RUS  ENG
Full version
JOURNALS // Proceedings of the Institute for System Programming of the RAS // Archive

Proceedings of ISP RAS, 2021 Volume 33, Issue 5, Pages 83–104 (Mi tisp629)

This article is cited in 3 papers

Methodology for collecting a training dataset for an intrusion detection model

A. I. Get'manab, M. N. Goryunovc, A. G. Matskevichc, D. A. Rybolovlevc

a Ivannikov Institute for System Programming of the RAS
b National Research University Higher School of Economics
c The Academy of Federal Security Guard Service of the Russian Federation

Abstract: The paper discusses the issues of training models for detecting computer attacks based on the use of machine learning methods. The results of the analysis of publicly available training datasets and tools for analyzing network traffic and identifying features of network sessions are presented sequentially. The drawbacks of existing tools and possible errors in the datasets formed with their help are noted. It is concluded that it is necessary to collect own training data in the absence of guarantees of the public datasets reliability and the limited use of pre-trained models in networks with characteristics that differ from the characteristics of the network in which the training traffic was collected. A practical approach to generating training data for computer attack detection models is proposed. The proposed solutions have been tested to evaluate the quality of model training on the collected data and the quality of attack detection in conditions of real network infrastructure.

Keywords: information security, network intrusion detection system, machine learning, dataset, transfer learning, random forest, network traffic, computer attack.

DOI: 10.15514/ISPRAS-2021-33(5)-5



© Steklov Math. Inst. of RAS, 2024