SELF-ADAPTIVE METHOD FOR THE COMPUTER SYSTEMS RESILIENCE IN THE PRESENCE OF CYBERTHREADS

The dynamic expansion of cyber threats poses an urgent need for the development of new methods, methods, and systems for their detection. The subject of the study is the process of ensuring the resilience of computer systems in the presence of cyber threats. The goal is to develop a self-adaptive me...

Full description

Bibliographic Details
Main Author: Сергій Миколайович Лисенко
Format: Article
Language:English
Published: National Aerospace University «Kharkiv Aviation Institute» 2019-12-01
Series:Радіоелектронні і комп'ютерні системи
Subjects:
Online Access:http://nti.khai.edu/ojs/index.php/reks/article/view/1000
id doaj-905e1268ad6744d2b4f64abbd685ed1f
record_format Article
spelling doaj-905e1268ad6744d2b4f64abbd685ed1f2020-11-25T03:11:54ZengNational Aerospace University «Kharkiv Aviation Institute»Радіоелектронні і комп'ютерні системи1814-42252663-20122019-12-010441610.32620/reks.2019.4.011041SELF-ADAPTIVE METHOD FOR THE COMPUTER SYSTEMS RESILIENCE IN THE PRESENCE OF CYBERTHREADSСергій Миколайович Лисенко0Хмельницький національний університет, ХмельницькийThe dynamic expansion of cyber threats poses an urgent need for the development of new methods, methods, and systems for their detection. The subject of the study is the process of ensuring the resilience of computer systems in the presence of cyber threats. The goal is to develop a self-adaptive method for computer systems resilience in the presence of cyberattacks. Results. The article presents a self-adaptive system to ensure the resilience of corporate networks in the presence of botnets’ cyberattacks. Resilience is provided by adaptive network reconfiguration. It is carried out using security scenarios selected based on a cluster analysis of the collected network features inherent cyberattacks. To select the necessary security scenarios, the proposed method uses fuzzy semi-supervised c-means clustering. To detect host-type cyberattacks, information about the hosts’ network activity and reports of host antiviruses are collected. To detect the network type attacks, the monitoring of network activity is carried out, which may indicate the appearance of a cyberattack. According to gathered in the network information concerning possible attacks performed by botnet the measures for the resilient functioning of the network are assumed. To choose the needed scenario for network reconfiguration, the clustering is performed. The result of the clustering is the scenario with the list of the requirement for the reconfiguration of the network parameters, which will assure the network’s resilience in the situation of the botnet’s attacks. As the mean of the security scenario choice, the semi-supervised fuzzy c-means clustering was used. The clustering is performed based on labeled training data. The objects of the clustering are the feature vectors, obtained from a payload of the inbound and outbound traffic and reports of the antiviral tool about possible hosts’ infection. The result of clustering is a degree of membership of the feature vectors to one of the clusters. The membership of feature vector to cluster gives an answer to question what scenario of the network reconfiguration is to be applied in the situation of the botnet’s attack. The system contains the clusters that indicate the normal behavior of the network. The purpose of the method is to select security scenarios following cyberattacks carried out by botnets to mitigate the consequences of attacks and ensure a network functioning resilience. Conclusions. The self-adaptive method for computer systems resilience in the presence of cyberattacks has been developed. Based on the proposed method, a self-adaptive attack detection, and mitigation system has been developed. It demonstrates the ability to ensure the resilient functioning of the network in the presence of botnet cyberattacks at 70 %.http://nti.khai.edu/ojs/index.php/reks/article/view/1000бот-мережакіберзагрозакібератакавиявлення бот-мережзахист мережісамоадаптивні системирезильєнтністьсценарій безпекизловмисне програмне забезпеченняddos-атака
collection DOAJ
language English
format Article
sources DOAJ
author Сергій Миколайович Лисенко
spellingShingle Сергій Миколайович Лисенко
