Adaptation of the Diagnostic Artificial Neural Network Structure When New Training Examples Appear

In this paper we can see that identified computer incidents are subject for diagnostics, during which the characteristics of information security violations are clarified (purpose, causes, consequences, etc.). To diagnose computer incidents, we can use methods of automation while collection and processing the events that occur as a result of the implementation of scenarios for information security violations. Artificial neural networks can be used to solve the classification problem of assigning diagnostic data set (information image of a computer incident) to one of the possible values of the violation characteristic. The purpose of this work is to adapt the structure of an artificial neural network that allows the accuracy diagnostics of computer incidents when new training examples appear.

diagnostics, computer incident, multi-layer perceptron, autoencoder, security violation characteristic

1. Kotenko I.V., Saenko I.B. Creating New-Generation Cybersecurity Monitoring and Management Systems // Herald of the Russian Academy of Sciences. 2014. Vol. 84. No. 6. PP. 424-431. DOI:10.1134/S1019331614060033

2. Feiya Lv., Wen C., Bao Z., Liu M. Fault diagnosis based on deep learning // Proceedings of the American Control Conference (ACC, Boston, USA, 6-8 July 2016). IEEE, 2016. PP. 6851-6856. DOI:10.1109/ACC.2016.7526751

3. Zou D.Q., Qin H., Jin H. UiLog: Improving Log-Based Fault Diagnosis by Log Analysis // Journal of Computer Science and Technology. 2016. No. 31(5). PP. 1038-1052. DOI:10.1007/s11390-016-1678-7

4. Fu Q., Lou J.G., Wang Y., Li J. Execution Anomaly Detection in Distributed Systems Through Unstructured Log Analysis // Proceedings of the 9th IEEE International Conference on Data Mining (Miami, USA, 6-9 December 2009). IEEE, 2009. PP. 149-158. DOI:10.1109/ICDM.2009.60

5. Nolle T., Seeliger A., Muhlhauser M. Unsupervised Anomaly Detection in Noisy Business Process Event Logs Using Denoising Autoencoders // Proceedings of the 19th International Conference on Discovery Science (DS, Bari, Italy, 19-21 October 2016). Lecture Notes in Computer Science. Cham: Springer, 2016. Vol. 9956. PP. 442-456. DOI:10.1007/978-3-319- 46307-0_28

6. Sakurada M., Yairi T. Anomaly Detection Using Autoencoders with Nonlinear Dimensionality Reduction // Proceedings of the 2nd Workshop on Machine Learning for Sensory Data Analysis (MLSDA’14, Gold Coast, Australia, 2 December 2014). New York: Association for Computing Machinery, 2014. PP. 4-11. DOI:10.1145/2689746.2689747

7. Хайкин С. Нейронные сети: полный курс / пер. с англ. М.: Издательский дом «Вильямс», 2006. 1104 с.

8. Hecht-Nielsen R. Kolmogorov’s Mapping Neural Network Existence Theorem // Proceedings of the 1st Annual International Conference on Neural Networks (San Diego, USA, 21-24 June 1987). IEEE, 1987. Vol. 3. PP. 11-15.

9. Маликов А.В., Авраменко В.С., Саенко И.Б. Модель и метод диагностирования компьютерных инцидентов в информационно-коммуникационных системах, основанные на глубоком машинном обучении // Информационно-управляющие системы. 2019. № 6(103). С. 32-42. DOI:10.31799/1684-8853-2019-6-32-42

10. Авраменко В. С., Маликов А.В. Диагностирование нарушений безопасности в инфокоммуникационных системах на основе комбинированной нейронной сети // VIII Международная научно-техническая и научно-методическая конференция «Актуальные проблемы инфотелекоммуникаций в науке и образовании» (Санкт-Петербург, Россия, 27-28 февраля 2019). СПб.: СПбГУТ, 2019. Т. 2. C. 14-19.