According to the report of the expert and analytical center of the Infowatch group of companies, the share of internal violators as sources of confidential data leaks in Russia increased in 2020 [ 1 ], in more than 79% of cases, confidential data leaks were caused by an internal violator.

To protect information from leaks, software tools for detecting and preventing leaks of confidential data and various systems for deep traffic analysis are used.

Methods of traffic analysis, depending on the feature spaces used in its classification, can be divided into several groups: calculation of the entropy of all or part of the data [ 2-6 ]; service information of data transmission protocols [ 7–10 ], statistical characteristics and byte distribution [ 11–14 ]. However, there are ways to circumvent these security methods, such as using encryption, data compression, or encapsulation in other protocols [ 15,16 ]. In papers [ 17, 18 ] the authors conclude that the entropy approach reduces the information about the distribution to a single number, thereby reducing the features available for analysis. To overcome this problem, deep neural networks were used to classify data of two classes: encrypted by the aes algorithm and compressed by the rar, zip/gzip, jpeg, png, mp3, and pdf algorithms. This mechanism, according to the authors, will automatically determine the most significant features inherent in the analyzed sequences and improve the accuracy of their classification.

In [ 19 ], a combined approach based on recurrent networks and extremely randomized trees is used to detect potentially malicious actions and intrusions into information systems. Service network information was used as attributes.

In the paper [ 20 ] notes that the byte distributions in encrypted and compressed sequences tend to be evenly distributed. This fact is explained by the fact that encryption algorithms disperse the original statistics in messages and compression algorithms tend to reduce the redundancy of the original messages. The article [ 21 ] describes the use of a feature space based on byte allocation for detecting potentially malicious software.

In the reviewed studies, the following machine learning algorithms were used: decision tree (DT), support vector machine (SVM), random forest (RF), Markov chain (MC), hidden Markov chain (HMC), boosting (BG), convolutional neural networks (CNN), recurrent neural networks (RNN), determination of autocorrelation of distributions (AC). The considered methods use container and file headers for data analysis, which contain "magic" bytes – digital signatures that uniquely identify the transmission protocol or the compressed data container. At the same time, software and hardware protection against information leaks do not have mechanisms for analyzing encrypted or compressed data, in the absence of information about the compression algorithm [ 3 ]. An overview of the methods considered is presented in Table 1.

Machine learning algorithms are also used in related areas of information security. So in the study, the authors used the XGBoost algorithm to search for abnormal behavior of players on the stock exchange who own insider information and use it improperly [ 22 ]. The signs were various specific signs and financial indicators inherent in conducting transactions on the exchange. Despite some differences in the subject area, the authors solve a similar problem of optimizing machine learning algorithms to improve the accuracy of classifying illegitimate actions of agents.

In a number of studies, an algorithm of extremely randomized trees is used to detect intrusions into corporate networks. This approach also applies to the ensemble method as well as the random forest, but differs in the way of selecting the partition threshold. Instead of searching for the most optimal thresholds, as happens in the random forest algorithm, the thresholds are selected randomly for each possible feature, and the best one is selected as a rule for dividing the node. The use of extremely randomized trees slightly reduces the variance of the model due to a slightly larger increase in the bias [ 23-25 ].

Gradient boosting refers to ensemble machine learning algorithms that can be used for classification or regression tasks. Ensembles are built on the basis of decision tree models. Trees are added one by one to the ensemble and trained to correct prediction/classification errors made by previous models. The models are trained using any arbitrary differentiable loss function and a gradient descent optimization algorithm. This explains the name of the algorithm "gradient boosting", since the loss gradient is minimized as the model is trained, like a neural network, and the addition of trees causes the term boosting [ 23 ].

Special attention in Work 21 is paid to the definition of hyperparameters of the classifier. The maximum depth of the trees limits the growth of the trees used in depth. A higher value increases the complexity of the model, but at the same time can lead to overfitting. The learning rate controls the weight of an individual model in the ensemble prediction. Smaller speed values may require more decision trees in the ensemble.

In work [ 24 ], the authors search for hyperparameters of the classifier based on the lightgbm algorithm to increase its accuracy, the main ones are: maximum depth of trees – this parameter determines the complexity of the model, the higher it is, the more accurately classifies the data, but can lead to overfitting and a decrease in accuracy on test data; learning rate – the parameter assigns the weight of each tree in the ensemble, lower values indicate a low weight of each tree in the ensemble. The special role of the feature selection and normalization process is also noted, since erroneous data and omissions in the feature values can significantly reduce the accuracy of the classification algorithms used. The statistical characteristics of the obtained distributions of the values of the feature space were used as features: the minimum and maximum values, the arithmetic mean, and the variance.

The analysis of the works considered in the study allows us to conclude that machine learning algorithms are widely used in the field of information security and their high accuracy in solving problems of data classification of various classes. In many works, the entropy approach, the distribution of bytes and subsequences of different lengths, is used to form the feature space. Based on the analysis, it was suggested that it is possible to form a feature space based on byte distributions and subsequences of limited bit length.

