{"title":"使用机器学习算法检测异常流量行为","authors":"","doi":"10.18469/ikt.2023.21.3.04","DOIUrl":null,"url":null,"abstract":"The article describes a method of using machine learning for detecting anomalous traffic behavior. For this purpose, a data set containing a significant amount of traffic collected at the time of the attack on the Web application is used. The set contains three attack options: Brute Force, XSS, SQL injection. A traffic dump containing an Infiltration attack is considered separately. A comparative analysis of machine learning models was carried out with the selection of the most optimal one. The article also provides a description of the data preprocessing procedure, which is carried out in order to eliminate anomalies and voids in array records, which can lead to incorrect operation of the trained model. Models were trained on selected data in order to identify anomalous traffic behavior indicating a specific type of attack. In addition, a study was conducted on a data set that does not contain information about attacks.","PeriodicalId":508406,"journal":{"name":"Infokommunikacionnye tehnologii","volume":"34 3","pages":""},"PeriodicalIF":0.0000,"publicationDate":"2024-05-13","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":"{\"title\":\"USING MACHINE LEARNING ALGORITHMS TO DETECT ANOMALOUS TRAFFIC BEHAVIOR\",\"authors\":\"\",\"doi\":\"10.18469/ikt.2023.21.3.04\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"The article describes a method of using machine learning for detecting anomalous traffic behavior. For this purpose, a data set containing a significant amount of traffic collected at the time of the attack on the Web application is used. The set contains three attack options: Brute Force, XSS, SQL injection. A traffic dump containing an Infiltration attack is considered separately. A comparative analysis of machine learning models was carried out with the selection of the most optimal one. The article also provides a description of the data preprocessing procedure, which is carried out in order to eliminate anomalies and voids in array records, which can lead to incorrect operation of the trained model. Models were trained on selected data in order to identify anomalous traffic behavior indicating a specific type of attack. In addition, a study was conducted on a data set that does not contain information about attacks.\",\"PeriodicalId\":508406,\"journal\":{\"name\":\"Infokommunikacionnye tehnologii\",\"volume\":\"34 3\",\"pages\":\"\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2024-05-13\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"0\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"Infokommunikacionnye tehnologii\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.18469/ikt.2023.21.3.04\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"Infokommunikacionnye tehnologii","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.18469/ikt.2023.21.3.04","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
USING MACHINE LEARNING ALGORITHMS TO DETECT ANOMALOUS TRAFFIC BEHAVIOR
The article describes a method of using machine learning for detecting anomalous traffic behavior. For this purpose, a data set containing a significant amount of traffic collected at the time of the attack on the Web application is used. The set contains three attack options: Brute Force, XSS, SQL injection. A traffic dump containing an Infiltration attack is considered separately. A comparative analysis of machine learning models was carried out with the selection of the most optimal one. The article also provides a description of the data preprocessing procedure, which is carried out in order to eliminate anomalies and voids in array records, which can lead to incorrect operation of the trained model. Models were trained on selected data in order to identify anomalous traffic behavior indicating a specific type of attack. In addition, a study was conducted on a data set that does not contain information about attacks.
京公网安备 11010802042870号
京ICP备2023020795号-1
分享
求助内容:
应助结果提醒方式:
扫码关注我们
