information Technology, Networking, Electronic and Automation Control Conference (ITNEC), Chengdu, China, 2019, pp. 798-802. doi: 10.1109/ITNEC.2019.8729475
30. R. Vinayakumar, M. Alazab, K. P. Soman, P. Poornachandran, A. Al-Nemrat and S. Venkatraman, “Deep Learning Approach for Intelligent Intrusion Detection System,” IEEE Access, vol. 7, pp. 41525-41550, 2019. doi: 10.1109/ACCESS.2019.2895334
31. C. Wheelus, E. Bou-Harb and X. Zhu, “Tackling Class Imbalance in Cyber Security Datasets,” 2018 IEEE International Conference on Information Reuse and Integration (IRI), Salt Lake City, UT, 2018, pp. 229-232. doi: 10.1109/IRI.2018.00041
32. X. Zhang, J. Chen, Y. Zhou, L. Han and J. Lin, “A Multiple-layer Representation Learning Model for Network-Based Attack Detection,” IEEE Access. doi: 10.1109/ACCESS.2019.2927465