A model developed for teaching an adaptive system of recognising cyberattacks among non-uniform queries in information systems





recognition of cyberattacks, intelligent systems, cyberattack pattern, non-uniform/heterogeneous flows of queries


The study presents results aimed at further development of models for intelligent and self-educational systems of recognising abnormalities and cyberattacks in mission-critical information systems (MCIS). It has been proven that the existing systems of cyberdefence still significantly rely on using models and algorithms of recognising cyberattacks, which allow taking into account information about the structure of incoming streams or the attackers’ change of the intensity of queries, the speed of the attack, and the duration of the impulse.

A mathematical model has been suggested for the system module of intelligent identification of cyberattacks in heterogeneous flows of queries and network forms of cyberattacks. The model recognises heterogeneous incoming flows of queries and any possible change in the query intensity and other parameters of a targeted cyberattack aimed at a MCIS.

Simulation models, which had been created in MATLAB and Simulink, were used to research the dynamics of changes in the states of the subsystem of blocking queries in the process of detecting cyberattacks in a MCIS. The probability of solving the problem of recognising cyberattacks in heterogeneous flows of queries and network forms of cyberattacks is 85–98 %, depending on the type of the cyberattack. The results of the modelling allow selection of ways to counter and neutralize the effects of the impact of such targeted attacks and help analyse more sophisticated cyberattacks.

The suggested model of recognising complex cyberattacks if attackers use non-uniform flows of queries is more accurate, by 5–7 %, than the other existing models.

The developed simulation models enable a 25–30 % decrease in the setup time for projects of cyberdefence systems, including SIRCA for CIS or MCIS.

Author Biographies

Valeriy Lakhno, European University Academician Vernadskiy blvd., 16B, Kyiv, Ukraine, 03115

Doctor of Technical Sciences, Associate professor

Department of Managing Information Security

Hennadii Mohylnyi, Luhansk Taras Shevchenko National University Gogol sq., 1, Starobilsk, Ukraine, 92703

PhD, Associate professor

Department of Information Technologies and Systems

Volodymyr Donchenko, Luhansk Taras Shevchenko National University Gogol Square, 1, Starobilsk, Ukraine, 92703


Department of Information Technologies and Systems

Olha Smahina, Luhansk Taras Shevchenko National University Gogol sq., 1 Starobilsk, Ukraine, 92703

Candidate of Pedagogic Sciences, Senior Lecturer

Department of Information Technologies and Systems

Mykola Pyroh, European University Academician Vernadskiy blvd., 16B, Kyiv, Ukraine, 03115


