Detection and analysis of network system security based on machine learning

Abstract

Computer networks (CNs) has been widely popularized and applied. They not only affect people’s daily lives, but also promote the development of the times and society. However, in the era of big data (BD), the rapid growth of data poses significant challenges to computer network security management (CNSM). The large amount, fast speed, and diverse types of data generated by modern networks make it increasingly difficult for security professionals to detect and respond to threats in real-time. Artificial intelligence (AI) has the potential to play an important role in CNSM in the era of BD. It can quickly analyze large amounts of data, automate daily tasks, and predict potential network vulnerabilities. This article conducted relevant research on the development of CNSM technology based on AI technology. The final experimental results showed that the average accuracy score of network security (NS) detection based on AI technology is 92.35 points; the average overall event response time is 9.45 hours; the average cost of network security management (NSM) is 147300 US dollars. These indicators have huge advantages compared to traditional NSM technology.

Keywords

Big data artificial intelligence computer networks network security management security detection

1. Introduction

CNs have become an important component of modern society, and their development has completely changed the way one lives and works. A CN (Computer Network) is a computer system that connects multiple computers with independent functions and their external devices located in different geographical locations through communication lines, achieving resource sharing and information transmission. These issues may be caused by various factors, such as malicious attacks, system vulnerabilities, human errors, and natural disasters. In the era of big data, network security challenges are becoming increasingly severe. For example, financial institutions are facing the risk of large-scale data leakage, medical institutions are attacked by ransomware, and enterprises are facing large-scale phishing attacks, all of which highlight the urgency of network security in the era of big data. The consequences of network security vulnerabilities can be serious, including financial losses, reputation damage, sensitive data loss, and legal liability. Under BD, CNSM technology based on AI can detect and respond to threats in real time. By analyzing historical data and identifying behavioral patterns, AI technology can identify potential security vulnerabilities and help security teams actively implement measures to prevent loopholes from being exploited. Traditional computer network security management methods have the following problems: slow response speed, low detection accuracy, inability to deal with complex network attacks, difficulty in processing large-scale data, and lack of real-time and automation, resulting in insufficient network security. This article explores the development of CNSM technology based on AI technology, providing a reference for CNSM practice.

To explore the issues of CNSM based on AI, this article would first introduce and analyze some of the main problems existing in traditional CNSM methods, then introduce the development of CNSM technology based on AI, and finally explore the effectiveness of AI in CNSM through experiments. Finally, through the analysis of experimental data, it was concluded that CNSM technology based on AI can effectively improve the accuracy of network security monitoring, reduce event response time and cost, and provide a reference for the CNSM. The innovation of this paper lies in the research of network security management combined with AI technology, which improves security detection accuracy and response speed. By combining AI technology, this paper puts forward a new computer network security management method, which effectively improves the accuracy and response speed of security detection. The experimental results show that the security management system based on AI technology has achieved remarkable advantages in detection accuracy, event response time, and cost, which provides important reference and enlightenment for the development of network security.

Major contribution: This paper experimentally verifies the advantages of artificial intelligence-based network security management technology compared to traditional network security management technology. Experimental results show that security management technology based on artificial intelligence can improve the detection accuracy of network attacks, reduce the response time to network attack events and reduce the cost of network security management. This study provides empirical support for technological development in the field of cybersecurity and provides important implications for future research and practice.

2. Related work

How to achieve computer NS has always been a major problem in the computer field, and has always threatened the data transmission and personal privacy security of network users. Therefore, many people have conducted a series of studies on computer NS issues. Tang Ying analyzed a computer NS evaluation simulation model based on neural networks. The first was by constructing a system security detection algorithm. Secondly, the prefix span algorithm was introduced and its algorithm was improved. Finally, a data mining-based analysis of the relationship between intrusions and their interrelationship was carried out. The conclusion showed that the algorithm had excellent precision and adaptability, and further improved the encryption protocols in NS protocols [1]. Sengupta Sailik mentioned that cyber defenses based on traditional tools, techniques, and procedures cannot address the inherent advantages of an attacker’s presence due to the static nature of network services and configurations. To eliminate this asymmetric advantage, mobile target defense can reduce the success rate of network attacks by continuously changing the configuration of the underlying system [2]. Hyun Sangwon mentioned that the virtualization of network functions and cloud-based security services would become increasingly widespread in enterprise network systems because it allows for reducing system operation costs and using various NS functions developed by multiple vendors [3]. Satria Deni believed that the growth of information technology poses new challenges to computer NS systems and the information they contain. The level of awareness of the importance of cybersecurity systems is still low [4]. The above are some people’s research on computer NS, but they have not used AI technology for combined research. Researchers have studied computer NS in many aspects, including security assessment models based on neural networks, moving target defense, virtualization, and cloud security services, but they have not integrated AI technology for comprehensive research.

