政府机构分布式多业务网络信息安全威胁识别算法

IF 0.4 Q4 MATHEMATICS, APPLIED
A. Puchkov, A. M. Sokolov, Sergey S. Shirokov, Nikolay N. Prokimnov
{"title":"政府机构分布式多业务网络信息安全威胁识别算法","authors":"A. Puchkov, A. M. Sokolov, Sergey S. Shirokov, Nikolay N. Prokimnov","doi":"10.37791/2687-0649-2023-18-2-85-102","DOIUrl":null,"url":null,"abstract":"The results of studies are presented, the purpose of which was to develop an algorithm for identifying information security threats in distributed multiservice networks that provide information interaction of regional government bodies, as well as their communication with the population of the region. The relevance of the research topic is due to a significant increase in various types of cyber attacks on the computer networks of public authorities and the need to increase the level of security of these networks by intellectualizing methods for combating information security threats. The algorithm is based on the use of machine learning methods to analyze incoming traffic in order to identify events that affect the state of information security of public authorities. The algorithm provides for input traffic preprocessing, as a result of which a set of images (signatures) obtained from Wasm binary files is formed, and then the image classifier is launched. It contains a sequential inclusion of deep neural networks – a convolutional neural network for signature classification and a recurrent network that processes the sequences obtained at the output of the convolutional network. Features of the formation of signatures in the proposed algorithm, as well as sequences at the input to the recurrent network, make it possible to obtain the resulting assessment of information security, taking into account the history of its current state. The output of the recurrent network is aggregated with the result of comparing the actual signatures with those available in the database. The aggregation is performed by the fuzzy inference system of the second type, using the implication according to the Mamdani algorithm, which generates the final assessment of information security threats. Software was developed that implements the proposed algorithm, experiments were carried out on a synthetic data set, which showed the efficiency of the algorithm, confirmed the feasibility of its further improvement.","PeriodicalId":44195,"journal":{"name":"Journal of Applied Mathematics & Informatics","volume":null,"pages":null},"PeriodicalIF":0.4000,"publicationDate":"2023-03-31","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":"{\"title\":\"Algorithm for identifying threats to information security in distributed multiservice networks of government bodies\",\"authors\":\"A. Puchkov, A. M. Sokolov, Sergey S. Shirokov, Nikolay N. Prokimnov\",\"doi\":\"10.37791/2687-0649-2023-18-2-85-102\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"The results of studies are presented, the purpose of which was to develop an algorithm for identifying information security threats in distributed multiservice networks that provide information interaction of regional government bodies, as well as their communication with the population of the region. The relevance of the research topic is due to a significant increase in various types of cyber attacks on the computer networks of public authorities and the need to increase the level of security of these networks by intellectualizing methods for combating information security threats. The algorithm is based on the use of machine learning methods to analyze incoming traffic in order to identify events that affect the state of information security of public authorities. The algorithm provides for input traffic preprocessing, as a result of which a set of images (signatures) obtained from Wasm binary files is formed, and then the image classifier is launched. It contains a sequential inclusion of deep neural networks – a convolutional neural network for signature classification and a recurrent network that processes the sequences obtained at the output of the convolutional network. Features of the formation of signatures in the proposed algorithm, as well as sequences at the input to the recurrent network, make it possible to obtain the resulting assessment of information security, taking into account the history of its current state. The output of the recurrent network is aggregated with the result of comparing the actual signatures with those available in the database. The aggregation is performed by the fuzzy inference system of the second type, using the implication according to the Mamdani algorithm, which generates the final assessment of information security threats. Software was developed that implements the proposed algorithm, experiments were carried out on a synthetic data set, which showed the efficiency of the algorithm, confirmed the feasibility of its further improvement.\",\"PeriodicalId\":44195,\"journal\":{\"name\":\"Journal of Applied Mathematics & Informatics\",\"volume\":null,\"pages\":null},\"PeriodicalIF\":0.4000,\"publicationDate\":\"2023-03-31\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"0\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"Journal of Applied Mathematics & Informatics\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.37791/2687-0649-2023-18-2-85-102\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"Q4\",\"JCRName\":\"MATHEMATICS, APPLIED\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"Journal of Applied Mathematics & Informatics","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.37791/2687-0649-2023-18-2-85-102","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q4","JCRName":"MATHEMATICS, APPLIED","Score":null,"Total":0}
引用次数: 0

