CASPIAN JOURNAL

MANAGEMENT AND HIGH TECHNOLOGIES

ANALYTICAL REVIEW OF MACHINE LEARNING TOOLS AND THEIR APPLICATIONS IN THE FIELD OF CYBER SECURITY

Read Vlasenko Alexandra V., Dzoban Pavel I., Zhuk Roman V. ANALYTICAL REVIEW OF MACHINE LEARNING TOOLS AND THEIR APPLICATIONS IN THE FIELD OF CYBER SECURITY // Caspian journal : management and high technologies. — 2020. — №1. — pp. 144-155.

Vlasenko Alexandra V. - Kuban State Technological University, Vlasenko@kubstu.ru

Dzoban Pavel I. - Kuban State Technological University, antiemoboy@mail.ru

Zhuk Roman V. - Branch В«Macroregion SouthВ» Ltd Co IC В«SIBINTEKВ», goonerkrd@gmail.com

Machine training deservedly attracts the interest of specialists in the field of cybersecurity. With the increasing availability of hardware and computing power, machine learning methods can be used to analyze and classify the nature of anomalies and malicious activities from aggregated metadata. Machine learning methods are divided into controlled (classification, regression) and uncontrolled learning (clustering, reducing the number of measurements of objects). Both of these approaches can be applied in the area of cybersecurity to analyse malicious activities in real time, thus eliminating the shortcomings of traditional methods of detecting such activities. This article proposes to use data using NetFlow flow export technology to analyze host activity, and also discusses the principles of detecting anomalies in network traffic using various machine learning tools (extreme machine learning, random forest, gradient increase, logistic regression), and provides examples and good practices of implementing anomaly detection methods in the network.

Key words: кибербезопасность, атаки, сетевые аномалии, риски, мониторинг, сеть, машинное обучение, градиент, ботнет, агрегация, кластеризация, классификация, регрессия, cybersecurity, attacks, network anomalies, risks, monitoring, network, machine learning, gradient