Метод виявлення кібер-загроз на основі еволюційних алгоритмів
Вантажиться...
Файли
Дата
2017
Автори
Лисенко, С.М.
Стопчак, Д.І.
Самотес, В.В.
Lysenko, S.
Stopchak, D.
Samotes, V.
Назва журналу
Номер ISSN
Назва тому
Видавець
Хмельницький національний університет
Анотація
В роботі представлено метод виявлення кібер-загроз
на основі еволюційних алгоритмів. Метод дозволяє
забезпечити реагування на нові загрози, забезпечуючи захист комп’ютерних систем від як відомих, так і невідомих
кібер-загроз.
Робота системи виявлення нових загроз здійснюється на основі обробки зібраних в мережі та в
комп’ютерній системі множини ознак кібер-загроз,
виділення з неї підмножини таких ознак і створення таких
необхідних правил, які дозволять виявити кібер-загрози.
Процес використовує генетичні алгоритми для
мінімізації необхідних ознак виявлення кібер-загроз,
що і дозволяє ефективно використовувати наявні ресурси для
захисту від кібер-загроз.
The purpose of this paper is to develop a method for the cyberthreats detection based on the evolutionary algorithms. In this work a method for cyber threat detection based on genetic algorithms is presented. The method allows detectihg both known and previously unknown threats. The usage of the genetic algorithms allowed to use them as the basis for building a method of detecting cyber threats. The method has the heuristic nature and is based on the collected data about the cyber attacks. It makes it possible to give an answer about the presence of cyber threats in the computer network against the computer systems. The mechanism of threat detection system is based on collection of threat features from network or a computer systems, extracting a subset of acquired set and generation of threat detection rules. Genetic algorithms are used for the minimization of the feature set, which allows effective using of the system resources for threat detection. In this article a method for the dividing the feature space for threat detection rule generation is suggested. For division of the suggested method it is necessary to generate the threat detection subrule for each vale of the selected feature. It is suggested to use the feature with the smallest domain for generating the minimal set for rules. It is possible to select the optimal feature after all selected features which were discovered while applying the genetic algorithm. The subrule set is used with the aim to reduce false positive rate. Developed threat detection system consists of training and detection subsystems. When some object detected as suspicious but cannot be unambiguously identified as a threat, and there is a partial feature match for a threat with no match for a benign object, this object is considered to be used for further improvement of the system on the training stage. The process uses genetic algorithms to minimize the signs of detecting cyber threats, thereby reducing the resource intensity of the process of detecting cyber threats. The proposed method has demonstrated the ability to identify cyber threats with high confidence.
The purpose of this paper is to develop a method for the cyberthreats detection based on the evolutionary algorithms. In this work a method for cyber threat detection based on genetic algorithms is presented. The method allows detectihg both known and previously unknown threats. The usage of the genetic algorithms allowed to use them as the basis for building a method of detecting cyber threats. The method has the heuristic nature and is based on the collected data about the cyber attacks. It makes it possible to give an answer about the presence of cyber threats in the computer network against the computer systems. The mechanism of threat detection system is based on collection of threat features from network or a computer systems, extracting a subset of acquired set and generation of threat detection rules. Genetic algorithms are used for the minimization of the feature set, which allows effective using of the system resources for threat detection. In this article a method for the dividing the feature space for threat detection rule generation is suggested. For division of the suggested method it is necessary to generate the threat detection subrule for each vale of the selected feature. It is suggested to use the feature with the smallest domain for generating the minimal set for rules. It is possible to select the optimal feature after all selected features which were discovered while applying the genetic algorithm. The subrule set is used with the aim to reduce false positive rate. Developed threat detection system consists of training and detection subsystems. When some object detected as suspicious but cannot be unambiguously identified as a threat, and there is a partial feature match for a threat with no match for a benign object, this object is considered to be used for further improvement of the system on the training stage. The process uses genetic algorithms to minimize the signs of detecting cyber threats, thereby reducing the resource intensity of the process of detecting cyber threats. The proposed method has demonstrated the ability to identify cyber threats with high confidence.
Опис
Ключові слова
кібер-загрози шкідливе програмне забезпечення, генетичні алгоритми, мутація, популяція, пристосованість, еволюція, genetic algorithms, cyber-threats, malware, cross-overer, mutation, population, adaptation, evolution
Бібліографічний опис
Лисенко, С.М. Метод виявлення кібер-загроз на основі еволюційних алгоритмів [Текст] / С. М. Лисенко, Д. І. Стопчак, В. В. Самотес // Вісник Хмельницького національного університету. Технічні науки. – 2017. – № 6. – С. 81-88.