2518-1092Research result. Information technologies2518-109210.18413/2518-1092-2026-11-1-0-54099ARTIFICIAL INTELLIGENCE AND DECISION MAKING<strong>EXPERT SYSTEM FOR INFORMATION SECURITY EVENT ANALYSIS</strong><strong>EXPERT SYSTEM FOR INFORMATION SECURITY EVENT ANALYSIS</strong>PotienkoDaniil AnatolyevichPotienkoDaniil Anatolyevichpotienkodaniil@gmail.comGazizovAndrey RavilevichGazizovAndrey Ravilevichagazizov@donstu.ruLegonkoOlga LeonidovnaLegonkoOlga Leonidovnaolga_cvetkova@mail.ru202611100

This article explores the development of a hybrid expert system for analyzing information security events, aimed at automating threat detection in network traffic. Given the growing volume of data and the complexity of attacks, traditional analysis methods are ineffective, necessitating the integration of machine learning and expert rules. The goal of the study is to create a modular system architecture comprising four components: data collection (Apache Kafka), preprocessing (Apache Flink), analysis and classification (Random Forest with rule-based postprocessing), and logging (Elastic Stack). A Python prototype was tested on the UNSW-NB15 dataset, demonstrating a binary classification accuracy of 0,890 and a multiclass classification accuracy of 0,781. The hybrid approach increases recall for selected attack classes (Analysis, Backdoor, DoS) by 19&ndash;100% while reducing overall accuracy by 1,2%, ensuring the interpretability of solutions. The conclusion suggests future directions, including rule optimization through reinforcement learning, integration of LSTM artificial neural networks, and automatic knowledge base updating.

This article explores the development of a hybrid expert system for analyzing information security events, aimed at automating threat detection in network traffic. Given the growing volume of data and the complexity of attacks, traditional analysis methods are ineffective, necessitating the integration of machine learning and expert rules. The goal of the study is to create a modular system architecture comprising four components: data collection (Apache Kafka), preprocessing (Apache Flink), analysis and classification (Random Forest with rule-based postprocessing), and logging (Elastic Stack). A Python prototype was tested on the UNSW-NB15 dataset, demonstrating a binary classification accuracy of 0,890 and a multiclass classification accuracy of 0,781. The hybrid approach increases recall for selected attack classes (Analysis, Backdoor, DoS) by 19&ndash;100% while reducing overall accuracy by 1,2%, ensuring the interpretability of solutions. The conclusion suggests future directions, including rule optimization through reinforcement learning, integration of LSTM artificial neural networks, and automatic knowledge base updating.

