Development of adaptive expert system of information security using a procedure of clustering the attributes of anomalies and cyber attacks

“…The results presented are a continuation of the research, results of which were described earlier in articles [10,18,23]. The prospects of further research include the enlargement of attributes knowledge base and the formation of BLM of ASR.…”

“…As was shown in articles [17,18], in case the RO attributes glossary is unchanged, it is possible to improve effectiveness of ASR learning. These studies do not take into account the possibility of increasing the degree of intersection of the RO classes.…”

“…As a criterion of the optimization of parameters, during ASR learning, we used statistical parameters (information measures) for the variants of solutions with two alternatives [18,25,26] for a modified entropic indicator, as well as the Kullback-Leibler divergence (for three hypotheses) [27]. Table 1 Stages of splitting FS into clusters…”

“…We developed the algorithm that allows us to perform parallel formation of reference tolerances during an analysis of attributes of anomalies and cyber attacks, which are difficult to explain [1,7,16,18]. This approach, when a parallel formation of VAD -({ca K,i }) is performed, makes it possible to change VAD for all attributes at every step of learning simultaneously.…”

Development of a system for the detection of cyber attacks based on the clustering and formation of reference deviations of attributes

“…The results presented are a continuation of the research, results of which were described earlier in articles [10,18,23]. The prospects of further research include the enlargement of attributes knowledge base and the formation of BLM of ASR.…”

“…As was shown in articles [17,18], in case the RO attributes glossary is unchanged, it is possible to improve effectiveness of ASR learning. These studies do not take into account the possibility of increasing the degree of intersection of the RO classes.…”

“…As a criterion of the optimization of parameters, during ASR learning, we used statistical parameters (information measures) for the variants of solutions with two alternatives [18,25,26] for a modified entropic indicator, as well as the Kullback-Leibler divergence (for three hypotheses) [27]. Table 1 Stages of splitting FS into clusters…”

“…We developed the algorithm that allows us to perform parallel formation of reference tolerances during an analysis of attributes of anomalies and cyber attacks, which are difficult to explain [1,7,16,18]. This approach, when a parallel formation of VAD -({ca K,i }) is performed, makes it possible to change VAD for all attributes at every step of learning simultaneously.…”

Development of a system for the detection of cyber attacks based on the clustering and formation of reference deviations of attributes

“…The practice of employing DSS and ES for the tasks on managing IP and CS at separate enterprises was outlined in [13,14]. As shown in [15,16], the existing commercial DSS and ES for the information (IS) and cybersecurity are of closed character, and their acquisition by individual enterprises implies significant financial costs.…”

Management of information protection based on the integrated implementation of decision support systems

Development of Sectoral Intellectualized Expert Systems and Decision Making Support Systems in Cybersecurity