A.S. Shaburov1
1 Perm National Research Polytechnic University (Perm, Russia)
This paper presents a brief problem analysis of computer attacks, as the most dangerous form of exposure to objects of critical information infrastructure. Features of traditional computer attacks have been noted. The characteristic of targeted computer attack has been given and its features have been considered. The trends to an increase in threats of this type have been given. The necessity of improving intrusion detection systems and detecting computer attacks has been substantiated. The task of detecting attacks at the rule level has been presented. The problems of the classical approach have been formulated at the time of forming the rules. An approach for solving the problem of intrusion detection, based on machine learning, has a list of advantages and disadvantages. A computer attack recognition approach for solving the intrusion detection problem based on neural networks has been proposed. The advantages of using neural networks have been listed. The mathematical formulation of the problem of the neural network learning process has been formulated. We assume that the recognition of computer attacks can be presented on the system analysis basis of the process parameters space in the system according to the established rules and the identification of those parameters that characterize the attack action. The particular relevance in ensuring the safety of critical information infrastructure objects is presented as protection from DDoS attacks. To automate the operation of the neural network and calculate its parameters, a specialized application package in the Matlab environment has been used. The proposed model based on the neural network with the teacher, which determines the secure connection is implemented on the information on the IP addresses of network ports as well as the time of connections. The NN involves adjusting the weights of synoptic connections using an internal algorithm. If computer attack occurs the operation of a critical information infrastructure may be disrupted due to a decrease in the availability of control information. The learning process is illustrated on the graph of the dependence of the mean square error on the epoch of learning. To avoid the negative information impact consequences the standard information security solutions have been used. The decision to choose this method can also be based on modeling a neural network that determines the optimal set of countermeasures for a computer attack. The input parameters of the neural network are supposed to use the output parameters of the model, which determine the time of access to resources. The model has developed a system of parameter values that determine the success of the connection to the time characteristic. The output parameter vector defines the required values that were assigned to each recommendation. The model has been tested to formulate recommendations for ensuring a secure connection and its effect on the performance of the information system. The scheme of series-connected neural networks has been developed. Achieving the necessary characteristics to ensure information security is assumed by changing the parameters of the developed model that characterizes the neural network itself: weights, learning time, number of neurons in the hidden layer. A multilayer neural network model has been developed, which allows determining the same parameters of access time to information system resources and recommendations for ensuring information security. During the experiment, the models of series-connected and multi-layer neural network have been compared by the parameters of quality, time and model learning errors, taking into account the conditions of formation of the models input. The training schedule of a multilayered neural network illustrates the best quality of training with a greater number of learning eras.
Shaburov A.S. Models of neural networks for solving the security ensuring problems of the objects of critical information infrastructure. Neurocomputers. 2019. V. 21. № 3. Р. 73-78. DOI: 10.18127/j19998554-201903-11 (in Russian)
- Federal'nyj zakon «O bezopasnosti kriticheskoj informatsionnoj infrastruktury Rossijskoj Federatsii» ot 26.07.2017 № 187-FZ.
- Klimov S.M., Sychev M.P., Astrakhov A.V. Protivodejstvie komp'yuternym atakam. Metodicheskie osnovy. Elektronnoe uchebnoe izdanie. M.: MGTU im. N.E. Baumana. 2013.
- Shaburov A.S. O razrabotke modeli obnaruzheniya komp'yuternykh atak na ob''ekty kriticheskoj informatsionnoj infrastruktury. Vestnik PNIPU. Elektrotekhnika, informatsionnye tekhnologii, sistemy upravleniya. 2018. № 26. S. 199–213.
- Mikova S.Yu., Olad'ko V.S. Model' sistemy obnaruzheniya anomalij setevogo trafika. Informatsionnye sistemy i tekhnologii. 2016. № 5 (97). S. 115–121.
- Branitskij A.A., Kotenko I.V. Analiz i klassifikatsiya metodov obnaruzheniya setevykh atak. Trudy SPIIRAN. 2016. № 2. S. 207–244.
- Kostin D.V., Shelukhin O.I. Sravnitel'nyj analiz algoritmov mashinnogo obucheniya dlya provedeniya klassifikatsii setevogo zashifrovannogo trafika. T-Comm: Telekommunikatsii i transport. 2016. № 9. S. 46–52.
- Kotel'nikov E.V., Kolevatov V.Yu. Metody iskusstvennogo intellekta v zadachakh obespecheniya bezopasnosti komp'yuternykh setej. Kirov: Vyatskij gosudarstvennyj universitet. 2008.
- Shaburov A.S. Razrabotka sistem raspoznavaniya targetirovannykh komp'yuternykh atak na informatsionnye sistemy s ispol'zovaniem nejrosetevykh tekhnologij. Nejrokomp'yutery: razrabotka, primenenie. 2018. № 7. S. 49–54.
- En-Najjary T., Urvoy-Keller G. A first look at traffic classification in enterprise networks. Proc. of the 6th International Wireless Communications and Mobile Computing Conference. Caen, France. 2010.
- Gil'mullin T. Skanery bezopasnosti: avtomaticheskaya validatsiya uyazvimostej s pomoshch'yu nechetkikh mnozhestv i nejronnykh setej [Elektronnyj resurs]. URL: https://habr.com/ru/company/pt/blog/246197/ (data obrashcheniya: 20.04.2019).