IDENTIFYING NETWORK TRAFFIC ANOMALIES BY DEEP LEARNING
The article discusses the application of a deep learning method based on neural networks for implementation in intrusion detection systems. The restrictions on the use of neural networks for classifying traffic into normal - not containing an attack and anomalous - containing an attack are indicated. The limitations are related to the need for a data set for training a neural network, a low computation speed of a neural network with a large number of input parameters, and the influence of the uneven distribution of the sample data set on the quality of training. Methods for circumventing these restrictions are proposed: the choice of significant information features that allow the classification of network traffic and the preservation of significant training examples, which are represented by a small sample size. It is proposed to solve the reduction of the dimension of the vector of information features by a linear method with ranking the features according to the degree of importance and in the future to use only «important» features to train the neural network. It is proposed to solve the preservation of significant learning examples represented by a small sample size by modifying the learning algorithm, the essence of which is reduced to adaptive assignment of weighting coefficients to such examples. The experiments carried out indicate the effectiveness of the proposed method and algorithm for training a neural network in detecting network attacks.
Authors: T. M. Tatarnikova, F. Bimbetov, P. Yu. Bogdanov
Direction: Informatics, Computer Technologies And Control
Keywords: Network attack, network traffic anomalies, neural network, deep learning, parameter reduction, uneven number of training examples, training error, classification accuracy
View full article