A model developed for teaching an adaptive system of recognising cyberattacks among non-uniform queries in information systems

Authors

DOI:

https://doi.org/10.15587/1729-4061.2016.73315

Keywords:

recognition of cyberattacks, intelligent systems, cyberattack pattern, non-uniform/heterogeneous flows of queries

Abstract

The study presents results aimed at further development of models for intelligent and self-educational systems of recognising abnormalities and cyberattacks in mission-critical information systems (MCIS). It has been proven that the existing systems of cyberdefence still significantly rely on using models and algorithms of recognising cyberattacks, which allow taking into account information about the structure of incoming streams or the attackers’ change of the intensity of queries, the speed of the attack, and the duration of the impulse.

A mathematical model has been suggested for the system module of intelligent identification of cyberattacks in heterogeneous flows of queries and network forms of cyberattacks. The model recognises heterogeneous incoming flows of queries and any possible change in the query intensity and other parameters of a targeted cyberattack aimed at a MCIS.

Simulation models, which had been created in MATLAB and Simulink, were used to research the dynamics of changes in the states of the subsystem of blocking queries in the process of detecting cyberattacks in a MCIS. The probability of solving the problem of recognising cyberattacks in heterogeneous flows of queries and network forms of cyberattacks is 85–98 %, depending on the type of the cyberattack. The results of the modelling allow selection of ways to counter and neutralize the effects of the impact of such targeted attacks and help analyse more sophisticated cyberattacks.

The suggested model of recognising complex cyberattacks if attackers use non-uniform flows of queries is more accurate, by 5–7 %, than the other existing models.

The developed simulation models enable a 25–30 % decrease in the setup time for projects of cyberdefence systems, including SIRCA for CIS or MCIS.

Author Biographies

Valeriy Lakhno, European University Academician Vernadskiy blvd., 16B, Kyiv, Ukraine, 03115

Doctor of Technical Sciences, Associate professor

Department of Managing Information Security

Hennadii Mohylnyi, Luhansk Taras Shevchenko National University Gogol sq., 1, Starobilsk, Ukraine, 92703

PhD, Associate professor

Department of Information Technologies and Systems

Volodymyr Donchenko, Luhansk Taras Shevchenko National University Gogol Square, 1, Starobilsk, Ukraine, 92703

Assistant

Department of Information Technologies and Systems

Olha Smahina, Luhansk Taras Shevchenko National University Gogol sq., 1 Starobilsk, Ukraine, 92703

Candidate of Pedagogic Sciences, Senior Lecturer

Department of Information Technologies and Systems

Mykola Pyroh, European University Academician Vernadskiy blvd., 16B, Kyiv, Ukraine, 03115