The analysis of sources in the subject area of research revealed the frequent use of the byte distribution as a feature space, its statistical characteristics, and the results of counting the frequencies of subsequences of different lengths with different steps.

It was suggested that the feature space based on combining the frequency of occurrence of independent bit subsequences of different length N (in bits) without taking into account the complete overlap of each subsequence and the byte distribution can be used to solve the problem of improving the accuracy of the classification of PRS and improving existing solutions in the field of information protection from leaks. For example, for sequence = 100101111010, the frequency of occurrence of subsequences with length N = 3 bits is shown in Table 2.

In order to prevent the use of digital signatures and correctly classify encrypted and compressed sequences that have a uniform byte distribution and are called pseudorandom (PSP), a PSP model based on statistical features was developed. When it is formed, the header part of the file with a length of 10 KB is discarded, the rest is subject to statistical analysis. In its formal form, the PSP model is defined by the expression 1.

= ∈[0,…,255] , , , , , ∈[0,…,511] , (1) frequency values. occurrence of subsequences of length 9 bits in the analyzed PRS;

– standard deviation of the byte distribution; , where ∈[0,…,255] – byte distribution in the analyzed PRS; ∈[0,…,511] – distribution of frequencies of – mean of the byte frequency – minimum and maximum byte

Mean of the byte frequency in PRS and standard deviation of the byte distribution is calculated according to expression 2.

= ∑2=505 ( ) 256 , where ( ) – the number of occurrences of byte i in the analyzed PRS.

The frequency of occurrence of subsequences in the PRS is calculated according to expression 3. of the subsequence j in bits. where – the number of occurrences of the subsequence j in PRS; M – PRS length in bits; N – length

To test the adequacy of the model, experiments were conducted to classify the generated set of encrypted and compressed data with a size of 600 Kbytes. 2000 files containing meaningful text in Russian were generated, then they were processed by encryption algorithms (AES, DES, RC4, Camellia, GOST34.12 "Kuznechik") and compression algorithms (RAR, ZIP, 7Z, GZ, BZ2, XZ). Thus a data sample consisting of two classes and containing 22,000 files was obtained.

In order to select the most suitable machine learning algorithm, experiments were conducted to evaluate the accuracy of the PRS classification. In view of the dependence of the classification accuracy on the number of features used in the PRS model, experiments were conducted using a different number of features ranked by discriminating ability [ 26 ].

The results of evaluating the accuracy of the classification of PRS by machine learning algorithms depending on the number of features are shown in the figure 1. (2) (3)

Machine learning algorithms have different time complexity, and to assess their applicability in real systems, experiments were conducted to determine the training time of a model based on the corresponding machine learning algorithm. The results of the experiments are shown in Figure 2.

The proposed PRS model based on the developed PRS classification algorithm allows classifying encrypted and compressed data with an accuracy of 0.97 in 0.5 seconds for a sequence of 600 Kbytes in length. The classification does not take into account digital signatures, file extensions, and other service information, but only statistical features of byte distributions and 9-bit subsequences [ 27 ].

The developed solution can be implemented in existing DLP systems and perform statistical analysis of data transmitted beyond the controlled perimeter of the corporate data network, the flow diagram is shown in Figure 2. Number of estimators 100

Number of features 200 Max depth of the trees 38

Length of the

9 bits subsequences 100 1 101 2 110 1 111 1

The developed PRS model together with the PRS classification algorithm can be implemented in the statistical data analysis module of existing DLP systems. The greatest threat to modern enterprise systems is cloud storage. If necessary, the internal intruder is able to use encryption and data masking tools, for example, by introducing digital signatures of known file formats: for ZIP format - "50 4B"; RAR - "52 61 72 21 1A"; pdf - "25 50 44 46 2D 31 2E". The developed solution can be implemented in existing DLP systems and perform statistical analysis of data transmitted outside the controlled perimeter of the corporate data network, the block diagram of which is shown in figure 5.

The study examines existing approaches to the formation of feature spaces and machine learning algorithms used to build classifiers of encrypted and compressed data. Existing approaches show high classification accuracy, but all of them use the headers of the analyzed files or data packets, which contain digital signatures that uniquely determine the type of information transmitted. An attacker can take advantage of this flaw and transmit the information in encrypted form by changing the header part of the file or using encapsulation methods for traffic.

To improve the accuracy of the classification of PRS generated by data encryption and compression algorithms, a model of PRS was developed that uses the byte distribution and the frequency of occurrence of 9-bit subsequences in the analyzed PRS. The choice of the mathematical apparatus based on the random forest construction algorithm was justified. During the experiments, the adequacy of the model and the possibility of its application for the classification of the data types specified in the work with a precision of 0.98 were confirmed. The place of implementation of the developed PRS model in the means of detecting and preventing information leaks was proposed.

The reported study was funded by Russian Ministry of Science (information security), project number 18/2020.