Artificial Intelligence-Based Traffic Anomaly Detection
- Authors: Bliznyuk M.V.1, Bliznyuk V.I.2, Postarnak A.P.3, Bolbenkov A.V.2, Kibalin A.Y.2
-
Affiliations:
- Federal Security Service of the Russian Federation in the North-Western Federal District
- Academy of the Federal Guard Service of the Russian Federation
- The Bonch-Bruevich Saint Petersburg State University of Telecommunications
- Issue: Vol 11, No 5 (2025)
- Pages: 9-20
- Section: INFORMATION TECHNOLOGIES AND TELECOMMUNICATION
- URL: https://journals.rcsi.science/1813-324X/article/view/351254
- EDN: https://elibrary.ru/WALXIJ
- ID: 351254
Cite item
Full Text
Abstract
Relevant. Nowadays to detect signs of abnormal traffic behavior signature analysis is used, but this method has its limitations. Given the disadvantages of signature analysis, it becomes clear that using this method alone can limit the ability to detect and prevent new and unknown anomalies. Considered implementation of a custom analysis in addition to the signature to provide a more complete and reliable information system protection. The aim of the study is to increase the efficiency of detecting signs of abnormal traffic behavior through the use of artificial intelligence methods. In result the following were developed: an algorithm for detecting network anomalies, a software tool "Detection of network anomalies based on methods of artificial intelligence", a software stand. The novelty of the study lies in the fact that the software allows you to calculate the criteria for detecting anomalies of network traffic in a period of time shorter than that of previously presented analogs and allows you to detect various anomalies without prior training on ready-made anomaly templates. The practical significance. The results obtained in the work can be used for classification of anomalies of network traffic in information systems and infrastructures.
About the authors
M. V. Bliznyuk
Federal Security Service of the Russian Federation in the North-Western Federal District
Email: mikebliznyuk200123@gmail.com
ORCID iD: 0009-0003-5285-2942
V. I. Bliznyuk
Academy of the Federal Guard Service of the Russian Federation
Email: v_bliznyuk@mail.ru
ORCID iD: 0009-0005-8085-0738
A. P. Postarnak
The Bonch-Bruevich Saint Petersburg State University of Telecommunications
Email: postarnak.ap@sut.ru
ORCID iD: 0009-0001-5779-2948
A. V. Bolbenkov
Academy of the Federal Guard Service of the Russian Federation
Email: bolben@mail.ru
ORCID iD: 0009-0000-3858-6981
A. Yu. Kibalin
Academy of the Federal Guard Service of the Russian Federation
Email: kibalinanton@mail.ru
ORCID iD: 0009-0006-2247-2799
References
Dainotti A., Benson K., King A., Claffy K.C., Kallitsis M., Glatz E., et al. Estimating Internet Address Space Usage Through Passive Measurements // ACM SIGCOMM Computer Communication Review. 2011. Vol. 41. Iss. 2. PP. 30–37. doi: 10.1145/2567561.2567568 Lazarevic A., Kumar V. Feature Bagging for Outlier Detection // Proceedings of the Eleventh ACM SIGKDD International Conference on Knowledge Discovery in Data Mining (KDD '05, Chicago, USA, 21–24 August 2005). New York: Association for Computing Machinery, 2005. PP. 157–166. doi: 10.1145/1081870.1081891 Talukder M.A., Islam M.M., Uddin M.A., Hasan K.F., Sharmin S., Alyami S.A. Machine learning‑based network intrusion detection for big and imbalanced data using oversampling, stacking feature embedding and feature extraction // Journal of Big Data. 2024. Vol. 11. P. 11. doi: 10.1186/s40537-024-00886-w Шабуров А.С., Никитин А.С. Модель обнаружения компьютерных атак на объекты критической информационной инфраструктуры // Вестник Пермского национального исследовательского политехнического университета. Электротехника, информационные технологии, системы управления. 2019. № 29. С. 104–117. EDN:ZBKJTN Бугорский М.А., Каплин М.А., Остроцкий С.В., Казакова О.В., Селин В.И. Особенности использования объектов критической информационной инфраструктуры с современной системой обнаружения вторжений // Sciences of Europe. 2021. № 66-1(66). С. 42–46. EDN:SXGMHB. doi: 10.24412/3162-2364-2021-66-1-42-46 Семенов В.В., Арустамов С.А. Выявление рисков нарушений информационной безопасности киберфизических систем на основе анализа цифровых сигналов // Научно-технический вестник информационных технологии, механики и оптики. 2020. Т. 20. № 5. С. 770–772. doi: 10.17586/2226-1494-2020-20-5-770-772. EDN:BHITPY Mirkovic J., Prier G., Reiher P. Attacking DDoS at the Source // Proceedings of the 10th IEEE International Conference on Network Protocols (Paris, France, 12–15 November 2002). IEEE, 2002. PP. 312–321. doi: 10.1109/ICNP.2002.1181418 Ahmed M., Mahmood A.N., Hu J. A survey of network anomaly detection techniques // Journal of Network and Computer Applications. 2016. Vol. 60. PP. 19–31. doi: 10.1016/j.jnca.2015.11.016 Alali A., Yousef M. A Survey on Intrusion Detection Systems (IDS) Using Machine Learning Algorithms // Journal of Xi’an Shiyou University. 2022. Vol. 18. Iss. 6. PP. 183–197. Chandola V., Banerjee A., Kumar V. Anomaly Detection: A Survey // ACM Computing Surveys. 2009. Vol. 41. Iss. 3. PP. 1–58. doi: 10.1145/1541880.1541882. EDN:MYREHF Jordan M.I., Mitchell T.M. Machine learning: Trends, perspectives, and prospects. Science. 2015. Vol. 349. Iss. 6245. PP. 255–260. doi: 10.1126/science.aaa8415
Supplementary files
