Open AccessModel and method for diagnosing computer incidents in information and communication systems based on deep machine learning
Author(s) -
Маликов Альберт Валерьянович,
Авраменко Владимир Семенович,
Саенко Игорь Борисович
Publication year - 2019
Publication title -
informacionno-upravlâûŝie sistemy
Language(s) - English
Resource type - Journals
SCImago Journal Rank - 0.202
H-Index - 6
eISSN - 2541-8610
pISSN - 1684-8853
DOI - 10.31799/1684-8853-2019-6-32-42
Subject(s) - computer science , artificial neural network , autoencoder , artificial intelligence , machine learning , information security , relevance (law) , software , perceptron , data mining , coding (social sciences) , computer security , statistics , mathematics , political science , law , programming language
Models and methods for diagnosing computer incidents recorded in information and communication systems are the most important components in mathematical support of information security systems. The main requirement for the diagnostics is prompt identification of security violation characteristics. This problem is complicated due to the amount and variability of the initial data on information security violation. Purpose: Development of a model for diagnosing a computer incident, along with a method which would allow you to quickly determine the characteristics of a security violation. Results: Security breach characteristics important for making a decision about responding to an identified computer incident can be determined via deep artificial neural networks. A structural feature of the proposed deep artificial neural network is combining the coding part of the autoencoder and a multilayer perceptron. In addition, the method implements a parallel mode of processing information events which have occurred in the information and communication system before the incident was detected, by using a separate proposed artificial neural network for each secondary characteristic of the security breach. The method of determining the values of these secondary characteristics allows you to greatly improve the diagnostics efficiency, having acceptable values of precision and recall for the security violation characteristics to determine. The dependence has been studied of the completeness and classification accuracy on the number of neurons in the hidden layer. A sufficient number of neurons in the hidden layer for achieving the required training efficiency is experimentally determined. Practical relevance: The developed model and method can be implemented using standard software and hardware (servers) of an information and communication system. Their combined use with the existing models and methods of monitoring and diagnostics can significantly improve the efficiency of an information security system.