Using machine learning algorithms to detect anomalous traffic behavior

The article describes a method of using machine learning for detecting anomalous traffic behavior. For this purpose, a data set containing a significant amount of traffic collected at the time of the attack on the Web application is used. The set contains three attack options: Brute Force, XSS, SQL injection. A traffic dump containing an Infiltration attack is considered separately. A comparative analysis of machine learning models was carried out with the selection of the most optimal one. The article also provides a description of the data preprocessing procedure, which is carried out in order to eliminate anomalies and voids in array records, which can lead to incorrect operation of the trained model. Models were trained on selected data in order to identify anomalous traffic behavior indicating a specific type of attack. In addition, a study was conducted on a data set that does not contain information about attacks.