ДОСЛІДЖЕННЯ КОНТЕКСТНО-ЧУТЛИВОГО АЛГОРИТМУ МОНІТОРИНГУ КІБЕРБЕЗПЕКИ НА ОСНОВІ РЕКУРЕНТНИХ НЕЙРОННИХ МЕРЕЖ

Abstract

The most common problems faced by modern information and communication systems (ICS) in the context of combating cyber threats were examined in the paper. The importance of ensuring the reliable operation of ICS, and protecting their users' private data from unauthorized interception or destruction was emphasized. The main principles of effective protection of ICS systems against possible interference in their work were defined. The classification of cyber threats and their impact on the functioning of information systems was presented. Features of the use of modern information technologies were determined, such as machine learning (ML), and recurrent neural networks (RNN) for increasing the effectiveness of detecting and preventing such threats, speeding up the process of calculating large volumes of information about various aspects of the work of information and communication systems. The parameters of the analysis of ICS behavior, which indicate the presence of problems in cyber security, were studied. The features and advantages of deploying RNN in ICS were analyzed, which makes it possible to simplify the tasks of cyber defense. A modified context-sensitive algorithm for cyber security monitoring (CCM-RNN) was proposed, which is based on RNN and allows taking into account the dynamics of system changes in the established context, for example, the type or volume of traffic from users, etc. The method of selecting the most effective parameters and properties of ICS for detecting cyber threats was improved. The results of the study of the effectiveness of the use of the modified CCM-RNN algorithm demonstrated its broad capabilities for fast and accurate detection of anomalies in the operation of ICs that may threaten their cyber security. By changing the number of properties of the CCM-RNN algorithm, which correspond to the characteristics of various aspects of the IC, it is possible to achieve the maximum accuracy of cyber threat detection. The modified algorithm also allows for the reduction of the duration of calculations during analysis. Based on the research results, a conclusion was made about the feasibility of using the proposed modified CCM-RNN algorithm for the ability to detect cyber security threats in ICS by flexibly adjusting the number and type of learning parameters of neural networks. In this way, the accuracy and duration of calculations were optimized, as well as the peculiarities and contexts of information and communication systems were taken into account.