Development of a model for detecting security incidents in event flows from various components in a network of telecommunication service providers

Abstract

In the framework of this study, a technical solution was developed that makes it possible to detect network security incidents with a high probability using data arrays about device statuses, network events, and information stored in system logs. A model for identifying attacks on a network has been developed, using behavioral analysis and allowing the identification of suspicious network activity An algorithmic solution has also been built that allows aggregating data in a single store based on Cassandra and correlating events from specified sources using gradient boosting of decision trees in the CatBoost implementation. During the computational experiment, the study of the proposed hybrid solution for the accuracy of identification of individual types of attacks was conducted. It is proved that the proposed approach can effectively detect and repel attacks by reducing the response time to security incidents