Design of adaptive system of detection of cyber-attacks, based on the model of logical procedures and the coverage matrices of features

Authors

DOI:

https://doi.org/10.15587/1729-4061.2016.71769

Keywords:

adaptive system of detection of cyber threats, features of a cyber- attack, logical procedures, elementary classifier

Abstract

The results of the research aimed at the further development of detection models of cyber threats, as well as of common classes of anomalies and cyber-attacks in mission critical computer systems (MCCS) are presented.

It is shown that one of the promising directions of synthesis of adaptive systems of detection and prevention of cyber-attacks is the application of models of logical procedures of detection, based on the coverage matrices of features of anomalies, threats and cyber-attacks within the known and new classes of the MCCS intrusions.    The model of detection of cyber-attacks, anomalies and threats to MCCS was designed, which is based on the application of learning samples in the form of matrices of features and elementary classifiers for each of the modeled classes.

The studies on minimization of the number of training samples, represented in a binary form of discerning features were carried out. The program "Threat Analyzer” was developed which allows automatic generation of dimensions of training matrix of features of anomalies, cyber threats, or cyber-attacks, without requiring the participation of experts.

It is shown that for the object detection within known classes of cyber threats, attacks, anomalies, the usage in the training matrices of representative sets of 3-4 features long allows maximizing the effectiveness of the algorithm, reaching up to 98 %. 

Author Biographies

Valeriy Lakhno, European University 16B Academician Vernadskiy Blvd., Kyiv, Ukraine, 03115

Doctor of Technical Sciences, Associate professor

Department of Managing Information Security

Svitlana Kazmirchuk, National Aviation University Kosmonavta Komarova ave., 1, Kyiv, Ukraine, 03058

PhD, Associate Professor

IT-Security Academic Department

Yulia Kovalenko, National Aviation University Kosmonavta Komarova ave., 1, Kyiv, Ukraine, 03058

Candidate of Pedagogical Sciences, Associate Professor

IT-Security Academic Department

Larisa Myrutenko, European University Academician Vernadskiy blvd., 16B, Kyiv, Ukraine, 03115

Postgraduate student

Department of Information Systems and Mathematical Disciplines

Tetyana Zhmurko, National Aviation University Kosmonavta Komarova ave., 1, Kyiv, Ukraine, 03058

