Approach to detection of anomalous network traffic using LOF and HBOS algorithms
Вантажиться...
Дата
2024
Автори
Назва журналу
Номер ISSN
Назва тому
Видавець
Хмельницький національний університет
Анотація
The article is devoted to the problem of detecting anomalies in modern computer networks, which is one of the main
threats to cyber security. With the development of Internet technologies, the number of devices and the volume of network traffic
are constantly increasing, which leads to an increase in the risk of various cyber threats, such as DDoS attacks, zero-day attacks,
and exploitation of protocol vulnerabilities. Abnormal network traffic can result from malicious activity and technical malfunctions,
such as configuration errors or hardware failures. Specialised algorithms and methods of analysing large volumes of data are used
to detect such threats. The paper considers the main methods of detecting anomalies in network traffic, including classical
approaches and modern deep and machine learning methods. Special attention is paid to the efficiency of using methods based on
convolutional neural networks, long-term memory and their combinations to detect anomalies. An analysis of the disadvantages and
advantages of various approaches to detecting anomalous traffic, such as high computational requirements and the complexity of
setting up models, is performed. Still, their effectiveness in analysing large volumes of data is noted. One of the main methods used
for anomaly analysis is the local outlier algorithm, which compares the density of objects with their neighbours, allowing for the
detection of anomalies in regional segments of the data. Another method is histogram-based outlier estimation, which is faster and
more efficient using one-dimensional histograms for each variable. The work also explores the application of unsupervised machine
learning methods, which allows for analysing network traffic in real time without the need for prior labelling of data. The article also
considers the prospects of further testing the proposed methods in real networks. The combined use of LOF and HBOS balances
anomaly detection accuracy and data processing speed, essential to ensure continuous system operation in high-load networks. The
implementation of similar solutions in actual conditions requires further research, particularly regarding optimising the use of
computing resources and adapting methods to the specific conditions of the network environment. Thus, the paper presents a
thorough analysis of modern approaches to detecting anomalies in network traffic and substantiates the feasibility of their
application in actual conditions to increase the effectiveness of cyber security
Опис
Ключові слова
network traffic, anomalies, anomaly detection, local emission factor, estimation of emissions based on histogram
Бібліографічний опис
Petliak N. Approach to detection of anomalous network traffic using LOF and HBOS algorithms / N. Petliak, K. Biletskyi, Y. Zastavna // Вимірювальна та обчислювальна техніка в технологічних процесах. – 2024. – № 4. – С. 125-129.