Development of adaptive expert system of information security using a procedure of clustering the attributes of anomalies and cyber attacks

Authors

DOI:

https://doi.org/10.15587/1729-4061.2016.85600

Keywords:

recognition of cyber attacks, expert system, clustering of attributes, functional effectiveness

Abstract

The paper presents results of the research aimed at the further development of models for the intelligent systems of recognition of cyber threats, anomalies and cyber attacks.

A structural scheme of adaptive expert system (AES) of information security, capable of self-learning, is proposed, which takes into account potential errors of the third kind, which may arise and accumulate while training a system of intelligent detection of complex targeted cyber attacks and preliminary process of splitting a space of attributes of the objects of recognition. We developed a model for calculating information criterion of functional effectiveness, based on entropic and distance criteria of Kullback-Leibler in the course of clustering the attributes of objects of recognition in computer systems, which allows obtaining input fuzzy classification training matrix. A procedure for the operation of AES as an element of the system for intelligent recognition of cyber threats (SIRCT) was explored in the training mode by a priori classified training matrix that allowed us to build correct decisive rules for the recognition of cyber attacks.

We designed AES "Threat Analyzer" and conducted its test research under conditions of real CoS performance at several enterprises. It was found that the proposed model of AES learning makes it possible to achieve results of the recognition of the standard classes of cyber attacks at the level from 76.5 % to 99.1 %, which is at the level of recognition effectiveness by the best hybrid neural networks and genetic algorithms.

Author Biographies

Valeriy Lakhno, European University Academician Vernadskiy blvd., 16B, Kyiv, Ukraine, 03115

Doctor of Technical Science, Associate Professor

Department of Managing Information Security

Yuliia Tkach, Chernihiv National University of Technology Shevchenka str., 95, Chernihiv, Ukraine, 14027

PhD, Associate Professor

Department of Cybersecurity and Mathematical Simulation

Taras Petrenko, Chernihiv National University of Technology Shevchenka str., 95, Chernihiv, Ukraine, 14027

Senior Lecturer

Department of Cybersecurity and Mathematical Simulation

Sergey Zaitsev, Chernihiv National University of Technology Shevchenka str., 95, Chernihiv, Ukraine, 14027

Doctor of Technical Science, Associate Professor

Department of Information and Computer Systems

Volodymyr Bazylevych, Chernihiv National University of Technology Shevchenka str., 95, Chernihiv, Ukraine, 14027

