Безопасность информационных технологий

Выявление аномалий системой обнаружения вторжений (СОВ) является сложной задачей. Значительное количество ошибок детектирования аномалий снижает эффективность применения СОВ. Повышение точности СОВ рассматривается как решение задачи классификации. Для решения задачи классификации применяют нейронные сети, методы глубокого обучения, статистические модели машинного обучения и многое другое. Одним из способов решения данной задачи является применение ансамблевого обучения для алгоритмов классификации. Широкое применение ансамблевого обучения в различных областях подтверждает эффективность ансамблей. Целью статьи является систематизация знаний по методам ансамблевого обучения, способах их применения для построения современных СОВ и формулировка задач для будущих исследований. В статье используется метод сравнительного анализа при рассмотрении различных исследований. Описана методология выбора работ. В соответствии с методологией были выбраны двенадцать работ. Рассмотрены широко используемые ансамбли обучения и их классификация, приводятся результаты исследования современных методов и алгоритмов СОВ с применением ансамблей. Ансамбли решают различные проблемы классификации, показаны оптимальные алгоритмы ансамблей для решения задачи классификации. Для СОВ выделены базовые метрики оценки и наборы данных, которые предлагается использовать при разработке методов. Метаэвристичекие и генетические алгоритмы применяются не только для решения задач выбора признаков, но и для генерации базовых классификаторов. Сформулированы задачи, которые решают ансамбли, и предложено направление для будущих исследований с применением ансамблевого обучения.

1. Шелухин, О.И. Сетевые аномалии. Обнаружение, локализация, прогнозирование. М.: Горячая линия-Телеком, 2019. – 447 с.: ил. ISBN 978-5-9912-0756-0.

2. Neha Gupta, Vinita Jindal, Punam Bedi, LIO-IDS: Handling class imbalance using LSTM and improved one-vs-one technique in intrusion detection system, Computer Networks, Volume 192, 2021, 108076, ISSN 1389-1286.
DOI: https://doi.org/10.1016/j.comnet.2021.108076.

3. Bakır, H., Ceviz, Ö. Empirical Enhancement of Intrusion Detection Systems: A Comprehensive Approach with Genetic Algorithm-based Hyperparameter Tuning and Hybrid Feature Selection. Arab J Sci Eng 49,
13025–13043 (2024). DOI: https://doi.org/10.1007/s13369-024-08949-z.

4. Xinwei Yuan, Shu Han, Wei Huang, Hongliang Ye, Xianglong Kong, Fan Zhang, A simple framework to enhance the adversarial robustness of deep learning-based intrusion detection system, Computers & Security. V.137, 2024, 103644, ISSN 0167-4048.
DOI: https://doi.org/10.1016/j.cose.2023.103644.

5. Шелухин О.И., Раковский Д.И. Многозначная классификация компьютерных атак с использованием искусственных нейронных сетей с множественным выходом. Труды учебных заведений связи. 2023;9(4):97-113.
DOI: https://doi.org/10.31854/1813-324X-2023-9-4-97-113.

6. Tarek Ali and Panos Kostakos. 2023. HuntGPT: Integrating Machine Learning-Based Anomaly Detection and Explainable AI with Large Language Models (LLMs). arXiv:2309.16021 [cs.CR].
DOI: https://doi.org/10.48550/arXiv.2309.16021.

7. Sommer R. and Paxson V. Outside the Closed World: On Using Machine Learning for Network Intrusion Detection. IEEE Symposium on Security and Privacy, Oakland, CA, USA. 2010, p. 305–316.
DOI: 10.1109/SP.2010.25.

8. Lu J., Liu A., Dong F., Gu F., Gama J. and Zhang G. Learning under Concept Drift: A Review. IEEE Transactions on Knowledge and Data Engineering, v. 31, no. 12, p. 2346-2363, 1 Dec. 2019.
DOI: 10.1109/TKDE.2018.2876857.

9. Pu G., Wang L., Shen J. and Dong F. A hybrid unsupervised clustering-based anomaly detection method. Tsinghua Science and Technology, v. 26, no. 2, p. 146–153, April 2021.
DOI: 10.26599/TST.2019.9010051.

10. Rob McKay, Brian Pendleton, James Britt, and Ben Nakhavanit. 2019. Machine Learning Algorithms on Botnet Traffic: Ensemble and Simple Algorithms. In Proceedings of the 2019 3rd International Conference on Compute and Data Analysis (ICCDA '19). Association for Computing Machinery, New York, NY, USA, 31–35.
DOI: https://doi.org/10.1145/3314545.3314569.