摘要

介绍了研究结果,其目的是开发一种算法,用于识别分布式多服务网络中的信息安全威胁,这些网络提供区域政府机构的信息交互,以及它们与该地区人口的通信。该研究课题的相关性是由于对公共当局计算机网络的各种类型的网络攻击显著增加,以及需要通过智能化方法来对抗信息安全威胁来提高这些网络的安全水平。该算法是利用机器学习方法分析传入流量,以识别影响公共当局信息安全状态的事件。该算法对输入流量进行预处理,形成从Wasm二进制文件中获取的一组图像(签名),然后启动图像分类器。它包含深度神经网络的顺序包含-用于签名分类的卷积神经网络和处理在卷积网络输出处获得的序列的循环网络。所提出算法中签名形成的特征,以及循环网络输入处的序列,使得考虑到其当前状态的历史,可以获得信息安全的最终评估。循环网络的输出与实际签名与数据库中可用签名的比较结果汇总在一起。第二种类型的模糊推理系统根据Mamdani算法利用隐含信息进行聚合,生成最终的信息安全威胁评估。开发了实现该算法的软件,并在一个合成数据集上进行了实验,验证了算法的有效性,证实了进一步改进的可行性。
本文章由计算机程序翻译,如有差异,请以英文原文为准。
Algorithm for identifying threats to information security in distributed multiservice networks of government bodies
The results of studies are presented, the purpose of which was to develop an algorithm for identifying information security threats in distributed multiservice networks that provide information interaction of regional government bodies, as well as their communication with the population of the region. The relevance of the research topic is due to a significant increase in various types of cyber attacks on the computer networks of public authorities and the need to increase the level of security of these networks by intellectualizing methods for combating information security threats. The algorithm is based on the use of machine learning methods to analyze incoming traffic in order to identify events that affect the state of information security of public authorities. The algorithm provides for input traffic preprocessing, as a result of which a set of images (signatures) obtained from Wasm binary files is formed, and then the image classifier is launched. It contains a sequential inclusion of deep neural networks – a convolutional neural network for signature classification and a recurrent network that processes the sequences obtained at the output of the convolutional network. Features of the formation of signatures in the proposed algorithm, as well as sequences at the input to the recurrent network, make it possible to obtain the resulting assessment of information security, taking into account the history of its current state. The output of the recurrent network is aggregated with the result of comparing the actual signatures with those available in the database. The aggregation is performed by the fuzzy inference system of the second type, using the implication according to the Mamdani algorithm, which generates the final assessment of information security threats. Software was developed that implements the proposed algorithm, experiments were carried out on a synthetic data set, which showed the efficiency of the algorithm, confirmed the feasibility of its further improvement.
求助全文
通过发布文献求助,成功后即可免费获取论文全文。 去求助
来源期刊
CiteScore
0.70
自引率
0.00%
发文量
0
×
引用
GB/T 7714-2015
复制
MLA
复制
APA
复制
导出至
BibTeX EndNote RefMan NoteFirst NoteExpress
×
提示
您的信息不完整,为了账户安全,请先补充。
现在去补充
×
提示
您因"违规操作"
具体请查看互助需知
我知道了
×
提示
确定
请完成安全验证×
copy
已复制链接
快去分享给好友吧!
我知道了
右上角分享
点击右上角分享
0
联系我们:info@booksci.cn Book学术提供免费学术资源搜索服务,方便国内外学者检索中英文文献。致力于提供最便捷和优质的服务体验。 Copyright © 2023 布克学术 All rights reserved.
京ICP备2023020795号-1
ghs 京公网安备 11010802042870号
Book学术文献互助
Book学术文献互助群
群 号:481959085
Book学术官方微信