Classifcation of events in information security systems based on neural networks

Purpose of the research. The aim of the study is to increase the effectiveness of information security and to enhance accuracy and promptness of the classification of security events, security incidents, and threats in information security systems. To respond to this challenge, neural network technologies were suggested as a classification tool for information security systems. These technologies allow accommodating incomplete, inaccurate and unidentified raw data, as well as utilizing previously accumulated information on security issues. To address the problem more effectively, collective methods based on collective neural ensembles aligned with an advanced complex approach were implemented.

Materials and methods: When solving complex classification problems, often none of the classification algorithms provides the required accuracy. In such cases, it seems reasonable to build compositions of algorithms, mutually compensating errors of individual algorithms. The study also gives an insight into the application of neural network ensemble to address security issues in the corporate information system and provides a brief review of existing approaches to the construction of neural network ensembles and methods to shape problem solving with neural networks classifiers. An advanced integrated approach is proposed to tackle problems of security event classification based on neural network ensembles (neural network committees). The approach is based on a three-step procedure. The stages of the procedure implementation are described. It is shown that the use of this approach facilitates the efficiency of solving the problem.

Results: An advanced integrated approach to addressing security event classification based on neural network ensembles (neural network committees) is proposed. This approach applies adaptive reduction of neural network ensemble (selection of the best classifiers is based on the assessment of the compliance degree of the competence area of the private neural network classifier and convergence of the results of private classifiers), as well as the selection and rationale of the voting method (composition or aggregation of outputs of private classifiers). The results of numerical experiments support the effectiveness of the proposed approach.

Conclusion: Collectively used artificial neural networks in the form of neural network ensembles (committees of neural networks) will provide more accurate and reliable results of security event classification in the corporate information network. Moreover, an advanced integrated approach to the construction of a neural network ensemble is proposed to facilitate effectiveness of the classification process. The approach is based on the application of the adaptive reduction procedure for the results of private classifiers and the procedure for selecting the method of aggregation of the results of private classifiers. These outcomes will enable advancement of the system control over information security incidents. Finally, the paper defines tendencies and directions of the development of collective solution methods applying neural network ensembles (committees of neural networks).

1. Bishop C. M. Neural Networks for Pattern Recognition. Oxford: Oxford University Press; 1995. 496 p.

2. Zhou Z.-H. Ensemble Methods: Foundations and algorithms. Chapman & Hall/Crc Machine Learning & Pattern Recognition; 2012. 236 p.

3. Kuncheva L.I. Combining Pattern Classifiers: Methods and algorithms. Hoboken: John Wiley & Sons; 2004.

4. Terekhov P. A. The genial committees of smart machines. Nauchnaya sessiya MEPhI -2007. IX Vserossiyskaya nauchno-tekhnicheskaya konferentsiya «Neyroinformatika-2007»: Lektsii po neyroinformatike. Chast’ 2. = Scientific session MIFI-2007. IX All-Russian Scientific and Technical Conference «Neuroinformatics-2007»: Lectures on neuroinformatics. Part 2. Moscow: MEPhI. 2007: 11–42. (In Russ.)

5. Vorontsov K. V. Lektsii po algoritmicheskim kompozitsiyam = Lectures on algorithmic compositions. [Internet]. Available from: http://www.ccas.ru/voron/download/Composition.pdf (cited: 10.12.2018). (In Russ.)

6. Goncharov M. Ansambli modeley = Ensembles of models. [Internet]. Available from: http://www.business data analytics.ru/download/Model Ensembles.pdf (cited: 10.12.2018). (In Russ.)

7. Goltsev A.D. Neyronnye seti s ansamblevoy organizatsiey = Neural networks with ensemble organization. Kiev: Naukova dumka. 2005; 200 p. (In Russ.)

8. Borovikov V.P. Neyronnye seti. Statistica neural networks. Metodologiya i tekhnologii sovremennogo analiza dannykh. 2-e izd., pererab. i dop. = Neural networks. Statistica neural networks. Methodology and technologies of modern data analysis. 2nd Edition. Moscow: Hotline - Telecom; 2008. 392 p. (In Russ.)

9. Bodyanskiy E.V., Rudenko O.G. Iskusstvennyye neyronnyye seti: arkhitektury, obucheniye, primeneniya = Artificial neural networks: architecture, training, applications. Kharkov: Teletech; 2004. 362 p. (In Russ.)

10. Bertsekas D. Uslovnaya optimizatsiya i metody mnozhiteley Lagranzha = Conditional optimization and Lagrange multiplier methods. Moscow: Radio and communication; 1987. 400 p. (In Russ.)

11. Paklin N. B., Oreshkov V. I. Biznes analitika: ot dannykh k znaniyam = Business analyst: from data to knowledge. Saint Petersburg: Piter; 2013. 704 p. (In Russ.)

12. Bova V.V., Dukkart A.N. The use of artificial neural networks for the collective solution of intellectual problems. Problems of knowledge representation in integrated support systems for management decisions. Izvestiya YUFU. Tekhnicheskiye nauki. = SFU News. Technical science 2010; 7 (108): 131-138. (In Russ.)

13. Voyevodin YU.YU., Komartsova L.G. Primeneniye geneticheskogo algoritma dlya optimizatsii parametrov neyronnoy seti v zadachakh klassifikatsii. Informatika: problemy, metodologiya, tekhnologii = The use of a genetic algorithm to optimize the parameters of the neural network in the tasks of classification. Informatics: problems, methodology, technology. Moscow: Publishing House of Bauman Moscow State Technical University. 2005. P. 42-46. (In Russ.)

14. Plumton C.O., Kuncheva L.I. Choosing parameters for Random Subspase Ensembles for fMRI classification. Proceedings of Multiple Classifier Sistems (MCS 10), Cairo, Edgipt, LNCS 5997. 2010: 54-63.

15. Wolpert D.H. Stacked generalization. Neural Networks. 1992. 5: 241-259. 16. Frank A., Asuncion A. UCLMachineLearningRepository. University of California, School of Information and Computer Science. Irvine; 2010. [Internet] Available from: http://arhive.ics.uci.edu/ml (cited: 17.12.2018).

16. Mazurov M.E. Nonlinear selectivity in neural network systems, selective neurons and neural networks. Trudy shkoly-seminara «Volny-2016». Nelineynaya dinamika i informatsionnyye sistemy = Proceedings of the school seminar «Waves 2016». Nonlinear dynamics and information systems. 2016: 12–17. [Internet] Available from: http://waves.phys.msu.ru/files/docs/2016/thesis/Section10.pdf (data obrashcheniya 17.12.2018). (In Russ.)

17. Mazurov M.E. Odnosloynyy perseptron na osnove izbiratel’nykh neyronov. Patent na izobreteniye No. 2597497 ot 13.01.2015 = Single-layer perceptron based on selective neurons. Patent for invention no. 2597497 from 01/13/2015. (In Russ.)