NETWORK ACTIVITY MONITORING SYSTEM USING ELEMENTS OF ARTIFICIAL INTELLIGENCE
Keywords:
IDS/IPS, NMS, SIEM, machine learning, network attack, network traffic monitoring, signature analysis, artificial intelligenceAbstract
The paper considers issues related to solving the complex scientific and practical problem of
developing an intelligent network traffic monitoring system to detect intrusions using machine learning methods.
The paper covers the analysis of modern approaches to network security, design and software implementation of
key system modules, as well as experimental research into the effectiveness of the proposed solution. Analysis of
the state of network monitoring and intrusion detection systems, in particular signature systems (Snort, Suricata)
and flow analysis systems (NetFlow, sFlow) showed that classical approaches are characterized by limited ability
to detect new and modified attacks, while intelligent methods provide higher adaptability, but require the correct
selection of data and models. In this regard, a system was proposed that uses modern datasets with realistic attack
scenarios. The system is created on the basis of a technological stack implemented in Python using the Scapy,
Pandas, NumPy and Scikit-learn libraries. A traffic interception mechanism, feature engineering, data
normalization, and flow classification using the Random Forest algorithm are implemented. Unlike signature
systems, the proposed solution does not require constant manual updating of rules and is able to generalize
behavioral signs of attacks.
References
[1] European Union Agency for Cybersecurity. ENISA Threat Landscape 2024: The year in review. – Luxembourg: Publications Office of the European Union, 2024. – 134 p. ISBN 978-92-9204-633-6.
[2] Verizon Business. 2024 Data Breach Investigations Report (DBIR) [Електронний ресурс]. – 2024. – Режим доступу: https://www.verizon.com/business/resources/reports/dbir/ (дата звернення: 01.12.2025).
[3] Rose S. P., Borchert O. M., St.E. F. S. M. et al. Zero Trust Architecture // NIST Special Publication (SP) 800-207. – Gaithersburg: National Institute of Standards and Technology, 2020. – 50 p.
[4] Wagner R., Orans C. et al. Top Strategic Cybersecurity Trends for 2024 [Електронний ресурс]. – Gartner Research, 2024. – Режим доступу: https://www.gartner.com/en/articles/gartner-identifies-the-top-cybersecurity-trends-for-2024 (дата звернення: 01.12.2025).
[5] Fagan M. F., S. E. S. M. et al. IoT Device Cybersecurity Guidance for the Federal Government: Establishing IoT Device Cybersecurity Requirements // NIST Special Publication (SP) 800-213. – Gaithersburg: National Institute of Standards and Technology, 2021. – 46 p.
[6] Gartner Research. Implement a Continuous Threat Exposure Management (CTEM) Program [Електронний ресурс]. – 2023. – Режим доступу: https://www.gartner.com/en/cybersecurity/topics/continuous-threat-exposure-management (дата звернення: 02.12.2025).
[7] UCI Machine Learning Repository. KDD Cup 1999 Data [Електронний ресурс]. – 1999. – Режим доступу: https://kdd.ics.uci.edu/databases/kddcup99/kddcup99.html (дата звернення: 07.12.2025).
[8] Canadian Institute for Cybersecurity (University of New Brunswick). NSL-KDD dataset [Електронний ресурс]. – Режим доступу: https://www.unb.ca/cic/datasets/nsl.html (дата звернення: 10.12.2025).
[9] Canadian Institute for Cybersecurity. CICIDS2017 dataset [Електронний ресурс]. – 2017. – Режим доступу: https://www.unb.ca/cic/datasets/ids-2017.html (дата звернення: 06.12.2025).
[10] Moustafa N., Slay J. UNSW-NB15: a comprehensive data set for network intrusion detection systems [Електронний ресурс] // Military Communications and Information Systems Conference (MilCIS). – 2015. – P. 1–6. – Режим доступу: https://research.unsw.edu.au/projects/unsw-nb15-dataset (дата звернення: 06.12.2025).
[11] Scapy Community. Scapy: Packet crafting for Python [Електронний ресурс]. – Режим доступу: https://scapy.net (дата звернення: 11.12.2025).
[12] PyData. Pandas: Python Data Analysis Library [Електронний ресурс]. – Режим доступу: https://pandas.pydata.org/docs/ (дата звернення: 12.12.2025).
[13] Al-Mansoori S. et al. Optimizing Cybersecurity: A Dual Phase ML Architecture for Detection and Classification of Network Attacks using TensorFlow // International Journal of Applied Mathematics and Computer Science. – 2025. – Vol. 35, No. 1.
[14] Google Brain Team. TensorFlow: An Open Source Machine Learning Framework for Everyone [Електронний ресурс]. – 2025. – Режим доступу: https://www.tensorflow.org (дата звернення: 13.12.2025).
[15] PyTorch Foundation. PyTorch: From Research to Production [Електронний ресурс]. – 2025. – Режим доступу: https://pytorch.org (дата звернення: 13.12.2025).
[16] Shah S. A. R., Issac B. Performance Comparison of Intrusion Detection Systems and Application of Machine Learning to Snort System // Future Generation Computer Systems. – 2018. – Vol. 80. – P. 157–170.
[17] CADL: Cognitive-Adaptive Deception Layer [Електронний ресурс] // arXiv preprint arXiv:2510.02424. – 2025. – Режим доступу: https://arxiv.org/abs/2510.02424 (дата звернення: 14.12.2025).
Downloads
Published
How to Cite
Issue
Section
License
This work is licensed under a Creative Commons Attribution-NonCommercial 4.0 International License.
