Abstract
The paper presents results of the research aimed at the further development of models for the intelligent systems of recognition of cyber threats, anomalies and cyber attacks. A structural scheme of adaptive expert system (AES) of information security, capable of self-learning, is proposed, which takes into account potential errors of the third kind, which may arise and accumulate while training a system of intelligent detection of complex targeted cyber attacks and preliminary process of splitting a space of attributes of the objects of recognition. We developed a model for calculating information criterion of functional effectiveness, based on entropic and distance criteria of Kullback-Leibler in the course of clustering the attributes of objects of recognition in computer systems, which allows obtaining input fuzzy classification training matrix. A procedure for the operation of AES as an element of the system for intelligent recognition of cyber threats (SIRCT) was explored in the training mode by a priori classified training matrix that allowed us to build correct decisive rules for the recognition of cyber attacks. We designed AES Threat Analyzer and conducted its test research under conditions of real CoS performance at several enterprises. It was found that the proposed model of AES learning makes it possible to achieve results of the recognition of the standard classes of cyber attacks at the level from 76.5 % to 99.1 %, which is at the level of recognition effectiveness by the best hybrid neural networks and genetic algorithms.
Highlights
Over the last decades one of the most urgent problems of society has been information security (IS) and its component – cyber security (CS), on which, in particular, is dependent the functioning of all modern computer systems (CoS) in industry, energy, communication, transport, etc
The term “adaptation” for SIRCT may be interpreted as a process of purposeful change of the structure of algorithm or system parameters in order to improve the efficiency of its functioning
We proposed a structural scheme of adaptive expert system of information security, capable of self-learning, which takes into account potential errors of the third kind, which may arise and accumulate in the course of training the system and splitting a space of attributes of the objects of recognition
Summary
Over the last decades one of the most urgent problems of society has been information security (IS) and its component – cyber security (CS), on which, in particular, is dependent the functioning of all modern computer systems (CoS) in industry, energy, communication, transport, etc. Resisting a constant growth in the quantity and complexity of destructive effects on CoS is possible, using in particular adaptive intelligent systems of recognition of cyber threats (SIRCT). The relevance of the work is in the creation and examination of adaptive expert system (AES) of recognition of complicated anomalies and cyber-attacks. The system under design is based on the models and intelligent technologies of learning and makes it possible to increase the probability of detecting sophisticated targeted cyber-attacks
Sign-in/Register to view highlights & summary Sign-in/Register to access full text options 
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a callMore From: Eastern-European Journal of Enterprise Technologies
Disclaimer: All third-party content on this website/platform is and will remain the property of their respective owners and is provided on "as is" basis without any warranties, express or implied. Use of third-party content does not indicate any affiliation, sponsorship with or endorsement by them. Any references to third-party content is to identify the corresponding services and shall be considered fair use under The CopyrightLaw.
