THE METHOD OF DETECTING CYBER ATTACKS ON COMMUNICATION CHANNELS OF INFORMATION SYSTEMS

Abstract

In the modern digital age, where communication networks are integral to nearly every aspect of life and activity, the significance of detecting cyberattacks on these channels has become paramountAs a result, a new method for detecting cyberattacks in TCP/IP networks has been proposed, based on the use of spectral clustering and machine learning technologies. The method involves several stages: data collection and pre-processing, performing clustering to select groups of similar objects, training the classification algorithm and its subsequent testing. Spectral clustering is applied to detect DDoS attacks by using various network traffic parameters to construct a similarity matrix. Key metrics include: number of server requests over a period, total traffic transferred, unique IP addresses, average server response time, and number of failed authentication or connection attempts.

The technique combines clustering with machine learning algorithms such as Random Forest, J48 and Naive Bayes. During the training process, the data is divided into groups using spectral clustering, after which a separate classifier is created for each cluster. During anomaly detection, the test data is first classified using spectral clustering, which determines which cluster the sample belongs to, after which the Random Forest algorithm evaluates whether it is normal or abnormal. Experimental results show that the semi-supervised learning model proposed in this article achieves a fairly high accuracy rate. The effectiveness of the proposed approach is tested on new data sets that have not been used for training before. The proposed method shows significant potential for accurate detection of DDoS attacks and can be effectively applied in various cyber security scenarios to protect communication channels from unwanted interference.