ALGORITHMIC AND SOFTWARE SUPPORT FOR THE FORMATION OF PARAMETER STANDARDS FOR THE CYBER ATTACKS DETECTION SYSTEMS
Ключевые слова:
attacks; cyber attacks; anomalies; intrusion detection systems; attack detection systems; cyber attack detection systems; detection of anomalies in information systems.Аннотация
The vast majority of intrusion detection systems are becoming an integral part of the protection of
any network security, they are used to monitor suspicious activity in the system and to detect the attacking actions of
unauthorized side. Activation of cyber attacks initiates the creation of special technical solutions that can remain
effective when new or modified types of cyber threats appear with unidentified or indistinctly defined properties.
Most of these systems are aimed at identifying suspicious activity or interfering to the network in order to take
adequate measures to prevent cyber attacks. Actual intrusion detection systems are those that are focused on
identifying anomalous states but they have several disadvantages. More effective are expert approaches based on the
use of knowledge and experience of specialists of the relevant subject area. Creation of technical solutions and
special tools (for example, software for attack detection systems, which allow to detect previously unknown cyber
attacks by monitoring the current state of indistinct parameters in a weakly formalized environment), based on expert
approaches, is a promising area of research. Based on the well-known cyber attack detection system, which is based
on an anomaly detection methodology (generated by cyber attacks) and a variety of relevant methods and models of
the proposed software, which, due to the basic algorithm and a set of developed procedures (coordinate grid configuration; initialization of values based on a set of databases data and modules; graphical formation of parameters;
search for common points according to the basic rules and graphical interpretation of the result) allow to automate
the parameter standards formation process for modern intrusion detection systems and to reflect the results of the
detection of anomalous state in a predetermined time interval.