# Devising a procedure for defining the general criteria of abnormal behavior of a computer system based on the improved criterion of uniformity of input data samples

## Authors

• Serhii Semenov Simon Kuznets Kharkiv National University of Economics, Ukraine
• Oleksandr Mozhaiev Kharkiv National University of Internal Affairs, Ukraine
• Nina Kuchuk National Technical University «Kharkiv Polytechnic Institute», Ukraine
• Mykhailo Mozhaiev Scientific Research Centre for Forensic on Intellectual Property of the Ministry of Justice of Ukraine, Ukraine
• Serhii Tiulieniev Scientific Research Centre for Forensic on Intellectual Property of the Ministry of Justice of Ukraine, Ukraine
• Yurii Gnusov Kharkiv National University of Internal Affairs, Ukraine
• Dmytro Yevstrat Simon Kuznets Kharkiv National University of Economics, Ukraine
• Yuliia Chyrva Simon Kuznets Kharkiv National University of Economics, Ukraine
• Heorhii Kuchuk National Technical University «Kharkiv Polytechnic Institute», Ukraine

## Keywords:

computer system, network activity, anomaly criterion, vector statistics, homogeneous sample

## Abstract

The object of this study was the process of detecting anomalies in computer systems. The task to timely detect anomalies in computer systems was solved, based on a mathematical model underlying which is the criteria for uniformity of samples of input data. The necessity and possibility to devise a universal and at the same time scientifically based approach to tracking the states of the system were determined. Therefore, the purpose of this work was to develop a methodology for determining the general criterion of anomaly in the behavior of a computer system depending on the input data. This will increase the reliability of identifying the anomaly in the behavior of the system, which, in turn, should increase its safety. To solve the problem, a mathematical model for detecting anomalies in the behavior of a computer system has been built. The mathematical model differs from the well-known ones in the possibility of isolating a series of observations, the results of which show the anomaly in the behavior of the computer system. This made it possible to ensure the necessary level of reliability of the results of monitoring and research. In the process of modeling, the criteria for uniformity of samples of input data have been investigated and improved. The expediency of using the improved criterion of uniformity of samples of input data in the case of a significantly unequal distribution of values from the sensors of computer systems has been proved. An algorithm for the functioning of the software test tool has been developed. The results of the study showed that the confidence probability that the value of the statistical values of the shift in a certain criterion does not deviate from the mathematical expectation by more than 0.05 is approximately equal to 0.94. The scope of the obtained results is systems for detecting anomalies of computer systems. A necessary condition for the use of the proposed results is the presence of a series of observations of the state of the computer system

## Author Biographies

### Serhii Semenov, Simon Kuznets Kharkiv National University of Economics

Doctor of Technical Sciences, Professor

Department of "Cyber Security and Information Technologies"

### Oleksandr Mozhaiev, Kharkiv National University of Internal Affairs

Doctor of Technical Sciences, Professor

Department of "Cyber Security and DATA Technologies"

### Nina Kuchuk, National Technical University «Kharkiv Polytechnic Institute»

Doctor of Technical Sciences, Professor

Department of "Computer engineering and programming"

### Mykhailo Mozhaiev, Scientific Research Centre for Forensic on Intellectual Property of the Ministry of Justice of Ukraine

Doctor of Technical Sciences, Head of Laboratory

Laboratory of Copyright and Information Technologies

PhD, Director

### Yurii Gnusov, Kharkiv National University of Internal Affairs

PhD, Associate Professor

Department of "Cyber Security and DATA Technologies"

### Dmytro Yevstrat, Simon Kuznets Kharkiv National University of Economics

PhD, Associate Professor

Department of Information Systems

### Yuliia Chyrva, Simon Kuznets Kharkiv National University of Economics

PhD, Associate Professor

Department of Information Systems

### Heorhii Kuchuk, National Technical University «Kharkiv Polytechnic Institute»

Doctor of Technical Sciences, Professor

Department of "Computer engineering and programming"

