Applying artificial intelligence methods to network attack detection

Abstract

This chapter reveals the methods of artificial intelligence and their application for detecting network attacks. Particular attention is paid to the representation of models based on neural, fuzzy, and evolutionary computations. The main object is a binary classifier, which is designed to match each input object to one of two sets of classes. Various schemes for combining binary classifiers are considered, which allows building models trained on different subsamples. Several optimizing techniques are proposed, both in terms of parallelization (for increasing the speed of training) and usage of aggregating compositions (for enhancing the classification accuracy). Principal component analysis is also considered, which is aimed at reducing the dimensionality of the analyzed attack feature vectors. A sliding window method was developed and adopted to decrease the number of false positives. Finally, the model efficiency indicators obtained during the experiments using the multifold cross-validation are provided.