PNIPU: Neural network for identifying illegal users on the network

The main articles are:

• Security Information and Event Management (SIEM)
• Neural networks (neural networks)

2024: Training the neural network to find illegal users on the network

Perm Polytechnic scientists trained a neural network to find illegal users on the network Information security is responsible for ensuring that important company information, personal affairs and corporate secrets do not fall into the wrong hands. The university announced this on April 27, 2024. This industry protects data is from, and leaks programs, systems and networks - from hacking, corruption files or other types of attacks. In commercial state structures and information, it is also necessary to protect against spies or possible intruders within the team itself. Existing methods for detecting illegal users take a long time and are not always effective. information security You can improve the work with the help, artificial intelligence which in a short time is able to analyze a large amount of data. PNIPU scientists trained the neural network to quickly and accurately identify illegal users on the network.

The development will ensure the strengthening of Russia's information sovereignty. The article was published in "Master's journal," 2023.

An important tool for ensuring the information security of companies is event log files. They are a special database that contains all information about various events that occur in the system or network related to security. This information enables you to analyze and monitor system activity, identify potential threats, identify abnormal behavior, and take action to protect your data.

As of April 2024, statistical methods for detecting intruders on the network are relevant, which, based on data from the event log, study the activity of the behavior of the legal user of the system and highlight illegal users. But these files contain a huge amount of unstructured data. In large corporate systems, the number of daily journal lines created reaches one million. Their automatic analysis takes a lot of time and resources. Which is why most incidents are detected late and not always accurate.

Therefore, continuous monitoring of system logs is necessary immediately after their creation in order to detect anomalies in user behavior in real time. This allows you to respond in a timely manner to information security incidents and reduce the risks caused by them. To solve this problem, scientists at the Perm Polytechnic Institute propose using artificial intelligence.

The behavior of the attacker is different from the behavior of the legal user on the information network, and these differences can be quantified. We tried to track the commonalities in their behavior and calculate the probability of error. Having analyzed a large amount of data on user actions in the information system, we trained the neural network to use new information. This will make it possible to quickly identify the intruder's invasion of the system, "explained Elena Krotova, candidate of physical and mathematical sciences, associate professor of the Department of Higher Mathematics at Perm Polytechnic.

As the basis of polytechnics, they chose the computer model perceptron - the simplest and most convenient type of neural network. The input parameters are binary data characterizing the user in the system (0 - legal user, 1 - illegal). More than 700 types of data for more than 1,500 users were used to build and train the neural network.

For comparison, scientists performed the same actions with another type of neural network, which as a result mistakenly identified attackers as legal users. This suggests that the network on the perceptron is able to more accurately cope with this task.

For the proposed method, the probability of errors was estimated and compared with the results of existing threat detection systems. Errors of type 1 and 2 were considered, when a legal user is mistaken for an attacker and vice versa. The result showed that the probability of errors of the 1st and 2nd kind in the neural network of PNIPU scientists is 20% less. This means that its use will increase reliability and help detect illegal users in the information system.

The development of scientists from the Perm Polytechnic has shown that the method based on artificial intelligence is best suited for implementation at the enterprise. It does not require a large amount of memory, has good performance and allows you to analyze large amounts of data.