CASPIAN JOURNAL

MANAGEMENT AND HIGH TECHNOLOGIES

REALIZATION OF EXPERT INTRUSION DETECTION SYSTEM BASED ON THE RESULTS OF DATASETS AND MACHINE LEARNING ALGORITHM ANALYSIS

Read

Ivkin Andrey N., Burlakov Michael E. REALIZATION OF EXPERT INTRUSION DETECTION SYSTEM BASED ON THE RESULTS OF DATASETS AND MACHINE LEARNING ALGORITHM ANALYSIS // Caspian journal : management and high technologies. — 2020. — №2. — pp. 100-107.

Ivkin Andrey N. - Samara National Research University, Ivkin.92@bk.ru

Burlakov Michael E. - Samara National Research University, knownwhat@gmail.com

Intrusion detection system is one of the most important devices for the protection of computing systems. The system is enabled to detect and investigate packets of network traffic. IDS Snort is an open source with free software that is used to protect your network. Snort detects only confirmed attacks using predefined signatures. In order to detect new, previously unknown network attacks and reduce false positives, this work has developed advanced rules for Snort, obtained using the WEKA machine learning tool and the j48 algorithm. In the article, for experimental research, the CICIDS dataset is used. The main goal of this research is the realization of IDS with embedded machine learning tool rules. The main stages of research are comparative analysis of different publicly available datasets, data preparation, application and comparison of 8 different algorithms, extraction of expert rules, implementation of Snort rules and attacks identification. The proposed system provides effective detection rates.

Key words: система обнаружения вторжений, наборы данных, машинное обучение, CICIDS, WEKA, Snort, сигнатуры, intrusion detection system, Snort, machine learning, WEKA, j48 algorithm, CICIDS dataset, signatures