DOI: 10.18413/2518-1092-2026-11-1-0-5

EXPERT SYSTEM FOR INFORMATION SECURITY EVENT ANALYSIS

Daniil Anatolyevich Potienko
Andrey Ravilevich Gazizov
Olga Leonidovna Legonko

This article explores the development of a hybrid expert system for analyzing information security events, aimed at automating threat detection in network traffic. Given the growing volume of data and the complexity of attacks, traditional analysis methods are ineffective, necessitating the integration of machine learning and expert rules. The goal of the study is to create a modular system architecture comprising four components: data collection (Apache Kafka), preprocessing (Apache Flink), analysis and classification (Random Forest with rule-based postprocessing), and logging (Elastic Stack). A Python prototype was tested on the UNSW-NB15 dataset, demonstrating a binary classification accuracy of 0,890 and a multiclass classification accuracy of 0,781. The hybrid approach increases recall for selected attack classes (Analysis, Backdoor, DoS) by 19–100% while reducing overall accuracy by 1,2%, ensuring the interpretability of solutions. The conclusion suggests future directions, including rule optimization through reinforcement learning, integration of LSTM artificial neural networks, and automatic knowledge base updating.

Keywords: expert system, artificial intelligence technologies, information security, information protection, information security threat.

Number of views: 30 (view statistics)

Количество скачиваний: 102

Full text (PDF)Скачать XML To articles list

Information for citation:

Potienko D.A., Gazizov A.R., Legonko O.L. Expert System for Information Security Event Analysis // Research result. Information technologies. – Т.11, №1, 2026. – P. 40-53. DOI: 10.18413/2518-1092-2026-11-1-0-5

User comments
Reference lists

While nobody left any comments to this publication.
You can be first.