## References

1. BasuMallick, C. (2022). 10 Network Behavior Anomaly Detection Tools in 2022. Available at: https://www.spiceworks.com/tech/networking/articles/network-behavior-anomaly-detection-tools/
2. Wang, C., Zhou, H., Hao, Z., Hu, S., Li, J., Zhang, X. et al. (2022). Network traffic analysis over clustering-based collective anomaly detection. Computer Networks, 205, 108760. doi: https://doi.org/10.1016/j.comnet.2022.108760
3. Ayensa-Jiménez, J., Pérez-Aliacar, M., Randelovic, T., Oliván, S., Fernández, L., Sanz-Herrera, J. A. et al. (2020). Mathematical formulation and parametric analysis of in vitro cell models in microfluidic devices: application to different stages of glioblastoma evolution. Scientific Reports, 10 (1). doi: https://doi.org/10.1038/s41598-020-78215-3
4. Meleshko, Y., Drieiev, O., Yakymenko, M., Lysytsia, D. (2020). Developing a model of the dynamics of states of a recommendation system under conditions of profile injection attacks. Eastern-European Journal of Enterprise Technologies, 4 (2 (106)), 14–24. doi: https://doi.org/10.15587/1729-4061.2020.209047
5. Bannai, E., Bannai, E., Ito, T., Rie, T. (2021). 6 P- and Q-polynomial schemes. Algebraic Combinatorics, Berlin, Boston: De Gruyter, 241–398. doi: https://doi.org/10.1515/9783110630251-006
6. Semenov, S., Davydov, V., Lipchanska, O., Lipchanskyi, M. (2020). Development of unified mathematical model of programming modules obfuscation process based on graphic evaluation and review method. Eastern-European Journal of Enterprise Technologies, 3 (2 (105)), 6–16. doi: https://doi.org/10.15587/1729-4061.2020.206232
7. Meleshko, Y., Raskin, L., Semenov, S., Sira, O. (2019). Methodology of probabilistic analysis of state dynamics of multi­dimensional semi­Markov dynamic systems. Eastern-European Journal of Enterprise Technologies, 6 (4 (102)), 6–13. doi: https://doi.org/10.15587/1729-4061.2019.184637
8. Kovalenko, A., Kuchuk, H. (2022). Methods to Manage Data in Self-healing Systems. Studies in Systems, Decision and Control. Cham: Springer, 113–171. doi: https://doi.org/10.1007/978-3-030-96546-4_3
9. Rempała, G., Wesołowski, J. (2023). Poisson limit theorems for the Cressie-Read statistics. Journal of Statistical Planning and Inference, 223, 15–32. doi: https://doi.org/10.1016/j.jspi.2022.07.004
10. Escalante, J. M., Skipetrov, S. E. (2018). Level spacing statistics for light in two-dimensional disordered photonic crystals. Scientific Reports, 8 (1). doi: https://doi.org/10.1038/s41598-018-29996-1
11. Tung, D. D., Rao Jammalamadaka, S. (2012). U-Statistics based on spacings. Journal of Statistical Planning and Inference, 142 (3), 673–684. doi: https://doi.org/10.1016/j.jspi.2011.09.007
12. Raskin, L., Sukhomlyn, L., Sagaidachny, D., Korsun, R. (2021). Analysis of multi-threaded markov systems. Advanced Information Systems, 5 (4), 70–78. doi: https://doi.org/10.20998/2522-9052.2021.4.11
13. Oleksenko, O., Khudov, H., Petrenko, K., Horobets, Y., Kolianda, V., Kuchuk, N. et al. (2021). The Development of the Method of Radar Observation System Construction of the Airspace on the Basis of Genetic Algorithm. International Journal of Emerging Technology and Advanced Engineering, 11 (8), 23–30. doi: https://doi.org/10.46338/ijetae0821_04
14. Semenov, S., Sira, O., Gavrylenko, S., Kuchuk, N. (2019). Identification of the state of an object under conditions of fuzzy input data. Eastern-European Journal of Enterprise Technologies, 1 (4 (97), 22–30. doi: https://doi.org/10.15587/1729-4061.2019.157085
