The bulk move of employees to a remote mode of work, as well as the intensified information confrontation, led to the emergence and aggravation of many problems related to security in corporate networks. Cases of attacks on local area networks, in particular, using phishing and social engineering techniques, distribution of malicious code, and DDoS attacks, have become more frequent. To ensure the security of corporate networks, layered protection systems, including intrusion detection systems, firewalls, antivirus protection tools, various system analyzers etc., are increasingly being used. The use of several types of information protection tools not only reduces the load on individual tools, but also facilitates ability to identify actual attacks on the protected system. This article proposes a hybrid approach to anomaly detection, taking into account the parameters of the end nodes of the network. Enriching with values of these parameters makes it possible to detect low-intensity distributed attacks, thereby increasing the accuracy of the defense system. The transformation of parameters of network end nodes to the format of network session parameters is implemented using regrouping and dimensionality reduction. Ensembles of classifiers which inputs receive the session parameters and the parameters of the network nodes respectively, provide determining anomalies. Ensembles are based on logistic regression, stochastic gradient descent and decision trees. Combining of the classification results is accomplished through the weighted aggregation with anxiety threshold as a weighting factor. An experimental evaluation of the developed approach showed its advantages in comparison with the detection of anomalies without taking into account the parameters of the nodes.
scite is a Brooklyn-based organization that helps researchers better discover and understand research articles through Smart Citations–citations that display the context of the citation and describe whether the article provides supporting or contrasting evidence. scite is used by students and researchers from around the world and is funded in part by the National Science Foundation and the National Institute on Drug Abuse of the National Institutes of Health.