11. Chand N., Mishra P., Krishna C.R., Pilli E.S. and Govil M.C. A comparative analysis of SVM and its stacking with other classification algorithm for intrusion detection. 2016 International Conference on Advances in Computing, Communication, & Automation (ICACCA) (Spring), Dehradun, India. 2016, p. 1–6.
DOI: 10.1109/ICACCA.2016.7578859.

12. Yuyang Zhou, Guang Cheng, Shanqing Jiang, Mian Dai, Building an efficient intrusion detection system based on feature selection and ensemble classifier, Computer Networks. 2020, v. 174, 107247, ISSN 1389-1286.
DOI: https://doi.org/10.1016/j.comnet.2020.107247.

13. Rezk, S.S., Selim, K.S. Metaheuristic-based ensemble learning: an extensive review of methods and applications. Neural Comput & Applic 36, 17931–17959 (2024).
DOI: https://doi.org/10.1007/s00521-024-10203-4.

14. Jinping Liu, Jiezhou He, Wuxia Zhang, Tianyu Ma, Zhaohui Tang, Jean Paul Niyoyita, Weihua Gui, ANID-SEoKELM: Adaptive network intrusion detection based on selective ensemble of kernel ELMs with random features, Knowledge-Based Systems. 2019, v. 177, p. 104–116. ISSN 0950-7051.
DOI: https://doi.org/10.1016/j.knosys.2019.04.008.

15. Kuncheva, L.I., Whitaker, C.J. Measures of Diversity in Classifier Ensembles and Their Relationship with the Ensemble Accuracy. Machine Learning 51, 181–207 (2003).
DOI: https://doi.org/10.1023/A:1022859003006.

16. Gavin Brown, Jeremy Wyatt, Rachel Harris, Xin Yao, Diversity creation methods: a survey and categorisation,Information Fusion. 2005, v. 6, Issue 1, p. 5–20, ISSN 1566-2535.
DOI: https://doi.org/10.1016/j.inffus.2004.04.004.

17. Alpaydin E. ombining Pattern Classifiers: Methods and Algorithms (Kuncheva, L.I.; 2004) [book review]. IEEE Transactions on Neural Networks, v. 18, no. 3, p. 964–964, May 2007.
DOI: 10.1109/TNN.2007.897478.

18. Yuyang Zhou, Guang Cheng, Shanqing Jiang, Mian Dai. Building an efficient intrusion detection system based on feature selection and ensemble classifier, Computer Networks. 2020, v. 174, 107247, ISSN 1389-1286.
DOI: https://doi.org/10.1016/j.comnet.2020.107247.

19. Minku L.L. and Yao X. DDD: A New Ensemble Approach for Dealing with Concept Drift. IEEE Transactions on Knowledge and Data Engineering, v. 24, no. 4, p. 619–633, April 2012.
DOI: 10.1109/TKDE.2011.58.

20. Sagi, O., & Rokach, L. (2018). Ensemble learning: A survey. Wiley Interdisciplinary Reviews: Data Mining and Knowledge Discovery, 8(4), e1249. DOI: 10.1002/widm.1249.

21. Tossapon Boongoen, Natthakan Iam-On, Cluster ensembles: A survey of approaches with recent extensions and applications, Computer Science Review. 2018, v. 28, p. 1–25, ISSN 1574-0137.
DOI: https://doi.org/10.1016/j.cosrev.2018.01.003.

22. Gonzalo Martínez-Muñoz and Alberto Suárez. 2006. Pruning in ordered bagging ensembles. In Proceedings of the 23rd international conference on Machine learning (ICML '06). Association for Computing Machinery, New York, NY, USA, 609–616. DOI: https://doi.org/10.1145/1143844.1143921.

23. Amgad M. Mohammed, Enrique Onieva, Michał Woźniak. Selective ensemble of classifiers trained on selective samples. Neurocomputing. 2022, v. 482, p. 197–211, ISSN 0925-2312.
DOI: https://doi.org/10.1016/j.neucom.2021.11.045.

24. Ghanbarzadeh, R., Hosseinalipour, A. & Ghaffari, A. A novel network intrusion detection method based on metaheuristic optimisation algorithms. J Ambient Intell Human Comput 14, 7575–7592 (2023).
DOI: https://doi.org/10.1007/s12652-023-04571-3.

25. Breiman L (1996) Bias, variance, and arcing classifers (technical report 460). Department of Statistics. University of California at Berkeley. URL: http://digicoll.lib.berkeley.edu/record/86021 (дата обращения: 10.11.2024).

26. Wenyu Zhang, Dongqi Yang, Shuai Zhang, A new hybrid ensemble model with voting-based outlier detection and balanced sampling for credit scoring, Expert Systems with Applications. V. 174, 2021, 114744, ISSN 0957-4174.
DOI: https://doi.org/10.1016/j.eswa.2021.114744.

