Dissertation for the Doctor of Technical Sciences degree in the specialty 05.13.21 «Information security systems». – Kharkiv National University of Radio Electronics. – State University of Telecommunications, Kyiv, 2021. An actual scientific and applied problem of developing models and methods of ensuring security (availability, confidentiality) and service quality in computer systems based on self-similar properties of information flows in the presence of intrusions and cyberattacks is solved in the thesis. The concept of ensuring information security of computer systems with self-similar information flows, which work in the conditions of intrusions and cyber attacks, was developed; the model of distributed computer system has been improved, which, in contrast to the existing ones, includes components of security ensuring and management of input information flows with multifractal properties; the method of ensuring network security in the course of dynamic load balancing with self-similar traffic has been improved, which, in contrast to the existing ones, differs in application of the computer network balancing model taking into account traffic distribution security parameters and multifractal traffic properties; the method of dynamic traffic balancing based on the network intrusion detection system model was developed and takes into account multifractal properties of traffic and service limitations for different traffic classes; the method of secure routing in case of transfer of self-similar traffic based on multifractal properties of traffic and quality of service parameters of priority traffic has been developed; the complex method of intrusion detection has been developed, based on the use of signature analysis algorithm, analysis of network behavior anomalies and entropy analysis of protocols taking into account the probability of intrusion detection; intrusion detection methods based on signature analysis have been further developed, taking into account data from deep packet analysis and signature database ranking; packet entropy analysis based on conditional entropy calculation and statistical characteristics of these packets; machine-based training based on multifractal and recursive traffic characteristics. The implementation of the proposed concept, models and methods can provide secure routing by blocking 8 times more attacked traffic than the standard routing method, reduce jitter by 20%; to ensure secure balancing of self-similar information flows with a halving of the amount of lost data, to reduce the amount of attacked traffic on the servers by 9 times, to reduce system load imbalance by 16%; to provide load balancing in network intrusion detection systems with a 21% increase in the number of analyzed packets, thereby increasing the percentage of detected attacks by 14% and decreasing the average wait time for packets by 16%; to increase the probability of intrusion detection to 98%, to decrease the percentage of detected attacks by 11%, obtain a low false positive rate (less than 8%) and a 32% reduction in lost data compared to the same performance of existing availability, privacy and quality of service systems. . Implemented in the educational process of V.V. Popovskyy Department of Infocommunication Engineering of Kharkiv National University of Radioelectronics (KNURE): in lecture courses and practical classes on the disciplines «Security of electronic commerce systems», «Information security systems» in the training of students of the specialty 125 «Cybersecurity», in research works «Automated optical information and measurement system for polygon tests of guided and unguided missiles, artillery and missiles» (SR №01190U001405), at the Kharkiv State Regional Scientific and Technical Center for Technical Information Protection, PJSC Farlep Invest, LLC Dytex Technologies, JSC BANKOMSVYAZ, LLC WorkNest, LLC Vladarmet. The field of application is cybersecurity in computer systems.
