The method of development of basic detection rules for intrusion detection systems

Abstract

Due to the intensive development of digital business, malicious software and other cyber threats become more and more common. To increase the security level there is a need of relevant special control, which can remain effective when new types of threats are appeared and allows to detect the cyber attacks in fuzzy conditions targeting on many different resources of information systems. The various attacking effects on appropriate resources, generate different sets of anomalies in the heterogeneous parametric environment. It is also known the tuple model of set formation of basic components allowing us to detect cyber attacks. For its effective use it is required a formal approach implementation towards the sets formation of basic detection rules. With this objective the method focused on cyber attacks detection in computer systems was developed. This method is realized through three basic stages: formation of subsets of the anomalous IDs; the formation of critical functions; formation of a conditional detection expression. Using this method, it is possible to generate the necessary set of detection rules that determine the level of abnormal condition of values in the heterogeneous parametric environment. The implementation of this method in building intrusion detection systems will expand their functionality with respect to the cyber attacks detection in the weakly-formalized fuzzy environment.