ИДЕНТИФИКАЦИЯ РУТКИТОВ В СЕТЕВОМ ТРАФИКЕ НА ОСНОВЕ ПРИМЕНЕНИЯ БЭГГИНГА КЛАССИФИКАТОРОВ

Аннотация

The paper proposes an approach to identify anomalies in network traffic based on the use of machine learning classifiers. The solution allows you to determine the resulting state class by averaging the votes of individual classifiers. The approach was evaluated on the NSL-KDD public dataset. A comparison of the performance of classifiers and their averaged evaluation using the Weka tool was performed. The NSL-KDD set has been optimized, with an emphasis on "rootkit" type attacks, as one of the most difficult types of attacks to detect. Using the bagging-based approach implemented in the Weka application, it was possible to obtain accuracy results - 99.94%. During the experiment, a tendency of increasing accuracy in the application of bagging on open data was revealed as the volume of training data increases. The proposed approach can be applied in the design of systems for detecting attacks and other abnormal states of information systems. The results of the accuracy of the average assessment require further research in order to improve the indicators. It is possible to modernize the approach of averaging the votes of classifiers by excluding/adding other classifiers, qualitative selection of attributes and their features, increasing the number of training samples for classification.