Adamov O. Cyberspace protection models and methods based on big data analysis using machine learning

The purpose of the study is to significantly reduce the time of detection and blocking of cyber attacks aimed at the cyberspace of the subject, using the developed matrix models and logical methods of testing, testing and diagnosing by introducing computational redundancy into the cyberspace infrastructure. The scientific novelty of research results: 1) Structural and logical models and methods for testing cyberspace for testing and diagnosing malicious components have been improved, which differ in using the method of deductive parallel analysis of a computing system to check and diagnose malware. 2) New methods for synthesizing reference logic circuits of malware-functionalities are proposed, which are characterized by the use of signature-qubit structures, which makes it possible to simulate malware-driven big data in parallel to determine whether the current code belongs to existing destructive components in the malware library. 3) A new model of active online cybersecurity computing has been developed, which is characterized by a signature-qubit representation of information, which makes it possible to increase the speed of monitoring the input malware-data streams and controlling the removal of destructive components. 4) Developing a method of attribute-based URL recognition using frequency patterns and a method for testing polymorphic malware based on the accounting of the Portable Executable checksums of sections in the executable file and using the data mining apparatus. 5) Cyberspace protection tools have been improved, which differ in the use of models and methods of signature-logic testing of attacks, the search for crypto-primitives in ransomware based on the use of machine learning algorithms, which makes it possible to significantly reduce the recovery time of the computing structure.