A model developed for teaching an adaptive system of recognising cyberattacks among non-uniform queries in information systems

Abstract

The study presents results aimed at further development of models for intelligent and self-educational systems of recognising abnormalities and cyberattacks in mission-critical information systems (MCIS). It has been proven that the existing systems of cyberdefence still significantly rely on using models and algorithms of recognising cyberattacks, which allow taking into account information about the structure of incoming streams or the attackers’ change of the intensity of queries, the speed of the attack, and the duration of the impulse. A mathematical model has been suggested for the system module of intelligent identification of cyberattacks in heterogeneous flows of queries and network forms of cyberattacks. The model recognises heterogeneous incoming flows of queries and any possible change in the query intensity and other parameters of a targeted cyberattack aimed at a MCIS. Simulation models, which had been created in MATLAB and Simulink, were used to research the dynamics of changes in the states of the subsystem of blocking queries in the process of detecting cyberattacks in a MCIS. The probability of solving the problem of recognising cyberattacks in heterogeneous flows of queries and network forms of cyberattacks is 85–98 %, depending on the type of the cyberattack. The results of the modelling allow selection of ways to counter and neutralize the effects of the impact of such targeted attacks and help analyse more sophisticated cyberattacks. The suggested model of recognising complex cyberattacks if attackers use non-uniform flows of queries is more accurate, by 5–7 %, than the other existing models. The developed simulation models enable a 25–30 % decrease in the setup time for projects of cyberdefence systems, including SIRCA for CIS or MCIS.