Model of detecting cybernetic attacks on information-telecommunication systems based on description of anomalies in their work by weighed fuzzy rules
Keywords:Anomaly detection, information and telecommunication systems and networks, weighting factors, weighted fuzzy linguistic rules, knowledge base, fuzzy logic conclusion, intrusion detection system.
The article is devoted to the actual task of protecting information-telecommunication systems and networks from cyber attacks in the conditions of their constant development and polymorphizm of malicious software. The analysis is carried out and a conclusion is made about the expediency of using models of anomaly identification that simultaneously operate with qualitative and quantitative data and are based on the mathematical theory of fuzzy sets and fuzzy logical inference. Specifically, an improved model for the detection of anomalies in the work of information and telecommunication systems and networks is presented, which is a further development of the previously proposed anomaly detection model based on fuzzy sets and fuzzy logic inference. The essence of the improvement is the introduction of weight coefficients for fuzzy rules that describe the anomalies that may arise during the operation of information and telecommunication systems and networks as a result of unauthorized cybernetic interference in their work and, after introduction of which, the problem of fuzzy anomaly identification in the work of the information and telecommunication system reduces to finding a solution of an analytic expression connecting a set of parameters of the state of the system on the basis of Its anomalous behavior is determined by the expert decision corresponding to them, taking into account the introduced weight coefficients for the rules. This improvement ensures that the importance of rules is displayed in a fuzzy inference system, which is based on the expert's confidence in each decision taken to identify anomalies. The expediency of using the proposed model is confirmed by the results of her studies on the adequacy of her process of identifying anomalies in the work of information and telecommunication systems and networks, as well as the accuracy of the results that she demonstrates.
I. Subach, V. Fesokha, and N. Fesokha, “An analysis of existing decisions to prevent intrusion in information and telecommunication networks open on the basis of public licenses”, Information technology and security, vol. 5, no. 1, pp. 29-41, 2017.
I. Subach, and V. Fesokha, “Model of detection of anomalies in information and telecommunication networks of military management bodies on the basis of fuzzy sets and fuzzy logic output”, Collection of scientific works of VITI, no. 3, p. 158-164, 2017.
R. Shanmugavadivu, and N. Nagarajan, “Network intrusion detection system using fuzzy logic”, Indian Journal of Computer Science and Engineering (IJCSE), vol. 2, no. 1, pp. 101-111, 2011.
O. Rothstein, Intelligent Identification Technologies. Vinnytsya, Uraine: Universum-Vinnitsa, 1999.
I. Mityushkin, B. Mokin, and O. Rothstein. Soft Computing: identification of laws with fuzzy knowledge bases. Vinnytsya, Uraine: Universum-Vinnitsa, 2002.
О. Sova, D. Minochkin, P. Zhuk, and V. Oshurko, “Method for constructing rules for fuzzy knowledge bases of intelligent control systems for radio network nodes in the MANET class”, Modern information protection, no. 1, pp. 74-85, 2015.
“DoS attacks. Network filtration: Reflects DoS attacks that use the substitution of the sender's IP address (RFC-2827)”, [Online]. Available: http://www.warning.dp.ua/comp13.htm. Accessed on: Aug., 01, 2017.
How to Cite
Copyright (c) 2020 Collection "Information technology and security"
This work is licensed under a Creative Commons Attribution 4.0 International License.
The authors that are published in this collection, agree to the following terms:
- The authors reserve the right to authorship of their work and pass the collection right of first publication this work is licensed under the Creative Commons Attribution License, which allows others to freely distribute the published work with the obligatory reference to the authors of the original work and the first publication of the work in this collection.
- The authors have the right to conclude an agreement on exclusive distribution of the work in the form in which it was published this anthology (for example, to place the work in a digital repository institution or to publish in the structure of the monograph), provided that references to the first publication of the work in this collection.
- Policy of the journal allows and encourages the placement of authors on the Internet (for example, in storage facilities or on personal web sites) the manuscript of the work, prior to the submission of the manuscript to the editor, and during its editorial processing, as it contributes to productive scientific discussion and positive effect on the efficiency and dynamics of citations of published work (see The Effect of Open Access).