Intelligent Algorithms for Event Processing and Decision Making on Information Protection Strategies against Cyberattacks-Reference-Cited by-同舟云学术

Intelligent Algorithms for Event Processing and Decision Making on Information Protection Strategies against Cyberattacks

Published:2023-09-16 Issue:18 Volume:11 Page:3939
ISSN:2227-7390
Container-title:Mathematics
language:en
Short-container-title:Mathematics

Author:

Asyaev Grigorii¹,Sokolov Alexander¹,Ruchay Alexey¹²^ORCID

Affiliation:

1. Department of Information Security, South Ural State University, Chelyabinsk 454080, Russia

2. Department of Mathematics, Chelyabinsk State University, Chelyabinsk 454001, Russia

Abstract

This paper considers the main approaches to building algorithms for the decision support systems of information protection strategies against cyberattacks in the networks of automated process control systems (the so-called recommender systems). The advantages and disadvantages of each of the considered algorithms are revealed, and their applicability to the processing of the information security events of the UNSW-NB 15 dataset is analyzed. The dataset used contains raw network packets collected using the IXIA PerfectStorm software in the CyberRange laboratory of the Australian Cyber Security Centre (Canberra) in order to create a hybrid of the simulation of the real actions and the synthetic behavior of the network traffic generated during attacks. The possibility of applying four semantic proximity algorithms to partition process the data into clusters based on attack type in a distribution control system (DCS) is analyzed. The percentage of homogeneous records belonging to a particular type of attack is used as the metric that determines the optimal method of cluster partitioning. This metric was chosen under the assumption that cyberattacks located “closer” to each other in the multidimensional space have similar defense strategies. A hypothesis is formulated about the possibility of transferring knowledge about attacks from the vector feature space into a semantic form using semantic proximity methods. The percentage of homogeneous entries was maximal when the cosine proximity measure was used, which confirmed the hypothesis about the possibility of applying the corresponding algorithm in the recommender system.

Funder

Russian Science Foundation

Publisher

MDPI AG

Subject

General Mathematics,Engineering (miscellaneous),Computer Science (miscellaneous)

Link

https://www.mdpi.com/2227-7390/11/18/3939/pdf

Reference39 articles.

1. Griffiths, C. (2023, June 11). The Latest 2023 Cyber Crime Statistics. Available online: https://aag-it.com/the-latest-cyber-crime-statistics/.

2. Frąckiewiczin, M. (2023, June 11). The Role of Artificial Intelligence in Cybersecurity Threat Detection, Artificial Intelligence, TS2 Spaceon. 18 June 2023. Available online: https://ts2.space/en/the-role-of-artificial-intelligence-in-cybersecurity-threat-detection/.

3. Bolshev, A.K. (2011). Algorithms of Traffic Transformation and Classification for Intrusion Detection in Computer Networks, Saint-Petersburg State Electrotechnical University (SPbGETU). Abstracts of V.I. Ulyanov (Lenin) LETI.

4. Vitenburg, E.A. Formalized model of intellectual decision support system in the field of information protection. Proceedings of TulSU. Technical Sciences. 2017. No. 7.

5. Abdullahi, M., Baashar, Y., Alhussian, H., Alwadain, A., Aziz, N., Capretz, L.F., and Abdulkadir, S.J. (2022). Detecting Cybersecurity Attacks in Internet of Things Using Artificial Intelligence Methods: A Systematic Literature Review. Electronics, 11.