Investigation of computer systems to detect intrusions and network anomalies
Abstract
The article describes models of intrusion and network anomaly detection systems with quantum autocoding in computer systems. The paper proposes innovative methods for researching intrusion and network anomaly detection systems with quantum autocoding in computer systems that can provide fast response and a high level of adaptability. The paper proposes a quantum QAE (Quantised Autoencoder) model is used in intrusion detection systems to identify anomalies. This model is an optimization approach based on autoencoders, which integrates techniques such as cut-off, clustering, and integer quantisation.
Relevance. The significance of this work lies in the ability to investigate intrusion and network anomaly detection systems utilizing quantum autoencoding in information and communication systems. The study focuses on creating a method for detecting anomalous attacks in IoT network traffic, as identifying anomalies requires detailed monitoring of various network activities. Moreover, the network traffic of each IoT device is distinct. Consequently, the study applies an autoencoder algorithm for anomaly detection, using benign network traffic for model training, with the assumption that any anomalous traffic would lead to an anomaly reconstruction (AR) error.
Research methods. methods for studying intrusion detection systems and network anomalies with quantum autocoding in information and communication systems are probabilistic, verification modelling, and the use of cloud computing, which provide flexibility, scalability and resources for building effective computer attack detection systems.
The results. A real-time IoT dataset was created for both normal and attack traffic. During the training phase, the autoencoder model is trained on normal traffic. The same model is then used to reconstruct anomalous traffic, with the expectation that the reconstruction error (RE) for anomalies will be significant, aiding in the detection of attacks. Additionally, the performance of the autoencoder model was evaluated using metrics such as precision, accuracy, recall, and through a comprehensive experimental study.
Conclusions. The results show that there is a trade-off between the autoencoder and the QAE-u8 model in terms of accuracy and processor evaluation parameters such as memory and CPU. Thus, we conclude that there is a trade-off between the autoencoder and the QAE-u8 model in terms of accuracy and processor evaluation parameters such as memory and CPU. In future research, we will focus on other IoT device vulnerabilities to develop a more secure IoT infrastructure.
The scientific novelty of this work is the development of strategies and techniques for identifying anomalous attacks in IoT network traffic.
Downloads
References
Sharmila, B.S., Nagapadma, R. Quantized autoencoder (QAE) intrusion detection system for anomaly detection in resource-constrained IoT devices using RT-IoT2022 dataset. Cybersecurity 6, 41 (2023). https://doi.org/10.1186/s42400-023-00178-5
Ruban I. V., Martovytskyi V. O., Partika S. O. Classification of anomaly detection methods in information systems. Armament systems and military equipment. 2016. no. 3. pp. 100-105. https://openarchive.nure.ua/server/api/core/bitstreams/7c434471-942c-40a7-b70c-0cc2655a42fe/content [in Ukrainian].
Gavrylenko , S., Poltoratskyi , V., & Nechyporenko , A. Intrusion detection model based on improved transformer. Advanced Information Systems, 2024, 8(1), P. 94–99. https://doi.org/10.20998/2522-9052.2024.1.12 http://ais.khpi.edu.ua/article/view/299010
Zats, O., Strilets, V., Shmatkov, S., Yushchenko, V. Virtualization of networks – an approach to optimization of computer networks. Bulletin of V.N. Karazin Kharkiv National University, series ‘Mathematical modelling. Information technologies. Automated control systems’, 2024. Issue 61, pp. 33-43. https://doi.org/10.26565/2304-6201-2024-61-04 [in Ukrainian]
Miroshnyk М., Koroliova Ya., Demenkova S., Shafransky A. Models of diagnosing interactive computer networks at the structural and logical level. Series: Informatics and modelling. Bulletin of the National Technical University ‘KhPI’. Series: Informatics and modelling. 2024., 1-2 (11-12). P. 96-104. [in Ukrainian] http://pim.khpi.edu.ua/article/view/308453 https://doi.org/10.20998/2411-0558.2024.01.08
Pakhomov Yu.V., Koroliova Ya.Yu., Demchenko K.V., Demenkova S.D. Using the method of anomaly search for detecting network attacks. V. N. Karazin Kharkiv National University Bulletin, series ‘Mathematical modelling. Information technologies. Automated control systems’. 2023. issue. 59. P.35-48. [in Ukrainian] https://doi.org/10.26565/2304-6201-2023-60-02
Miroshnyk M. A., Shkil O.S., Rakhlis D.Yu., Miroshnyk A.M., Loboichenko D.A. Methods of building tests for interactive computer networks at the structural and logical level. Bulletin of the National Technical University ‘Kharkiv Polytechnic Institute’. Collection of scientific papers. Series: Informatics and modelling. 2023. № 1 – 2 (9 – 10). P. 81-92 (137с.). https://doi.org/10.20998/2411-0558.2023.01.07 [in Ukrainian].
Korobeynikova T.I., Tsar O.O. Analysis of modern open intrusion detection and prevention systems. Lviv Polytechnic National University, Ukraine. May 2023, the grail of science. pp. 317-325. https://doi.org/10.36074/grail-of-science.12.05.2023.050, License, CC BY-SA 4.0 [in Ukrainian]
Gavrylenko S., Zozulia V. nvestigation of methods for detecting anomalies at the stage of data pre-processing. Control, Navigation and Communication Systems. 2022, Issue 1(67), P. 52-56. [in Ukrainian]. https://doi.org/10.26906/SUNZ.2022.1.052
Lykhach O., Ugryumov M., Shevchenko D., & Shmatkov S. Anomaly detection methods in sample datasets when managing processes in systems by the state. Bulletin of V.N. Karazin Kharkiv National University, Series «Mathematical Modeling. Information Technology. Automated Control Systems», 2022, 53, 21-40. https://doi.org/10.26565/2304-6201-2022-53-03 [in Ukrainian].
Strilets V.Ye., Doroshenko M.I. Analysis and forecasting of computer network characteristics/ Bulletin of V. N. Karazin Kharkiv National University. Series ‘Mathematical modelling. Information technologies. Automated control systems’, 2022. Issue 55. P. 49 – 57. https://doi.org/10.26565/2304-6201-2022-55 [in Ukrainian].
Lukyanenko T. Yu., Ponochevny P. M., Legominova S. V. Methodology for detecting network intrusions and signs of computer attacks based on an empirical approach. Modern protection of information. 2022. No. 2. P. 15-21.DOI: 10.31673/2409-7292.2022.021521 [in Ukrainian].
Panchenko M.V., Bigdan A. M., Babenko T. V., Timofeev D. S. Identification of information security anomalies based on information system entropy analysis. Energy and automation, No. 1, 2022. DOI 10.31548/energiya [in Ukrainian].
Nicheporuk A.O., Nicheporuk A.A., Savenko O.S., Kazantsev A.D. An intelligent system for detecting anomalies and identifying devices of smart buildings using collective communication. Khmelnytskyi National University // ISSN 2221-3805. Electrical and computer systems. 2021. No. 34 (110) Information systems and technologies Users/Administrator/Downloads/3196-Article Text-2350-1-10-20210904.pdf [in Ukrainian].
Meshkov V., Virolainen V. Analysis of modern systems for detecting and preventing intrusions in information and telecommunication systems. Problems of information security in information and communication systems. 2015. P. 1-4. https://ela.kpi.ua/handle/123456789/17609 [in Ukrainian].
