Development of a system for the detection of cyber attacks based on the clustering and formation of reference deviations of attributes

Authors

DOI:

https://doi.org/10.15587/1729-4061.2017.102225

Keywords:

system of cyber attack detection, cyber security, clustering of attributes, verifying admissible deviations

Abstract

Adaptive system of cyber attack detection, which is based on the improved algorithms for splitting the feature space into clusters, was developed. The procedure of recognition was improved by using the simultaneous clustering and formation of verifying admissible deviations for the attributes of anomalies and cyber attacks.

The proposed modifications of the algorithm for splitting the feature space into clusters in the process of implementation of the procedure of recognition of anomalies and cyber attacks, in contrast to the existing ones, allow us to form simultaneously the reference tolerances when processing complex attributes of recognition objects (RO). This provides the possibility, at every step of training an adaptive recognition system, to change the verifying admissible deviations for all attributes of anomalies and cyber attacks simultaneously. The proposed algorithms make it possible to prevent possible cases of absorption of one RO class of basic attributes of anomalies and cyber attacks by another class. Predicate expressions for ASR that is capable of self-learning were obtained.

Verification of the proposed algorithms was carried out on the simulation models in MatLab and Simulink. It was proved that the proposed algorithms for the clustering of RO attributes make it possible to receive effective learning matrices for ASR as a part of intelligent systems for cyber attack detection. 

Author Biographies

Valeriy Lakhno, European University Akademika Vernads'koho blvd., 16 V, Kyiv, Ukraine, 03115

Doctor of Technical Sciences, Associate Professor

Department of Managing Information Security

Volodimir Malyukov, European University Akademika Vernads'koho blvd., 16 V, Kyiv, Ukraine, 03115

Doctor of Physical and Mathematical Sciences

Department of Information Systems and Mathematical Disciplines

Volodymyr Domrachev, Taras Shevchenko National University of Kyiv Volodymyrska str., 60, Kyiv, Ukraine, 01033

PhD, Associate Professor

Department of Applied Information System 

Olga Stepanenko, Vadym Hetman Kyiv National Economic University Peremohy ave., 54/1, Kyiv, Ukraine, 03057

Doctor of Economic Sciences, Associate professor

Department of Economics Іnformation Systems 

Oleksandr Kramarov, European University Akademika Vernads'koho blvd., 16 V, Kyiv, Ukraine, 03115