expert systemartificial intelligence technologiesinformation securityinformation protectioninformation security threatexpert systemartificial intelligence technologiesinformation securityinformation protectioninformation security threatСписок литературыSeraphim B.I., Palit Sh., Srivastava K., Poovammal E. A Survey on Machine Learning Techniques in Network Intrusion Detection System. &ndash; 2018. &ndash; pp. 1-5. DOI: 10.1109/CCAA.2018.8777596.Mua U.S., Chakraborty S., Abdullahi M.M., Maini T. A Review on Intrusion Detection System using Machine Learning Techniques, 2021 International Conference on Computing, Communication, and Intelligent Systems (ICCCIS), Greater Noida, India, 2021. &ndash; pp. 541-549, DOI: 10.1109/ICCCIS51004.2021.9397121.Prajapati A., Gupta Sh. A Survey: Data Mining and Machine Learning Methods for Cyber Security. International Journal of Scientific Research in Computer Science, Engineering and Information Technology. &ndash; 2021. &ndash; pp. 24-34. DOI: 10.32628/CSEIT217212.Veeramreddy J., Prasad K. Anomaly-Based Intrusion Detection System. &ndash; 2019. DOI: 10.5772/intechopen.82287.Dutta A. Random Forest Classifier Based Network Intrusion Detection System. Engineering, Technology and Applied Science Research. &ndash; 2021. &ndash; No 9. &ndash; Pp. 4603-4608. DOI: 10.22214/ijraset.2021.35406.Abdelaziz M.T., Radwan A., Mamdouh H. et al. Enhancing Network Threat Detection with Random Forest-Based NIDS and Permutation Feature Importance. J Netw Syst Manage. &ndash; 2025. &ndash; 33, 2. https://doi.org/10.1007/s10922-024-09874-0Prajapati P.K., Singh I., Subhashini N. Network Intrusion Detection Using Machine Learning. In: Subhashini N., Ezra M.A.G., Liaw SK. (eds) Futuristic Communication and Network Technologies. Lecture Notes in Electrical Engineering, vol 966. Springer, Singapore. &ndash; 2023. https://doi.org/10.1007/978-981-19-8338-2_4Sowmya T., Anita M. A novel stable feature selection algorithm for machine learning based intrusion detection system. Procedia Computer Science. &ndash; 2025. &ndash; P. 252. 738-747. DOI: 10.1016/j.procs.2025.01.034.Babicheva M.V., Tretyakov I.A. Application of machine learning methods for automated detection of network intrusions. Herald of Dagestan State Technical University. Technical Sciences. &ndash; 2023. &ndash; 50(1). &ndash; pp. 53-61. (In Russ.) https://doi.org/10.21822/2073-6185-2023-50-1-53-61Gaiduk K.A., Iskhakov A.Yu. On the Implementation of Algorithms for Detecting Insider Threats Using Machine Learning. Vestnik SibGUTI. &ndash; 2022. &ndash; 16. &ndash; No. 4. &ndash; pp. 80-95. https://doi.org/10.55648/1998-6920-2022-16-4-80-95.Meshcheryakov R.V., Melnikov S.Yu., Peresypkin V.A., Khorev A.A. Promising Directions for the Application of Artificial Intelligence Technologies in Information Security. Cybersecurity Issues. &ndash; 2024. &ndash; No.&nbsp;4(62). &ndash; pp. 2-12. https://doi.org/10.21681/2311-3456-2024-4-02-12.Selemenev A.V., Astakhova I.F., Trofimenko E.V. Application of Artificial Immune Systems for Detecting Network Intrusions. Vestnik of Voronezh State University. Series: System Analysis and Information Technologies. &ndash; 2019. &ndash; No. 2. &ndash; pp. 49&ndash;56.Kotenko I.V., Kuleshov A.A., Ushakov I.A. System for Collecting, Storing and Processing Security Information and Events Based on Elastic Stack Tools. Proceedings of SPIIRAN. &ndash; 2017. &ndash; No. 5(54). &ndash; pp. 5-34. https://doi.org/10.15622/sp.54.1.Carbone P., Katsifodimos A., Ewen S., Markl V., Haridi S., Tzoumas K. Apache Flink&trade;: Stream and Batch Processing in a Single Engine. IEEE Data Engineering Bulletin. &ndash; 2015. &ndash; 38(4). &ndash; pp. 28-38 p.Daksa R., Kemala A. A Comparative Study on Real Time Data Streaming for Fraud Detection Using Kafka with Apache Flink and Apache Spark. Procedia Computer Science. &ndash; 2025. &ndash; 269. &ndash; pp. 192-199. DOI: 10.1016/j.procs.2025.08.272.Diana Julie M.D. Exploring the Paradigm Shift: Harnessing Data Analytics for Real &ndash; World Applications&nbsp; / D. Diana Julie M // International Journal of Science and Research. &ndash; 2023. &ndash; Vol. 12, No. 6. &ndash; P.&nbsp;1467-1480. &ndash; DOI: 10.21275/sr23611121501. &ndash; EDN IVRRST.Redchenkov D.S., Ilin D.I. Pandas Library for Data Analysis in Python. In Information and Computational Technologies and Their Applications: Collection of Articles of the XXIX International Scientific and Technical Conference, Penza, August 15&ndash;16, 2025. &ndash; pp. 178&ndash;182. Penza: Penza State University of Architecture and Construction, 2025.Moustafa N., Jill S. UNSW-NB15: a comprehensive data set for network intrusion detection systems (UNSW-NB15 network data set) 2015 Military Communications and Information Systems Conference (MilCIS). Canberra, ACT, &ndash; 2015. pp. 1-6. DOI: 10.1109/MilCIS.2015.7348942Kumar V., Das A., Sinha D. Statistical Analysis of the UNSW-NB15 Dataset for Intrusion Detection. &ndash; 2020. DOI: 10.1007/978-981-13-9042-5_24.Meliboyev A. Long Short Term Memory Algorithm in Intrusion Detection: A Deep Learning Approach to Time Series Data. SSRN Electronic Journal. &ndash; 2025. DOI: 10.2139/ssrn.5527203.