Development of real time method of detecting attacks based on artificial intelligence

Authors

DOI:

https://doi.org/10.15587/2312-8372.2016.71677

Keywords:

security monitoring system, distributed computing system, computer intelligence

Abstract

The object of the study is security monitoring system of distributed computing system. There is a problem detecting intrusions into computing systems, namely the lack of an effective way of monitoring that will detect distributed attacks for the anomalous behavior of the system in real time.

The proposed intrusion detection system (IDS) is different from existing ones that combine performance of profile IDS and accurate attack detection of abnormal IDS, through the use of computational intelligence to build profiles of attacks (not in real time) based on the archives of security events and their subsequent usage to detect attacks in real time.

The developed model can detect: with high precision – traditional potential attacks, with many errors of the second kind – not obvious attacks, with the mediocre reliability and complexity of obtaining profile – new types of attacks and vulnerabilities.

Unlike standard IDS types, proposed IDS allows evaluating and detecting attacks that have not been explored or identified, but their effects have been found,. According to submitted for entry archive of security events (log of events) genetic programming system is able to find the correlation of certain events and messages that are present in the logs at the time of the attack, and absent in secure condition of the system.

Author Biographies

Heorhii Loutskii, National Technical University of Ukraine «Kyiv Polytechnic Institute», Ukraine, 03056, Kyiv, ave. Peremohy, 37

Doctor of Technical Sciences, Professor

Department of Computer Engineering 

Artem Volokyta, National Technical University of Ukraine «Kyiv Polytechnic Institute», Ukraine, 03056, Kyiv, ave. Peremohy, 37

Ph.D., Associate Professor

Department of Computer Engineering 

Oleksandr Yakushev, National Technical University of Ukraine «Kyiv Polytechnic Institute», Ukraine, 03056, Kyiv, ave. Peremohy, 37

Department of Computer Engineering

Pavlo Rehida, National Technical University of Ukraine «Kyiv Polytechnic Institute», Ukraine, 03056, Kyiv, ave. Peremohy, 37

PhD student

Department of Computer Engineering 

Vu Duc Thinh, Ho Chi Minh City University of Food Industry Le Trong Tan 140, Ho Chi Minh, Vietnam

Ph.D.

Faculty of Information Technology 

References

  1. Barman, S. (2002). Writing Information Security Policies. Translation from English. Мoscow: Publishing House «Williams», 208.
  2. Ghubenkov, A. A. (2005). Informatsionnaia bezopasnost'. Saratov: Novyi izdatel'skii dom, 128.
  3. Beale, J. et al. (2004). Snort 2.1 Intrusion Detection. Syngress, 608. doi:10.1016/b978-193183604-3/50003-5
  4. Kaspersky, K. (2003). Hacker Disassembling Uncovered: Powerful Techniques To Safeguard Your Programming. A-List Publishing, 600.
  5. Bace, R. G. (1999). Intrusion Detection. Sams Publishing, 368.
  6. Roman, R. (2006). Applying intrusion detection systems to wireless sensor networks. Consumer Communications and Networking Conference, Vol. 1, 640–644. doi:10.1109/ccnc.2006.1592966
  7. Luke, S. (1998). Genetic programming produced competitive soccer softbot teams for robocup97. Genetic Programming 1998 Conference. Madison. Wisconsin, USA: University of Wisconsin, 214–222.
  8. Stijven, S., Minnebo, W., Vladislavleva, K. (2011). Separating the wheat from the chaff: on feature selection and feature importance in regression random forests and symbolic regression. Proceedings of the 13th Annual Conference Companion on Genetic and Evolutionary Computation – GECCO’11. Dublin, Ireland, 623–630. doi:10.1145/2001858.2002059
  9. Koza, J. R., Keane, M. A., Streeter, M. J., Mydlowec, W., Yu, J., Lanza, G. (2005). Genetic Programming IV: Routine Human-Competitive Machine Intelligence. New York, NY, USA: Springer, 590. doi:10.1007/b137549
  10. Luke, S., Panait, L., Skolicki, Z., Bassett, J., Hubley, R., Chircop, A. (2001). ECJ: a java-based evolutionary computation and genetic programming research system. Available: http://cis-linux1.temple.edu/~pwang/3203-AI/Project/2004/Flanigan/ec/ec/
  11. Sakaki, T., Okazaki, M., Matsuo, Y. (2010). Earthquake shakes Twitter users. Proceedings of the 19th International Conference on World Wide Web – WWW’10. Raleigh, North Carolina, ACM, 851–860. doi:10.1145/1772690.1772777
  12. Queal, Z. D. Necessary Implementation of Adjustable Work Factor Ciphers in Modern Cryptographic Algorithms as it Relates to HeartBleed and OpenSSL. Available: https://gist.github.com/zQueal/3b0db5ba2532e04ad9ed
  13. Volokyta, A., Vu Duc Thinh, Yakushev, O. (2012). Obnaruzhenie vtorzhenii v raspredelennye komp'iuternye sistemy na osnove geneticheskogo programmirovaniia. Visnyk Chernihivs'koho Derzhavnoho Tekhnolohichnoho Universytetu, 2 (57), 128–134.

Downloads

Published

2016-05-26

How to Cite

Loutskii, H., Volokyta, A., Yakushev, O., Rehida, P., & Thinh, V. D. (2016). Development of real time method of detecting attacks based on artificial intelligence. Technology Audit and Production Reserves, 3(1(29), 40–46. https://doi.org/10.15587/2312-8372.2016.71677

Issue

Vol. 3 No. 1(29) (2016): Mathematical modeling. Mechanical engineering and machine building. Information technologies

Section

Information Technologies: Original Research

License

Copyright (c) 2016 Heorhii Loutskii, Artem Volokyta, Oleksandr Yakushev, Pavlo Rehida, Vu Duc Thinh

Creative Commons License

This work is licensed under a Creative Commons Attribution 4.0 International License.

The consolidation and conditions for the transfer of copyright (identification of authorship) is carried out in the License Agreement. In particular, the authors reserve the right to the authorship of their manuscript and transfer the first publication of this work to the journal under the terms of the Creative Commons CC BY license. At the same time, they have the right to conclude on their own additional agreements concerning the non-exclusive distribution of the work in the form in which it was published by this journal, but provided that the link to the first publication of the article in this journal is preserved.