magistrsko delo
Benjamin Steiner (Author), Simon Vrhovec (Mentor)

Abstract

Strojno učenje se vse več uporablja v povezavi z zaznavo kibernetskih napadov, saj lahko s tem načinom zaznamo tudi bolj napredne kibernetske napade kot z drugimi načini zaznave. Glavni element učenja algoritmov nadzorovanega strojnega učenja za katero koli domeno uporabe so ustrezno označeni učni podatki, prek katerih se algoritem uči in kasneje tudi deluje. Ne vemo pa, točno koliko podatkov ti algoritmi potrebujejo za učenje, da postanejo učinkoviti. V magistrskem delu je bila uporabljena podatkovna zbirka UNSW-NB15, ki vsebuje več milijonov paketkov simuliranega omrežnega prometa in devet različnih kibernetskih napadov, kjer je vsak paketek že označen kot običajen mrežni promet ali kibernetski napad. Izvedeno je bilo učenje sedmih najpogostejših algoritmov strojnega učenja pri različnih deležih uporabljenih podatkov, da se je lahko določilo, pri katerih deležih učnih podatkov se merjene metrike normalizirajo. Rezultati so pokazali, da se je v povprečju metrike izbranih algoritmov normaliziralo okoli 10 % uporabljenih učnih podatkov (8233 vnosov), kar lahko pripomore k izdelavi bolj učinkovitih algoritmov za zaznavo kibernetskih napadov.

Keywords

kibernetski napadi;lokalna omrežja;Python;UNSW-NB15;magistrska dela;

Data

Language: Slovenian
Year of publishing:
Typology: 2.09 - Master's Thesis
Organization: UM FVV - Faculty of Criminal Justice
Publisher: [B. Steiner]
UDC: 004.056.53:004.85(043.2)
COBISS: 200834051 Link will open in a new window
Views: 28
Downloads: 5
Average score: 0 (0 votes)
Metadata: JSON JSON-RDF JSON-LD TURTLE N-TRIPLES XML RDFA MICRODATA DC-XML DC-RDF RDF

Other data

Secondary language: English
Secondary title: Using machine learning to detect cyber attacks
Secondary abstract: Machine learning is increasingly being used in conjunction with cyber attack detection, as it can detect more advanced cyber attacks than other detection methods. A key element of supervised machine learning algorithms for any application domain is appropriately labelled training data, which the algorithm learns from and subsequently operates on. However, we do not know exactly how much learning data the aforementioned algorithms need to become effective. We have used the UNSW-NB15 dataset, which contains millions of packets of simulated network traffic and nine different cyber-attacks, where each packet is already labelled as normal network traffic, or a cyber-attack. We then performed training of the seven most common machine learning algorithms on different proportions of the data used to determine at which proportions of the training data the measured metrics normalize. We found that, on average, the metrics of the selected algorithms normalized around 10% of the training data used (8233 entries), which can help to produce more effective algorithms for detecting cyber-attacks.
Secondary keywords: Računalniški kriminal;Strojno učenje;Univerzitetna in visokošolska dela;
Type (COBISS): Master's thesis/paper
Thesis comment: Univ. v Mariboru, Fak. za varnostne vede, Ljubljana
Pages: IX f., [69] str.
ID: 24467509