Development of decision support system based on feature matrix for cyber threat assessment
Abstract
The article herein presents the method and algorithms
for forming the feature space for the base of intellectualized
system knowledge for the support system in the cyber threats
and anomalies tasks. The system being elaborated might be used
both autonomously by cyber threat services analysts and jointly
with information protection complex systems. It is shown, that advised
algorithms allow supplementing dynamically the knowledge
base upon appearing the new threats, which permits to cut the
time of their recognition and analysis, in particular, for cases of
hard-to-explain features and reduce the false responses in threat
recognizing systems, anomalies and attacks at informatization
objects. It is stated herein, that collectively with the outcomes of
previous authors investigations, the offered algorithms of forming
the feature space for identifying cyber threats within decisions
making support system are more effective. It is reached at the
expense of the fact, that, comparing to existing decisions, the
described decisions in the article, allow separate considering the
task of threat recognition in the frame of the known classes, and
if necessary supplementing feature space for the new threat types.
It is demonstrated, that new threats features often initially are
not identified within the frame of existing base of threat classes
knowledge in the decision support system. As well the methods
and advised algorithms allow fulfilling the time-efficient cyber
threats classification for a definite informatization object.
References
J.Petit, S.E.Shladover, ”Potential Cyberattacks on Automated Vehicles”,
IEEE Transactions on Intelligent Transportation Systems,Vol. 16 Iss. 2,
–556 (2015) DOI: 10.1109/TITS.2014.2342271.
F. Miao, Q. Zhu, M.G.Pajic, J. Pappas, ”Coding Schemes for Securing
Cyber-Physical Systems Against Stealthy Data Injection Attacks”, IEEE
Transactions on Control of Network Systems, Vol. PP,Iss. 99, 1 (2016)
DOI: 10.1109/TCNS.2016.2573039.
O. Petrov, B. Borowik, M. Karpinskyy, ”Immune and defensive corporate
systems with intellectual identification of threats, Pszczyna : Slaska
Oficyna Drukarska”, 222 p. ISBN: 978–83–62674–68–8 (2016).
T. Sawik, ”Selection of optimal countermeasure portfolio in it security
planning”,Decision Support Systems, 2013, Vol. 55, Iss. 1, P. 156–164.
http://dx.doi.org/10.1016/j.dss.2013.01.001
A. Fielder, E. Panaousis, P. Malacaria, C. Hankin, F.
Smeraldi, ”Decision support approaches for cyber security
investment”, Decision Support Systems,2016, Vol. 86, P. 13–23.
http://dx.doi.org/10.1016/j.dss.2016.02.012
L. Atymtayeva, K. Kozhakhmet, G. Bortsova, ”Building a Knowledge
Base for Expert System in Information Security”, Chapter Soft Computing
in Artificial Intelligence of the series Advances in Intelligent
Systems and Computing,2014, Vol. 270, P. 57–76. DOI:10.1007/978-
-319-05515-27
M.M. Gamal, B. Hasan, A.F. Hegazy, ”A Security Analysis Framework
Powered by an Expert System”, International Journal of Computer
Science and Security (IJCSS),2011, Vol. 4, No. 6, P. 505–527.
S. Dua, X. Du, ”Data Mining and Machine Learning in Cybersecurity”,
UK, CRC press, 2016, p. 225.
A.L. Buczak, E. Guven, ”A Survey of Data Mining and Machine
Learning Methods for Cyber Security Intrusion Detection”, IEEE Communications
Surveys and Tutorials, 2016, Vol. 18, Iss. 2. – P. 1153—
DOI: 10.1109/COMST.2015.2494502
O. Al-Jarrah, A. Arafat, ”Network Intrusion Detection System using
attack behavior classification”, 2014 5th International Conference
on Information and Communication Systems (ICICS), 2014,. DOI:
1109/iacs.2014.6841978
N. Ben–Asher, C. Gonzalez, ”Effects of cyber security knowledge on
attack detection”,Computers in Human Behavior, (48), 51—61, (2015).
A.Kh. Nishanov, K.F.Kerimov, ”Methods of Counteraction from Attacks
Carried out Against Users in a Network the Internet”,ICEICElectronics,
news and communications,IX-the conference, Tashkent,
, P. 298–299.
M.M. Gamal, B.Hasan, A.F.Hegazy ”A Security Analysis Framework
Powered by an Expert System”,International Journal of Computer
Science and Security (IJCSS), 2011, Vol. 4, No. 6, P. 505–527.
Li-Yun. Chang, Zne-Jung. Lee, ”Applying fuzzy expert system to
information security risk Assessment”, – A case study on an attendance
system, International Conference on Fuzzy Theory and Its Applications
(iFUZZY), 2013,346 – 351. DOI: 10.1109/iFuzzy.2013.6825462
M.Kanatov, L.Atymtayeva, B.Yagaliyeva ”Expert systems for information
security management and audit”,Implementation phase issues,
Soft Computing and Intelligent Systems (SCIS), Joint 7th International
Conference on and Advanced Intelligent Systems (ISIS), 2014, P. 896 –
DOI:10.1109/SCIS-ISIS.2014.7044702
Kuo-Chan.Lee, C.-H. Hsieh, L.-J. Wei, C.-H. Mao, J.-H. Dai, Y.-
T. Kuang, ”Sec-Buzzer: cyber security emerging topic mining with
open threat intelligence retrieval and timeline event annotation”, Soft
Computing, 2016, P. 1–14. DOI:10.1007/s00500-016-2265-0
S. Pan, T.Morris, U.Adhikari ”Developing a Hybrid Intrusion Detection
System Using Data Mining for Power Systems”,IEEE Transactions
on Smart Grid, 2015, Vol. 6, Iss. 6, P. 3104 – 3113. DOI:
1109/TSG.2015.2409775
V. Lakhno, S. Kazmirchuk, Y. Kovalenko, L. Myrutenko,T. Zhmurko,
”Design of adaptive system of detection of cyber-attacks, based
on the model of logical procedures and the coverage matrices of
features”,Eastern-European Journal of Enterprise Technologies, 2016,
No 3/9(81), P. 30–38. DOI: 10.15587/1729-4061.2016.71769
P. Louvieris, N. Clewley, X.Liu ”Effects-based feature identification for
network intrusion detection”,Neurocomputing, 2013, Vol. 121, Iss. 9, P.