15. Kovalenko, A., Kuchuk, H., Kuchuk, N., Kostolny, J. (2021). Horizontal scaling method for a hyperconverged network. 2021 International Conference on Information and Digital Technologies (IDT), 331–336. doi: https://doi.org/10.1109/idt52577.2021.9497534
16. Yaloveha, V., Hlavcheva, D., Podorozhniak, A., Kuchuk, H. (2019). Fire Hazard Research of Forest Areas based on the use of Convolutional and Capsule Neural Networks. 2019 IEEE 2nd Ukraine Conference on Electrical and Computer Engineering (UKRCON). doi: https://doi.org/10.1109/ukrcon.2019.8879867
17. Al-Anzi, F. S., Lababidi, H. M. S., Al-Sharrah, G., Al-Radwan, S. A., Seo, H. J. (2022). Plant health index as an anomaly detection tool for oil refinery processes. Scientific Reports, 12 (1). doi: https://doi.org/10.1038/s41598-022-18824-2
18. Sohn, H., Czarnecki, J. A.,Farrar, C. R. (2000). Structural Health Monitoring Using Statistical Process Control. Journal of Structural Engineering, 126 (11), 1356–1363. doi: https://doi.org/10.1061/(asce)0733-9445(2000)126:11(1356)
19. Lu, Y., Wang, T., Liu, T. (2020). Bayesian Network-Based Risk Analysis of Chemical Plant Explosion Accidents. International Journal of Environmental Research and Public Health, 17 (15). doi: https://doi.org/10.3390/ijerph17155364
20. An, S. H., Heo, G., Chang, S. H. (2011). Detection of process anomalies using an improved statistical learning framework. Expert Systems with Applications, 38 (3), 1356–1363. doi: https://doi.org/10.1016/j.eswa.2010.07.031
21. Pratama, A., Rafrastara, F. A. (2012). Computer Worm Classification. International Journal of Computer Science and Information Security, 10, 21–24. Available at: https://www.researchgate.net/publication/299580232_Computer_Worm_Classification
22. Raskin, L., Ivanchikhin, Y., Sukhomlyn, L., Sviatkin, I., Korsun, R. (2022). Evaluation model of the recovery processes of non-markovian systems, considering the elements unreliability under arbitrary distribution laws. Advanced Information Systems, 6 (3), 28–35. doi: https://doi.org/10.20998/2522-9052.2022.3.04
23. Joseph, U. M., Jacob, M. (2022). Real time detection of Phishing attacks in edge devices using LSTM networks. AIP Conference Proceedings. https://doi.org/10.1063/5.0103355
24. Mozhaev, O., Kuchuk, H., Kuchuk, N., Mozhaev, M., Lohvynenko, M. (2017). Multiservice network security metric. 2017 2nd International Conference on Advanced Information and Communication Technologies (AICT), 133–136. doi: https://doi.org/10.1109/aiact.2017.8020083
25. Guevara López, P., Delgado Reyes, G., Audelo González, J., Valdez Martínez, J., Perez Meana, H. (2015). Basic definitions for discrete modeling of computer worms epidemics. Ingeniería e Investigación, 35 (1), 79–85. doi: https://doi.org/10.15446/ing.investig.v35n1.44323

2022-12-30

## How to Cite

Semenov, S., Mozhaiev, O., Kuchuk, N., Mozhaiev, M., Tiulieniev, S., Gnusov, Y., Yevstrat, D., Chyrva, Y., & Kuchuk, H. (2022). Devising a procedure for defining the general criteria of abnormal behavior of a computer system based on the improved criterion of uniformity of input data samples. Eastern-European Journal of Enterprise Technologies, 6(4 (120), 40–49. https://doi.org/10.15587/1729-4061.2022.269128

## Section

Mathematics and Cybernetics - applied aspects