Design of adaptive system of detection of cyber-attacks, based on the model of logical procedures and the coverage matrices of features
Keywords:adaptive system of detection of cyber threats, features of a cyber- attack, logical procedures, elementary classifier
The results of the research aimed at the further development of detection models of cyber threats, as well as of common classes of anomalies and cyber-attacks in mission critical computer systems (MCCS) are presented.
It is shown that one of the promising directions of synthesis of adaptive systems of detection and prevention of cyber-attacks is the application of models of logical procedures of detection, based on the coverage matrices of features of anomalies, threats and cyber-attacks within the known and new classes of the MCCS intrusions. The model of detection of cyber-attacks, anomalies and threats to MCCS was designed, which is based on the application of learning samples in the form of matrices of features and elementary classifiers for each of the modeled classes.
The studies on minimization of the number of training samples, represented in a binary form of discerning features were carried out. The program "Threat Analyzer” was developed which allows automatic generation of dimensions of training matrix of features of anomalies, cyber threats, or cyber-attacks, without requiring the participation of experts.
It is shown that for the object detection within known classes of cyber threats, attacks, anomalies, the usage in the training matrices of representative sets of 3-4 features long allows maximizing the effectiveness of the algorithm, reaching up to 98 %.
Jyothsna, V., V. Rama Prasad, V., Munivara Prasad, K. (2011). A Review of Anomaly based Intrusion Detection Systems. International Journal of Computer Applications, 28 (7), 26–35. doi: 10.5120/3399-4730
Baddar, S. A.-H., Merlo, A., Migliardi, M. (2014). Anomaly detection in computer networks: a state-of-the-art review. Journal of Wireless Mobile Networks, Ubiquitous Computing, and Dependable Applications, 5 (4), 29–64.
Gyanchandani, M., Rana, J. L., Yadav, R. N. (2012). Taxonomy of anomaly based intrusion detection system: a review. International Journal of Scientific and Research Publications, 2 (12), 1–13.
Vinchurkar, D. P., Reshamwala, A. (2012). A review of intrusion detection system using neural network and machine learning technique. International Journal of Engineering Science and Innovative Technology (IJESIT), 1 (2), 54–63.
Tsai, C.-F., Hsu, Y.-F., Lin, C.-Y., Lin, W.-Y. (2009). Intrusion detection by machine learning: A review. Expert Systems with Applications, 36 (10), 11994–12000. doi: 10.1016/j.eswa.2009.05.029
Omar, S., Ngadi, A., H. Jebur, H. (2013). Machine Learning Techniques for Anomaly Detection: An Overview. International Journal of Computer Applications, 79 (2), 33–41. doi: 10.5120/13715-1478
Riadi, I., Istiyanto, J. E., Ashari, A., Subanar (2013). Log Analysis Techniques using Clustering in Network Forensics. International Journal of Computer Science and Information Security, 10 (7), 23.
Ranjan, R., Sahoo, G. (2014). A New Clutering Approach for Anomaly Intrusion Detection. International Journal of Data Mining & Knowledge Management Process, 4 (2), 29–38. doi: 10.5121/ijdkp.2014.4203
Guan, Y., Ghorbani, A. A., Belacel, N. (2003). Y-means: a clustering method for intrusion detection. CCECE 2003 – Canadian Conference on Electrical and Computer Engineering. Toward a Caring and Humane Technology (Cat. No.03CH37436), 2, 1083–1086. doi: 10.1109/ccece.2003.1226084
Li, W., Yi, P., Wu, Y., Pan, L., Li, J. (2014). A New Intrusion Detection System Based on KNN Classification Algorithm in Wireless Sensor Network. Journal of Electrical and Computer Engineering, 2014, 1–8. doi: 10.1155/2014/240217
Ilgun, K., Kemmerer, R. A., Porras, P. A. (1995). State transition analysis: a rule-based intrusion detection approach. IEEE Transactions on Software Engineering, 21 (3), 181–199. doi: 10.1109/32.372146
Khan, L., Awad, M., Thuraisingham, B. (2006). A new intrusion detection system using support vector machines and hierarchical clustering. The VLDB Journal, 16 (4), 507–521. doi: 10.1007/s00778-006-0002-5
Wu, S. X., Banzhaf, W. (2010). The use of computational intelligence in intrusion detection systems: A review. Applied Soft Computing, 10 (1), 1–35. doi: 10.1016/j.asoc.2009.06.019
Kabiri, P., Ghorbani, A. A. (2005). Research on intrusion detection and response: a survey. International Journal of Network Security, 1 (2), 84–102.
