DECISION SUPPORT IN CYBERSECURITY PROBLEMS BASED ON MATRIX OF SIGNS OF CYBERTHREATS

   Due to the globalization of the use of information technologies and systems, the main problem of ensuring their smooth functioning is the cybersecurity of electronic resources and information security from destructive and unauthorized intrusions. Systems for detecting or recognizing various network intrusions, as well as determining the quality of attacks and anomalies, have their own niche in the market. This paper describes a method and algorithms for the formation of a feature space for the base of an intellectualized decision support system in cybersecurity problems. Intellectualized support system for promoting the protection of information about yourself with complex systems. The described algorithms allow you to dynamically replenish the database when new threats appear, which will reduce the time for their analysis, at the same time for cases of difficult-to-explain symptoms and reduce the number of false positives in the system for detecting threats, anomalies and attacks on information objects.

1. Petit J., Shladover S.E. Potential Cyberattacks on Automated Vehicles, IEEE Transactions on Intelligent Transportation Systems. − 2015. − Vol. 16, Iss. 2. − P. 546-556.

2. Miao F., Zhu Q., Pajic M. G., Pappas J. Coding Schemes for Securing Cyber-Physical Systems Against Stealthy Data Injection Attacks, IEEE Transactions on Control of Network Systems. – 2016. − Vol. PP, Iss. 99. − P. 1.

3. Petrov B., Borowik M., Karpinskyy Immune and defensive corporate systems with intellectual identification of threats // Pszczyna: Śląska Oficyna Drukarska. – 2016. − P. 222

4. Sawik T. Selection of optimal countermeasure portfolio in it security planning, Decision Support Systems. – 2013. − Vol. 55, Iss. 1. − P. 156–164.

5. Fielder A., Panaousis E., Malacaria P., Hankin C., Smeraldi F. Decision support approaches for cyber security investment // Decision Support Systems. – 2016. − Vol. 86. − P. 13-23.

6. Atymtayeva L., Kozhakhmet K., Bortsova G. Building a Knowledge Base for Expert System in Information Security // Chapter Soft Computing in Artificial Intelligence of the series Advances in Intelligent Systems and Computing. – 2014. − Vol. 270. − P. 57-76.

7. Gamal M. M., Hasan B., Hegazy A. F. A Security Analysis Framework Powered by an Expert System // International Journal of Computer Science and Security (IJCSS), 2011, − Vol. 4, − No. 6, P. 505-527.

8. Dua S., Du X. Data Mining and Machine Learning in Cybersecurity // UK, CRC press. – 2016. − P. 225.

9. Buczak A. L., Guven, E. A Survey of Data Mining and Machine Learning Methods for Cyber Security Intrusion Detection // IEEE Communications Surveys & Tutorials. – 2016. − Vol. 18, − Iss. 2. – P. 1153-1176.

10. Al-Jarrah, O., Arafat, A. Network Intrusion Detection System using attack behavior classification // 5th International Conference on Information and Communication Systems (ICICS). − 2014.

11. Ben–Asher, Gonzalez, N. C. Effects of cyber security knowledge on attack detection // Computers in Human Behavior. – 2015. − Vol. 48. − P. 51-61.

12. Nishanov A. Kh, Kerimov K. F. Methods of Counteraction from Attacks Carried out Against Users in a Network the Internet // ICEIC-Electronics, news and communications, IX-the conference. − Tashkent, 2008. − P. 298-299.

13. Gamal M. M., Hasan B., Hegazy A. F. A Security Analysis Framework Powered by an Expert System // International Journal of Computer Science and Security (IJCSS). – 2011. − Vol. 4, No. 6. − P. 505-527.

14. Chang Li-Yun, Lee Zne-Jung Applying fuzzy expert system to information security risk Assessment – A case study on an attendance system // International Conference on Fuzzy Theory and Its Applications. – 2013. − Р. 346-351.

15. Kanatov M. Atymtayeva L., Yagaliyeva B. Expert systems for information security management and audit, Implementation phase issues, Soft Computing and Intelligent Systems (SCIS) // Joint 7th International Conference on and Advanced Intelligent Systems (ISIS). – 2014. − P. 896-900.

16. Lee Kuo-Chan, Hsieh C.-H., Wei L.-J., Mao C.-H., Dai J.-H., Kuang Y.-T Sec-Buzzer: cyber security emerging topic mining with open threat intelligence retrieval and timeline event annotation // Soft Computing. – 2016. − P. 1-14.

17. Pan S., Morris T., Adhikari U. Developing a Hybrid Intrusion Detection System Using Data Mining for Power Systems // IEEE Transactions on Smart Grid. – 2015. − Vol. 6, Iss. 6. − P. 3104-3113.

18. Lakhno V., Kazmirchuk S., Kovalenko Y., Myrutenko L., Zhmurko T. Design of adaptive system of detection of cyber-attacks, based on the model of logical procedures and the coverage matrices of features // Eastern-European Journal of Enterprise Technologies. – 2016. − No 3/9(81). − P. 30-38.

19. Louvieris P., Clewley N., Liu X. Effects-based feature identification for network intrusion detection // Neurocomputing. – 2013. − Vol. 121, Iss. 9. − P. 265-273.

20. Wang Z., Zhou X., Yu Z., He Y., Zhang D. Inferring User Search Intention Based on Situation Analysis of the Physical World // Chapter Ubiquitous Intelligence and Computing. – 2010. − Vol. 6406. − P. 35-51.

21. Lakhno V. Zaitsev S., Tkach Y., Petrenko T. Adaptive Expert Systems Development for Cyber Attacks Recognition in Information Educational Systems on the Basis of Signs‘ Clustering // Part of the Advances in Intelligent Systems and Computing book series (AISC). – 2018. − Vol. 754. − P. 673-682.

22. Akhmetov B., Lakhno V., Boiko Y., Mishchenko A. Designing a decision support system for the weakly formalized problems in the provision of cybersecurity // Eastern-European Journal of Enterprise Technologies. – 2017. − Vol. 1, Issue 2 (85). − P. 4-15.

23. Lakhno V., Akhmetov B., Korchenko A., Alimseitova Z., Grebenuk V. Development of a decision support system Based on expert evaluation for the situation center of transport cybersecurity // Journal of theoretical and applied information technology. – 2018. − Vol.96. No 14. − P. 4530-4540.

24. Al Hadidi M., Ibrahim Y. K., Lakhno V., Korchenko A., Tereshchuk A., Pereverzev A. // Intelligent systems for monitoring and recognition of cyber attacks on information and communication systems of transport. International Review on Computers and Software. – 2016. − Vol. 11, No 12. − P. 1167-1177.

25. Beketova G., Akhmetov B., Korchenko A., Lakhno A. Simulation modeling of cyber security systems in MATLAB and SIMULINK // Bulletin of the national academy of sciences of the republic of Kazakhstan. – 2017. − Vol. 3. − P. 54-64.