SELF-ADAPTIVE METHOD FOR THE COMPUTER SYSTEMS RESILIENCE IN THE PRESENCE OF CYBERTHREADS

Autor: Сергій Миколайович Лисенко
Jazyk: English<br />Ukrainian
Rok vydání: 2019
Předmět:
Zdroj: Радіоелектронні і комп'ютерні системи, Vol 0, Iss 4, Pp 4-16 (2019)
Druh dokumentu: article
ISSN: 1814-4225
2663-2012
DOI: 10.32620/reks.2019.4.01
Popis: The dynamic expansion of cyber threats poses an urgent need for the development of new methods, methods, and systems for their detection. The subject of the study is the process of ensuring the resilience of computer systems in the presence of cyber threats. The goal is to develop a self-adaptive method for computer systems resilience in the presence of cyberattacks. Results. The article presents a self-adaptive system to ensure the resilience of corporate networks in the presence of botnets’ cyberattacks. Resilience is provided by adaptive network reconfiguration. It is carried out using security scenarios selected based on a cluster analysis of the collected network features inherent cyberattacks. To select the necessary security scenarios, the proposed method uses fuzzy semi-supervised c-means clustering. To detect host-type cyberattacks, information about the hosts’ network activity and reports of host antiviruses are collected. To detect the network type attacks, the monitoring of network activity is carried out, which may indicate the appearance of a cyberattack. According to gathered in the network information concerning possible attacks performed by botnet the measures for the resilient functioning of the network are assumed. To choose the needed scenario for network reconfiguration, the clustering is performed. The result of the clustering is the scenario with the list of the requirement for the reconfiguration of the network parameters, which will assure the network’s resilience in the situation of the botnet’s attacks. As the mean of the security scenario choice, the semi-supervised fuzzy c-means clustering was used. The clustering is performed based on labeled training data. The objects of the clustering are the feature vectors, obtained from a payload of the inbound and outbound traffic and reports of the antiviral tool about possible hosts’ infection. The result of clustering is a degree of membership of the feature vectors to one of the clusters. The membership of feature vector to cluster gives an answer to question what scenario of the network reconfiguration is to be applied in the situation of the botnet’s attack. The system contains the clusters that indicate the normal behavior of the network. The purpose of the method is to select security scenarios following cyberattacks carried out by botnets to mitigate the consequences of attacks and ensure a network functioning resilience. Conclusions. The self-adaptive method for computer systems resilience in the presence of cyberattacks has been developed. Based on the proposed method, a self-adaptive attack detection, and mitigation system has been developed. It demonstrates the ability to ensure the resilient functioning of the network in the presence of botnet cyberattacks at 70 %.
Databáze: Directory of Open Access Journals