Ameziane El Hassani, A., Abou El Kalam, A., Bouhoula, A., Abassi, R., Ait Ouahman, A. (2014). Integrity-OrBAC: a new model to preserve Critical Infrastructures integrity. International Journal of Information Security, 14 (4), 367–385. doi: 10.1007/s10207-014-0254-9
Al-Jarrah, O., Arafat, A. (2014). Network Intrusion Detection System using attack behavior classification. 2014 5th International Conference on Information and Communication Systems (ICICS), 1–14. doi: 10.1109/iacs.2014.6841978
Selim, S., Hashem, M., Nazmy, T. M. (2010). Detection using multi-stage neural network. International Journal of Computer Science and Information Security (IJCSIS), 8 (4), 14–20.
Pawar, S. N. (2013). Intrusion detection in computer network using genetic algorithm approach: a survey. International Journal of Advances in Engineering Technology, 6 (2), 730–736.
Zhou, Y. (2009). Hybrid Model Based on Artificial Immune System and PCA Neural Networks for Intrusion Detection. Asia-Pacific Conference on Information Processing, 1, 21–24. doi: 10.1109/apcip.2009.13
Komar, M., Golovko, V., Sachenko, A., Bezobrazov, S. (2013). Development of neural network immune detectors for computer attacks recognition and classification. 2013 IEEE 7th International Conference on Intelligent Data Acquisition and Advanced Computing Systems (IDAACS), 2, 665–668. doi: 10.1109/idaacs.2013.6663008
Heckerman, D. (2008). A tutorial on learning with bayesian networks. Innovations in Bayesian Networks: Theory and Applications, 156, 33–82.
Mukkamala, S., Sung, A. H., Abraham, A., Ramos, V. (2006). Intrusion Detection Systems Using Adaptive Regression Spines. Enterprise Information Systems VI, 211–218. doi: 10.1007/1-4020-3675-2_25
Zhan, Z., Xu, M., Xu, S. (2013). Characterizing Honeypot-Captured Cyber Attacks: Statistical Framework and Case Study. IEEE Transactions on Information Forensics and Security, 8 (11), 1775–1789. doi: 10.1109/tifs.2013.2279800
Raiyn, J. (2014). A survey of Cyber Attack Detection Strategies. International Journal of Security and Its Applications, 8 (1), 247–256. doi: 10.14257/ijsia.2014.8.1.23
Jasiul, B., Szpyrka, M., liwa, J. (2014). Detection and Modeling of Cyber Attacks with Petri Nets. Entropy, 16 (12), 6602–6623. doi: 10.3390/e16126602
Peddabachigari, S., Abraham, A., Grosan, C., Thomas, J. (2007). Modeling intrusion detection system using hybrid intelligent systems. Journal of Network and Computer Applications, 30 (1), 114–132. doi: 10.1016/j.jnca.2005.06.003
Lahno, V. (2014). Information security of critical application data processing systems. ТЕKA. Commission of motorization and energetics in agriculture, 14 (1), 134–143.
Rid, T., Buchanan, B. (2014). Attributing Cyber Attacks. Journal of Strategic Studies, 38 (1-2), 4–37. doi: 10.1080/01402390.2014.977382
Guitton, C., Korzak, E. (2013). The Sophistication Criterion for Attribution. The RUSI Journal, 158 (4), 62–68. doi: 10.1080/03071847.2013.826509
How to Cite
Copyright (c) 2016 Валерій Анатолійович Лахно, Svitlana Kazmirchuk, Yulia Kovalenko, Larisa Myrutenko, Tetyana Zhmurko
This work is licensed under a Creative Commons Attribution 4.0 International License.
Our journal abides by the Creative Commons CC BY copyright rights and permissions for open access journals.
Authors, who are published in this journal, agree to the following conditions:
1. The authors reserve the right to authorship of the work and pass the first publication right of this work to the journal under the terms of a Creative Commons CC BY , which allows others to freely distribute the published research with the obligatory reference to the authors of the original work and the first publication of the work in this journal.
2. The authors have the right to conclude separate supplement agreements that relate to non-exclusive work distribution in the form in which it has been published by the journal (for example, to upload the work to the online storage of the journal or publish it as part of a monograph), provided that the reference to the first publication of the work in this journal is included.