Creation of the adaptive cyber threat detection system on the basis of fuzzy feature clustering

Authors

DOI:

https://doi.org/10.15587/1729-4061.2016.66015

Keywords:

critical information systems, cyber security, information security, threat detection, anomalies, feature clustering, information-extreme algorithm

Abstract

The results of studies aimed at further development of methods and algorithms for detection of cyber threats and the most common classes of anomalies and cyber attacks in critical information systems (CIS) are presented. The problems of enhancing the CIS resistance in conditions of introduction of new and modernization of existing information and automated control systems, with the increased number of destabilizing effects on the information availability, confidentiality and integrity are considered.

It is shown that the cyber defense of CIS is monitored and analyzed by several parameters of the features of anomalies or cyber attacks. This, in turn, allows carrying out a preliminary information security evaluation via clustering of a feature set of anomalies or attempted cyber attacks.

A categorical model for building the adaptive intelligent cyber threat detection system (ICTDS) is proposed. Using the fuzzy clustering procedure, the training algorithm of ICTDS with the ability of hyper ellipsoidal correction of decision rules is developed. This allows creating adaptive ICTDS self-training mechanisms.

The efficiency of the algorithm of the ICTDS information-extreme training is checked. To evaluate the partitioning quality of the feature space of anomalies, vulnerabilities and cyber attacks, the choice of the rational number of clusters and the fuzziness index of clusters in the feature space is made.

It is proved that the proposed approach allows solving complex problems of the CIS cyber defense control and can be used in the development of software solutions for cyber defense systems.

Author Biography

Valeriy Lakhno, European University 16B Academician Vernadskiy Blvd., Kyiv, Ukraine, 03115

Doctor of Technical Sciences, Associate professor

Department of Managing Information Security

References

  1. Jegede, A. J., Aimufua, G. I. O., Salami, H. O. (2007). Information Security Policy: Relevance, Creation and Enforcement. International Journal of Soft Computing, 2, 408–410.
  2. Abidar, R., Moummadi, K., Moutaouakkil, F., Medromi, H. (2015). Intelligent and Pervasive Supervising Platform for Information System Security Based on Multi-Agent Systems. international review on computers and software, 10 (1), 44. doi: 10.15866/irecos.v10i1.4699
  3. Alcaraz, C., Zeadally, S. (2013). Critical Control System Protection in the 21st Century. Computer, 46 (10), 74–83. doi: 10.1109/mc.2013.69
  4. Ameziane El Hassani, A., Abou El Kalam, A., Bouhoula, A., Abassi, R., Ait Ouahman, A. (2014). Integrity-OrBAC: a new model to preserve Critical Infrastructures integrity. International Journal of Information Security, 14 (4), 367–385. doi: 10.1007/s10207-014-0254-9
  5. Cyber Attacks Statistics (2016). Available at: http://www.hackmageddon.com/2016/01/11/2015-cyber-attacks-statistics/
  6. Dudykevych, V. B., Prokopyshyn, I. A., Chekurin, V. F. (2012). Problemy ocinky efektyvnosti system zakhystu. Visnyk Nacionaljnogho universytetu "Ljvivsjka politekhnika". Ser.: Avtomatyka, vymirjuvannja ta keruvannja, 741, 118–122.
  7. Ghryshhuk, R. V. (2011). Ataky na informaciju v informacijno-komunikacijnykh systemakh. Suchasna specialjna tekhnika, 1 (24), 61–66.
  8. Korchenko, A. A. (2013). Sistema formirovaniya nechetkih etalonov setevyih parametrov. Zahist Informatsiyi, 15 (3), 240–246.
  9. Lahno, V. (2014). Ensuring of information processes’ reliability and security in critical application data processing systems. MEST Journal, 2 (1), 71–79. doi: 10.12709/mest.02.02.01.07
  10. Manap, N., Basir, S., Hussein, S., Tehrani, P., Rouhani, A. (2013). Legal Issues of Data Protection in Cloud Computing. International Journal of Soft Computing, 8, 371–376.
  11. George, J. A., Hemalatha, M. (2015). Improving Authentication and Authorization for Identity Based Cloud Environment Using OAUTH with Fuzzy Based Blowfish Algorithm. IRECOS, 10 (7), 783. doi: 10.15866/irecos.v10i7.7062
  12. Li, H.-H., Wu, C.-L. (2013). Study of Network Access Control System Featuring Collaboratively Interacting Network Security Components. international review on computers and software, 8, 527–532.
  13. Kim, G. Kim, S. (2015). Applying Need Pull and Technology Push Theory to Organizational Information Security Management. International Business Management, 9, 524–531.
  14. Geetha, R., Kannan, E. (2015). Secure Communication Against Framing Attack in Wireless Sensor Network. International Review on Computers and Software, 10 (4), 393. doi: 10.15866/irecos.v10i4.5520
  15. Shamshirband, S., Anuar, N. B., Kiah, M. L. M., Patel, A. (2013). An appraisal and design of a multi-agent system based cooperative wireless intrusion detection computational intelligence technique. Engineering Applications of Artificial Intelligence, 26 (9), 2105–2127. doi: 10.1016/j.engappai.2013.04.010
  16. Miroshnik, M. A. (2015). Rozrobka metodiv otsinki efektivnosti zahistu Informatsiyi v rozpodIlenih komp'yuternih sistemah. Informatsiyno-keruyuchi sistemi na zaliznichnomu transporti: naukovo-tehnichniy zhurnal, 4 (113), 39–43.
  17. Lee, K., Kim, J., Kwon, K. H., Han, Y., Kim, S. (2008). DDoS attack detection method using cluster analysis. Expert Systems with Applications, 34 (3), 1659–1665. doi: 10.1016/j.eswa.2007.01.040
  18. Dilek, S., Cakır, H., Aydın, M. (2015). Applications of Artificial Intelligence Techniques to Combating Cyber Crimes: A Review. International Journal of Artificial Intelligence & Applications, 6 (1), 21–39. doi: 10.5121/ijaia.2015.6102
  19. Patel, A., Taghavi, M., Bakhtiyari, K., Celestino Júnior, J. (2013). An intrusion detection and prevention system in cloud computing: A systematic review. Journal of Network and Computer Applications, 36 (1), 25–41. doi: 10.1016/j.jnca.2012.08.007
  20. Barman, D. K., Khataniar, G. (2012). Design of Intrusion Detection System Based On Artificial Neural Network and Application of Rough Set. International Journal of Computer Science and Communication Networks, 2, 548-552.
  21. Raiyn, J. (2014). A survey of Cyber Attack Detection Strategies. International Journal of Security and Its Applications, 8 (1), 247–256. doi: 10.14257/ijsia.2014.8.1.23
  22. Kotenko, I., Fedorchenko, A., Chechulin, A. (2015). Integrated repository of security information for network security evaluation. Journal of Wireless Mobile Networks, Ubiquitous Computing, and Dependable Applications, 6 (2), 41–57.

