Development of a Machine Learning Model for Solving the Problem of Classifying Unacceptable Information Security Events
https://doi.org/10.21686/1818-4243-2026-2-4-17
Abstract
The aim of the study is to develop and substantiate an approach for detecting and classifying unacceptable information security events in critical information infrastructure systems using machine learning methods. The proposed approach is focused on improving the effectiveness of identifying unacceptable events under conditions of large-scale heterogeneous data processing and strict time constraints for response.
The increasing number and complexity of cyberattacks targeting critical information infrastructure, as well as the need for timely detection of information security events that may lead to significant negative consequences for the stability of critical systems determine the relevance of the study. The limitations of traditional signature-based and expertdriven methods, caused by the high dynamics of security events and data noise, necessitate the use of intelligent data processing techniques.
Materials and methods. The study employs machine learning methods, statistical analysis, and processing of information security event data. Event logs and network traffic of a real object of critical information infrastructure of the energy sector are used as initial data. A methodology for forming a training sample has been developed, including data preprocessing, expert labeling, informative features’ selection, and class balancing. A Random Forest algorithm was used to classify unacceptable events.
Results. Experimental results demonstrate the effectiveness of the proposed model in terms of precision, recall, and F1-score with a minimal level of false positives. The findings confirm the practical applicability of the proposed approach for automating monitoring and detection of unacceptable information security events in critical information infrastructure systems.
About the Author
D. A. DobretsovaRussian Federation
Moscow
References
1. Lee R. M., Assante M. J., Conway T. Analysis of the Cyber Attack on the Ukrainian Power Grid [Internet]. SANS Industrial Control Systems; 2016. Available from: https://icscsi.org/library/Documents/Cyber_Events/E-ISAC%20-%20Analysis%20of%20the%20Cyber%20Attack%20on%20the%20Ukrainian%20Power%20Grid.pdf.
2. Cybersecurity and Infrastructure Security Agency (CISA). DarkSide Ransomware: Best Practices for Preventing Business Disruption [Internet]. CISA Reports; 2021. Available from: https://www.cisa.gov/sites/default/files/publications/AA21-131A_Darkside_Ransomware.pdf.
3. Metodika otsenki ugroz bezopasnosti FSTEK Rossii = Methodology for assessing security threats of the Federal Service for Technical and Export Control of Russia [Internet]. Available from: https://fstec.ru/dokumenty/vse-dokumenty/spetsialnye-normativnye-dokumenty/metodicheskij-dokument-ot-5-fevralya-2021-g. (In Russ.)
4. Yevdokimova D.A., Mikryukov A.A. Actual tasks of identifying unacceptable events at critical information infrastructure facilities. Otkrytoye obrazovaniye = Open Education. 2024; 28: 4. DOI: 10.21686/1818-4243-2024-4-33-42. (In Russ.)
5. Yevdokimova D.A., Mikryukov A.A. The problem of detecting unacceptable information security events in the information infrastructure. Otkrytoye obrazovaniye = Open Education. 2025; 29: 1. DOI: 10.21686/1818-4243-2025-1-65-76. (In Russ.)
6. ML-model’ = ML model [Internet]. Available from: https://www.decosystems.ru/ml-model/. (In Russ.)
7. Scarfone K., Mell P. Guide to Intrusion Detection and Prevention Systems (IDPS). NIST Special Publication 800-94 [Internet]. Gaithersburg: National Institute of Standards and Technology; 2007. 127 p. Available from: https://icscsi.org/library/Documents/Standards/NIST%20-%20800-94%20-%20Guide%20to%20Intrusion%20Detection%20and%20Prevention%20Systems.pdf.
8. Sommer R., Paxson V. Outside the Closed World: On Using Machine Learning for Network Intrusion Detection [Internet]. IEEE Symposium on Security and Privacy. 2010: 305–316. Available from: https://ai.nsu.ru/attachments/download/2429.
9. Chandola V., Banerjee A., Kumar V. Anomaly Detection: A Survey [Internet]. ACM Computing Surveys. 2009; 41; 3: 1–58. Available from: https://vs.inf.ethz.ch/edu/HS2011/CPS/papers/chandola09_anomaly-detection-survey.pdf.
10. Siddiqui M. A., Wang M., Lee J. Detecting Internet Worms Using Data Mining Techniques [Internet]. Journal of Network and Computer Applications. 2008; 31; 4: 300–313. Available from: https://www.researchgate.net/publication/228630212_Detecting_Internet_Worms_Using_Data_Mining_Techniques.
11. Zuech R., Khoshgoftaar T. M., Wald R. Intrusion detection and Big Heterogeneous Data: A Survey [Internet]. Journal of Big Data. 2015; 2; 1: 1–41. Available from: https://www.researchgate.net/publication/276397551_Intrusion_detection_and_Big_Heterogeneous_Data_a_Survey.
12. Buczak A. L., Guven E. A Survey of Data Mining and Machine Learning Methods for Cyber Security Intrusion Detection [Internet]. IEEE Communications Surveys & Tutorials. 2016; 18;2: 1153–1176. Available from: https://www2.cs.uh.edu/~acl/cs6397/Presentation/2016-IEEE-A%20survey%20of%20DM%20and%20ML%20methods%20for%20cyber%20security%20ID.pdf.
13. Positive Technologies. Mashinnoye obucheniye v informatsionnoy bezopasnosti = Machine Learning Educational Resources in Information Security [Internet]. Available from: https://www.ptsecurity.com/ru-ru/our-technologies/ml-tekhnologii/.
14. Ispol’zovaniye mashinnogo obucheniya dlya bor’by s DDoS atakami = Using Machine Learning to Combat DDoS Attacks [Internet]. Available from: https://habr.com/ru/articles/785942/. (In Russ.)
15. Angapov V.D., Bobrov A.V., Timonin V.A., Vishnyakov A.S. Using Machine Learning Technologies to Protect Information Systems. Nauka, tekhnika i obrazovaniye = Science, Technology, and Education. 2023; 4(92): 20-26. DOI: 10.24411/2312-8267-2023-10401. (In Russ.)
16. Machine Learning Based Network Vulnerability Analysis of Industrial Internet of Things [Internet]. Available from: https://arxiv.org/abs/1911.05771.
17. Kak samomu razrabotat’ sistemu obnaruzheniya komp’yuternykh atak na osnove mashinnogo obucheniya = How to develop a computer attack detection system based on machine learning [Internet]. Available from: https://habr.com/ru/articles/538296/. (In Russ.)
18. Breiman L. Random Forests [Internet]. Machine Learning. 2001; 45; 1: 5–32. Available from: https://link.springer.com/article/10.1023/A:1010933404324.
Review
For citations:
Dobretsova D.A. Development of a Machine Learning Model for Solving the Problem of Classifying Unacceptable Information Security Events. Open Education. 2026;30(2):4-17. (In Russ.) https://doi.org/10.21686/1818-4243-2026-2-4-17
JATS XML































