Development of real time method of detecting attacks based on artificial intelligence

• Main Authors: Heorhii Loutskii, Artem Volokyta, Oleksandr Yakushev, Pavlo Rehida, Vu Duc Thinh
• Format: Article
• Language: English
• Published: PC Technology Center 2016-05-01
• Series: Tehnologìčnij Audit ta Rezervi Virobnictva
• Subjects: security monitoring system; distributed computing system; computer intelligence
• Online Access: http://journals.uran.ua/tarp/article/view/71677
• ISSN: 2226-3780; 2312-8372

The object of the study is security monitoring system of distributed computing system. There is a problem detecting intrusions into computing systems, namely the lack of an effective way of monitoring that will detect distributed attacks for the anomalous behavior of the system in real time. The proposed intrusion detection system (IDS) is different from existing ones that combine performance of profile IDS and accurate attack detection of abnormal IDS, through the use of computational intelligence to build profiles of attacks (not in real time) based on the archives of security events and their subsequent usage to detect attacks in real time. The developed model can detect: with high precision – traditional potential attacks, with many errors of the second kind – not obvious attacks, with the mediocre reliability and complexity of obtaining profile – new types of attacks and vulnerabilities. Unlike standard IDS types, proposed IDS allows evaluating and detecting attacks that have not been explored or identified, but their effects have been found,. According to submitted for entry archive of security events (log of events) genetic programming system is able to find the correlation of certain events and messages that are present in the logs at the time of the attack, and absent in secure condition of the system.