USING SUPPORT VECTORS TO BUILD A RULE-BASED SYSTEM FOR DETECTING MALICIOUS PROCESSES IN AN ORGANISATION'S NETWORK TRAFFIC
Halyna Haidur
State University of Information and Communication Technologies, Department of Information and Cyber Security (Ukraine)
https://orcid.org/0000-0003-0591-3290
Sergii Gakhov
gakhovsa@gmail.comState University of Information and Communication Technologies, Department of Information and Cyber Security (Ukraine)
https://orcid.org/0000-0001-9011-8210
Dmytro Hamza
State University of Information and Communication Technologies, Department of Information and Cyber Security (Ukraine)
https://orcid.org/0009-0005-0947-2420
Abstract
The growing complexity and sophistication of cyberattacks on organisational information resources and the variety of malware processes in unprotected networks necessitate the development of advanced methods for detecting malicious processes in network traffic. Systems for detecting malicious processes based on machine learning and rule-based methods have their advantages and disadvantages. We have investigated the possibility of using support vectors to create a rule-based system for detecting malicious processes in an organisation's network traffic. We propose a method for building a rule-based system for detecting malicious processes in an organisation's network traffic using the distribution data of the relevant features of support vectors. The application of this method on real CSE-CIC-IDS2018 network traffic data containing characteristics of malicious processes has shown acceptable accuracy, high clarity and computational efficiency in detecting malicious processes in network traffic. In our opinion, the results of this study will be useful in creating automatic systems for detecting malicious processes in the network traffic of organisations and in creating and using synthetic data in such systems.
Keywords:
network security, classification of network traffic, supervised learning, support vector machine classification, rule-based systemsReferences
[1] A Realistic Cyber Defense Dataset (CSE-CIC-IDS2018) [https://registry.opendata.aws/cse-cic-ids2018] (available: 21.05.2024).
Google Scholar
[2] Arrieta A. B. et al.: Explainable artificial intelligence (XAI): Concepts, taxonomies, opportunities and challenges toward responsible AI. Information Fusion 58, 2020, 82–115 [https://doi.org/10.1016/j.inffus.2019.12.012].
DOI: https://doi.org/10.1016/j.inffus.2019.12.012
Google Scholar
[3] Barakat N., Bradley A. P.: Rule extraction from support vector machines: A review. Neurocomputing 74(1), 2010, 178–190 [https://doi.org/10.1016/j.neucom.2010.02.016].
DOI: https://doi.org/10.1016/j.neucom.2010.02.016
Google Scholar
[4] Barakat N., Bradley A. P.: Rule Extraction from Support Vector Machines: A Sequential Covering Approach. IEEE Transactions on Knowledge and Data Engineering 19, 2007, 729–741.
DOI: https://doi.org/10.1109/TKDE.2007.190610
Google Scholar
[5] Barbado A., Corcho O., Benjamins R.: Rule extraction in unsupervised anomaly detection for model explainability: Application to OneClass SVM. Expert Systems With Applications 189(1), 2022 [https://doi.org/10.1016/j.eswa.2021.116100].
DOI: https://doi.org/10.1016/j.eswa.2021.116100
Google Scholar
[6] Bologna G, Hayashi Y.: A Rule Extraction Study from SVM on Sentiment Analysis. Big Data and Cognitive Computing 2(1), 2018 [https://doi.org/10.3390/bdcc2010006].
DOI: https://doi.org/10.3390/bdcc2010006
Google Scholar
[7] Fung G., Sandilya S., Rao R. B.: Rule extraction from linear support vector machines. Eleventh ACM SIGKDD international conference on Knowledge discovery in data mining (KDD '05). USA, NY, New York, 2005, 32–40 [https://doi.org/10.1145/1081870.1081878].
DOI: https://doi.org/10.1145/1081870.1081878
Google Scholar
[8] Hao J., Luo S., Pan L.: Rule extraction from biased random forest and fuzzy support vector machine for early diagnosis of diabetes. Scientific Reports 12(9858), 2022 [https://doi.org/10.1038/s41598-022-14143-8].
DOI: https://doi.org/10.1038/s41598-022-14143-8
Google Scholar
[9] Hopgood A. A.: Intelligent Systems for Engineers and Scientists: A Practical Guide to Artificial Intelligence (4th ed.). CRC Press 2022 [https://doi.org/10.1201/9781003226277].
