Радіоелектронні і комп'ютерні системи (Oct 2022)

Information-extreme machine learning of a cyber attack detection system

  • Anatoliy Dovbysh,
  • Volodymyr Liubchak,
  • Igor Shelehov,
  • Julius Simonovskiy,
  • Alona Tenytska

DOI
https://doi.org/10.32620/reks.2022.3.09
Journal volume & issue
Vol. 0, no. 3
pp. 121 – 131

Abstract

Read online

The study aims to increase the functional efficiency of a machine learning cyber attack detection system. An information-extreme machine learning method of the cyberattack detection system with optimization of control tolerances for recognition features that reflect the traffic properties of the info-communication system has been developed. The method is developed within the framework of the functional approach to modeling of cognitive processes of natural intelligence at the formation and acceptance of classification decisions. This approach, in contrast to known methods of data mining, including neuron-like structures, allows giving the recognition system adaptability to arbitrary initial conditions of the learning matrix and flexibility in retraining the system by expanding the recognition classes alphabet. The method idea is to maximize the information capacity of the attack detection system in the machine learning process. A modified Kullback information measure is used as a criterion for optimizing machine learning parameters. According to the proposed categorical functional model, algorithmic software for attack detection system in the mode of machine learning with the depth of the second level has been developed and implemented. However, the depth level is determined by the number of machine learning parameters, which were optimized. The geometric parameters of the recognition hyperspherical containers classes and the control tolerances on the recognition features were considered as optimization parameters, which played the role of input data quantization levels in the transformation of the input Euclidean learning matrix of the type "object-property" into a working binary learning matrix given in the Hamming space. Admissible transformations of the working training matrix of the offered method allow adapting the input mathematical description of the attacks detection system to the maximum full probability of the correct classification decisions acceptance. Based on the results of information-extreme machine learning within the geometric approach, decisive rules are constructed as practically invariant to the multidimensionality of the recognition features space. The computer simulation results of information-extreme machine learning of the attack detection system to recognize four host traffic of different profiles confirm the developed method's efficiency.

Keywords