PhD, Associate Professor

Department of Cybersecurity and Mathematical Simulation

References

  1. Khan, L., Awad, M., Thuraisingham, B. (2006). A new intrusion detection system using support vector machines and hierarchical clustering. The VLDB Journal, 16 (4), 507–521. doi: 10.1007/s00778-006-0002-5
  2. Zhang, Y., Wang, L., Sun, W., Green II, R. C., Alam, M. (2011). Distributed Intrusion Detection System in a Multi-Layer Network Architecture of Smart Grids. IEEE Transactions on Smart Grid, 2 (4), 796–808. doi: 10.1109/tsg.2011.2159818
  3. Valenzuela, J., Wang, J., Bissinger, N. (2013). Real-time intrusion detection in power system operations. IEEE Transactions on Power Systems, 28 (2), 1052–1062. doi: 10.1109/tpwrs.2012.2224144
  4. Al-Jarrah, O., Arafat, A. (2014). Network Intrusion Detection System using attack behavior classification. 2014 5th International Conference on Information and Communication Systems (ICICS), 1–6. doi: 10.1109/iacs.2014.6841978
  5. Selim, S., Hashem, M., Nazmy, T. M. (2010). Detection using multi-stage neural network. International Journal of Computer Science and Information Security (IJCSIS), 8 (4), 14–20.
  6. Shin, J., Son, H., Khalil ur, R., Heo, G. (2015). Development of a cyber security risk model using Bayesian networks. Reliability Engineering & System Safety, 134, 208–217. doi: 10.1016/j.ress.2014.10.006
  7. Pawar, S. N. (2013). Intrusion detection in computer network using genetic algorithm approach: a survey. International Journal of Advances in Engineering Technology, 6 (2), 730–736.
  8. Linda, O., Manic, M., Vollmer, T., Wright, J. (2011). Fuzzy logic based anomaly detection for embedded network security cyber sensor. 2011 IEEE Symposium on Computational Intelligence in Cyber Security (CICS), 202–209. doi: 10.1109/cicybs.2011.5949392
  9. Zhan, Z., Xu, M., Xu, S. (2013). Characterizing Honeypot-Captured Cyber Attacks: Statistical Framework and Case Study. IEEE Transactions on Information Forensics and Security, 8 (11), 1775–1789. doi: 10.1109/tifs.2013.2279800
  10. Lakhno, V. A., Petrov, O. S., Hrabariev, A. V., Ivanchenko, Y. V., Beketova, G. S. (2016). Improving of information transport security under the conditions of destructive influence on the information-communication system. Journal of theoretical and applied information technology, 89 (2), 352–361.
  11. Louvieris, P., Clewley, N., Liu, X. (2013). Effects-based feature identification for network intrusion detection. Neurocomputing, 121, 265–273. doi: 10.1016/j.neucom.2013.04.038
  12. Ye, J. (2014). Single valued neutrosophic cross-entropy for multicriteria decision making problems. Applied Mathematical Modelling, 38 (3), 1170–1175. doi: 10.1016/j.apm.2013.07.020
  13. Xiang, Y., Li, K., Zhou, W. (2011). Low-Rate DDoS Attacks Detection and Traceback by Using New Information Metrics. IEEE Transactions on Information Forensics and Security, 6 (2), 426–437. doi: 10.1109/tifs.2011.2107320
  14. Callegari, C., Gazzarrini, L., Giordano, S., Pagano, M., Pepe, T. (2012). Improving PCA-based anomaly detection by using multiple time scale analysis and Kullback-Leibler divergence. International Journal of Communication Systems, 27 (10), 1731–1751. doi: 10.1002/dac.2432
  15. Ericsson, G. N. (2010). Cyber Security and Power System Communication – Essential Parts of a Smart Grid Infrastructure. IEEE Transactions on Power Delivery, 25 (3), 1501–1507. doi: 10.1109/tpwrd.2010.2046654
  16. Chang, L.-Y., Lee, Z.-J. (2013). Applying fuzzy expert system to information security risk Assessment - A case study on an attendance system. 2013 International Conference on Fuzzy Theory and Its Applications (iFUZZY), 346–351. doi: 10.1109/ifuzzy.2013.6825462
  17. Atymtayeva, L., Kozhakhmet, K., Bortsova, G. (2014). Building a Knowledge Base for Expert System in Information Security. Advances in Intelligent Systems and Computing, 57–76. doi: 10.1007/978-3-319-05515-2_7
  18. Kanatov, M., Atymtayeva, L., Yagaliyeva, B. (2014). Expert systems for information security management and audit. Implementation phase issues. 2014 Joint 7th International Conference on Soft Computing and Intelligent Systems (SCIS) and 15th International Symposium on Advanced Intelligent Systems (ISIS), 896–900. doi: 10.1109/scis-isis.2014.7044702
  19. Lakhno, V., Kazmirchuk, S., Kovalenko, Y., Myrutenko, L., Zhmurko, T. (2016). Design of adaptive system of detection of cyber-attacks, based on the model of logical procedures and the coverage matrices of features. Eastern-European Journal of Enterprise Technologies, 3 (9 (81)), 30–38. doi: 10.15587/1729-4061.2016.71769
  20. Ben-Asher, N., Gonzalez, C. (2015). Effects of cyber security knowledge on attack detection. Computers in Human Behavior, 48, 51–61. doi: 10.1016/j.chb.2015.01.039
  21. Goztepe, K. (2012). Designing Fuzzy Rule Based Expert System for Cyber Security. International Journal of Information Security Science, 1 (1), 13–19.
  22. Gamal, M. M., Hasan, B., Hegazy, A. F. (2011). A Security Analysis Framework Powered by an Expert System. International Journal of Computer Science and Security (IJCSS), 4 (6), 505–527.
  23. Chinh, H. N., Hanh, T., Dinh Thuc, N. (2013). Fast Detection of Ddos Attacks Using Non-Adaptive Group Testing. International Journal of Network Security & Its Applications, 5 (5), 63–71. doi: 10.5121/ijnsa.2013.5505
  24. Ismail, M. N., Aborujilah, A., Musa, S., Shahzad, A. (2013). Detecting flooding based DoS attack in cloud computing environment using covariance matrix approach. Proceedings of the 7th International Conference on Ubiquitous Information Management and Communication - ICUIMC’13, 1–7. doi: 10.1145/2448556.2448592
  25. Thai, M. T., Xuan, Y., Shin, I., Znati, T. (2008). On Detection of Malicious Users Using Group Testing Techniques. 2008 The 28th International Conference on Distributed Computing Systems, 206–213. doi: 10.1109/icdcs.2008.75
  26. Ivakhnenko, A. G., Savchenko, Ye. A., Ivakhnenko, G. A., Sinyavskiy, V. L. (2007). Problemy induktivnogo dvukhurovnevogo monitoringa slozhnykh protsessov. Upravlyayushchie sistemy i mashiny, 3, 13–21.

Downloads

Published

2016-12-26

How to Cite

Lakhno, V., Tkach, Y., Petrenko, T., Zaitsev, S., & Bazylevych, V. (2016). Development of adaptive expert system of information security using a procedure of clustering the attributes of anomalies and cyber attacks. Eastern-European Journal of Enterprise Technologies, 6(9 (84), 32–44. https://doi.org/10.15587/1729-4061.2016.85600

Issue

Vol. 6 No. 9 (84) (2016): Information and controlling system

Section

Information and controlling system

License

Copyright (c) 2016 Valeriy Lakhno, Yuliia Tkach, Taras Petrenko, Sergey Zaitsev, Volodymyr Bazylevych

Creative Commons License

This work is licensed under a Creative Commons Attribution 4.0 International License.

The consolidation and conditions for the transfer of copyright (identification of authorship) is carried out in the License Agreement. In particular, the authors reserve the right to the authorship of their manuscript and transfer the first publication of this work to the journal under the terms of the Creative Commons CC BY license. At the same time, they have the right to conclude on their own additional agreements concerning the non-exclusive distribution of the work in the form in which it was published by this journal, but provided that the link to the first publication of the article in this journal is preserved.

A license agreement is a document in which the author warrants that he/she owns all copyright for the work (manuscript, article, etc.).
The authors, signing the License Agreement with TECHNOLOGY CENTER PC, have all rights to the further use of their work, provided that they link to our edition in which the work was published.
According to the terms of the License Agreement, the Publisher TECHNOLOGY CENTER PC does not take away your copyrights and receives permission from the authors to use and dissemination of the publication through the world's scientific resources (own electronic resources, scientometric databases, repositories, libraries, etc.).
In the absence of a signed License Agreement or in the absence of this agreement of identifiers allowing to identify the identity of the author, the editors have no right to work with the manuscript.
It is important to remember that there is another type of agreement between authors and publishers – when copyright is transferred from the authors to the publisher. In this case, the authors lose ownership of their work and may not use it in any way.