A. Puchkov, A. M. Sokolov, Sergey S. Shirokov, Nikolay N. Prokimnov
{"title":"政府机构分布式多业务网络信息安全威胁识别算法","authors":"A. Puchkov, A. M. Sokolov, Sergey S. Shirokov, Nikolay N. Prokimnov","doi":"10.37791/2687-0649-2023-18-2-85-102","DOIUrl":null,"url":null,"abstract":"The results of studies are presented, the purpose of which was to develop an algorithm for identifying information security threats in distributed multiservice networks that provide information interaction of regional government bodies, as well as their communication with the population of the region. The relevance of the research topic is due to a significant increase in various types of cyber attacks on the computer networks of public authorities and the need to increase the level of security of these networks by intellectualizing methods for combating information security threats. The algorithm is based on the use of machine learning methods to analyze incoming traffic in order to identify events that affect the state of information security of public authorities. The algorithm provides for input traffic preprocessing, as a result of which a set of images (signatures) obtained from Wasm binary files is formed, and then the image classifier is launched. It contains a sequential inclusion of deep neural networks – a convolutional neural network for signature classification and a recurrent network that processes the sequences obtained at the output of the convolutional network. Features of the formation of signatures in the proposed algorithm, as well as sequences at the input to the recurrent network, make it possible to obtain the resulting assessment of information security, taking into account the history of its current state. The output of the recurrent network is aggregated with the result of comparing the actual signatures with those available in the database. The aggregation is performed by the fuzzy inference system of the second type, using the implication according to the Mamdani algorithm, which generates the final assessment of information security threats. Software was developed that implements the proposed algorithm, experiments were carried out on a synthetic data set, which showed the efficiency of the algorithm, confirmed the feasibility of its further improvement.","PeriodicalId":44195,"journal":{"name":"Journal of Applied Mathematics & Informatics","volume":"66 1","pages":""},"PeriodicalIF":0.4000,"publicationDate":"2023-03-31","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":"{\"title\":\"Algorithm for identifying threats to information security in distributed multiservice networks of government bodies\",\"authors\":\"A. Puchkov, A. M. Sokolov, Sergey S. Shirokov, Nikolay N. Prokimnov\",\"doi\":\"10.37791/2687-0649-2023-18-2-85-102\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"The results of studies are presented, the purpose of which was to develop an algorithm for identifying information security threats in distributed multiservice networks that provide information interaction of regional government bodies, as well as their communication with the population of the region. The relevance of the research topic is due to a significant increase in various types of cyber attacks on the computer networks of public authorities and the need to increase the level of security of these networks by intellectualizing methods for combating information security threats. The algorithm is based on the use of machine learning methods to analyze incoming traffic in order to identify events that affect the state of information security of public authorities. The algorithm provides for input traffic preprocessing, as a result of which a set of images (signatures) obtained from Wasm binary files is formed, and then the image classifier is launched. It contains a sequential inclusion of deep neural networks – a convolutional neural network for signature classification and a recurrent network that processes the sequences obtained at the output of the convolutional network. Features of the formation of signatures in the proposed algorithm, as well as sequences at the input to the recurrent network, make it possible to obtain the resulting assessment of information security, taking into account the history of its current state. The output of the recurrent network is aggregated with the result of comparing the actual signatures with those available in the database. The aggregation is performed by the fuzzy inference system of the second type, using the implication according to the Mamdani algorithm, which generates the final assessment of information security threats. Software was developed that implements the proposed algorithm, experiments were carried out on a synthetic data set, which showed the efficiency of the algorithm, confirmed the feasibility of its further improvement.\",\"PeriodicalId\":44195,\"journal\":{\"name\":\"Journal of Applied Mathematics & Informatics\",\"volume\":\"66 1\",\"pages\":\"\"},\"PeriodicalIF\":0.4000,\"publicationDate\":\"2023-03-31\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"0\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"Journal of Applied Mathematics & Informatics\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.37791/2687-0649-2023-18-2-85-102\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"Q4\",\"JCRName\":\"MATHEMATICS, APPLIED\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"Journal of Applied Mathematics & Informatics","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.37791/2687-0649-2023-18-2-85-102","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q4","JCRName":"MATHEMATICS, APPLIED","Score":null,"Total":0}
Algorithm for identifying threats to information security in distributed multiservice networks of government bodies
The results of studies are presented, the purpose of which was to develop an algorithm for identifying information security threats in distributed multiservice networks that provide information interaction of regional government bodies, as well as their communication with the population of the region. The relevance of the research topic is due to a significant increase in various types of cyber attacks on the computer networks of public authorities and the need to increase the level of security of these networks by intellectualizing methods for combating information security threats. The algorithm is based on the use of machine learning methods to analyze incoming traffic in order to identify events that affect the state of information security of public authorities. The algorithm provides for input traffic preprocessing, as a result of which a set of images (signatures) obtained from Wasm binary files is formed, and then the image classifier is launched. It contains a sequential inclusion of deep neural networks – a convolutional neural network for signature classification and a recurrent network that processes the sequences obtained at the output of the convolutional network. Features of the formation of signatures in the proposed algorithm, as well as sequences at the input to the recurrent network, make it possible to obtain the resulting assessment of information security, taking into account the history of its current state. The output of the recurrent network is aggregated with the result of comparing the actual signatures with those available in the database. The aggregation is performed by the fuzzy inference system of the second type, using the implication according to the Mamdani algorithm, which generates the final assessment of information security threats. Software was developed that implements the proposed algorithm, experiments were carried out on a synthetic data set, which showed the efficiency of the algorithm, confirmed the feasibility of its further improvement.