|

Model for Presenting the Input Set of Signatures in the Form of a Reduced Decision Diagram

Authors: Dobkach L.Ya., Tsirlov V.L. Published: 02.04.2024
Published in issue: #1(146)/2024  
DOI:

 
Category: Informatics, Computer Engineering and Control | Chapter: Methods and Systems of Information Protection, Information Security  
Keywords: signature analysis, machine learning, CICIDS 2017, intrusion detection, decision trees

Abstract

The format for presenting the input data for subsequent analysis operations or learning algorithms in identifying the computer attacks could affect the memory cost, performance and time within these processes. Most often, the input data appears to be tables of values or sets of the Boolean rules. In this case, the certain parameter values could be repeated. To reduce the amount of stored information and time spent on its processing, the paper proposes to use a reduced decision diagram as the model representing the input data. It makes it possible to not only reduce the memory costs and increase performance, but also provides a 2 % increase in the attack recognition accuracy at the conventional signature analysis. Despite the fact that the increase is insignificant, it indicates a possibility of the reduced decision diagram to enhance the signature method ability not having the flexibility (adaptability) property to identify the unfamiliar computer attacks. In the machine-learning context, the proposed data representation model is able to assist in reducing the retraining period or updating the data mining algorithms, and to provide a more adequate response to renewed scenarios of the intrusion attempts

Please cite this article in English as:

Dobkach L.Ya., Tsirlov V.L. Model for presenting the input set of signatures in the form of a reduced decision diagram. Herald of the Bauman Moscow State Technical University, Series Instrument Engineering, 2024, no. 1 (146), pp. 93--103 (in Russ.). EDN: ITWVQT

References

[1] Dobkach L.Ya. [The review of methods for identification of computer attacks]. Bezopasnost informatsionnykh tekhnologiy. Sb. tr. Desyatoy mezhdunar. nauch.-tekh. konf. [Safety of Information Technologies. Proc. 10th Int. Sci.-Tech. Conf.]. Moscow, BMSTU Publ., 2019, pp. 124--129 (in Russ.).

[2] Evglevskaya N.V., Rakitskiy S.N. Choice of computer attacks detection method. Izvestiya TulGU. Tekhnicheskie nauki [News of the Tula State University. Technical Sciences], 2021, no. 5, pp. 247--249 (in Russ.).

[3] Korolev I.D., Popov V.I., Reva D.I. [Overview of methods targeted threat’s forecasting in cyber security]. Informatsionnaya bezopasnost: vchera, segodnya, zavtra. III Mezhdunar. nauch.-prakt. konf. [Information Safety: Yesterday, Today, Tomorrow. III Int. Sci.-Pract. Conf.]. Moscow, RSUH, 2020, pp. 163--170 (in Russ.).

[4] Liu H., Lang B. Machine learning and deep learning methods for intrusion detection systems: a survey. Appl. Sci., 2019, vol. 9, iss. 20, pp. 4396--4423. DOI: https://doi.org/10.3390/app9204396

[5] Shelukhin O.I., Rakovskiy D.I. Binary classification of multi-attribute tagged data about anomalous events in computer systems using the SVDD algorithm. Naukoemkie tekhnologii v kosmicheskikh issledovaniyakh Zemli [High Technologies in Earth Space Research], 2021, vol. 13, no. 2, pp. 74--84 (in Russ.). DOI: https://doi.org/10.36724/2409-5419-2021-13-2-74-84

[6] Kusakina N.M. [Network traffic analysis methods as a basis for designing a network attack detection system]. International Scientific Review of the Problems and Prospects of Modern Science and Education. XLI Mezhdunar. nauch.-prakt. konf. [XLI Int. Sci.-Pract. Conf.]. Ivanovo, Problemy nauki, 2018, pp. 28--31 (in Russ.).

[7] Oralbaev E.A. Obnaruzheniya DDoS-atak botnetov v setyakh dostupa IoT. V kn.: Aktualnye voprosy sovremennoy nauki i obrazovaniya [Detecting DDoS attacks of botnets in IoT access networks. In: Topical Issues of Modern Science and Education]. Penza, Nauka i Prosveshchenie Publ., 2021, pp. 190--200 (in Russ.).

[8] Akushuev R.T. Signature detection model. Modern Science, 2020, no. 7-1, pp. 330--332 (in Russ.).

