Fuzzy models for cyber incident detection in military information and communication systems databases

Abstract

Protecting databases of military information and communication systems is an extremely important task in the modern cybersecurity sphere. Growing threats from cyberattacks, the need to effectively detect, counteract and prevent them require the use of new, more effective models and methods. The main disadvantages of existing models and methods include insufficient sensitivity to new threats, a large number of detection errors, low response to new threats, the possibility of bypassing protective measures, and low scalability, which are key challenges for further improvement and development of cybersecurity. The article analyzes the existing fuzzy models for detecting cyber incidents, identifies their shortcomings and emphasizes the need for their further improvement and development. An improved fuzzy model for detecting cyber incidents in databases of military information and communication systems and an improved fuzzy model for detecting cyber incidents in databases of military information and communication systems with weighted rules based on the expansion of cyber incident signs by obtaining them from different levels of cyber security of the data are proposed. The main levels of database cybersecurity include: the operating system level, the network level, and the database management system level. To eliminate the shortcomings associated with the false triggering of cyber incident detection rules and the complexity of their configuration in a dynamically changing cyberattack landscape, as well as the dimensionality of the knowledge base of the information and security event management system, a fuzzy model for detecting cyber incidents in databases of military information and communication systems with weights of rule antecedents is proposed. The expediency of applying the developed model is shown.