Detecting and classifying network attacks with Splunk Machine Learning Toolkit

D. Satybaldina, N.K. Bisenbaeva, Y. Seitkulov, A.K. Seksenbaeva
{"title":"Detecting and classifying network attacks with Splunk Machine Learning Toolkit","authors":"D. Satybaldina, N.K. Bisenbaeva, Y. Seitkulov, A.K. Seksenbaeva","doi":"10.32523/2616-7182/bulmathenu.2023/1.2","DOIUrl":null,"url":null,"abstract":"In modern conditions of digital technologies implementation in various sectors of the economy, the digitalization of public administration, healthcare, education, and science, the growth in the number of Internet services and mobile devices the issues of ensuring the security of cellular communication systems are becoming increasingly relevant. It is becoming increasingly difficult to detect multiple and complex cyber security threats as the sources and methods ofcyber-attacks evolve and expand. Classic network attack detection approaches that rely heavily on static matching, such as signature analysis, blacklisting, or regular expression patterns, are limited in flexibility and are ineffective for early anomaly detection and rapid response to information security incidents. To solve this problem, the use of machine learning (ML) algorithms is proposed. ML methods can provide new approaches and higher rates of detection of malicious activity on the network. In this work, the Splunk Enterprise data analysis platform and the Splunk Machine Learning Toolkit for creating, training, testing, and validating a network attack classifier are used. The performance of the proposed model was evaluatedby applying four machine learning algorithms such as a decision tree, a support vector machine, a random forest, and adouble random forest. Experimental results show that all used ML algorithms can be effectively used to detect network attacks, and the double random forest method has the best accuracy in detecting distributed denial-of-service attacks.","PeriodicalId":286555,"journal":{"name":"BULLETIN of the L N Gumilyov Eurasian National University MATHEMATICS COMPUTER SCIENCE MECHANICS Series","volume":"113 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2023-03-30","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"BULLETIN of the L N Gumilyov Eurasian National University MATHEMATICS COMPUTER SCIENCE MECHANICS Series","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.32523/2616-7182/bulmathenu.2023/1.2","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
引用次数: 0

Abstract

In modern conditions of digital technologies implementation in various sectors of the economy, the digitalization of public administration, healthcare, education, and science, the growth in the number of Internet services and mobile devices the issues of ensuring the security of cellular communication systems are becoming increasingly relevant. It is becoming increasingly difficult to detect multiple and complex cyber security threats as the sources and methods ofcyber-attacks evolve and expand. Classic network attack detection approaches that rely heavily on static matching, such as signature analysis, blacklisting, or regular expression patterns, are limited in flexibility and are ineffective for early anomaly detection and rapid response to information security incidents. To solve this problem, the use of machine learning (ML) algorithms is proposed. ML methods can provide new approaches and higher rates of detection of malicious activity on the network. In this work, the Splunk Enterprise data analysis platform and the Splunk Machine Learning Toolkit for creating, training, testing, and validating a network attack classifier are used. The performance of the proposed model was evaluatedby applying four machine learning algorithms such as a decision tree, a support vector machine, a random forest, and adouble random forest. Experimental results show that all used ML algorithms can be effectively used to detect network attacks, and the double random forest method has the best accuracy in detecting distributed denial-of-service attacks.
查看原文
分享 分享
微信好友 朋友圈 QQ好友 复制链接
本刊更多论文
使用Splunk机器学习工具包检测和分类网络攻击
在经济各个部门实施数字技术的现代条件下,公共管理、医疗保健、教育和科学的数字化,互联网服务和移动设备数量的增长,确保蜂窝通信系统安全的问题变得越来越重要。随着网络攻击来源和方法的不断发展和扩展,检测多种复杂的网络安全威胁变得越来越困难。传统的网络攻击检测方法严重依赖静态匹配,如特征分析、黑名单、正则表达式模式等,其灵活性有限,无法实现早期异常检测和快速响应信息安全事件。为了解决这个问题,提出了使用机器学习(ML)算法。机器学习方法可以提供新的方法和更高的网络恶意活动检测率。在这项工作中,使用Splunk Enterprise数据分析平台和Splunk机器学习工具包来创建、训练、测试和验证网络攻击分类器。采用决策树、支持向量机、随机森林和双随机森林四种机器学习算法对模型的性能进行了评价。实验结果表明,采用的所有ML算法都能有效地检测网络攻击,其中双随机森林方法在检测分布式拒绝服务攻击方面准确率最高。
本文章由计算机程序翻译,如有差异,请以英文原文为准。
求助全文
约1分钟内获得全文 去求助
来源期刊
自引率
0.00%
发文量
0
期刊最新文献
Efficient reduction of Computed Tomography problems to the developed problem of recovery functions in the form of a finite convolution in the norms of "flexible" Hilbert Sobolev and Sobolev-Radon spaces according to the scheme of the Computational (numerical) diameter Reletions between partial moduli of smoothness of functions with monotone Fourier coefficients Detecting and classifying network attacks with Splunk Machine Learning Toolkit Trees of Dot Products in Thin Subsets of Rd On some properties of quasivarieties generated by specific finite modular lattices
×
引用
GB/T 7714-2015
复制
MLA
复制
APA
复制
导出至
BibTeX EndNote RefMan NoteFirst NoteExpress
×
×
提示
您的信息不完整,为了账户安全,请先补充。
现在去补充
×
提示
您因"违规操作"
具体请查看互助需知
我知道了
×
提示
现在去查看 取消
×
提示
确定
0
微信
客服QQ
Book学术公众号 扫码关注我们
反馈
×
意见反馈
请填写您的意见或建议
请填写您的手机或邮箱
已复制链接
已复制链接
快去分享给好友吧!
我知道了
×
扫码分享
扫码分享
Book学术官方微信
Book学术文献互助
Book学术文献互助群
群 号:481959085
Book学术
文献互助 智能选刊 最新文献 互助须知 联系我们:info@booksci.cn
Book学术提供免费学术资源搜索服务,方便国内外学者检索中英文文献。致力于提供最便捷和优质的服务体验。
Copyright © 2023 Book学术 All rights reserved.
ghs 京公网安备 11010802042870号 京ICP备2023020795号-1