At present, through continuous development, AI technology has been able to be applied to many fields to solve various complex practical problems. Therefore, many people have researched various practical application problems of AI. Mintz Yoav mentioned that radiological imaging, pathological sections, and patient electronic medical records were being evaluated through machine learning (ML) to assist patients in the diagnosis and treatment process, to enhance doctors’ abilities. Here, the current status of AI in medicine, its application methods in different disciplines, and future trends were described [5]. Kaul Vivek mentioned that AI can be applied to clinical practice through risk assessment models, improving diagnostic accuracy and workflow efficiency. He briefly reviewed the evolution of AI in the past few decades and its introduction and development in the medical field in recent years. He also summarized the main applications of AI in gastroenterology and endoscopy [6]. Schwendicke F believed that the term “AI” refers to the concept of machines being able to perform human tasks. One of its subfields is ML, which “learns” the inherent statistical patterns in data and ultimately predicts invisible data [7]. The above is their research on AI, but these studies did not involve CNSM.

3. Computer network security management

3.1 Problems in NS

The world today is experiencing rapid growth in cyberspace, and the astonishing increase in information access provides opportunities for those with malicious intentions [8]. In addition, with the widespread application of CNs and the Internet, the network infrastructure of any organization is constantly threatened by various attacks, making security very important [9, 10]. Network attacks are a potential threat to information security. NS issues have become increasingly urgent, and protecting CNs has become a serious challenge faced by enterprises and individuals [11]. Here are four main common problems in computer NS, and each problem is introduced.

3.1.1 Malware attacks

Figure 1.

Malware attack.

Malware attack refers to software behavior that invades a computer system for malicious purposes without the user’s permission, which may lead to serious consequences such as data loss and system damage and is often spread by phishing emails or downloading programs. Malware attacks are one of the most common issues in computer NS. Malware is a type of software that invades or destroys a computer system without the user’s consent. Malicious software attacks can have serious consequences, including data loss, system damage, and financial losses. To prevent malicious software attacks, traditional computer security operations involve installing antivirus software on the computer and continuously downloading and updating the latest security patches to update the operating system and software. The principle of malicious software attacks is shown in Fig. 1.

As shown in Fig. 1, malicious files usually appear in phishing emails as attachments. This document is usually used as a download program, which would download and execute the payload for the next step. The download process is usually carried out through the HTTP (HyperText Transfer Protocol) protocol.

3.1.2 Phishing attacks

One of the most difficult challenges in today’s information security is phishing. Phishing is a difficult problem to solve because many permutations, messages, and value propositions can be sent to the target [12].

3.2 Machine learning

Machine learning is a branch of artificial intelligence that allows computer systems to improve their performance by learning experiences, patterns, and patterns from data without explicit programming. Common machine learning algorithms mainly include supervised learning, unsupervised learning, and reinforcement learning.

In supervised learning, the system learns from labeled data to learn the mapping between inputs and outputs. Common supervised learning algorithms include decision trees, support vector machines, logistic regression, etc. In unsupervised learning, the system learns patterns and structures from unlabeled data, discovering hidden information in the data. Common unsupervised learning algorithms include GAN, association rule mining, etc. In reinforcement learning, the system learns optimal behavioral strategies through interaction with the environment to maximize cumulative rewards. Common reinforcement learning algorithms include Q learning, deep reinforcement learning, etc.

In computer network security management, machine learning technology is widely used.