Seraphim B.I., Palit Sh., Srivastava K., Poovammal E. A Survey on Machine Learning Techniques in Network Intrusion Detection System. – 2018. – pp. 1-5. DOI: 10.1109/CCAA.2018.8777596.
Mua U.S., Chakraborty S., Abdullahi M.M., Maini T. A Review on Intrusion Detection System using Machine Learning Techniques, 2021 International Conference on Computing, Communication, and Intelligent Systems (ICCCIS), Greater Noida, India, 2021. – pp. 541-549, DOI: 10.1109/ICCCIS51004.2021.9397121.
Prajapati A., Gupta Sh. A Survey: Data Mining and Machine Learning Methods for Cyber Security. International Journal of Scientific Research in Computer Science, Engineering and Information Technology. – 2021. – pp. 24-34. DOI: 10.32628/CSEIT217212.
Veeramreddy J., Prasad K. Anomaly-Based Intrusion Detection System. – 2019. DOI: 10.5772/intechopen.82287.
Dutta A. Random Forest Classifier Based Network Intrusion Detection System. Engineering, Technology and Applied Science Research. – 2021. – No 9. – Pp. 4603-4608. DOI: 10.22214/ijraset.2021.35406.
Abdelaziz M.T., Radwan A., Mamdouh H. et al. Enhancing Network Threat Detection with Random Forest-Based NIDS and Permutation Feature Importance. J Netw Syst Manage. – 2025. – 33, 2. https://doi.org/10.1007/s10922-024-09874-0
Prajapati P.K., Singh I., Subhashini N. Network Intrusion Detection Using Machine Learning. In: Subhashini N., Ezra M.A.G., Liaw SK. (eds) Futuristic Communication and Network Technologies. Lecture Notes in Electrical Engineering, vol 966. Springer, Singapore. – 2023. https://doi.org/10.1007/978-981-19-8338-2_4
Sowmya T., Anita M. A novel stable feature selection algorithm for machine learning based intrusion detection system. Procedia Computer Science. – 2025. – P. 252. 738-747. DOI: 10.1016/j.procs.2025.01.034.
Babicheva M.V., Tretyakov I.A. Application of machine learning methods for automated detection of network intrusions. Herald of Dagestan State Technical University. Technical Sciences. – 2023. – 50(1). – pp. 53-61. (In Russ.) https://doi.org/10.21822/2073-6185-2023-50-1-53-61
Gaiduk K.A., Iskhakov A.Yu. On the Implementation of Algorithms for Detecting Insider Threats Using Machine Learning. Vestnik SibGUTI. – 2022. – 16. – No. 4. – pp. 80-95. https://doi.org/10.55648/1998-6920-2022-16-4-80-95.
Meshcheryakov R.V., Melnikov S.Yu., Peresypkin V.A., Khorev A.A. Promising Directions for the Application of Artificial Intelligence Technologies in Information Security. Cybersecurity Issues. – 2024. – No. 4(62). – pp. 2-12. https://doi.org/10.21681/2311-3456-2024-4-02-12.
Selemenev A.V., Astakhova I.F., Trofimenko E.V. Application of Artificial Immune Systems for Detecting Network Intrusions. Vestnik of Voronezh State University. Series: System Analysis and Information Technologies. – 2019. – No. 2. – pp. 49–56.
Kotenko I.V., Kuleshov A.A., Ushakov I.A. System for Collecting, Storing and Processing Security Information and Events Based on Elastic Stack Tools. Proceedings of SPIIRAN. – 2017. – No. 5(54). – pp. 5-34. https://doi.org/10.15622/sp.54.1.
Carbone P., Katsifodimos A., Ewen S., Markl V., Haridi S., Tzoumas K. Apache Flink™: Stream and Batch Processing in a Single Engine. IEEE Data Engineering Bulletin. – 2015. – 38(4). – pp. 28-38 p.
Daksa R., Kemala A. A Comparative Study on Real Time Data Streaming for Fraud Detection Using Kafka with Apache Flink and Apache Spark. Procedia Computer Science. – 2025. – 269. – pp. 192-199. DOI: 10.1016/j.procs.2025.08.272.
Diana Julie M.D. Exploring the Paradigm Shift: Harnessing Data Analytics for Real – World Applications / D. Diana Julie M // International Journal of Science and Research. – 2023. – Vol. 12, No. 6. – P. 1467-1480. – DOI: 10.21275/sr23611121501. – EDN IVRRST.
Redchenkov D.S., Ilin D.I. Pandas Library for Data Analysis in Python. In Information and Computational Technologies and Their Applications: Collection of Articles of the XXIX International Scientific and Technical Conference, Penza, August 15–16, 2025. – pp. 178–182. Penza: Penza State University of Architecture and Construction, 2025.
Moustafa N., Jill S. UNSW-NB15: a comprehensive data set for network intrusion detection systems (UNSW-NB15 network data set) 2015 Military Communications and Information Systems Conference (MilCIS). Canberra, ACT, – 2015. pp. 1-6. DOI: 10.1109/MilCIS.2015.7348942
Kumar V., Das A., Sinha D. Statistical Analysis of the UNSW-NB15 Dataset for Intrusion Detection. – 2020. DOI: 10.1007/978-981-13-9042-5_24.
Meliboyev A. Long Short Term Memory Algorithm in Intrusion Detection: A Deep Learning Approach to Time Series Data. SSRN Electronic Journal. – 2025. DOI: 10.2139/ssrn.5527203.

All journals

Send article

Research result. Information technologies is included in the scientific database of the RINTs (license agreement No. 765-12/2014 dated 08.12.2014).

Журнал включен в перечень рецензируемых научных изданий, рекомендуемых ВАК

The journal is indexed by the following scientific databases and platforms

Research Result. Research result. Information technologies (ISSN 2518-1092)

The journal materials and website are licensed under Creative Commons «Attribution» 4.0 International.

The Founder: Federal State Autonomous Educational Institution of Higher Education "Belgorod National Research University"The Founder’s address: 85 Pobedy Street, Belgorod, the Belgorod region, 308015, Russia

The Publisher: Federal State Autonomous Educational Institution of HigherEducation "Belgorod National Research University" The Founder’s address:85 Pobedy Street, Belgorod, the Belgorod region, 308015, Russia

Editors Office: chief editor Chernomorets Andrey Alekseevich, e-mail: RR_IT@bsuedu.ru, phone: +7 (4722) 30-13-92.

Registered by the Federal Service for Supervision of Communications, Information Technology and Mass Media (Roskomnadzor)

Certificate

Info letter (Russian)

Order No. 1097-OD from 15.11.2023 "On approval of the Regulations for the publication of scientific journals of Belgorod State National Research University"

Order No. 144-OD from 16.03.2026 "On approval of the composition of the Editorial Board of the journal "Research Result. Information technology""

Order No. 145-OD dated 16.03.2026 "On approval of the Charter of the editorial board of the mass media of scientific journal "Research Result. Information Technologies"

Charter of the editorial board of the mass media "Research result. Information technologies"

Have questions?
You can write to us:

✉ Executive Secretary

✉ Site administration

✉ Content manager