Name
Kucher Victor Alekseevich
Scholastic degree
•
Academic rank
professor
Honorary rank
—
Organization, job position
Kuban State Technological University
Web site url
—
Articles count: 9
This article describes the results of networks anomalies detection system based on modular adaptive approach practical implementation. The list of specific modules used in the practical implementation of IPS, their architecture, algorithms, software, organizational and technical support determined at technical working design based on the results of the audit, evaluation and risk analysis. In the general list of modules (subsystems) we may include: intrusion detection and prevention (IPS / IDS) subsystems; monitoring, data collection, and event correlation, administration and management subsystem and others. We have demonstrated the specificity of formation requirements for the basic mechanisms of the subsystems in terms of development and implementation of specific architecture with some examples, plus practically implemented structure of system modules, as well as organizational and technical support system functioning
The work is devoted to searching efficient detection methods of anomalous state in data networks. There is a structure of modern informational attacks detecting system. There are short review and analysis of information system network security facilities. Two main technologies of attack detection are described: anomaly detection and misuse detection. It is shown that every detection of anomalies is based on assumption that anomalous behavior is deflection from normal profile of behavior. It is hard to implement this technology, although there is some progress when expert system, fuzzy logic and so on are used for this purpose. Action patterns or symbols assets which describe anomaly activity are used as attack signature in misuse detection method. Author offers to use benefits of both methods for solving the problem
In order to improve the security of information transfer we have offered one of the possible approaches to modeling process control computer networks with elements of intelligent decision support. We proceed from the graph model of network nodes which are network devices with software control agents, and arcs are logical channels of information exchange between the equipment computer systems. We built an addressless sensing technology which ensures the completeness of monitoring of all network equipment. To classify the computer networks state we provided a method for calculating the values of reliability. Development of signal mismatch triggers the control cycle as a result of which the adjustment of the state of network equipment. For existing tools we proposed adding network control expert system consists of a knowledge base, inference mechanism and means of description and fill in the knowledge base
The article is devoted to creation of intelligent management system of complex data-processing network. This is caused by the fact that modern telecommunication hardware generates growing amount of statistic information. Expert system is offered to be used in management of networks for the purpose of information security
The article deals with mathematical models of
management decision-making to select the option to
protect the AU, based on sufficient statistical
information about attacks on the AU. The amount of a
priori uncertainty about the choice of protection option
in GIS was described with Boltzmann's entropy.
Introduction of the value within Shannon’s definition
of mutual information is called the context random
variables, it allows removing the uncertainty regarding
the actions of the enemy, and it enables decisionmakers
to choose protection options. The model of
decision for choosing the type of protection of the AIS
presented in the article is based on sufficient statistical
information about the attacks to the system
components. In the ideal case, for decision-making,
we use large sample statistical data that provides high
accuracy control system for protection of information.
Based on the available amount of information
available to the IPA, against the acts of SIN, it is
possible to choose a decision on the choices you make
Different stages of designing architecture of detection systems and opposition to network anomalies are analyzed in this article. It is pointed that common classification can be to determine state of network: “normal”, “critical”, “faulted”. Bases for building architecture of detection and removing anomalies are offered
In the article we have allocated a number of poorly formalized functional tasks that significantly affect the efficiency of the operation of distributed information-analytical systems. The scheme has been developed for the iterative process, which in addition to the automation of the delivery process and the exchange of information between information systems based on grid integration, also includes funds for applied modeling situations on the basis of available information, developing alternatives, multi-criteria decision problems using techniques scenarios and peer review. Obtained during the evaluation of the effectiveness results allow us to control and manage the operation of distributed information-analytical systems with specific problems, as well as to conduct simulations and analytical processing
of the results
The article is devoted to the expert systems technology using to monitor the correct operation of the software and databases. It is noted that the main issues of security management in critical information systems is a process of observation and collection of information in a computing environment. Observation results should be evaluated and processed by an expert on security and then recorded in the database of expert systems. One of the possible options for security management of distributed computing network - creating a security machine. It will ensure: minimum response time to external perturbations; the accuracy of the audit protected by S-interface and independent decision-making process of the state of the controlled elements of information systems. After that, the agent is completely worn out; it is destroyed and replaced by a new one. This aging mechanism protects agent from analyzing and from external attacks