(1)
Machine learning can analyze the characteristics and behavior patterns of malware to identify new malware variants and take corresponding defensive measures promptly.
(2)
By monitoring network traffic and system log data, machine learning can detect abnormal network activities and potential intrusions, helping to detect and prevent attackers’ intrusions early.
(3)
Machine learning can build a model based on normal behavior patterns, and then detect abnormal behaviors in the network, such as abnormal traffic, abnormal access patterns, and abnormal system operations, to discover potential security threats.
(4)
By analyzing threat intelligence data from various sources, machine learning can identify potential threat behaviors and attack trends, helping organizations take corresponding defensive measures promptly.

Machine learning has significant feasibility and advantages in network system security detection and analysis, which is mainly reflected in the following aspects:

(1)
Machine learning algorithms can learn patterns and rules from a large amount of network data to achieve automatic identification and detection of malicious behaviors and security threats. Machine learning enables more efficient and faster security detection than manual analysis.
(2)
Because machine learning models can process and analyze data in real time, network security incidents can be discovered and responded to promptly. This enables network systems to respond to potential security threats more quickly and reduce losses caused by security incidents.
(3)
The machine learning model has certain adaptability and generalization capabilities and can process various types of network security data and learn general patterns and laws from them. This enables machine learning to function effectively in the face of new security threats.
(4)
Machine learning algorithms can process multi-dimensional network data, including network traffic, system logs, user behaviors, etc., to comprehensively analyze network security conditions. By comprehensively considering multiple data sources, the accuracy and reliability of security detection can be improved.
(5)
Machine learning models can continuously improve performance and adapt to the changing network security environment through continuous training and optimization. Through continuous iterative improvements, the accuracy and efficiency of security detection can be improved.

Machine learning has many advantages in computer network security management and can effectively identify malware, detect network intrusions, analyze abnormal behaviors, and identify threat trends. But there are also many challenges, including data quality and labeling difficulties, adversarial attacks and adversarial examples, model interpretability, large-scale data processing, privacy and data protection, and evolving threats and attack methods. Overcoming these challenges is critical to advancing the application and development of machine learning in cybersecurity.
3.3 Artificial intelligence

AI technologies such as deep learning have been introduced into the field of NS, and by constructing intelligent models, malware classification, intrusion detection, and threat intelligence perception can be achieved [13, 14]. GAN (Generative Adversarial Network) is a deep learning algorithm that is a branch of AI and an artificial neural network specifically designed for image recognition and processing. The objective loss function of the confrontation function is as follows:

$\displaystyle{{L}}\left({{{D}},{{G}}}\right)={{E}}_{{x}}{{\log D}}\left({{x}}% \right)+{{E}}_{{y}}{{\log D}}\left[{1-{{D}}\left({{{G}}\left({{y}}\right)}% \right)}\right]$ (1)

$\displaystyle{{\text{Min}}}_{{G}}{{\text{Man}}}_{{D}}{{L}}\left({{{D}},{{G}}}% \right)={{\text{Min}}}_{{G}}{{\text{Man}}}_{{D}}\left({{{E}}_{{x}}{{\log D}}% \left({{x}}\right)+{{E}}_{{y}}{{\log D}}\left[{1-{{D}}\left({{{G}}\left({{y}}% \right)}\right)}\right]}\right)$ (2)

Equation (2) is a description of the minimum and maximum values solved by GAN, which assigns high values to real network attack samples and low values to generated network attack samples. If for the given discriminant function $D(x)$ , the generating function $G(y)$ attempts to “fool” discriminant function $D(x)$ to allocate a high value, and then the rewritten network attack countermeasure target loss function is as follows:

${}_{L}^{\wedge}\left({D,G}\right)=\!\int_{0}^{1}\log D\left(x\right)\textit{dx% }+\!\int_{0}^{1}\log\left[{1-D\left(y\right)}\right]\textit{dy}$ (3)

Then the minimax problem of Eq. (3) becomes the following formula:

$\displaystyle{\text{Min}}_{{G}}{{\text{Man}}}_{{D}}{}_{{L}}^{\wedge}\left({{{D% }},{{G}}}\right)={\text{Min}}_{{G}}{\text{Man}}_{{D}}\left(\int_{0}^{1}\log D% \left(x\right)\textit{dx}+\int_{0}^{1}\log\left[{1-D\left(y\right)}\right]% \textit{dy}\right)$ (4)