Postgraduate student

Department of Information Systems and Mathematical Sciences

References

  1. Khan, L., Awad, M., Thuraisingham, B. (2006). A new intrusion detection system using support vector machines and hierarchical clustering. The VLDB Journal, 16 (4), 507–521. doi: 10.1007/s00778-006-0002-5
  2. Ranjan, R., Sahoo, G. (2014). A New Clutering Approach for Anomaly Intrusion Detection. International Journal of Data Mining & Knowledge Management Process, 4 (2), 29–38. doi: 10.5121/ijdkp.2014.4203
  3. Feily, M., Shahrestani, A., Ramadass, S. (2009). A Survey of Botnet and Botnet Detection. 2009 Third International Conference on Emerging Security Information, Systems and Technologies. doi: 10.1109/securware.2009.48
  4. Mahmood, T., Afzal, U. (2013). Security Analytics: Big Data Analytics for cybersecurity: A review of trends, techniques and tools. 2013 2nd National Conference on Information Assurance (NCIA). doi: 10.1109/ncia.2013.6725337
  5. Dua, S., Du, X. (2016). Data Mining and Machine Learning in Cybersecurity. UK, CRC press, 256.
  6. Zhang, S., Caragea, D., Ou, X. (2011). An Empirical Study on Using the National Vulnerability Database to Predict Software Vulnerabilities. Database and Expert Systems Applications, 217–231. doi: 10.1007/978-3-642-23088-2_15
  7. Lee, K.-C., Hsieh, C.-H., Wei, L.-J., Mao, C.-H., Dai, J.-H., Kuang, Y.-T. (2016). Sec-Buzzer: cyber security emerging topic mining with open threat intelligence retrieval and timeline event annotation. Soft Computing, 21 (11), 2883–2896. doi: 10.1007/s00500-016-2265-0
  8. Buczak, A. L., Guven, E. (2016). A Survey of Data Mining and Machine Learning Methods for Cyber Security Intrusion Detection. IEEE Communications Surveys & Tutorials, 18 (2), 1153–1176. doi: 10.1109/comst.2015.2494502
  9. Petit, J., Shladover, S. E. (2015). Potential Cyberattacks on Automated Vehicles. IEEE Transactions on Intelligent Transportation Systems, 16 (2), 546–556. doi: 10.1109/tits.2014.2342271
  10. Lakhno, V. A., Kravchuk, P. U., Pleskach, V. L., Stepanenko, O. P., Tishchenko, R. V., Chernyshov, V. A. (2017). Applying the functional effectiveness information index in cybersecurity adaptive expert system of information and communication transport systems. Journal of Theoretical and Applied Information Technology, 95 (8), 1705–1714.
  11. Dovbysh, A. S., Martynenko, S. S., Kovalenko, A. S., Budnyk, N. N. (2011). Information-extreme Algorithm for Recognizing Current Distribution Maps in Magnetocardiography. Journal of Automation and Information Sciences, 43 (2), 63–70. doi: 10.1615/jautomatinfscien.v43.i2.60
  12. Ameer Ali, M., Karmakar, G. C., Dooley, L. S. (2008). Review on Fuzzy Clustering Algorithms. IETECH Journal of Advanced Computations, 2 (3), 169–181.
  13. Guan, Y., Ghorbani, A. A., Belacel, N. (2003). Y-means: a clustering method for intrusion detection. CCECE 2003 – Canadian Conference on Electrical and Computer Engineering. Toward a Caring and Humane Technology (Cat. No.03CH37436). doi: 10.1109/ccece.2003.1226084
  14. Halkidi, M., Batistakis, Y., Vazirgiannis, M. (2001). On Clustering Validation Techniques. Journal of Intelligent Information Systems, 17 (2/3), 107–145. doi: 10.1023/a:1012801612483
  15. Gamal, M. M., Hasan, B., Hegazy, A. F. (2011). A Security Analysis Framework Powered by an Expert System. International Journal of Computer Science and Security (IJCSS), 4 (6), 505–527.
  16. Lakhno, V., Mohylnyi, H., Donchenko, V., Smahina, O., Pyroh, M. (2016). A model developed for teaching an adaptive system of recognising cyberattacks among non-uniform queries in information systems. Eastern-European Journal of Enterprise Technologies, 4 (9 (82)), 27–36. doi: 10.15587/1729-4061.2016.73315
  17. Riadi, I., Istiyanto, J. E., Ashari, A., Subanar, N. (2012). Log Analysis Techniques using Clustering in Network Forensics. (IJCSIS) I International Journal of Computer Science and Information Security, 10 (7).
  18. Lakhno, V., Tkach, Y., Petrenko, T., Zaitsev, S., Bazylevych, V. (2016). Development of adaptive expert system of information security using a procedure of clustering the attributes of anomalies and cyber attacks. Eastern-European Journal of Enterprise Technologies, 6 (9 (84)), 32–44. doi: 10.15587/1729-4061.2016.85600
  19. Kiss, I., Genge, B., Haller, P. (2015). A clustering-based approach to detect cyber attacks in process control systems. 2015 IEEE 13th International Conference on Industrial Informatics (INDIN). doi: 10.1109/indin.2015.7281725
  20. Dovbysh, A. S., Budnik, N. N., Moskalenko, V. V. (2012). Informatsionno-ekstremalnyy algoritm optimizatsii parametrov giperellipsoidnykh konteynerov klassov raspoznavaniya. Problemy upravleniya i informatiki, 5, 111–119.
  21. Lee, S. M., Kim, D. S., Lee, J. H., Park, J. S. (2012). Detection of DDoS attacks using optimized traffic matrix. Computers & Mathematics with Applications, 63 (2), 501–510. doi: 10.1016/j.camwa.2011.08.020
  22. Gao, P., Wang, M., Chow, J. H., Ghiocel, S. G., Fardanesh, B., Stefopoulos, G., Razanousky, M. P. (2016). Identification of Successive “Unobservable” Cyber Data Attacks in Power Systems Through Matrix Decomposition. IEEE Transactions on Signal Processing, 64 (21), 5557–5570. doi: 10.1109/tsp.2016.2597131
  23. Lakhno, V., Kazmirchuk, S., Kovalenko, Y., Myrutenko, L., Zhmurko, T. (2016). Design of adaptive system of detection of cyber-attacks, based on the model of logical procedures and the coverage matrices of features. Eastern-European Journal of Enterprise Technologies, 3 (9 (81)), 30–38. doi: 10.15587/1729-4061.2016.71769
  24. Dovbysh, A. S., Velikodnyi, D. V., Simonovski, J. V. (2015). Optimization of the parameters of learning intellectual system of human signature verification. Radioelectronic and computer systems, 2, 44–49.
  25. Akhmetov, B., Lakhno, V., Boiko, Y., Mishchenko, A. (2017). Designing a decision support system for the weakly formalized problems in the provision of cybersecurity. Eastern-European Journal of Enterprise Technologies, 1 (2 (85)), 4–15. doi: 10.15587/1729-4061.2017.90506
  26. Callegari, C., Gazzarrini, L., Giordano, S., Pagano, M., Pepe, T. (2012). Improving PCA-based anomaly detection by using multiple time scale analysis and Kullback-Leibler divergence. International Journal of Communication Systems, 27 (10), 1731–1751. doi: 10.1002/dac.2432
  27. Chinh, H. N., Hanh, T., Thuc, N. D. (2013). Fast Detection of Ddos Attacks Using Non-Adaptive Group Testing. International Journal of Network Security & Its Applications, 5 (5), 63–71. doi: 10.5121/ijnsa.2013.5505