DOI: https://doi.org/10.1201/9781003226277
Google Scholar
[10] Jiawei Z., Hongyang J., Ning Z.: Alternate Support Vector Machine Decision Trees for Power Systems Rule Extractions. TechRxiv. 11, 2022 [https://doi.org/10.36227/techrxiv.20445150.v1].
DOI: https://doi.org/10.36227/techrxiv.20445150.v1
Google Scholar
[11] Kambourakis G. et al.: Botnets: Architectures, Countermeasures, and Challenges (1st ed.). CRC Press, 2019 [https://doi.org/10.1201/9780429329913].
DOI: https://doi.org/10.1201/9780429329913
Google Scholar
[12] Kašćelan L., Kašćelan V. Jovanović M.: Hybrid support vector machine rule extraction method for discovering the preferences of stock market investors: Evidence from Montenegro. Intelligent Automation & Soft Computing 21(4), 2014, 503–522 [https://doi.org/10.1080/10798587.2014.971500].
DOI: https://doi.org/10.1080/10798587.2014.971500
Google Scholar
[13] Martens D., Baesens B. B., Van Gestel T.: Decompositional Rule Extraction from Support Vector Machines by Active Learning. IEEE Transactions on Knowledge and Data Engineering 21(2), 2009, 178–191 [https://doi.org/10.1109/TKDE.2008.131].
DOI: https://doi.org/10.1109/TKDE.2008.131
Google Scholar
[14] Newman J.: A Taxonomy of Trustworthiness for Artificial Intelligence. CLTC. White Paper. January 2023. [https://cltc.berkeley.edu/publication/a-taxonomy-of-trustworthiness-for-artificial-intelligence/] (available: 21.05.2024).
Google Scholar
[15] Núñez H., Angulo C., Català A.: Rule extraction from support vector machines. European Symposium on Artificial Neural Networks (ESANN'2002). Belgium, Bruges, 2002, 107–112.
Google Scholar
[16] Núñez H., Angulo C., Català A.: Rule-Based Learning Systems for Support Vector Machines. Neural Process Lett 24, 2006, 1–18 [https://doi.org/10.1007/s11063-006-9007-8].
DOI: https://doi.org/10.1007/s11063-006-9007-8
Google Scholar
[17] Shigeo Abe: Support Vector Machines for Pattern Classification. Second Edition. Springer-Verlag London Limited 2005, 2010 [https://doi.org/10.1007/978-1-84996-098-4].
DOI: https://doi.org/10.1007/978-1-84996-098-4
Google Scholar
[18] Tian Y., Shi Y., Liu X.: Recent Advances on Support Vector Machines Research. Technological and Economic Development of Economy 18(1), 2012, 5–33 [https://doi.org/10.3846/20294913.2012.661205].
DOI: https://doi.org/10.3846/20294913.2012.661205
Google Scholar
[19] Yang S. X., Tian Y. J., Zhang C. H.: Rule Extraction from Support Vector Machines and Its Applications. IEEE/WIC/ACM International Conferences on Web Intelligence and Intelligent Agent Technology. France, Lyon, 2011, 221–224 [https://doi.org/10.1109/WI-IAT.2011.132].
DOI: https://doi.org/10.1109/WI-IAT.2011.132
Google Scholar
[20] Zhu P., Hu Q.: Rule extraction from support vector machines based on consistent region covering reduction. Knowledge-Based Systems 42, 2013, 1–8 [https://doi.org/10.1016/j.knosys.2012.12.003].
DOI: https://doi.org/10.1016/j.knosys.2012.12.003
Google Scholar
Authors
Halyna HaidurState University of Information and Communication Technologies, Department of Information and Cyber Security Ukraine
https://orcid.org/0000-0003-0591-3290
Authors
Sergii Gakhovgakhovsa@gmail.com
State University of Information and Communication Technologies, Department of Information and Cyber Security Ukraine
https://orcid.org/0000-0001-9011-8210
Authors
Dmytro HamzaState University of Information and Communication Technologies, Department of Information and Cyber Security Ukraine
https://orcid.org/0009-0005-0947-2420
Statistics
Abstract views: 95PDF downloads: 74
