Cyber intelligence systems based on adaptive regression splines and logical procedures of attack recognition

Beketova G¹, Akhmetov B¹, Korchenko A², Lakhno V³, Tereshuk A³
COMPUTER MODELLING & NEW TECHNOLOGIES 2017 21(2) 19-28

¹Kazakh National Research Technical University named after K.I.Satpayev, Kazakhstan
²National Aviation University, Ukraine
³European University, Ukraine

The article presents the results of research devoted to the further development of methods, models and algorithms for recognizing cyber threats, as well as the most common classes of cyber attacks and anomalies in critical computer systems (CCS). It is shown that the cyber security process for CCS controlled and analyzed by the values of several parameters of anomalies or signs of cyber attacks. This, in turn, makes it possible to carry out a preliminary assessment of information security with the help of two-stage recognition procedure in which initially used the methodology of adaptive regression splines for the processing of statistical data on the anomalies and cyber incidents in CCS, and then in the second stage are used designed logical recognition procedures based on the signs of matrix surfaces. This minimizes the number of training samples for the detection of objects in the framework, the relevant classes of cyber threats, attacks and anomalies.
The research on minimizing the amount of training samples of recognizing signs were performed. It is shown that for the recognition of objects within the known class of cyber threats, attacks and anomalies in the use of training facilities matrices used for training a representative set of long 3-5 attributes will allow to achieve maximum efficiency of the algorithm, reaching up to 98%.
Using the proposed method and models has allowed to reduce the amount of required object recognition rules within the class of 2.5-10 times, compared to the widely used in anomaly detection systems and methods of cyber attacks sequential sorting features and statistical algorithms states.