Lecturer

Department of Information Systems and Mathematical Sciences

References

  1. Yu, S., Tian, Y., Guo, S., Wu, D. O. (2014). Can We Beat DDoS Attacks in Clouds? IEEE Transactions on Parallel and Distributed Systems, 25 (9), 2245–2254. doi: 10.1109/tpds.2013.181
  2. Peng, T., Leckie, C., Ramamohanarao, K. (2007). Survey of network-based defense mechanisms countering the DoS and DDoS problems. ACM Computing Surveys, 39 (1), 1–3. doi: 10.1145/1216370.1216373
  3. Bogdanoski, M., Shuminoski, T., Risteski, A. (2013). Analysis of the SYN Flood DoS Attack. International Journal of Computer Network and Information Security, 5 (8), 11–15. doi: 10.5815/ijcnis.2013.08.01
  4. Logota, E., Mantas, G., Rodriguez, J., Marques, H. (2015). Analysis of the Impact of Denial of Service Attacks on Centralized Control in Smart Cities. Lecture Notes of the Institute for Computer Sciences, Social Informatics and Telecommunications Engineering, 91–96. doi: 10.1007/978-3-319-18802-7_13
  5. Zargar, S. T., Joshi, J., Tipper, D. (2013). A Survey of Defense Mechanisms Against Distributed Denial of Service (DDoS) Flooding Attacks. IEEE Communications Surveys & Tutorials, 15 (4), 2046–2069. doi: 10.1109/surv.2013.031413.00127
  6. Ciancamerla, E., Minichino, M., Palmieri, S. (2013). Modeling cyber attacks on a critical infrastructure scenario. Information, Intelligence, Systems and Applications (IISA), Fourth International Conference, 1–6. doi: 10.1109/iisa.2013.6623699
  7. Rinaldi, S. M., Peerenboom, J. P., Kelly, T. K. (2001). Identifying, understanding, and analyzing critical infrastructure interdependencies. IEEE Control Systems Magazine, 21 (6), 11–25. doi: 10.1109/37.969131
  8. Ahmed, I., Obermeier, S., Naedele, M., Richard III, G. G. (2012). SCADA Systems: Challenges for Forensic Investigators. Computer, 45 (12), 44–51. doi: 10.1109/mc.2012.325
  9. Liu, R., Vellaithurai, C., Biswas, S. S., Gamage, T. T., Srivastava, A. K. (2015). Analyzing the Cyber-Physical Impact of Cyber Events on the Power Grid. IEEE Transactions on Smart Grid, 6 (5), 2444–2453. doi: 10.1109/tsg.2015.2432013
  10. Chen, Q., Abdelwahed, S., Erradi, A. (2014). A Model-Based Validated Autonomic Approach to Self-Protect Computing Systems. IEEE Internet of Things Journal, 1 (5), 446–460. doi: 10.1109/jiot.2014.2349899
  11. Wasicek, A., Derler, P., Lee, E. A. (2014). Aspect-oriented Modeling of Attacks in Automotive Cyber-Physical Systems. Proceedings of the The 51st Annual Design Automation Conference on Design Automation Conference – DAC’14, 1–6. doi: 10.1145/2593069.2593095
  12. Ericsson, G. N. (2010). Cyber Security and Power System Communication – Essential Parts of a Smart Grid Infrastructure. IEEE Transactions on Power Delivery, 25 (3), 1501–1507. doi: 10.1109/tpwrd.2010.2046654
  13. Ilgun, K., Kemmerer, R. A., Porras, P. A. (1995). State transition analysis: a rule-based intrusion detection approach. IEEE Transactions on Software Engineering, 21 (3), 181–199. doi: 10.1109/32.372146
  14. Khan, L., Awad, M., Thuraisingham, B. (2006). A new intrusion detection system using support vector machines and hierarchical clustering. The VLDB Journal, 16 (4), 507–521. doi: 10.1007/s00778-006-0002-5
  15. Al-Jarrah, O., Arafat, A. (2014). Network Intrusion Detection System using attack behavior classification. 2014 5th International Conference on Information and Communication Systems (ICICS), 1–6. doi: 10.1109/iacs.2014.6841978
  16. Selim, S., Hashem, M., Nazmy, T. M. (2010). Intrusion Detection using Multi-Stage Neural Network, International Journal of Computer Science and Information Security (IJCSIS), 8 (4), 14–20.
  17. Pawar, S. N. (2013). Intrusion detection in computer network using genetic algorithm approach: a survey. International Journal of Advances in Engineering Technology, 6 (2), 730–736.
  18. Heckerman, D. (2008). A tutorial on learning with bayesian networks. Innovations in Bayesian Networks. Theory and Applications, 156, 33–82. doi: 10.1007/978-3-540-85066-3_3
  19. Nguyen, K. C., Alpcan, T., Basar, T. (2008). A decentralized Bayesian attack detection algorithm for network security. IFIP – The International Federation for Information Processing, 413–428. doi: 10.1007/978-0-387-09699-5_27
  20. Vrakopoulou, M., Esfahani, P. M., Margellos, K., Lygeros, J., Andersson, G. (2015). Cyber-Attacks in the Automatic Generation Control. Power Systems, 303–328. doi: 10.1007/978-3-662-45928-7_11
  21. Lecchini-Visintini, A., Lygeros, J., Maciejowski, J. M. (2010). Stochastic Optimization on Continuous Domains With Finite-Time Guarantees by Markov Chain Monte Carlo Methods. IEEE Transactions on Automatic Control, 55 (12), 2858–2863. doi: 10.1109/tac.2010.2078170
  22. Befekadu, G. K., Gupta, V., Antsaklis, P. J. (2015). Risk-Sensitive Control Under Markov Modulated Denial-of-Service (DoS) Attack Strategies. IEEE Transactions on Automatic Control, 60 (12), 3299–3304. doi: 10.1109/tac.2015.2416926
  23. Subil, A., Suku Nair, N. (2014). Cyber Security Analytics: A Stochastic Model for Security Quantification Using Absorbing Markov Chains, Journal of Communications, 9 (12), 899–907. doi: 10.12720/jcm.9.12.899-907
  24. Esmalifalak, M., Shi, G., Han, Z., Song, L. (2013). Bad Data Injection Attack and Defense in Electricity Market Using Game Theory Study. IEEE Transactions on Smart Grid, 4 (1), 160–169. doi: 10.1109/tsg.2012.2224391
  25. Lakhno, V., Hrabariev, A. (2016). Improving the transport cyber security under destructive impacts on information and communication systems, Eastern-European Journal of Enterprise Technologies, 1 (3(79)), 4–11. doi: 10.15587/1729-4061.2016.60711
  26. Lakhno, V. (2016). Creation of the adaptive cyber threat detection system on the basis of fuzzy feature clustering, EasternEuropean Journal of Enterprise Technologies, 2 (9(80)), 18–25. doi: 10.15587/1729-4061.2016.66015

