ВИЯВЛЕННЯ ТА ОЦІНЮВАННЯ КІБЕРАТАК В ІНФОРМАЦІЙНИХ МЕРЕЖАХ ІЗ ВИПАДКОВИМ МОМЕНТОМ ПОЯВИ

Abstract

Detection, prevention or significant impediment to cyberattacks (CA) is one of the central areas of cybersecurity in information networks. Determining the generalized requirements for cyber protection of information networks from cyberattacks on information and assessing the degree of their security are quite difficult tasks. There are real possibilities for unforeseen situations as a result of cyberattacks, leading to the loss of information or to its loss and loss of information network. The concept of cybersecurity of the information network on the basis of threats from cyberattacks should determine the necessary tools, methods and procedures for detection and evaluation of cyberattacks in networks. Therefore, for the effective functioning of information networks in modern conditions and means of their protection, as well as for the reliable detection and evaluation of cyberattacks, it is necessary to develop new approaches and methods, their implementation. Some results related to joint sequential detection and evaluation were obtained in [3]. As follows from [3], in the general case, is not possible to find a constructive solution even in the two-alternative problem. Losses in the process of recognition (detection) and evaluation of a cyberattack depend on both errors in its detection and inaccuracy of evaluation, which will not provide adequate response, and there is a problem of joint development and evaluation [1, 2]. Therefore, we will try to solve this problem of multi-alternative sequential detection and evaluation of a cyberattack with a random moment of its occurrence. Consistent detection and evaluation procedures are generally more efficient than inconsistent ones. Therefore, it is important and urgent to find optimal, consistent or close to them procedures that will increase the cybersecurity of information. The purpose of the article is to find optimal, consistent or close to them procedures that will increase the cybersecurity of information. Based on the probabilistic assessment, the optimal, sequential or close to them procedures are revealed in the work, which allow to increase the cybersecurity of information. The problem to build the optimal N-truncated sequential procedure for joint detection of cyberattacks (CA) and to estimate the moment of its occurrence in the loss function was solved. Statistics related to the average volume of the forecast (UOP) are analyzed. A general view of the optimal procedure for sequential detectionevaluation of a cyberattacks with an unknown moment of occurrence during these losses is proposed. Thus, if the optimal procedure is based on comparing one-dimensional statistics Ln c with a deterministic threshold for solving the problem of detection without estimating the moment of cyberattacks or for solving the problem of detection and evaluation separately, then the optimal areas for stopping and continuation of observations are determined in three-dimensional space for solving these problems.