THE APPLICATION OF A LARGE LANGUAGE MODEL FOR REDUCING FALSE POSITIVES IN ANOMALY DETECTION TASKS IN NETWORK TRAFFIC

Authors

  • Irina P. Bolodurina Author
  • Dmitry A. Nefedov Author

Abstract

Every year, network threats become more sophisticated and complex, which requires researchers in the field of network security to seek and develop new and more advanced methods for detecting security threats. Despite the fact that constant research is being conducted in this area and researchers are improving machine learning algorithms, false positive triggers of intrusion detection systems remain a significant problem. In this regard, the development of methods and approaches to reduce the number of false positive positives is one of the most urgent tasks. Aim. The purpose of the study is to study the effectiveness and possibilities of using large language models to reduce false positive responses of intrusion detection systems. Materials and methods. The main focus of the article is on training recurrent neural networks to detect anomalies using a training sample of CIS-IDS2017 network traffic. Special attention was paid to algorithms for selecting key values in the training sample to improve the accuracy of the training model. The paper examines the architecture of recurrent networks, as well as their advantages and disadvantages in the specifics of the task being solved. Further research was conducted using a large language model, as a result of which a comparison was made of the number of false positives with and without this solution. Results. A basic neural network model based on the LSTM algorithm for the initial classification of network threats was built, and a large language model was trained. A comparative analysis of the results of anomaly detection with and without a large linguistic model is carried out. Experiments confirm the effectiveness of the proposed solution. Conclusion. The obtained research results can be used in the development of new, modern intelligent intrusion detection systems to improve the accuracy of threat detection or increase the effectiveness of existing intrusion detection algorithms.

Author Biographies

  • Irina P. Bolodurina
    Dr. Sci. (Eng.), Prof., Head of the Department of Applied Mathematics, Orenburg State University, Orenburg, Russia
  • Dmitry A. Nefedov
    Postgraduate student of the Department of Applied Mathematics, Orenburg State University, Orenburg, Russia

Published

2024-11-07

Issue

Vol. 24 No. 4 (2024)

Section

Informatics and Computer Engineering