Downloads

Published

2017-06-15

How to Cite

Lakhno, V., Malyukov, V., Domrachev, V., Stepanenko, O., & Kramarov, O. (2017). Development of a system for the detection of cyber attacks based on the clustering and formation of reference deviations of attributes. Eastern-European Journal of Enterprise Technologies, 3(9 (87), 43–52. https://doi.org/10.15587/1729-4061.2017.102225

Issue

Vol. 3 No. 9 (87) (2017): Information and controlling system

Section

Information and controlling system

License

Copyright (c) 2017 Valeriy Lakhno, Volodimir Malyukov, Volodymyr Domrachev, Olga Stepanenko, Oleksandr Kramarov

Creative Commons License

This work is licensed under a Creative Commons Attribution 4.0 International License.

The consolidation and conditions for the transfer of copyright (identification of authorship) is carried out in the License Agreement. In particular, the authors reserve the right to the authorship of their manuscript and transfer the first publication of this work to the journal under the terms of the Creative Commons CC BY license. At the same time, they have the right to conclude on their own additional agreements concerning the non-exclusive distribution of the work in the form in which it was published by this journal, but provided that the link to the first publication of the article in this journal is preserved.

A license agreement is a document in which the author warrants that he/she owns all copyright for the work (manuscript, article, etc.).
The authors, signing the License Agreement with TECHNOLOGY CENTER PC, have all rights to the further use of their work, provided that they link to our edition in which the work was published.
According to the terms of the License Agreement, the Publisher TECHNOLOGY CENTER PC does not take away your copyrights and receives permission from the authors to use and dissemination of the publication through the world's scientific resources (own electronic resources, scientometric databases, repositories, libraries, etc.).
In the absence of a signed License Agreement or in the absence of this agreement of identifiers allowing to identify the identity of the author, the editors have no right to work with the manuscript.
It is important to remember that there is another type of agreement between authors and publishers – when copyright is transferred from the authors to the publisher. In this case, the authors lose ownership of their work and may not use it in any way.