Методи та засоби ідентифікації стану комп'ютерних систем критичного застосування для захисту інформації
Вантажиться...
Дата
2019
Автори
ORCID
DOI
Науковий ступінь
доктор технічних наук
Рівень дисертації
докторська дисертація
Шифр та назва спеціальності
05.13.05 – комп'ютерні системи та компоненти
Рада захисту
Спеціалізована вчена рада Д 64.050.14
Установа захисту
Національний технічний університет "Харківський політехнічний інститут"
Науковий керівник
Семенов Сергій Геннадійович
Члени комітету
Качанов Петро Олексійович
Кондрашов Сергій Іванович
Ліберг Ігор Геннадійович
Кондрашов Сергій Іванович
Ліберг Ігор Геннадійович
Видавець
Національний технічний університет "Харківський політехнічний інститут"
Анотація
Дисертація на здобуття наукового ступеня доктора технічних наук за спеціальністю 05.13.05 – комп'ютерні системи та компоненти. – Національний технічний університет "Харківський політехнічний інститут", Харків, 2019. Дисертацію присвячено підвищенню оперативності та достовірності ідентифікації стану комп'ютерних систем критичного застосування шляхом розробки та удосконалення методів та засобів розпізнавання аномалій та зловживань. Проведено аналіз науково-технічної проблеми ідентифікації стану КСКЗ для захисту даних. Виконано порівняльні дослідження існуючих методів та відомих комп'ютеризованих систем ідентифікації стану, виявлено ряд обмежень їх використання. Зроблено висновок про перспективність напрямку розробки та дослідження комплексних методів ідентифікації стану КСКЗ. Розроблено схему ідентифікації стану КСКЗ, яка включає підсистему ідентифікації аномалій та зловживань. Синтезовано критерії оцінки інформативності показників функціонування КСКЗ. Виконано модернізацію методу дискримінантного і кластерного аналізу за умови нечітких вихідних даних. Розроблено експертну систему з непродукційним механізмом логічного виведення, що дозволило виконати ідентифікацію стану КСКЗ з необмеженим числом контрольованих показників. Розроблено експрес-метод ідентифікації стану КСКЗ на основі комплексного використання статистичних методів класифікації, що включає BDS-тестування, оцінку показників Херста та контрольних карт Шухарта, CUSUM та EWMA, що дозволило збільшити достовірність ідентифікації вторгнень в КСКЗ. Синтезовано новий показник нормального функціонування КСКЗ, на основі BDS-статистики, який відрізняється від відомих використанням синтезованого показника джиттера параметрів системи. Удосконалено метод ідентифікації стану КСКЗ на основі комплексного використання інтелектуальних методів ідентифікації, що включає нейронну мережу АРТ-1, систему нечіткого виведення Мамдані та ймовірнісний автомат, що підвищило оперативність ідентифікації вторгнень в КСКЗ. Виконано порівняльне дослідження та оцінку достовірності та оперативності розроблених методів та засобів ідентифікації аномалій та зловживань в КСКЗ, надано практичні рекомендації.
