{"title":"USING THE RANDOM FOREST MACHINE LEARNING ALGORITHM FOR THE ExTRACTION OF COMPLEx COMPUTER INCIDENTS","authors":"A. Pavlychev, M. Starodubov, Alexander Galimov","doi":"10.21681/2311-3456-2022-5-74-81","DOIUrl":null,"url":null,"abstract":"The aim of the work is to develop a way to identify complex computer incidents carried out by attackers by exploiting vulnerabilities of information systems. The research method is the analysis of entries in the system logs of the Microsoft Windows operating system using the Random Forest machine learning algorithm. The result obtained: despite the wide variety of different types of malicious software used by attackers in conducting computer attacks, they all leave traces of their functioning to the network infrastructure that has been exposed to unauthorized effects. One of the ways to identify computer incidents is to examine the log files of various information systems, including the system logs of the operating system for the identification of hidden patterns and various anomalies. The functioning of any computer program can be represented as a unique set of records in the system logs of the operating system, which can be considered as features of an object. The paper analyzes the Security log of the operating system after exploiting various vulnerabilities that are popular in the hacker environment. On the data set formed in this way using a machine learning algorithm, a model is built that allows you to further identify objects that have been exposed to unauthorized effect. The scientific novelty consists in creating a way to identify complex computer incidents based on the results of studying the logs of the operating system using a machine learning algorithm.","PeriodicalId":422818,"journal":{"name":"Voprosy kiberbezopasnosti","volume":"17 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"1900-01-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"1","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"Voprosy kiberbezopasnosti","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.21681/2311-3456-2022-5-74-81","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
引用次数: 1
Abstract
The aim of the work is to develop a way to identify complex computer incidents carried out by attackers by exploiting vulnerabilities of information systems. The research method is the analysis of entries in the system logs of the Microsoft Windows operating system using the Random Forest machine learning algorithm. The result obtained: despite the wide variety of different types of malicious software used by attackers in conducting computer attacks, they all leave traces of their functioning to the network infrastructure that has been exposed to unauthorized effects. One of the ways to identify computer incidents is to examine the log files of various information systems, including the system logs of the operating system for the identification of hidden patterns and various anomalies. The functioning of any computer program can be represented as a unique set of records in the system logs of the operating system, which can be considered as features of an object. The paper analyzes the Security log of the operating system after exploiting various vulnerabilities that are popular in the hacker environment. On the data set formed in this way using a machine learning algorithm, a model is built that allows you to further identify objects that have been exposed to unauthorized effect. The scientific novelty consists in creating a way to identify complex computer incidents based on the results of studying the logs of the operating system using a machine learning algorithm.
京公网安备 11010802042870号
京ICP备2023020795号-1
分享
求助内容:
应助结果提醒方式:
扫码关注我们