[9] Abramov E.S., Tarasov I.V. Application of the combined neural network method for web-oriented low-rate DDOS-attack detection. Inzhenernyy vestnik Dona [Engineering Journal of Don], 2017, no. 3, art. 59 (in Russ.). Available at: http://vww.ivdon.ru/ru/magazine/archive/N3y2017/4354

[10] Kuzmin V.N., Menisov A.B. A study of ways and solutions to increase the efficiency of detecting computer attacks on the objects of critical information infrastructure. Informatsionno-upravlyayushchie sistemy [Information and Control Systems], 2022, no. 4, pp. 29--43 (in Russ.). DOI: https://doi.org/10.31799/1684-8853-2022-4-29-43

[11] Vasilyev I.N. [Study of cyber threat detection and remediation techniques for enterprise networks]. ORVSEU--2022. Pereslavl-Zalesskiy, IPS RAS Publ., 2022, pp. 92--99 (in Russ.).

[12] Landyzin A.N., Shelukhin O.I. Data set pre-processing technique for binary and multiclass attack classification. Telekommunikatsii i informatsionnye tekhnologii, 2022, vol. 9, no. 1, pp. 46--57 (in Russ.).

[13] Yin Y., Jang-Jaccard J., Sabrina F., et al. Improving multilayer-perceptron (MLP)-based network anomaly detection with birch clustering on CICIDS-2017 dataset. arXiv:2208.09711. DOI: https://doi.org/10.48550/arXiv.2208.09711

[14] Al-Harbi A., Jabeur R. An efficient method for detection of DDoS attacks on the web using deep learning algorithms. IJATCSE, 2021, vol. 10, no. 4, pp. 2821--2829. DOI: https://doi.org/10.30534/ijatcse/2021/271042021

[15] Abdulraheem M.H., Ibraheem N.B. A detailed analysis of new intrusion detection dataset. J. Theor. Appl. Inf. Technol, 2019, vol. 97, no. 17, pp. 4519--4537.

[16] Stiawan D., Idris M.Y.B., Bamhdi A.M., et al. CICIDS-2017 dataset feature analysis with information gain for anomaly detection. IEEE Access, 2020, vol. 8, pp. 132911--132921. DOI: https://doi.org/10.1109/ACCESS.2020.3009843

[17] Guven E.Y., Gulgun S., Manav C., et al. Multiple classification of cyber attacks using machine learning. Electrica, 2022, vol. 22, iss. 2, pp. 313--320. DOI: https://doi.org/10.54614/electrica.2022.22031

[18] Dobkach L.Ya. [Creation of an attack recognition module for intrusion detection systems]. Vseros. stud. konf. “Studencheskaya nauchnaya vesna” [Russ. Stud. Conf. Student Scientific Spring]. Moscow, Nauchnaya biblioteka Publ., 2019, pp. 36--37 (in Russ.).

[19] Sakulin S.A., Alfimtsev A.N., Kvitchenko K.N., et al. Network traffic anomalies detection using an ensemble of classifiers. Vestnik kompyuternykh i informatsionnykh tekhnologiy [Herald of Computer and Information Technologies], 2020, vol. 17, no. 10, pp. 38--46 (in Russ.). DOI: https://doi.org/10.14489/vkit.2020.10.pp.038-046

[20] Abdulhammed R., Faezipour M., Musafer H., et al. Efficient network intrusion detection using PCA-based dimensionality reduction of features. 2019 IEEE ISNCC, 2019. DOI: https://doi.org/10.1109/ISNCC.2019.8909140

[21] Bibilo P.N., Romanov V.I. Minimization of binary decision diagrams for systems of completely defined Boolean functions using Shannon expansions and algebraic representations of cofactors. Informatika [Informatics], 2021, vol. 18, no. 2, pp. 7--32 (in Russ.). DOI: https://doi.org/10.37661/1816-0301-2021-18-2-7-32

[22] Leontyev A.L. [Using graph theory and neural networks to detect vulnerability of information technology systems]. Fundamentalnye problemy informatsionnoy bezopasnosti v usloviyakh tsifr. Transformatsii. II Vseros. nauch. konf. [Fundamental Problems of Information Security in Digital Environment. Transformations. II Russ. Sci. Conf.]. Stavropol, SKFU Publ., 2020, pp. 207--213 (in Russ.).

[23] Lebedev I.S. Adaptive application of machine learning models on separate segments of a data sample in regression and classification problems. Informatsionno-upravlyayushchie sistemy [Information and Control Systems], 2022, no.3, pp. 20--30 (in Russ.). DOI: https://doi.org/10.31799/1684-8853-2022-3-20-30

[24] Rauzy A., Yang L. Decision diagram algorithms to extract minimal cutsets of finite degradation models. Information, 2019, vol. 10, iss. 12, pp. 368--395. DOI: https://doi.org/10.3390/info10120368