Detection of network intelligence features with the decision tree model

O b j e c t i v e s .  Early detection of network intelligence allows to reduce the risks of information security of organizations. The study was carried out to develop software module for detecting the features of network intelligence by machine learning methods.

M e t h o d s . Analysis of open datasets of appropriate destination; formation of metrics characteristic of network intelligence; development of a dataset based on certain metrics; study of the effectiveness of machine learning methods for classification task.

R e s u l t s .  The  topology was  designed and  a  test  segment  was  created  in  the  corporate  network of RUE "Beltelecom" to create a dataset. A monitoring tool has been developed for detecting and analyzing the events, the results of which were used as the basis for a new dataset.

The implementation of the decision tree method in the form of program code allowed to increase the speed of the module by about 2 times (0,147 ms). Practical tests of the developed module have shown the alarm on all types of network scanning using Nmap and Masscan utilities.

Co n c l u s i o n. The analysis of the dataset by principal component method showed the presence of a border area between  the  events  of  legal  traffic  and  network  intelligence  traffic,  which  had  a  positive  effect  on  the training of the model. The most promising machine learning methods have been studied and tested using various hyperparameters. The best results were shown by the decision tree method with the parameters criterion = gini and splitter = random and speed as 0,333 ms.

1. Gushchin R. A., Kolos K. A. Network intelligence. Materialy 74-j studencheskoj nauchno-tekhnicheskoj konferencii [Materials of the 74th Student Scientific and Technical Conference], sostavitel' V. A. Martinovich, Minsk, Belorusskij nacional'nyj tekhnicheskij universitet, 2018, pp. 53-54 (In Russ.).

2. Karaulova O. A., Kireeva N. V. Estimation of network traffic anomalies based on cyclic analysis. T-comm: telekommunikacii i transport [T-comm: Telecommunications and Transport], 2018, vol. 12, no. 11, r. 33 (In Russ.).

3. Bryuhomickij, Yu. A. Iskusstvennye immunnye sistemy v informacionnoj bezopasnosti. Artificial Immune Systems in Information Security. Rostov-on-Don, Taganrog, Izdatel'stvo Yuzhnogo federal'nogo universiteta, 2019, 147 r. (In Russ.).

4. Kashnickij Yu. S., Ignatov D. I. An ensemble method of machine learning based on the recommendations of classifiers. Intellektual'nye sistemy. Teoriya i prilozheniya [Intelligent Systems. Theory and Applications], 2015, vol. 19, no. 4, pp. 37-55 (In Russ.).

5. Halkechev R. V. Boosting is another way of machine learning. Zhurnal ''Yandeks Praktikuma'' [Yandex Practicum Magazine] (In Russ.). Available at: https://thecode.mediaboosting (accessed 12.06.2021).

6. Tavallaee M., Bagheri E., Lu W., Ghorbani A. Detailed analysis of the KDD CUP 99 data set. 2009 IEEE Symposium on Computational Intelligence for Security and Defense Applications, Ottawa, Canada, 8-10 July 2009. Ottawa, 2009, rr. 1-6.

7. Sharaev N. P., Petrov S. N. Identification and analysis of signs of network intelligence by machine learning. Upravlenie informacionnymi resursami : materialy XVII Mezhdunarodnoj nauchno-prakticheskoj konferencii, Minsk, 12 marta 2021 g. [Information Resource Management: Materials of the XVII International Scientific and Practical Conference, Minsk, 12 March 2021], Minsk, Akademija upravlenija pri Prezidente Respubliki Belarus', 2021, pp. 238-240 (In Russ.).

8. Sharaev N. P., Petrov S. N. Identification of network intelligence by machine learning methods. Zashhita informacii : sbornik materialov 57-j nauchnoj konferencii aspirantov, magistrantov i studentov BGUIR, Minsk, Belarus', 19-23 aprelja 2021 g. [Protection of Information: Collection of Materials of the 57th Scientific Conference of Postgraduates, Undergraduates and Students of BSUIR, Minsk, Belarus, 19-23 April 2021], Minsk, Belorusskij gosudarstvennyj universitet informatiki i radiojelektroniki, 2021, pp. 34-37 (In Russ.).