Development of an intelligent subsystem for operating system incidents forecasting

Authors

DOI:

https://doi.org/10.15587/2706-5448.2020.202498

Keywords:

time series, forecasting subsystem, machine learning, polynomial model, method of group accounting of arguments.

Abstract

The object of research is a subsystem for prediction server platform’s incidents, which operates on the basis of the Windows OS family. One of the most problematic places when planning measures to prevent the harmful effects of network attacks such as dDOS, hardware failures etc for the server system is to obtain an effective model for predicting incidents of the operating system.

In the course of the research, methods of formation and research of the time series, exponential smoothing, elements of the theory of machine learning based on the method of group accounting (GMDH) are used. To obtain accurate and reliable forecasts of the operation of the intellectual subsystem for forecasting incidents, elements of the theory of heuristic self-organization and a specific implementation of this theory, the GMDH, are used. An algorithm is obtained and a software implementation of an intelligent system for predicting incidents of operating system operation and the main characteristics of its operation is developed. This became possible as a result of the analysis of the constructed model of the intruder, the system log of security incidents and the use of the GMDH. A mechanism is proposed for generating a sample of OS incident events based on the Windows system event log. The testing of the proposed forecasting system based on test samples allows to state that the forecasting results obtained with various settings of the machine learning system and parameters (degree of the reference polynomial, number of variables in the characteristic polynomial model, number of selection series) are satisfactory. As a result of applying the created algorithm for forecasting incidents of OS operation, it is shown that the use of a large number of polynomial models in GMDH allows one to obtain a forecasting system that is qualitatively superior to systems based on classical regression models and methods. Due to this, a much more accurate forecast can be obtained than the classical regression methods or the method of exponential smoothing, compared with similar methods. The percentage of false calculations using GMDH is less than 4 %.

Author Biographies

Valeriy Lakhno, National University of Life and Environmental Sciences of Ukraine, 15, Heroiv oborony str., Kyiv, Ukraine, 03041

Doctor of Technical Science, Professor

Department of Computer Systems and Networks

Andriy Sagun, Cherkasy State Technological University, 460, Shevchenko blvd., Cherkasy, Ukraine, 18006

PhD, Associate Professor

Department of Informatics, Information Security and Documentation

Vladyslav Khaidurov, Institute of Engineering Thermophysics of the National Academy of Sciences of Ukraine, 2a, Marii Kapnist str., Kyiv, Ukraine, 03057

PhD, Senior Researcher

Elena Panasko, Cherkasy State Technological University, 460, Shevchenko blvd., Cherkasy, Ukraine, 18006

PhD, Associate Professor

Department of Informatics, Information Security and Documentation

References

  1. Zaichenko, Iu. P. (2008). Nechetkie modeli i metody v intellektualnykh sistemakh. Kyiv: Izd Dom «Slovo», 344.
  2. Bidiuk, P., Romanenko, V., Tymoshchuk, O. (2010). Analiz chasovykh riadiv. Kyiv: Politekhnika, 317.
  3. Krause, A. (2009). Evaluating the performance of adapting trading strategies with different memory lengths. Available at: https://arxiv.org/abs/0901.0447
  4. Geisser, S. (1993). Predictive inference: an introduction. Chapman & Hall, 282.
  5. Billings, S. A., Hong, X. (1998). Dual-orthogonal radial basis function networks for nonlinear time series prediction. Neural Networks, 11 (3), 479–493. doi: http://doi.org/10.1016/s0893-6080(97)00132-9
  6. Hizun, A., Volianska, V., Ryndiuk, V., Hnatiuk, S. (2013). Main parameters for information security intruder identification. Ukrainian Information Security Journal, 15 (1), 66–74. doi: http://doi.org/10.18372/2410-7840.15.4221
  7. Sidorov, V. V. (2019). Windows 10: kak prosmotret zhurnaly sobytii Windows? Available at: http://netler.ru/ikt/windows10-events.htm
  8. Bishop, C. M. (2006). Pattern Recognition and Machine Learning. Springer, 758.
  9. MacKay, D. (2003). Information Theory, Inference and Learning Algorithms. Cambridge University Press, 640.
  10. Metod gruppovogo ucheta argumentov (2019). MachineLearning. Available at: http://www.machinelearning.ru/wiki/index.php?title=%D0%9C%D0%93%D0%A3%D0%90
  11. Armstrong, J. S. (1999). Forecasting for Marketing. Quantitative Methods in Marketing. London: International Thompson Business Press, 92–119.
  12. Jingfei Yang, M. S. (2006). Power System Short-term Load Forecasting. Darmstadt: Elektrotechnik und Informationstechnik der Technischen Universitat, 139.

Downloads

Published

2020-03-05

How to Cite

Lakhno, V., Sagun, A., Khaidurov, V., & Panasko, E. (2020). Development of an intelligent subsystem for operating system incidents forecasting. Technology Audit and Production Reserves, 2(2(52), 35–39. https://doi.org/10.15587/2706-5448.2020.202498

Issue

Vol. 2 No. 2(52) (2020): Information and control systems

Section

Reports on research projects

License

Copyright (c) 2020 Valeriy Lakhno, Andriy Sagun, Vladyslav Khaidurov, Elena Panasko

Creative Commons License

This work is licensed under a Creative Commons Attribution 4.0 International License.

The consolidation and conditions for the transfer of copyright (identification of authorship) is carried out in the License Agreement. In particular, the authors reserve the right to the authorship of their manuscript and transfer the first publication of this work to the journal under the terms of the Creative Commons CC BY license. At the same time, they have the right to conclude on their own additional agreements concerning the non-exclusive distribution of the work in the form in which it was published by this journal, but provided that the link to the first publication of the article in this journal is preserved.