The thesis for the academic degree of Doctor of technical sciences on the speciality 05.13.05 – computer systems and components. – National technical university "Kharkiv polytechnic institute", Kharkiv, 2019. The thesis is dedicated to the enhancement of efficiency and reliability of the identification of the computer systems of critical application state by means of development and improvement of methods and means of recognition of anomalies and abuses. The analysis of the scientific and technical problem of the indication of CSCA for data protection was carried out. It was shown that the system of indication of the CSCA state consist of two classes of methods: the anomaly identification methods and the abuse identification methods. It was found that the main disadvantages of the anomaly and abuse identification methods were a neglect of fuzzy set factors and low adaptation to dynamic changes of the initial dataset structures and external effects that leads to the decrease of efficiency and reliability of the CSCA identification. The conclusion of perspective of the direction of development and investigation of complex methods of the identification of the CSCA state was drawn. A scheme of the identification of the CSCA state that includes the subsystem of the anomaly and abuse identification was proposed. The basis of performance of the abuse identification subsystem is complex use of intelligent classification methods that includes the neural network ART-1, the improved models of fuzzy output and the probabilistic automaton. Complex use of the statistical methods of classification and the decision support systems based on discriminant, cluster and Bayes classifiers. Enhancement of the discriminant analysis method under the condition of fuzzy input data was performed for the two-alternative classification. It was based on the analogies of theoretic and probabilistic characteristics of fuzzy numbers, particularly, the expected value, the dispersion of correlation coefficients, used for the standard calculation scheme by means of the solution of the linear equation system and the classification of the object state. In the present work the enhancement of the cluster analysis under condition of fuzzy specification of the point coordinates (the results of measurements of controlled parameters) and the centers of cluster groups, defined by membership functions, was done for the multi-alternative diagnostic. The procedure of the comparison of fuzzy distances between the objects of clustering and the group centers, based on the comparison of fuzzy function of distance difference with zero was proposed. The rules for the result treatment of the comparison of fuzzy number with zero were developed. A criterium of self-descriptiveness estimation of the performance parameters of CSCA under fuzzy input data, the value of which belongs to the final range, does not depend on the parameter membership function type and on the rules of inclusion of the function into evaluation expression, was found. The self-descriptiveness rate of the controlled fuzzy parameters, described by gaussian, exponential functions of membership and the criterium based on the surface evaluation of the area of intersection of the state membership functions was developed. An expert system with non-productional mechanism of logic inference based on modified Bayes classifier was created for identification of the CSCA state with infinite numbers of controlled parameters. An express method of identification of the CSCA state relied on complex use of statistic methods of classification including BDS test, the evaluation of Hurst exponent and Shewhart charts, CUSUM and EWMA, as components of the subsystem on anomaly recognition, was worked out. A new parameter of normal performance of CSCA based on the jitter value of the system was synthesized and a template of normal behavior of CSCA arising from BDS test and Hurst exponent values was proposed. The templates of the normal system state of CSCA relying on Shewhart charts, CUSUM and EWMA were built. A classification method of CSCA state based on the neuron network ART-1 that included complex use of ART-1 blocks was developed. The use of the proposed method improved the efficiency of identification of the CSCA state. A method of identification of the CSCA state relying on the system of fuzzy output, which differs from the well-known by the use of minimization procedure of number of rules linking input and output fuzzy variables, was suggested. It allowed to improve efficiency of the identification of CSCA state. An identification method of computer system of critical application state was proposed on the basis of the probabilistic automaton. The main feature of the method is an adaptation of the generation procedure of the automaton structure to the situation of recognition of identical scripts by means of the automaton structure rebuilding upon coincidence detection and recalculation of the probability of transfer between states. The improved method allows to accelerate the process of revelation of anomaly behavior of the CSCA as well as to detect the abuse of computer system, signature scenarios of which only partially match the examples used for the generation of the automaton structure. On the basis of ROC-analysis a comparative study and an estimation of reliability and efficiency of developed methods and means of anomaly and abuse identification in CSCA was performed. Practical recommendations on the use of the methods and means of the anomaly and abuse identification of the CSCA were proposed.