Department of Information Systems and Mathematical Sciences


  1. Yu, S., Tian, Y., Guo, S., Wu, D. O. (2014). Can We Beat DDoS Attacks in Clouds? IEEE Transactions on Parallel and Distributed Systems, 25 (9), 2245–2254. doi: 10.1109/tpds.2013.181
  2. Peng, T., Leckie, C., Ramamohanarao, K. (2007). Survey of network-based defense mechanisms countering the DoS and DDoS problems. ACM Computing Surveys, 39 (1), 1–3. doi: 10.1145/1216370.1216373
  3. Bogdanoski, M., Shuminoski, T., Risteski, A. (2013). Analysis of the SYN Flood DoS Attack. International Journal of Computer Network and Information Security, 5 (8), 11–15. doi: 10.5815/ijcnis.2013.08.01
  4. Logota, E., Mantas, G., Rodriguez, J., Marques, H. (2015). Analysis of the Impact of Denial of Service Attacks on Centralized Control in Smart Cities. Lecture Notes of the Institute for Computer Sciences, Social Informatics and Telecommunications Engineering, 91–96. doi: 10.1007/978-3-319-18802-7_13
  5. Zargar, S. T., Joshi, J., Tipper, D. (2013). A Survey of Defense Mechanisms Against Distributed Denial of Service (DDoS) Flooding Attacks. IEEE Communications Surveys & Tutorials, 15 (4), 2046–2069. doi: 10.1109/surv.2013.031413.00127
  6. Ciancamerla, E., Minichino, M., Palmieri, S. (2013). Modeling cyber attacks on a critical infrastructure scenario. Information, Intelligence, Systems and Applications (IISA), Fourth International Conference, 1–6. doi: 10.1109/iisa.2013.6623699
  7. Rinaldi, S. M., Peerenboom, J. P., Kelly, T. K. (2001). Identifying, understanding, and analyzing critical infrastructure interdependencies. IEEE Control Systems Magazine, 21 (6), 11–25. doi: 10.1109/37.969131
  8. Ahmed, I., Obermeier, S., Naedele, M., Richard III, G. G. (2012). SCADA Systems: Challenges for Forensic Investigators. Computer, 45 (12), 44–51. doi: 10.1109/mc.2012.325
  9. Liu, R., Vellaithurai, C., Biswas, S. S., Gamage, T. T., Srivastava, A. K. (2015). Analyzing the Cyber-Physical Impact of Cyber Events on the Power Grid. IEEE Transactions on Smart Grid, 6 (5), 2444–2453. doi: 10.1109/tsg.2015.2432013
  10. Chen, Q., Abdelwahed, S., Erradi, A. (2014). A Model-Based Validated Autonomic Approach to Self-Protect Computing Systems. IEEE Internet of Things Journal, 1 (5), 446–460. doi: 10.1109/jiot.2014.2349899
  11. Wasicek, A., Derler, P., Lee, E. A. (2014). Aspect-oriented Modeling of Attacks in Automotive Cyber-Physical Systems. Proceedings of the The 51st Annual Design Automation Conference on Design Automation Conference – DAC’14, 1–6. doi: 10.1145/2593069.2593095
  12. Ericsson, G. N. (2010). Cyber Security and Power System Communication – Essential Parts of a Smart Grid Infrastructure. IEEE Transactions on Power Delivery, 25 (3), 1501–1507. doi: 10.1109/tpwrd.2010.2046654
  13. Ilgun, K., Kemmerer, R. A., Porras, P. A. (1995). State transition analysis: a rule-based intrusion detection approach. IEEE Transactions on Software Engineering, 21 (3), 181–199. doi: 10.1109/32.372146
  14. Khan, L., Awad, M., Thuraisingham, B. (2006). A new intrusion detection system using support vector machines and hierarchical clustering. The VLDB Journal, 16 (4), 507–521. doi: 10.1007/s00778-006-0002-5
  15. Al-Jarrah, O., Arafat, A. (2014). Network Intrusion Detection System using attack behavior classification. 2014 5th International Conference on Information and Communication Systems (ICICS), 1–6. doi: 10.1109/iacs.2014.6841978
  16. Selim, S., Hashem, M., Nazmy, T. M. (2010). Intrusion Detection using Multi-Stage Neural Network, International Journal of Computer Science and Information Security (IJCSIS), 8 (4), 14–20.
  17. Pawar, S. N. (2013). Intrusion detection in computer network using genetic algorithm approach: a survey. International Journal of Advances in Engineering Technology, 6 (2), 730–736.
  18. Heckerman, D. (2008). A tutorial on learning with bayesian networks. Innovations in Bayesian Networks. Theory and Applications, 156, 33–82. doi: 10.1007/978-3-540-85066-3_3
  19. Nguyen, K. C., Alpcan, T., Basar, T. (2008). A decentralized Bayesian attack detection algorithm for network security. IFIP – The International Federation for Information Processing, 413–428. doi: 10.1007/978-0-387-09699-5_27
  20. Vrakopoulou, M., Esfahani, P. M., Margellos, K., Lygeros, J., Andersson, G. (2015). Cyber-Attacks in the Automatic Generation Control. Power Systems, 303–328. doi: 10.1007/978-3-662-45928-7_11
  21. Lecchini-Visintini, A., Lygeros, J., Maciejowski, J. M. (2010). Stochastic Optimization on Continuous Domains With Finite-Time Guarantees by Markov Chain Monte Carlo Methods. IEEE Transactions on Automatic Control, 55 (12), 2858–2863. doi: 10.1109/tac.2010.2078170
  22. Befekadu, G. K., Gupta, V., Antsaklis, P. J. (2015). Risk-Sensitive Control Under Markov Modulated Denial-of-Service (DoS) Attack Strategies. IEEE Transactions on Automatic Control, 60 (12), 3299–3304. doi: 10.1109/tac.2015.2416926
  23. Subil, A., Suku Nair, N. (2014). Cyber Security Analytics: A Stochastic Model for Security Quantification Using Absorbing Markov Chains, Journal of Communications, 9 (12), 899–907. doi: 10.12720/jcm.9.12.899-907
  24. Esmalifalak, M., Shi, G., Han, Z., Song, L. (2013). Bad Data Injection Attack and Defense in Electricity Market Using Game Theory Study. IEEE Transactions on Smart Grid, 4 (1), 160–169. doi: 10.1109/tsg.2012.2224391
  25. Lakhno, V., Hrabariev, A. (2016). Improving the transport cyber security under destructive impacts on information and communication systems, Eastern-European Journal of Enterprise Technologies, 1 (3(79)), 4–11. doi: 10.15587/1729-4061.2016.60711
  26. Lakhno, V. (2016). Creation of the adaptive cyber threat detection system on the basis of fuzzy feature clustering, EasternEuropean Journal of Enterprise Technologies, 2 (9(80)), 18–25. doi: 10.15587/1729-4061.2016.66015




How to Cite

Lakhno, V., Mohylnyi, H., Donchenko, V., Smahina, O., & Pyroh, M. (2016). A model developed for teaching an adaptive system of recognising cyberattacks among non-uniform queries in information systems. Eastern-European Journal of Enterprise Technologies, 4(9(82), 27–36. https://doi.org/10.15587/1729-4061.2016.73315



Information and controlling system