27. Schapire, R.E. The strength of weak learnability. Mach Learn 5, 197–227 (1990).
DOI: https://doi.org/10.1007/BF00116037.

28. Xu M., Baraldi P., Lu X. and Zio E. Generative Adversarial Networks With AdaBoost Ensemble Learning for Anomaly Detection in High-Speed Train Automatic Doors. IEEE Transactions on Intelligent Transportation Systems. V. 23, no. 12, p. 23408–23421, Dec. 2022. DOI: 10.1109/TITS.2022.3203871.

29. David H. Wolpert, Stacked generalization, Neural Networks 1992, v. 5, Issue 2, p. 241–259, ISSN 0893-6080.
DOI: https://doi.org/10.1016/S0893-6080(05)80023-1.

30. Kumar G, Kumar K (2012) The use of artifcial-intelligence-based ensembles for intrusion detection: a review. Appl Comput Intell Soft Comput 2012:1–20. DOI: https://doi.org/10.1155/2012/850160.

31. Eitan Menahem, Lior Rokach, Yuval Elovici, Troika – An improved stacking schema for classification tasks,Information Sciences. 2009, v. 179, Issue 24, p. 4097–4122, ISSN 0020-0255.
DOI: https://doi.org/10.1016/j.ins.2009.08.025.

32. Yao X. and Islam M.M. Evolving artificial neural network ensembles. IEEE Computational Intelligence Magazine, v. 3, no. 1, p. 31–42, February 2008. DOI: 10.1109/MCI.2007.913386.

33. Awotunde, J.B., Ayo, F.E., Panigrahi, R. et al. A Multi-level Random Forest Model-Based Intrusion Detection Using Fuzzy Inference System for Internet of Things Networks. Int J Comput Intell Syst 16, 31 (2023).
DOI: https://doi.org/10.1007/s44196-023-00205-w.

34. Wang, S., Jiang, L. & Li, C. Adapting naive Bayes tree for text classification. Knowl Inf Syst 44, 77–89 (2015).
DOI: https://doi.org/10.1007/s10115-014-0746-y.

35. Vettoruzzo A., Bouguelia M.-R., Vanschoren J., Rögnvaldsson T. and Santosh K. Advances and Challenges in Meta-Learning: A Technical Review. IEEE Transactions on Pattern Analysis and Machine Intelligence. V. 46, no. 7, p. 4763–4779, July 2024.
DOI: 10.1109/TPAMI.2024.3357847.

36. Matteo Re, Giorgio Valentini. Integration of heterogeneous data sources for gene function prediction using decision templates and ensembles of learning machines. Neurocomputing. 2010, v. 73, Issues 7–9, p. 1533–1537, ISSN 0925-2312.
DOI: https://doi.org/10.1016/j.neucom.2009.12.012.

37. Wael Khreich, Eric Granger, Ali Miri, Robert Sabourin. Iterative Boolean combination of classifiers in the ROC space: An application to anomaly detection with HMMs Pattern Recognition. 2010, v. 43, Issue 8, p. 2732–2752, ISSN 0031-3203.
DOI: https://doi.org/10.1016/j.patcog.2010.03.006.

38. Guan, Y., Myers, C.L., Hess, D.C. et al. Predicting gene function in a hierarchical context with an ensemble of classifiers. Genome Biol 9 (Suppl 1), S3 (2008). DOI: https://doi.org/10.1186/gb-2008-9-s1-s3.

39. Aeeneh S., Zlatanov N. and Yu J. New Bounds on the Accuracy of Majority Voting for Multiclass Classification. IEEE Transactions on Neural Networks and Learning Systems.
DOI: 10.1109/TNNLS.2024.3387544.

40. Yuyang Zhou, Guang Cheng, Shanqing Jiang, Mian Dai, Building an efficient intrusion detection system based on feature selection and ensemble classifier, Computer Networks. V. 174, 2020, 107247, ISSN 1389-1286.
DOI: https://doi.org/10.1016/j.comnet.2020.107247.

41. Han, M., Li, C., Meng, F. et al. An online ensemble classification algorithm for multi-class imbalanced data stream. Knowl Inf Syst 66, 6845–6880 (2024). URL: https://ezpro.fa.ru:2117/10.1007/s10115-024-02184-6 (дата обращения: 10.11.2024).

42. Liu, Y., Zhu, L., Ding, L. et al. Selective ensemble method for anomaly detection based on parallel learning. Sci Rep 14, 1420 (2024). DOI: https://doi.org/10.1038/s41598-024-51849-3.