SELF-ADAPTIVE METHOD FOR THE COMPUTER SYSTEMS RESILIENCE IN THE PRESENCE OF CYBERTHREADS
Радіоелектронні і комп'ютерні системи
бот-мережа
кіберзагроза
кібератака
виявлення бот-мереж
захист мережі
самоадаптивні системи
резильєнтність
сценарій безпеки
зловмисне програмне забезпечення
ddos-атака
author_facet Сергій Миколайович Лисенко
author_sort Сергій Миколайович Лисенко
title SELF-ADAPTIVE METHOD FOR THE COMPUTER SYSTEMS RESILIENCE IN THE PRESENCE OF CYBERTHREADS
title_short SELF-ADAPTIVE METHOD FOR THE COMPUTER SYSTEMS RESILIENCE IN THE PRESENCE OF CYBERTHREADS
title_full SELF-ADAPTIVE METHOD FOR THE COMPUTER SYSTEMS RESILIENCE IN THE PRESENCE OF CYBERTHREADS
title_fullStr SELF-ADAPTIVE METHOD FOR THE COMPUTER SYSTEMS RESILIENCE IN THE PRESENCE OF CYBERTHREADS
title_full_unstemmed SELF-ADAPTIVE METHOD FOR THE COMPUTER SYSTEMS RESILIENCE IN THE PRESENCE OF CYBERTHREADS
title_sort self-adaptive method for the computer systems resilience in the presence of cyberthreads
publisher National Aerospace University «Kharkiv Aviation Institute»
series Радіоелектронні і комп'ютерні системи
issn 1814-4225
2663-2012
publishDate 2019-12-01
description The dynamic expansion of cyber threats poses an urgent need for the development of new methods, methods, and systems for their detection. The subject of the study is the process of ensuring the resilience of computer systems in the presence of cyber threats. The goal is to develop a self-adaptive method for computer systems resilience in the presence of cyberattacks. Results. The article presents a self-adaptive system to ensure the resilience of corporate networks in the presence of botnets’ cyberattacks. Resilience is provided by adaptive network reconfiguration. It is carried out using security scenarios selected based on a cluster analysis of the collected network features inherent cyberattacks. To select the necessary security scenarios, the proposed method uses fuzzy semi-supervised c-means clustering. To detect host-type cyberattacks, information about the hosts’ network activity and reports of host antiviruses are collected. To detect the network type attacks, the monitoring of network activity is carried out, which may indicate the appearance of a cyberattack. According to gathered in the network information concerning possible attacks performed by botnet the measures for the resilient functioning of the network are assumed. To choose the needed scenario for network reconfiguration, the clustering is performed. The result of the clustering is the scenario with the list of the requirement for the reconfiguration of the network parameters, which will assure the network’s resilience in the situation of the botnet’s attacks. As the mean of the security scenario choice, the semi-supervised fuzzy c-means clustering was used. The clustering is performed based on labeled training data. The objects of the clustering are the feature vectors, obtained from a payload of the inbound and outbound traffic and reports of the antiviral tool about possible hosts’ infection. The result of clustering is a degree of membership of the feature vectors to one of the clusters. The membership of feature vector to cluster gives an answer to question what scenario of the network reconfiguration is to be applied in the situation of the botnet’s attack. The system contains the clusters that indicate the normal behavior of the network. The purpose of the method is to select security scenarios following cyberattacks carried out by botnets to mitigate the consequences of attacks and ensure a network functioning resilience. Conclusions. The self-adaptive method for computer systems resilience in the presence of cyberattacks has been developed. Based on the proposed method, a self-adaptive attack detection, and mitigation system has been developed. It demonstrates the ability to ensure the resilient functioning of the network in the presence of botnet cyberattacks at 70 %.
topic бот-мережа
кіберзагроза
кібератака
виявлення бот-мереж
захист мережі
самоадаптивні системи
резильєнтність
сценарій безпеки
зловмисне програмне забезпечення
ddos-атака
url http://nti.khai.edu/ojs/index.php/reks/article/view/1000
work_keys_str_mv AT sergíjmikolajovičlisenko selfadaptivemethodforthecomputersystemsresilienceinthepresenceofcyberthreads
_version_ 1724652405586395136