Downloads

Published

2016-08-31

How to Cite

Lakhno, V., Mohylnyi, H., Donchenko, V., Smahina, O., & Pyroh, M. (2016). A model developed for teaching an adaptive system of recognising cyberattacks among non-uniform queries in information systems. Eastern-European Journal of Enterprise Technologies, 4(9(82), 27–36. https://doi.org/10.15587/1729-4061.2016.73315

Issue

Vol. 4 No. 9(82) (2016): Information and controlling system

Section

Information and controlling system

License

Copyright (c) 2016 Valeriy Lakhno, Hennadii Mohylnyi, Volodymyr Donchenko, Olha Smahina, Mykola Pyroh

Creative Commons License

This work is licensed under a Creative Commons Attribution 4.0 International License.

The consolidation and conditions for the transfer of copyright (identification of authorship) is carried out in the License Agreement. In particular, the authors reserve the right to the authorship of their manuscript and transfer the first publication of this work to the journal under the terms of the Creative Commons CC BY license. At the same time, they have the right to conclude on their own additional agreements concerning the non-exclusive distribution of the work in the form in which it was published by this journal, but provided that the link to the first publication of the article in this journal is preserved.

A license agreement is a document in which the author warrants that he/she owns all copyright for the work (manuscript, article, etc.).
The authors, signing the License Agreement with TECHNOLOGY CENTER PC, have all rights to the further use of their work, provided that they link to our edition in which the work was published.
According to the terms of the License Agreement, the Publisher TECHNOLOGY CENTER PC does not take away your copyrights and receives permission from the authors to use and dissemination of the publication through the world's scientific resources (own electronic resources, scientometric databases, repositories, libraries, etc.).
In the absence of a signed License Agreement or in the absence of this agreement of identifiers allowing to identify the identity of the author, the editors have no right to work with the manuscript.
It is important to remember that there is another type of agreement between authors and publishers – when copyright is transferred from the authors to the publisher. In this case, the authors lose ownership of their work and may not use it in any way.