43. Alsaffar, A.M., Nouri-Baygi, M. & Zolbanin, H.M. Shielding networks: enhancing intrusion detection with hybrid feature selection and stack ensemble learning. J Big Data 11, 133 (2024). URL: https://ezpro.fa.ru:2117/10.1186/s40537-024-00994-7 (дата обращения: 10.11.2024).

44. Vinayakumar Ravi, Rajasekhar Chaganti, Mamoun Alazab, Recurrent deep learning-based feature fusion ensemble meta-classifier approach for intelligent network intrusion detection system, Computers and Electrical Engineering. V. 102, 2022, 108156, ISSN 0045-7906.
DOI: https://doi.org/10.1016/j.compeleceng.2022.108156.

45. Xin, R., Liu, H., Chen, P. et al. Robust and accurate performance anomaly detection and prediction for cloud applications: a novel ensemble learning-based framework. J Cloud Comp 12, 7 (2023).
DOI: https://doi.org/10.1186/s13677-022-00383-6.

46. Amru, M., Jagadeesh Kannan, R., Narasimhan Ganesh, E., Muthumarilakshmi, S., Padmanaban, K., Jeyapriya, J., & Murugan, S. (2024). Network intrusion detection system by applying ensemble model for smart home. International Journal of Electrical and Computer Engineering (IJECE), 14(3), 3485-3494.
DOI: http://doi.org/10.11591/ijece.v14i3.pp3485-3494.

47. Saheed, Y.K., Misra, S. A voting gray wolf optimizer-based ensemble learning models for intrusion detection in the Internet of Things. Int. J. Inf. Secur. 23, 1557–1581 (2024). URL: https://ezpro.fa.ru:2117/10.1007/s10207-023-00803-x (дата обращения: 10.11.2024).

48. Thockchom, N., Singh, M.M. & Nandi, U. A novel ensemble learning-based model for network intrusion detection. Complex Intell. Syst. 9, 5693–5714 (2023).
DOI: https://doi.org/10.1007/s40747-023-01013-7.

49. Shtayat M.M., Hasan M.K., Sulaiman R., Islam S. and Khan A.U.R. An Explainable Ensemble Deep Learning Approach for Intrusion Detection in Industrial Internet of Things. IEEE Access. 2023, v. 11, p. 115047–115061.
DOI: 10.1109/ACCESS.2023.3323573.

50. Ali, M., Haque, Mu., Durad, M.H. et al. Effective network intrusion detection using stacking-based ensemble approach. Int. J. Inf. Secur. 22, 1781–1798 (2023).
DOI: https://doi.org/10.1007/s10207-023-00718-7.

51. Thakkar A. and Lohiya R. Attack Classification of Imbalanced Intrusion Data for IoT Network Using Ensemble-Learning-Based Deep Neural Network. IEEE Internet of Things Journal. V. 10, no. 13, p. 11888–11895, 1 July1, 2023. DOI: 10.1109/JIOT.2023.3244810.

52. Abdulganiyu, O.H., Ait Tchakoucht, T. & Saheed, Y.K. A
systematic literature review for network intrusion detection system (IDS). Int. J. Inf. Secur. 22, 1125–1162 (2023).
DOI: https://doi.org/10.1007/s10207-023-00682-2.

53. Zahra Zamanzadeh Darban, Geoffrey I. Webb, Shirui Pan, Charu Aggarwal, and Mahsa Salehi. 2024. Deep Learning for Time Series Anomaly Detection: A Survey. ACM Comput. Surv. 57, 1, Article 15 (January 2025), 42 p.
DOI: https://doi.org/10.1145/3691338.

54. Балыбердин, А.В. Особенности общедоступных наборов данных сетевого трафика для обнаружения аномалий. Телекоммуникации и информационные технологии. 2024, т. 11, № 1, с. 24–30. – EDN: NRDQHO.

55. Gopali S., Abri F., Siami Namin A. and Jones K.S. The Applicability of LLMs in Generating Textual Samples for Analysis of Imbalanced Dataset. IEEE Access, v. 12, p. 136451–136465, 2024.
DOI: 10.1109/ACCESS.2024.3463400.

56. Горюнов М.Н., Мацкевич А.Г., Рыболовлев Д.А. Синтез модели машинного обучения для обнаружения компьютерных атак на основе набора данных CICIDS2017. Труды Института системного программирования РАН. 2020;32(5):81-94.
DOI: https://doi.org/10.15514/ISPRAS-2020-32(5)-6.

57. Bakır, H., Ceviz, Ö. Empirical Enhancement of Intrusion Detection Systems: A Comprehensive Approach with Genetic Algorithm-based Hyperparameter Tuning and Hybrid Feature Selection. Arab J Sci Eng 49, 13025–13043 (2024).
DOI: https://doi.org/10.1007/s13369-024-08949-z.