The distribution of the discriminant function $D(x)$ is $\mu$ , and the distribution of the generating function $G(y)$ is $\lambda$ . If the density functions of $\mu$ and $\lambda$ are $m(x)$ and $n(x)$ , then $L(D,\lambda)$ can ultimately be written as:

$\displaystyle{{L}}\left({{{D}},{{\lambda}}}\right)=\int_{0}^{1}\log D\left(x% \right){{m}}\left({{x}}\right)\textit{dx}+\int_{0}^{1}\log\left[{1-D\left(x% \right)}\right]{{n}}\left({{x}}\right){\textit{dx}}$ (5)

In the field of NS, GAN generates real network traffic that simulates real user behavior, which can be used to test security systems and identify vulnerabilities that may not be apparent in real-world data. In addition to being used for intrusion detection, GAN can also be used to generate real-world attack scenarios for security testing and training purposes.

3.4 Development of computer NS

The development of computer NS can be traced back to the early days of CNs when the first CN was under development. In the 1970s and 1980s, the main focus of NS research was to protect personal computers and networks from unauthorized access and data theft. With the growth of CN scale and complexity, the focus of NS research has shifted to developing technologies to protect the entire network, rather than just individual components. This has driven the development of technologies such as firewalls, intrusion detection systems, and encryption. The rise of the Internet and the increasingly close connection between CNs brought new security challenges. Researchers are beginning to focus on developing technologies for protecting Web-based (World Wide Web) applications and e-commerce systems, as well as addressing the emerging threat of cyber terrorism. Today, the research background of computer NS is characterized by focusing on developing technologies that can keep up with the rapidly developing threat situation, including researching new methods of threat detection and response and developing technologies that can resist emerging threats such as ransomware, phishing attacks, and advanced persistent threats.

4. CNSM experiment and evaluation

This article would conduct experiments and record relevant experimental data through three indicators: detection accuracy, event response time, and cost, to better evaluate the experimental results of the experimental group and the control group. The data obtained through the evaluation indicators would be analyzed and the conclusion would be drawn.

4.1 Detection accuracy

Figure 2.

Accuracy of NS detection based on AI. A: Experiment on the accuracy of NS detection based on AI. B: Experiment on the accuracy of traditional methods for NS detection.

An important indicator of the effectiveness of CNSM methods is their accuracy in detecting security threats, which can be measured by comparing the number of false positives and false negatives generated by each method. Network intrusion detection systems play a crucial role in protecting CNs [15]. When the security system detects a threat that does not exist, it generates false alarms; when the threat is not detected, the true threat is misreported as safe and trustworthy. To explore the effectiveness of AI in CNSM, the detection accuracy indicators of AI-based Internet security systems and traditional computer Internet security systems are investigated, to determine which method is better at identifying and mitigating NS threats. The specific experimental data results are shown in Fig. 2 (the accuracy indicators of NS detection in Group A and Group B mainly include malware, phishing, and denial of service).

From Fig. 2, it can be seen that the score of NSM based on AI technology was significantly higher than that of traditional NSM methods. The fifth group had the highest detection accuracy score in malware attacks, with an experimental score of 98.47. In the phishing attack, the third group scored the highest in detection accuracy, and its experimental score was 97.69. The eighth group had the highest accuracy score for detecting denial of service attacks, with an experimental score of 94.52. By calculating the average score of the three evaluation indicators for NS detection accuracy, the average accuracy score of NS detection based on AI technology was 92.35. Experimental data based on traditional NSM methods were analyzed again [16]. In terms of the detection accuracy of malicious software attacks, the tenth group scored the highest, with an experimental score of 78.37. In phishing attacks, the second group scored the highest in detection accuracy, and its experimental score was 77.45. The sixth group had the highest accuracy score for detecting denial of service attacks, with an experimental score of 79.18. Based on the average score of these three evaluation indicators, the average accuracy score of NS detection based on traditional NSM methods was 71.93. Based on the above experimental data analysis, it can be concluded that the use of artificial intelligence technology can greatly improve the accuracy of traditional network security detection.

