TPU scientists develop self-learning software to block network attacks

Anastasia Kaida, a PhD student of the TPU School of Computer Science & Robotics, is developing software based on machine learning algorithms that can detect network attacks. This software can be used both independently and jointly with existing programs to detect and prevent threats. Her project was supported by a grant from the UMNIK Innovation Support Fund.


Photo: Anastasia Kaida studied network traffic analysis during an academic exchange program at the Vamk Vaasa University of Applied Sciences (Finland).

Currently, there are various software solutions to counter a specific type of network attacks. However, there are cases when you need to monitor broader security threats, and so-called monitoring module, which is installed into the existing information infrastructure could provide the solution. There is demand for such software on the market.

“The basic principle of our software is like a firewall. However, there is a significant difference. In existing software, there is allowed if not banned explicitly traffic filtering policy . Machine learning tools, which is used in a wide range of applied problems, can circumvent this condition,"

To train a classifier of the module, Anastasia suggests using network traffic logs. The module works with a trained classifier that recognizes packets of information containing anomalies and notifies about them.

The developed software module can be used as both a standalone element or it can be integrated into an existing attack recognition system, since the data input is performed in a certain form and the output data provide the information about the detected threats.

“Machine learning helps circumvent the allowed if not …condition and can provide the most accurate identification of various threats, rather than a part which falls under the restriction,” the young scientist says.

The software is developed for small and medium-sized enterprises and hosting providers.