Journal "Software Engineering"
a journal on theoretical and applied science and technology
ISSN 2220-3397
Issue N2 2022 year
The paper discusses the issues of improving algorithms for detecting network attacks in a heterogeneous industrial Internet of Things network based on machine learning technologies for subsequent integration with the subsystems of the center for monitoring and responding to information security incidents. A structural diagram of a network attack detection system and an algorithm for intelligent analysis of network traffic parameters in the task of detecting malicious network activity have been developed. Variants of constructing ensembles of classifiers based on machine learning models and heterogeneous neural network models are analyzed. The F1-measure score when working with test samples reaches 96 %. The possibility of embedding the obtained models as modules of network equipment to increase the efficiency of the analysis of network traffic of industrial systems or use as part of a network intrusion detection system is considered. The efficiency of the obtained solutions in assessing the quality of network attack detection on the original datasets is comparable for the tested models. The most promising for use in specialized signal processors of network equipment is a classifier based on a committee of random trees, since it provides good quality detection of network attacks and does not require significant computing resources when launching a model with coefficients selected during training. Monitoring the state of information and network infrastructure is implemented on the basis of a deployed solution based on the ELK stack. A virtual testing ground has been developed to assess the effectiveness of ML-models for detecting network attacks. Further research is aimed at developing a methodology for testing models in various scenarios for the implementation of targeted multi-step network attacks.