Mamarev V. Method of constructing classifier of cyber attacks on governmental information resources

The object of research: the processes of cyber attacks on governmental information resources detection and classification. The goal of research is to increase the level of protection of state information resources through the development of methods of constructing the classifier of cyber attacks on governmental information resources, ensuring operation of the information security system of the governmental information resources in a scale near to real time. For the first time a assessment method for information content parameters and selection governmental network status duets was elaborated, which is based on information content assessment of binary duets parameters of event patterns - templates of normal system behavior of the system and patterns of attacks, as well as attacks templates' class duets that allowed to perform duets selection of the last mentioned classes under the criteria of maximum distance in the parameter space. For the first time a method for dimension reduce of input data streams was elaborated for the information security system of governmental information resources, which is based on using a method of inserted scalar convolutions which allowed faster implement reduce procedure for streams dimension of input data classifiers not compromising the performance of classification accuracy of cyber attacks. The method of constructing the cyber attacks classifier on governmental information resources was improved, which differed from the known ones by procedure of constructing the cyber attacks classifier in the form of a two-stage binary classifier based on decision trees and reduced input data flows, which allowed increase of the efficiency of detection and classification of condition of the information and telecommunication systems along with synchronous provision of specified protection indexes of the governmental information resources.