Modern systems for detecting intrusion into the information network

The widespread use of modern network technologies, especially IoT (Internet of Things) systems, has created significant
threats to cybersecurity. One of the common problems is anomalies - situations when the available data does not match the
normal pattern, which may be caused by fraudulent actions. The paper analyzes anomaly detection systems in the information
network. The principles of their operation are discussed. Special attention is paid to the difficulties of predicting modern
cyberattacks, which led to the need to use artificial intelligence methods in protection systems. In this regard, systems based on
knowledge and computational predictions are described. Their advantages and challenges are noted. Emphasis is placed on the
correlation of events in systems, which includes complex tasks such as detection, prevention and response through the
integration of security data. The paper develops a knowledge-based machine learning algorithm that can be used to process large
data streams in real time. The algorithm proposes the use of genetic programming and random forest methods to form a new
rule.