METHODS OF FORMING COMPETENCIES IN APPLICANTS FOR THE SPECIALTY «CYBERSECURITY» WHEN PERFORMING A COURSE ASSIGNMENT IN THE DISCIPLINE «LOCAL NETWORKS»

. The methodology of «AttackDetectionLAN» for the formation of professional and subject competencies of applicants for the degree «Bachelor» in the specialty «Cybersecurity» in the course assignment in the discipline «Local Networks» is proposed: 1) obtaining an idea of the network categories of attacks and the corresponding network classes of attacks; 2) configuration of a multilayer neural network to detect network attacks; 3) creation of a neural model in accordance with the composite structure using the selected neuropackage; 4) on the basis of an open NSL-KDD database, preparation of samples for training and testing of the created neural network; 5) determination of the optimal parameters of the created neural network.


Entry
Statement of the problem.The current state in the world, which is associated with the spread of infected diseases and military events that threaten the lives of applicants, has led to the use of blended learning, in particular in the discipline «Local Networks», as well as the formation of relevant professional and subject competencies in applicants for a bachelor's degree under such difficult conditions of our time, which confirms the relevance of the topic.
Analysis of the latest research.Competency assessment is the subject of research by many scientists.It is important to identify, analyze and summarize the experience of EU countries, important international organizations and initiatives (UNESCO, ECDL, MICROSOFT, INTEL, etc.), as well as comparability for modern Ukrainian education in international studies of the quality of education (PISA, TIMSS, PEARLS) [1].The analysis of recent studies and publications revealed the following: 1) lack of unified information and communication technologies for teaching in the discipline «Local Networks»; 2) the need for timely detection of network attacks based on the use of neural network technology; 3) the existence of a wide range of neuropackages suitable for creating a neural network (NN); 4) features of Generation Z, and became the basis for the development of its own methodology.
The aim of the article is to develop the «AttackDetectionLAN» methodology for the formation of professional and subject competencies in applicants for the degree of «Bachelor» in the specialty «Cybersecurity» when performing a course assignment in the discipline «Local Networks».

General characteristics of the «AttackDetectionLAN» technique.
The proposed «AttackDetectionLAN» technique provides an opportunity for first-degree students in the discipline «Local Networks»: to get an idea of the network categories of attacks and the corresponding network classes of attacks; configure a multilayer NN to detect network attacks; create an NN according to the composite structure using the selected neuropackage; based on the NSL-KDD (or KDDCup) database, prepare samples for training and testing the created NN; investigate the optimal parameters of NN.
Network categories and attack classes.The DoS category is characterized by generating a large amount of traffic, which leads to server overload and blockage.The following classes of network attacks are known according to the DoS category: Back; Land; Neptune; Pod; Smurf; Teardrop.The PROBE network category is aimed at scanning ports in order to obtain sensitive information.The main network classes of PROBE attacks are: Ipsweep; Nmap; Portsweep; Satan.The category of R2L network attacks is characterized by the acquisition of access by an unregistered user to a computer from a remote computer.The R2L category includes the following network attack classes: Ftp_write; Guess_passwd; Imap; Multihop; Phf; Spy; Warezclient; Warezmaster.U2R network attacks are system attacks in which a hacker runs a system with a regular user account and tries to exploit vulnerabilities in the system to gain superuser privileges.The main network classes of U2R attacks are: Buffer overflow; Loadmodule; Perl; Rootkit.
Multilayer perceptron as the main method.To detect network attacks, it is advisable to use neural network technology, in particular MLP (Multi Layer Perceptron).As an example, the MLP structure for detecting network attacks of the PROBE category is presented (Figure 1).
Sampling and creation of NN.Based on the NSL-KDD database [3], a sample of 250 examples was compiled (50 examples for each network class and its absence), an excerpt of which is presented in Table 1 as an example.
With the help of the Toolbox package, MatLAB created the NN configuration 41-1-20-5, where 41 is the number of neurons of the first layer (network traffic parameters), 1 is the number of hidden layers, 20 is the number of hidden neurons, 5 is the number of resulting neurons; а hyperbolic tangent is taken as the activation function of the hidden layer, and a linear function is taken on the resulting layer.Created in MatLAB NN, the structure of which is shown in Figure 2; the obtained results (regression values) on the generated NN are shown in Figure 3.