4.2 Event response time

Figure 3.

Network attack event response time.

Another important indicator of the effectiveness of CNSM methods is their response speed to security events. This can be measured by comparing the time it takes for two methods to detect, analyze, and respond to security events. AI-based security systems are generally considered to be faster and more efficient in event response compared to traditional security systems. Therefore, comparing event response times can help researchers determine whether this is indeed the case. To explore the advantages and disadvantages of AI and traditional CNSM technology in event response time, three indicators from the above experiments were still selected for the experiment. The specific experimental data shown in Fig. 3 (A refers to the CNSM technology based on AI. B refers to the traditional computer security management technology. A and B have conducted event response time experiments on malware attacks, phishing attacks, and denial of service attacks respectively).

The experimental results, as shown in Fig. 3, showed that computer NS technology based on AI had significant technological advantages in response time to network attack events compared to traditional computer NS technology. The fourth group had the shortest response time for malicious software attack events, with a response time of 4.03 hours. The shortest response time for phishing attacks was for the fifth group, with an incident response time of 6.72 hours. The third group had the shortest response time for denial of service attack events, with an event response time of 7.12 hours. After calculation, the average overall event response time based on AI computing security management technology was 9.45 hours. Looking at the traditional CNSM technology event response time, the shortest response time for malicious software attack events was 10.67 hours. The minimum response time for phishing attacks was 14.24 hours. The minimum response time for a denial of service attack event was 18.85 hours. After calculation, the average overall event response time based on traditional computational security management technology was 20.28 hours [17].

4.3 Cost consumption

It is important to compare the cost consumption between AI-based and traditional CNSM methods. Although AI-based security systems typically require more computing power and storage capacity than traditional security systems, this can also lead to related costs and complexity. However, traditional NSM incurs more labor costs. By comparing the cost consumption of these two methods, it can be determined which method has more advantages in terms of cost, computing resources, and storage requirements. Figure 4 shows the experimental data on the cost of the two methods.

The experimental data was shown in Fig. 4, and the cost of security management based on traditional CNSM technology was much higher than that of computer security management technology based on AI. The highest security management costs for AI-based security management technology over 12 months occurred in May, with a cost amount of 174,800 US dollars for that month. The lowest security management cost was in November, with a monthly cost of 113000 US dollars. The overall 12-month average cost of managing cybersecurity was calculated to be 147,300 US dollars. The cost of traditional NSM technology was much higher than that of AI technology, with the highest NSM cost reaching 274800 US dollars and the lowest NSM cost reaching 205900 US dollars. The average cost based on traditional NSM technology was 232100 US dollars. Through experimental data, it can be concluded that security management technology based on artificial intelligence can greatly reduce the cost of traditional network management technology.

Figure 4.

Comparison of NSM costs.

AI technology reduces the management cost. Although it requires more computing resources, it saves labor costs compared with traditional methods. Experimental data show that the safety management cost of AI technology is low, with an average monthly cost of about 147,300 US dollars, while the average cost of traditional methods is as high as 232,100 US dollars. This highlights the advantages of AI technology in reducing the cost of network security management.

The research findings of this article are of great significance to cybersecurity professionals, organizations, and policymakers. High-precision threat detection and rapid response capabilities will improve network defense efficiency and reduce potential losses. In addition, cost reduction will release funds for other security measures. For policymakers, the research findings provide data support for formulating cybersecurity strategies, helping to optimize resource allocation and respond to future threats.