The thesis for the academic degree of Doctor of technical sciences on the speciality 05.13.05 – computer systems and components. – National technical university "Kharkiv polytechnic institute", Kharkiv, 2019. The thesis is dedicated to the enhancement of efficiency and reliability of the identification of the computer systems of critical application state by means of development and improvement of methods and means of recognition of anomalies and abuses. The analysis of the scientific and technical problem of the indication of CSCA for data protection was carried out. It was shown that the system of indication of the CSCA state consist of two classes of methods: the anomaly identification methods and the abuse identification methods. It was found that the main disadvantages of the anomaly and abuse identification methods were a neglect of fuzzy set factors and low adaptation to dynamic changes of the initial dataset structures and external effects that leads to the decrease of efficiency and reliability of the CSCA identification. The conclusion of perspective of the direction of development and investigation of complex methods of the identification of the CSCA state was drawn. A scheme of the identification of the CSCA state that includes the subsystem of the anomaly and abuse identification was proposed. The basis of performance of the abuse identification subsystem is complex use of intelligent classification methods that includes the neural network ART-1, the improved models of fuzzy output and the probabilistic automaton. Complex use of the statistical methods of classification and the decision support systems based on discriminant, cluster and Bayes classifiers. Enhancement of the discriminant analysis method under the condition of fuzzy input data was performed for the two-alternative classification. It was based on the analogies of theoretic and probabilistic characteristics of fuzzy numbers, particularly, the expected value, the dispersion of correlation coefficients, used for the standard calculation scheme by means of the solution of the linear equation system and the classification of the object state. In the present work the enhancement of the cluster analysis under condition of fuzzy specification of the point coordinates (the results of measurements of controlled parameters) and the centers of cluster groups, defined by membership functions, was done for the multi-alternative diagnostic. The procedure of the comparison of fuzzy distances between the objects of clustering and the group centers, based on the comparison of fuzzy function of distance difference with zero was proposed. The rules for the result treatment of the comparison of fuzzy number with zero were developed. A criterium of self-descriptiveness estimation of the performance parameters of CSCA under fuzzy input data, the value of which belongs to the final range, does not depend on the parameter membership function type and on the rules of inclusion of the function into evaluation expression, was found. The self-descriptiveness rate of the controlled fuzzy parameters, described by gaussian, exponential functions of membership and the criterium based on the surface evaluation of the area of intersection of the state membership functions was developed. An expert system with non-productional mechanism of logic inference based on modified Bayes classifier was created for identification of the CSCA state with infinite numbers of controlled parameters. An express method of identification of the CSCA state relied on complex use of statistic methods of classification including BDS test, the evaluation of Hurst exponent and Shewhart charts, CUSUM and EWMA, as components of the subsystem on anomaly recognition, was worked out. A new parameter of normal performance of CSCA based on the jitter value of the system was synthesized and a template of normal behavior of CSCA arising from BDS test and Hurst exponent values was proposed. The templates of the normal system state of CSCA relying on Shewhart charts, CUSUM and EWMA were built. A classification method of CSCA state based on the neuron network ART-1 that included complex use of ART-1 blocks was developed. The use of the proposed method improved the efficiency of identification of the CSCA state. A method of identification of the CSCA state relying on the system of fuzzy output, which differs from the well-known by the use of minimization procedure of number of rules linking input and output fuzzy variables, was suggested. It allowed to improve efficiency of the identification of CSCA state. An identification method of computer system of critical application state was proposed on the basis of the probabilistic automaton. The main feature of the method is an adaptation of the generation procedure of the automaton structure to the situation of recognition of identical scripts by means of the automaton structure rebuilding upon coincidence detection and recalculation of the probability of transfer between states. The improved method allows to accelerate the process of revelation of anomaly behavior of the CSCA as well as to detect the abuse of computer system, signature scenarios of which only partially match the examples used for the generation of the automaton structure. On the basis of ROC-analysis a comparative study and an estimation of reliability and efficiency of developed methods and means of anomaly and abuse identification in CSCA was performed. Practical recommendations on the use of the methods and means of the anomaly and abuse identification of the CSCA were proposed.
Опис
Ключові слова
автореферат дисертації, комп'ютерна система критичного застосування, методи захисту інформації, засоби захисту інформації, ідентифікація аномалії, ідентифікація зловживання, BDS-статистика, нечітка експертна система, оцінка інформативності нечітких показників, computer system critical application, methods of information protection, means of information protection, anomaly identification, abuse identification, BDS-statistics, fuzzy expert system
Бібліографічний опис
Гавриленко С. Ю. Методи та засоби ідентифікації стану комп'ютерних систем критичного застосування для захисту інформації [Електронний ресурс] : автореф. дис. ... д-ра техн. наук : спец. 05.13.05 / Світлана Юріївна Гавриленко ; [наук. консультант Семенов С. Г.] ; Нац. техн. ун-т "Харків. політехн. ін-т". – Харків, 2019. – 36 с. – Бібліогр.: с. 25-32. – укр.