Classifcation of events in information security systems based on neural networks

Purpose of the research. The aim of the study is to increase the effectiveness of information security and to enhance accuracy and promptness of the classification of security events, security incidents, and threats in information security systems. To respond to this challenge, neural network technologies were suggested as a classification tool for information security systems. These technologies allow accommodating incomplete, inaccurate and unidentified raw data, as well as utilizing previously accumulated information on security issues. To address the problem more effectively, collective methods based on collective neural ensembles aligned with an advanced complex approach were implemented.Materials and methods: When solving complex classification problems, often none of the classification algorithms provides the required accuracy. In such cases, it seems reasonable to build compositions of algorithms, mutually compensating errors of individual algorithms. The study also gives an insight into the application of neural network ensemble to address security issues in the corporate information system and provides a brief review of existing approaches to the construction of neural network ensembles and methods to shape problem solving with neural networks classifiers. An advanced integrated approach is proposed to tackle problems of security event classification based on neural network ensembles (neural network committees). The approach is based on a three-step procedure. The stages of the procedure implementation are described. It is shown that the use of this approach facilitates the efficiency of solving the problem.Results: An advanced integrated approach to addressing security event classification based on neural network ensembles (neural network committees) is proposed. This approach applies adaptive reduction of neural network ensemble (selection of the best classifiers is based on the assessment of the compliance degree of the competence area of the private neural network classifier and convergence of the results of private classifiers), as well as the selection and rationale of the voting method (composition or aggregation of outputs of private classifiers). The results of numerical experiments support the effectiveness of the proposed approach.Conclusion: Collectively used artificial neural networks in the form of neural network ensembles (committees of neural networks) will provide more accurate and reliable results of security event classification in the corporate information network. Moreover, an advanced integrated approach to the construction of a neural network ensemble is proposed to facilitate effectiveness of the classification process. The approach is based on the application of the adaptive reduction procedure for the results of private classifiers and the procedure for selecting the method of aggregation of the results of private classifiers. These outcomes will enable advancement of the system control over information security incidents. Finally, the paper defines tendencies and directions of the development of collective solution methods applying neural network ensembles (committees of neural networks).