MEST Journal ISSN 2334-7058 (Online) DOI 10.12709/issn.2334-7058

This paper is devoted to the improvement of the mathematical support for the intelligent detection models of cyber threats. The results of the research present the further development of detection models of cyber threats, as well as of common classes of cyber-attacks in mission critical information systems (MCIS). There was the model of detection of cyber-attacks to MCIS designed, which is based on the application of learning samples in the form of matrices of features for each of the modeled classes. The studies on minimization of the number of training samples, represented by a binary form of discerning features were carried out. There was the program "Cyber-attacks Analyzer” developed, which allows the automatic generation of dimensions of training matrix of cyber-attacks features, without requiring the participation of experts. It is shown that for the object detection within known classes of cyber-attacks the usage of representative sets of 3-4 features long in the training matrices increases the effectiveness of the algorithm, reaching up to 95%.

modeling, training matrices, adaptive system of detection of cyber threats, information systems, information security

Abraham, S., & Nair, S. (2014). Cyber Security Analytics: A Stochastic Model for Security Quantification Using Absorbing Markov Chains. Journal of Communications, 9(12), 899-907.

Ahmad, D., Dubrovskiy, A., & Flinn, Х. (2005). Defense from the hackers of corporate networks. Moscow: Companies AyTi; DMK - Press.

Al-Jarrah, O. A. (2014). Network Intrusion Detection System using attack behavior classification. 5th International Conference Information and Communication Systems (ICICS), 2014 , (pp. 1–6).

Baddar, S.-H. M. (2014). Anomaly detection in computer networks: a state-of-the-art review. Journal of Wireless Mobile Networks, Ubiquitous Computing, and Dependable Applications, 5(4), 29–64.

Chertov, R., Fahmy, S, & Shroff, N. (2006). Emulation versus Simulation: A Case Study of TCP-Targeted Denial of Service Attacks. Proc. of the 2nd International Conference on Testbeds and Research Infrastructures for the Development of Networks and Communities. Retrieved from https://www.cs.purdue.edu/homes/fahmy/papers/tridentcom.pdf

Chi, S., Park, J., Jung, K., & Lee, J. (2001). Network Security Modeling and Cyber Attack Simulation Methodology (Vol. LNCS 2119). Berlin Heidelberg: Springer-Verlag. Retrieved from http://link.springer.com/chapter/10.1007%2F3-540-47719-5_26#page-2

Gorodetski, V., & Kotenko, I. (2002). Attacks against Computer Network: Formal Grammar-Based Framework and Simulation Tool. In Recent Advances in Intrusion Detection (Vol. 2516, pp. 219-238). Springer Berlin Heidelberg. doi:10.1007/3-540-36084-0_12

Harel, D. (1987). Statecharts: A Visual Formalism for Complex Systems. Science of Computer Programming(8), 231-274.

Khan, L., Awad, M., & Thuraisingham, B. (2007). A new intrusion detection system using support vector machines and hierarchical clustering. The International Journal on Very Large Data Bases, 16(4), 507–521. Retrieved from https://www.utdallas.edu/~lkhan/papers/Intrusion%20Detection%20Using%20Clustering%20Approaches.pdf

Lakhno, V. (2016). Creation of the adaptive cyber threat detection system on the basis of fuzzy feature clustering. Eastern-European Journal of Enterprise Technologies, 2(9(80)), 18-25. doi:10.15587/1729-4061.2016.66015

Lin, S.-C., & Tseng, S.-S. (2004, Oct). Constructing detection knowledge for DDoS intrusion tolerance. Expert Systems with Applications, 27(3), 379–390.

Omar, S., Ngadi, A., & Jebur, H. (2013). Machine learning techniques for anomaly detection: an overview. International Journal of Computer Applications, 79(2), 33–41.

Ranjan, R., & Sahoo, G. (2014). A new clustering approach for anomaly intrusion detection. International Journal of Data Mining Knowledge Management Process (IJDKP), 4(2), 29–38. doi: 10.5121/ijdkp.2014.4203

Tsai, C.-F., Hsub, Y.-F., Linc, C.-Y., & Lin, W.-Y. (2009). Intrusion detection by machine learning: a review. Expert Systems with Applications, 36(10), 11994–12000. doi:10.1016/j.eswa.2009.05.029

Zhan, Z., Xu, M., & Xu, S. (2013). Characterizing Honeypot-Captured Cyber Attacks: Statistical Framework and Case Study. IEEE Transactions on Information Forensics and Security, 8(11), 1775-1789. doi:10.1109/TIFS.2013.2279800

Zhou, Y. (2009). Hybrid Model Based on Artificial Immune System and PCA Neural Networks for Intrusion Detection. Asia-Pacific Conference on Information Processing, 1, pp. 21-24. doi:10.1109/APCIP.2009.13