Downloads

Published

2016-04-27

How to Cite

Lakhno, V. (2016). Creation of the adaptive cyber threat detection system on the basis of fuzzy feature clustering. Eastern-European Journal of Enterprise Technologies, 2(9(80), 18–25. https://doi.org/10.15587/1729-4061.2016.66015

Issue

Vol. 2 No. 9(80) (2016): Information and controlling system

Section

Information and controlling system

License

Copyright (c) 2016 Valeriy Lakhno

Creative Commons License

This work is licensed under a Creative Commons Attribution 4.0 International License.

The consolidation and conditions for the transfer of copyright (identification of authorship) is carried out in the License Agreement. In particular, the authors reserve the right to the authorship of their manuscript and transfer the first publication of this work to the journal under the terms of the Creative Commons CC BY license. At the same time, they have the right to conclude on their own additional agreements concerning the non-exclusive distribution of the work in the form in which it was published by this journal, but provided that the link to the first publication of the article in this journal is preserved.

A license agreement is a document in which the author warrants that he/she owns all copyright for the work (manuscript, article, etc.).
The authors, signing the License Agreement with TECHNOLOGY CENTER PC, have all rights to the further use of their work, provided that they link to our edition in which the work was published.
According to the terms of the License Agreement, the Publisher TECHNOLOGY CENTER PC does not take away your copyrights and receives permission from the authors to use and dissemination of the publication through the world's scientific resources (own electronic resources, scientometric databases, repositories, libraries, etc.).
In the absence of a signed License Agreement or in the absence of this agreement of identifiers allowing to identify the identity of the author, the editors have no right to work with the manuscript.
It is important to remember that there is another type of agreement between authors and publishers – when copyright is transferred from the authors to the publisher. In this case, the authors lose ownership of their work and may not use it in any way.