Abstract
Adaptive system of cyber attack detection, which is based on the improved algorithms for splitting the feature space into clusters, was developed. The procedure of recognition was improved by using the simultaneous clustering and formation of verifying admissible deviations for the attributes of anomalies and cyber attacks. The proposed modifications of the algorithm for splitting the feature space into clusters in the process of implementation of the procedure of recognition of anomalies and cyber attacks, in contrast to the existing ones, allow us to form simultaneously the reference tolerances when processing complex attributes of recognition objects (RO). This provides the possibility, at every step of training an adaptive recognition system, to change the verifying admissible deviations for all attributes of anomalies and cyber attacks simultaneously. The proposed algorithms make it possible to prevent possible cases of absorption of one RO class of basic attributes of anomalies and cyber attacks by another class. Predicate expressions for ASR that is capable of self-learning were obtained. Verification of the proposed algorithms was carried out on the simulation models in MatLab and Simulink. It was proved that the proposed algorithms for the clustering of RO attributes make it possible to receive effective learning matrices for ASR as a part of intelligent systems for cyber attack detection.
Highlights
Active expansion of computer technologies, in particular in critically important information systems (CIIS), is accompanied by the emergence of new threats to cyber security (CS)
Information that is accepted as the basis for building the clusters in adaptive systems of recognition (ASR) of cyber attacks was explored in many studies, for example, in the form of complex attributes of recognition objects (RO) in CIIS [1, 2]
CE c is the value of information condition of functional effectiveness (ICFE) of ASR learning for the realization of class of anomalies or cyber attacks – CTc0; {ls} is the set of steps for ASR learning as a part of ISDA
Summary
Active expansion of computer technologies, in particular in critically important information systems (CIIS), is accompanied by the emergence of new threats to cyber security (CS). It is possible to enhance CS of CIIS by using, in particular, intelligent systems (and technologies) for the detection of cyber attacks (ISDA). The ability to deliberately modify the algorithm for detecting the anomalies and cyber attacks by using the methods of clustering of attributes of the recognition objects (RO), as well as machine intelligent technologies of learning (MITL). This makes it relevant to examine improvement of those existing and development of the new algorithms for the clustering of RO attributes, as well as the applied adaptive subsystems as a part of ISDA
Sign-in/Register to view highlights & summary Sign-in/Register to access full text options 
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a call
