Gavrylenko S. Methods and means of identification of computer systems of critical application state for information protection

The thesis is dedicated to the enhancement of efficiency and reliability of the identification of the computer systems of critical application state by means of development and improvement of methods and means of recognition of anomalies and abuses. A scheme of the identification of the CSCA state that includes the subsystem of the anomaly and abuse identification was proposed. The basis of performance of the abuse identification subsystem is complex use of intelligent classification methods that includes the neural network ART-1, the improved models of fuzzy output and the probabilistic automaton. Complex use of the statistical methods of classification and the decision support systems based on discriminant, cluster and Bayes classifiers. Enhancement of the discriminant analysis method under the condition of fuzzy input data was performed for the two-alternative classification. It was based on the analogies of theoretic and probabilistic characteristics of fuzzy numbers, particularly, the expected value, the dispersion of correlation coefficients, used for the standard calculation scheme by means of the solution of the linear equation system and the classification of the object state. In the present work the enhancement of the cluster analysis under condition of fuzzy specification of the point coordinates (the results of measurements of controlled parameters) and the centers of cluster groups, defined by membership functions, was done for the multi-alternative diagnostic. The procedure of the comparison of fuzzy distances between the objects of clustering and the group centers, based on the comparison of fuzzy function of distance difference with zero was proposed. The rules for the result treatment of the comparison of fuzzy number with zero were developed. A criterium of self-descriptiveness estimation of the performance parameters of CSCA under fuzzy input data, the value of which belongs to the final range, does not depend on the parameter membership function type and on the rules of inclusion of the function into evaluation expression, was found. The self-descriptiveness rate of the controlled fuzzy parameters, described by gaussian, exponential functions of membership and the criterium based on the surface evaluation of the area of intersection of the state membership functions was developed. An expert system with non-productional mechanism of logic inference based on modified Bayes classifier was created for identification of the CSCA state with infinite numbers of controlled parameters. An express method of identification of the CSCA state relied on complex use of statistic methods of classification including BDS test, the evaluation of Hurst exponent and Shewhart charts, CUSUM and EWMA, as components of the subsystem on anomaly recognition, was worked out. A new parameter of normal performance of CSCA based on the jitter value of the system was synthesized and a template of normal behavior of CSCA arising from BDS test and Hurst exponent values was proposed. The templates of the normal system state of CSCA relying on Shewhart charts, CUSUM and EWMA were built. A classification method of CSCA state based on the neuron network ART-1 that included complex use of ART-1 blocks was developed. The use of the proposed method improved the efficiency of identification of the CSCA state. A method of identification of the CSCA state relying on the system of fuzzy output, which differs from the well-known by the use of minimization procedure of number of rules linking input and output fuzzy variables, was suggested. It allowed to improve efficiency of the identification of CSCA state. On the basis of ROC-analysis a comparative study and an estimation of reliability and efficiency of developed methods and means of anomaly and abuse identification in CSCA was performed. Practical recommendations on the use of the methods and means of the anomaly and abuse identification of the CSCA were proposed.