5. Conclusions

A large number of internet users surf the internet and transmit data through CNs. However, as the amount of data generated by CNs continues to grow exponentially growth, traditional NSM methods become increasingly difficult to find potential security problems in CNs. By utilizing AI technology, CNs can self-detect and respond to security threats in real time, identify potential security threats and trends, and protect CNs from losses caused by network attacks. This article verified the advantages and disadvantages of CNSM technology based on AI compared to traditional NSM technology through experiments. The final experimental results showed that NSM based on AI can not only improve the detection accuracy of network attacks but also reduce the response time of network attack events and NSM costs. Potential areas for improvement include improving the accuracy and efficiency of artificial intelligence algorithms to address new threats. At the same time, integrating artificial intelligence with blockchain or the Internet of Things enhances security and credibility. Optimize traditional CNSM systems, such as improving monitoring and response mechanisms, to enhance network defense capabilities. These improvements will drive network security management technology to a higher level. The limitation of this paper mainly lies in the small sample size, which may affect the generalization ability of the results. Only a limited number of network security events and data sets may be involved in the experiment, so the results may not be universal. Future research can further explore hybrid artificial intelligence traditional CNSM methods to improve overall security. Real-time threat detection mechanisms can also be studied to enhance network security response capabilities. Meanwhile, explore more cost-effective solutions, such as blockchain-based security management. These directions will help further promote the development and application of network security technology. AI technology has potential limitations in network security management, such as antagonistic attacks that may lead to misjudgment of models, insufficient training due to data scarcity, exploitation of algorithm loopholes, and consideration of privacy and moral issues. Future research directions include strengthening the robustness of AI algorithms, exploring the application of deep learning in network security, and studying the combination of AI and blockchain.

References

Tang

Mohamed

. Computer network security evaluation simulation model based on neural network. Journal of Intelligent and Fuzzy Systems. 2019; 37(3): 3197-3204.

Sengupta

Ankur

Abdulhakim

Adel

Dijiang

Subbarao

. A survey of moving target defenses for network security. IEEE Communications Surveys and Tutorials. 2020; 22(3): 1909-1941.

Hyun

Jinyong

Hyoungshick

Jaehoon

Susan

Linda

, et al. Interface to network security functions for cloud-based security services. IEEE Communications Magazine. 2018; 56(1): 171-178.

Satria

Alde

Aldo

Deddy

. Network security assessment using internal network penetration testing methodology. JOIV: International Journal on Informatics Visualization. 2018; 2(4–2): 360-365.

Mintz

Ronit

. Introduction to artificial intelligence in medicine. Minimally Invasive Therapy and Allied Technologies. 2019; 28(2): 73-81.

Kaul

Sarah

Seth

. History of artificial intelligence in medicine. Gastrointestinal endoscopy. 2020; 92(4): 807-812.

Schwendicke

Samek

Krois

. Artificial intelligence in dentistry: chances and challenges. Journal of Dental Research. 2020; 99(7): 769-774.

Kaur

Ramkumar

. The recent trends in cyber security: A review. Journal of King Saud University-Computer and Information Sciences. 2022; 34(8): 5766-5781.

Muhammet

. AHP–TOPSIS integration extended with Pythagorean fuzzy sets for information security risk analysis. Complex and Intelligent Systems. 2019; 5(2): 113-126.

10.

Xuedong

Wei

Vivekananda

Achyut

. Achieving concurrency in cloud-orchestrated Internet of Things for resource sharing through multiple concurrent access. Comput Intell. 2024; 40(1).

11.

Khan

Hatami

Zhao

, et al. A novel trusted hardware-based scalable security framework for IoT edge devices. Discov Internet Things. 2024.

12.

Thomas

. Individual cyber security: Empowering employees to resist spear phishing to prevent identity theft and ransomware attacks. International Journal of Business Management. 2018; 12(3): 1-23.

13.

Sun

Zhang

Ren

. LSTM power load peak prediction method based on bayesian network. Engineering Intelligent Systems. 2024; 32(2): 155-164.

14.

Rosenberg

Asaf

Yuval

Lior

. Adversarial machine learning attacks and defense methods in the cyber security domain. ACM Computing Surveys (CSUR). 2021; 54(5): 1-36.

15.

Sunil

Achyut

. Cluster-based energy-efficient routing protocol in next generation sensor networks. Int J Grid Util Comput. 2024; 15(2): 181-197.

16.

Yadav

. Performance Evaluation of Routing in Flying Ad-hoc Networks Using Nature-inspired Algorithms. Intelligent Decision Technologies. 2024; 18(1): 9-22.

17.

Mousa

, et al. The Impact of Cloud Computing Adoption on Firm Performance Among SMEs in Palestine: A Machine Learning Approach. International Journal of Intelligent Information Technologies (IJIIT). 20(1): 1-24.