A study of ways and solutions to increase the efficiency of detecting computer attacks on the objects of critical information infrastructure

Abstract

Introduction: In the era of information technology almost all organizations face a wide range of automated and rapidly spreading cyber threats. This is due not only to the growing complexity, diversity and scale of digitalization, but also to the enlargement of cyber threats and the area of their possible implementation. Purpose: To compare possible ways of improving the effectiveness of attack detection for the objects of critical information infrastructure (CII): to detect a rare event, anomaly or novelty in the functions of the objects of CII. Results: The principle of operation of the proposed (effective) approach to cyberattack detection is to identify and separate anomalies from normal functioning of objects with the use of the concept of dynamic change of labels for a variable class over time. Dynamic novelty detection is compared to other approaches in terms of F1-score. For SWaT data, which is a layout of a critical information infrastructure object as an automated control system, it was determined that attack detection improved by up to 7% using the proposed approach. Practical relevance: The results of the research have shown a reduction in the risk of conducting (developing) a computer attack on critical information infrastructure objects. A possible targeted application of the dynamic novelty detection approach is to optimize the means of protecting information at critical information infrastructure facilities, as well as to integrate the proposed approach into the information security system as an intelligent detector.