–273. DOI:10.1016/j.neucom.2013.04.038
Z. Wang, X. Zhou, Z. Yu, Y. Zhang, D. Zhang,”Inferring User Search
Intention Based on Situation Analysis of the Physical World”,Chapter
Ubiquitous Intelligence and Computing, 2010, Vol. 6406, P. 35–51. DOI:
1007/978-3-642-16355-56
V. Lakhno, S. Zaitsev, Y. Tkach, T. Petrenko, ”Adaptive Expert Systems
Development for Cyber Attacks Recognition in Information Educational
Systems on the Basis of Signs’ Clustering”,Part of the Advances in
Intelligent Systems and Computing book series (AISC), 2018, Vol. 754,
P. 673–682.
B. Akhmetov, V. Lakhno, Y. Boiko, A. Mishchenko, ”Designing a
decision support system for the weakly formalized problems in the
provision of cybersecurity”, Eastern-European Journal of Enterprise
Technologies, 1(2(85)), 4—15 (2017).
V. Lakhno, B. Akhmetov, A. Korchenko, Z. Alimseitova, V. Grebenuk,
”Development of a decision support system Based on expert evaluation
for the situation center of transport cybersecurity”, Journal of theoretical
and applied information technology, 2018, Vol.96. No 14, P. 4530–4540.
M. Al Hadidi, Y.K.Ibrahim, V. Lakhno, A. Korchenko, A. Tereshchuk,
A. Pereverzev ”Intelligent systems for monitoring and recognition of
cyber attacks on information and communication systems of transport”,
International Review on Computers and Software, 2016, Vol. 11, No 12,
P. 1167–1177.
G. Beketova, B. Akhmetov, A. Korchenko, A. Lakhno, ”Simulation modeling
of cyber security systems in MATLAB and SIMULINK”,Bulletin
of the national academy of sciences of the republic of Kazakhstan, 2017,
Vol. 3, P. 54–64.
Downloads
Published
Issue
Section
License
Copyright (c) 2019 International Journal of Electronics and Telecommunications
This work is licensed under a Creative Commons Attribution-NonCommercial 4.0 International License.
1. License
The non-commercial use of the article will be governed by the Creative Commons Attribution license as currently displayed on https://creativecommons.org/licenses/by/4.0/.
2. Author’s Warranties
The author warrants that the article is original, written by stated author/s, has not been published before, contains no unlawful statements, does not infringe the rights of others, is subject to copyright that is vested exclusively in the author and free of any third party rights, and that any necessary written permissions to quote from other sources have been obtained by the author/s. The undersigned also warrants that the manuscript (or its essential substance) has not been published other than as an abstract or doctorate thesis and has not been submitted for consideration elsewhere, for print, electronic or digital publication.
3. User Rights
Under the Creative Commons Attribution license, the author(s) and users are free to share (copy, distribute and transmit the contribution) under the following conditions: 1. they must attribute the contribution in the manner specified by the author or licensor, 2. they may alter, transform, or build upon this work, 3. they may use this contribution for commercial purposes.
4. Rights of Authors
Authors retain the following rights:
- copyright, and other proprietary rights relating to the article, such as patent rights,
- the right to use the substance of the article in own future works, including lectures and books,
- the right to reproduce the article for own purposes, provided the copies are not offered for sale,
- the right to self-archive the article
- the right to supervision over the integrity of the content of the work and its fair use.
5. Co-Authorship
If the article was prepared jointly with other authors, the signatory of this form warrants that he/she has been authorized by all co-authors to sign this agreement on their behalf, and agrees to inform his/her co-authors of the terms of this agreement.
6. Termination
This agreement can be terminated by the author or the Journal Owner upon two months’ notice where the other party has materially breached this agreement and failed to remedy such breach within a month of being given the terminating party’s notice requesting such breach to be remedied. No breach or violation of this agreement will cause this agreement or any license granted in it to terminate automatically or affect the definition of the Journal Owner. The author and the Journal Owner may agree to terminate this agreement at any time. This agreement or any license granted in it cannot be terminated otherwise than in accordance with this section 6. This License shall remain in effect throughout the term of copyright in the Work and may not be revoked without the express written consent of both parties.
7. Royalties
This agreement entitles the author to no royalties or other fees. To such extent as legally permissible, the author waives his or her right to collect royalties relative to the article in respect of any use of the article by the Journal Owner or its sublicensee.
8. Miscellaneous
The Journal Owner will publish the article (or have it published) in the Journal if the article’s editorial process is successfully completed and the Journal Owner or its sublicensee has become obligated to have the article published. Where such obligation depends on the payment of a fee, it shall not be deemed to exist until such time as that fee is paid. The Journal Owner may conform the article to a style of punctuation, spelling, capitalization and usage that it deems appropriate. The Journal Owner will be allowed to sublicense the rights that are licensed to it under this agreement. This agreement will be governed by the laws of Poland.
By signing this License, Author(s) warrant(s) that they have the full power to enter into this agreement. This License shall remain in effect throughout the term of copyright in the Work and may not be revoked without the express written consent of both parties.
