EnglishОчистка Cookie - вибирає мову установки браузера

Machine learning methods for detecting intrusions based on network traffic analysis

Kostiuk, Yuliia та Skladannyi, Pavlo та Sokolov, Volodymyr та Rzaieva, Svitlana та Khorolska, Karyna (2025) Machine learning methods for detecting intrusions based on network traffic analysis Workshop on Cybersecurity Providing in Information and Telecommunication Systems (4145). с. 72-94. ISSN 1613-0073

[thumbnail of Y_Kostiuk_ P_Skladannyi_V_Sokolov_S_Rzaieva_K_Khorolska_CPITS_4145_2025_FITM.pdf] Текст
Y_Kostiuk_ P_Skladannyi_V_Sokolov_S_Rzaieva_K_Khorolska_CPITS_4145_2025_FITM.pdf
Download (2MB)
Офіційне посилання: https://ceur-ws.org/Vol-4145/paper6.pdf

Анотація

The article discusses modern machine learning methods for detecting intrusions in computer networks based on network traffic analysis. An architecture for an intelligent intrusion detection system is proposed, combining an autoencoder, a one-class support vector machine, an Isolation Forest, and Extreme Gradient Boosting (XGBoost), using a deep representation of traffic in the feature vector space. The scientific novelty lies in the integration of One-Class Neural Network with an adaptive update mechanism based on Markov decision processes (MDP), which provides automatic retraining in case of changes in traffic characteristics. The study employs procedures to reduce the dimensionality of the feature space using Principal Component Analysis (PCA), t-distributed Stochastic Neighbor Embedding (tSNE), and Uniform Manifold Approximation and Projection (UMAP). (Uniform Manifold Approximation and Projection—UMAP). Explainable Artificial Intelligence (XAI) modules are proposed using SHAP (SHapley Additive exPlanations) and LIME (Local Interpretable Model-Agnostic Explanations) methods. The developed system has been tested on the CICIDS2017 (Canadian Institute for Cybersecurity Intrusion Detection System 2017) and UNSW-NB15 (University of New South Wales Network Behavior 2015) open datasets. The results demonstrate classification accuracy of up to 97%, high interpretability, and model adaptability in detecting zero-day attacks in real-time, making it suitable for critical information infrastructures

Тип елементу : Стаття
Ключові слова: network traffic; intrusion detection; machine learning; anomalies; classification; Autoencoder; gradient boosting (XGBoost); one-class support vector machine (One-Class SVM); explainable artificial intelligence (XAI); CICIDS2017; UNSW-NB15
Типологія: Статті у базах даних > Scopus (без квартилю)
Підрозділи: Факультет інформаційних технологій та математики > Кафедра інформаційної та кібернетичної безпеки ім. професора Володимира Бурячка
Користувач, що депонує: Павло Миколайович Складанний
Дата внесення: 15 Трав 2026 12:43
Останні зміни: 15 Трав 2026 12:43
URI: https://elibrary.kubg.edu.ua/id/eprint/57434

Actions (login required)

Перегляд елементу Перегляд елементу