+7 (495) 987 43 74 ext. 3304
Join us -              
Рус   |   Eng

articles

Authors: Puchkov A., Prokimnov N., Shirokov S., Sokolov A. M.     Published in № 2(104) 31 march 2023 year
Rubric: Data protection

Algorithm for identifying threats to information security in distributed multiservice networks of government bodies

The results of studies are presented, the purpose of which was to develop an algorithm for identifying information security threats in distributed multiservice networks that provide information interaction of regional government bodies, as well as their communication with the population of the region. The relevance of the research topic is due to a significant increase in various types of cyber attacks on the computer networks of public authorities and the need to increase the level of security of these networks by intellectualizing methods for combating information security threats. The algorithm is based on the use of machine learning methods to analyze incoming traffic in order to identify events that affect the state of information security of public authorities. The algorithm provides for input traffic preprocessing, as a result of which a set of images (signatures) obtained from Wasm binary files is formed, and then the image classifier is launched. It contains a sequential inclusion of deep neural networks – a convolutional neural network for signature classification and a recurrent network that processes the sequences obtained at the output of the convolutional network. Features of the formation of signatures in the proposed algorithm, as well as sequences at the input to the recurrent network, make it possible to obtain the resulting assessment of information security, taking into account the history of its current state. The output of the recurrent network is aggregated with the result of comparing the actual signatures with those available in the database. The aggregation is performed by the fuzzy inference system of the second type, using the implication according to the Mamdani algorithm, which generates the final assessment of information security threats. Software was developed that implements the proposed algorithm, experiments were carried out on a synthetic data set, which showed the efficiency of the algorithm, confirmed the feasibility of its further improvement.

Key words

distributed multiservice networks, information security, deep neural networks

The author:

Puchkov A.

Degree:

Cand. Sci. (Eng.), Associate Professor, Information Technologies in Economics and Management Department, Branch of the National Research University “MPEI” in Smolensk

Location:

Smolensk, Russia

The author:

Prokimnov N.

Degree:

Moscow University of Industry and Science «Synergy»

Location:

Moscow

The author:

Shirokov S.

Degree:

Master Student, Smolensk branch of the National Research University «MPEI»

Location:

Smolensk

The author:

Sokolov A. M.

Degree:

Leading Engineer, Scientific Department, Branch of the National Research University “MPEI” in Smolensk

Location:

Smolensk, Russia