Assistant

IT-Security Academic Department

References

  1. Jyothsna, V., V. Rama Prasad, V., Munivara Prasad, K. (2011). A Review of Anomaly based Intrusion Detection Systems. International Journal of Computer Applications, 28 (7), 26–35. doi: 10.5120/3399-4730
  2. Baddar, S. A.-H., Merlo, A., Migliardi, M. (2014). Anomaly detection in computer networks: a state-of-the-art review. Journal of Wireless Mobile Networks, Ubiquitous Computing, and Dependable Applications, 5 (4), 29–64.
  3. Gyanchandani, M., Rana, J. L., Yadav, R. N. (2012). Taxonomy of anomaly based intrusion detection system: a review. International Journal of Scientific and Research Publications, 2 (12), 1–13.
  4. Vinchurkar, D. P., Reshamwala, A. (2012). A review of intrusion detection system using neural network and machine learning technique. International Journal of Engineering Science and Innovative Technology (IJESIT), 1 (2), 54–63.
  5. Tsai, C.-F., Hsu, Y.-F., Lin, C.-Y., Lin, W.-Y. (2009). Intrusion detection by machine learning: A review. Expert Systems with Applications, 36 (10), 11994–12000. doi: 10.1016/j.eswa.2009.05.029
  6. Omar, S., Ngadi, A., H. Jebur, H. (2013). Machine Learning Techniques for Anomaly Detection: An Overview. International Journal of Computer Applications, 79 (2), 33–41. doi: 10.5120/13715-1478
  7. Riadi, I., Istiyanto, J. E., Ashari, A., Subanar (2013). Log Analysis Techniques using Clustering in Network Forensics. International Journal of Computer Science and Information Security, 10 (7), 23.
  8. Ranjan, R., Sahoo, G. (2014). A New Clutering Approach for Anomaly Intrusion Detection. International Journal of Data Mining & Knowledge Management Process, 4 (2), 29–38. doi: 10.5121/ijdkp.2014.4203
  9. Guan, Y., Ghorbani, A. A., Belacel, N. (2003). Y-means: a clustering method for intrusion detection. CCECE 2003 – Canadian Conference on Electrical and Computer Engineering. Toward a Caring and Humane Technology (Cat. No.03CH37436), 2, 1083–1086. doi: 10.1109/ccece.2003.1226084
  10. Li, W., Yi, P., Wu, Y., Pan, L., Li, J. (2014). A New Intrusion Detection System Based on KNN Classification Algorithm in Wireless Sensor Network. Journal of Electrical and Computer Engineering, 2014, 1–8. doi: 10.1155/2014/240217
  11. Ilgun, K., Kemmerer, R. A., Porras, P. A. (1995). State transition analysis: a rule-based intrusion detection approach. IEEE Transactions on Software Engineering, 21 (3), 181–199. doi: 10.1109/32.372146
  12. Khan, L., Awad, M., Thuraisingham, B. (2006). A new intrusion detection system using support vector machines and hierarchical clustering. The VLDB Journal, 16 (4), 507–521. doi: 10.1007/s00778-006-0002-5
  13. Wu, S. X., Banzhaf, W. (2010). The use of computational intelligence in intrusion detection systems: A review. Applied Soft Computing, 10 (1), 1–35. doi: 10.1016/j.asoc.2009.06.019
  14. Kabiri, P., Ghorbani, A. A. (2005). Research on intrusion detection and response: a survey. International Journal of Network Security, 1 (2), 84–102.
  15. Ameziane El Hassani, A., Abou El Kalam, A., Bouhoula, A., Abassi, R., Ait Ouahman, A. (2014). Integrity-OrBAC: a new model to preserve Critical Infrastructures integrity. International Journal of Information Security, 14 (4), 367–385. doi: 10.1007/s10207-014-0254-9
  16. Al-Jarrah, O., Arafat, A. (2014). Network Intrusion Detection System using attack behavior classification. 2014 5th International Conference on Information and Communication Systems (ICICS), 1–14. doi: 10.1109/iacs.2014.6841978
  17. Selim, S., Hashem, M., Nazmy, T. M. (2010). Detection using multi-stage neural network. International Journal of Computer Science and Information Security (IJCSIS), 8 (4), 14–20.
  18. Pawar, S. N. (2013). Intrusion detection in computer network using genetic algorithm approach: a survey. International Journal of Advances in Engineering Technology, 6 (2), 730–736.
  19. Zhou, Y. (2009). Hybrid Model Based on Artificial Immune System and PCA Neural Networks for Intrusion Detection. Asia-Pacific Conference on Information Processing, 1, 21–24. doi: 10.1109/apcip.2009.13
  20. Komar, M., Golovko, V., Sachenko, A., Bezobrazov, S. (2013). Development of neural network immune detectors for computer attacks recognition and classification. 2013 IEEE 7th International Conference on Intelligent Data Acquisition and Advanced Computing Systems (IDAACS), 2, 665–668. doi: 10.1109/idaacs.2013.6663008
  21. Heckerman, D. (2008). A tutorial on learning with bayesian networks. Innovations in Bayesian Networks: Theory and Applications, 156, 33–82.
  22. Mukkamala, S., Sung, A. H., Abraham, A., Ramos, V. (2006). Intrusion Detection Systems Using Adaptive Regression Spines. Enterprise Information Systems VI, 211–218. doi: 10.1007/1-4020-3675-2_25
  23. Zhan, Z., Xu, M., Xu, S. (2013). Characterizing Honeypot-Captured Cyber Attacks: Statistical Framework and Case Study. IEEE Transactions on Information Forensics and Security, 8 (11), 1775–1789. doi: 10.1109/tifs.2013.2279800
  24. Raiyn, J. (2014). A survey of Cyber Attack Detection Strategies. International Journal of Security and Its Applications, 8 (1), 247–256. doi: 10.14257/ijsia.2014.8.1.23
  25. Jasiul, B., Szpyrka, M., liwa, J. (2014). Detection and Modeling of Cyber Attacks with Petri Nets. Entropy, 16 (12), 6602–6623. doi: 10.3390/e16126602
  26. Peddabachigari, S., Abraham, A., Grosan, C., Thomas, J. (2007). Modeling intrusion detection system using hybrid intelligent systems. Journal of Network and Computer Applications, 30 (1), 114–132. doi: 10.1016/j.jnca.2005.06.003
  27. Lahno, V. (2014). Information security of critical application data processing systems. ТЕKA. Commission of motorization and energetics in agriculture, 14 (1), 134–143.
  28. Rid, T., Buchanan, B. (2014). Attributing Cyber Attacks. Journal of Strategic Studies, 38 (1-2), 4–37. doi: 10.1080/01402390.2014.977382
  29. Guitton, C., Korzak, E. (2013). The Sophistication Criterion for Attribution. The RUSI Journal, 158 (4), 62–68. doi: 10.1080/03071847.2013.826509

Downloads

Published

2016-06-27

How to Cite

Lakhno, V., Kazmirchuk, S., Kovalenko, Y., Myrutenko, L., & Zhmurko, T. (2016). Design of adaptive system of detection of cyber-attacks, based on the model of logical procedures and the coverage matrices of features. Eastern-European Journal of Enterprise Technologies, 3(9(81), 30–38. https://doi.org/10.15587/1729-4061.2016.71769

Issue

Vol. 3 No. 9(81) (2016): Information and controlling system

Section

Information and controlling system

License

Copyright (c) 2016 Валерій Анатолійович Лахно, Svitlana Kazmirchuk, Yulia Kovalenko, Larisa Myrutenko, Tetyana Zhmurko

Creative Commons License

This work is licensed under a Creative Commons Attribution 4.0 International License.

The consolidation and conditions for the transfer of copyright (identification of authorship) is carried out in the License Agreement. In particular, the authors reserve the right to the authorship of their manuscript and transfer the first publication of this work to the journal under the terms of the Creative Commons CC BY license. At the same time, they have the right to conclude on their own additional agreements concerning the non-exclusive distribution of the work in the form in which it was published by this journal, but provided that the link to the first publication of the article in this journal is preserved.

A license agreement is a document in which the author warrants that he/she owns all copyright for the work (manuscript, article, etc.).
The authors, signing the License Agreement with TECHNOLOGY CENTER PC, have all rights to the further use of their work, provided that they link to our edition in which the work was published.
According to the terms of the License Agreement, the Publisher TECHNOLOGY CENTER PC does not take away your copyrights and receives permission from the authors to use and dissemination of the publication through the world's scientific resources (own electronic resources, scientometric databases, repositories, libraries, etc.).
In the absence of a signed License Agreement or in the absence of this agreement of identifiers allowing to identify the identity of the author, the editors have no right to work with the manuscript.
It is important to remember that there is another type of agreement between authors and publishers – when copyright is transferred from the authors to the publisher. In this case, the authors lose ownership of their work and may not use it in any way.