Методи виявлення аномалій у мережевому трафіку на основі однокласової технології SVM
This paper investigates the application of the one-class SVM (Support Vector Machines) method for detecting anomalies in network traffic, a critical challenge in the field of cybersecurity. Traditional signature-based detection systems are limited to identifying known threats, leaving them vulnerabl...
Gespeichert in:
| Datum: | 2025 |
|---|---|
| Hauptverfasser: | , , |
| Format: | Artikel |
| Sprache: | English |
| Veröffentlicht: |
V.M. Glushkov Institute of Cybernetics of NAS of Ukraine
2025
|
| Schlagworte: | |
| Online Zugang: | https://jais.net.ua/index.php/files/article/view/418 |
| Tags: |
Tag hinzufügen
Keine Tags, Fügen Sie den ersten Tag hinzu!
|
| Назва журналу: | Problems of Control and Informatics |
Institution
Problems of Control and Informatics| Zusammenfassung: | This paper investigates the application of the one-class SVM (Support Vector Machines) method for detecting anomalies in network traffic, a critical challenge in the field of cybersecurity. Traditional signature-based detection systems are limited to identifying known threats, leaving them vulnerable to new, unknown attacks. In contrast, the one-class SVM method, which focuses exclusively on «normal» data, offers a robust alternative capable of detecting both familiar and novel anomalies without requiring prior knowledge of potential threats. We introduce several enhancements to the one-class SVM approach, including the integration of online learning capabilities to allow the model to dynamically adapt to fluctuations in network traffic, advanced data preprocessing techniques, and the generation of additional synthetic features through statistical and signal processing methods. These modifications significantly boost the accuracy of anomaly detection. Our proposed model effectively identifies a range of attacks, including distributed denial of service (DDoS), SQL injection, and port scanning, without the need for examples of anomalous behavior during training. The paper also explores hybrid approaches that combine one-class SVM with statistical and rule-based methods to further enhance the systemʼs reliability and accuracy. Additionally, we address the importance of model interpretability, employing decision explanation techniques such as SHAP and LIME to make the results more transparent for cybersecurity experts. The paper concludes with an evaluation of our adaptive model’s performance using the CICIDS2017 dataset, demonstrating high accuracy (over 95 %) and good recall (approximately 90 %). The results underscore the potential of the modified one-class SVM to serve as an effective tool for real-time anomaly detection in network traffic, highlighting its advantages over conventional algorithms. |
|---|