Korchenko A. The models of anomaly-based cyberattacks detection system in computer networks

The dissertation deals with the scientific problem-solving approach of the models development and identification methods of anomalous condition to increase the possibilities of non-signature types of cyber attack detection system in computer networks. It was developed the basic model of parameters and the universal model of linguistic variables standards, that admit to formalize the process of reference values and set the correspondence between the type of attack and necessary for its identification attributes. The designed heuristic model, which is due to a set of reference parameters, logical-linguistic links and language IDs makes possible to formalize the process of heuristic rules formation for the abnormal condition detection. This paper investigates the anomaly detection technique, which due to the mentioned models and current settings was developed for creating the non-signature and new types of cyber attacks detection techniques. On the basis of the method there were proposed some new structural solutions for network security improvement and also were developed the algorithmic support and software for abnormal condition detection, which can be used standalone or as the extender functionality of modern intrusion detection systems. All the results obtained experimentally with the practical use of software development coincide with theoretical and confirm them. The main results were adopted by the VM Glushkov Institute of Cybernetics of NAS of Ukraine, The National Aviation University and Cherkasy State Technological University.