The dissertation is devoted to the development of a method for detecting malicious processes in the information system of the enterprise based on the identification and diagnosis of the states of logical objects, methods of correlation theory, methods of meta-analysis, system analysis, methods of machine learning
Since information technologies have become an integral part of business and everyday life - enterprises actively use information systems to support their activities, therefore the reliability and security of these systems is very important. However, information systems are subject to various malicious processes, such as hacker attacks, viruses, hardware and software malfunctions, etc. These malicious processes can lead to data loss, disruption of the information system and significant damage to the enterprise. Therefore, the development of a method for detecting malicious processes in an enterprise's information system is a very relevant topic that can help ensure the safety and reliability of system operation and prevent possible harmful consequences.
The introduction substantiates the importance and relevance of the topic of the dissertation research, formulates the purpose and tasks of the work, defines the main provisions, scientific and practical value of the obtained research results, and introduces the author's personal contribution.
In the first section, an analysis of the current state and prospects for the application of the method of detecting malicious processes in the information system of the enterprise is carried out, in particular, the problems of real-time determination and the necessary resources for processing big data. In the final part of the first chapter, taking into account the conducted analysis and the revealed contradictions, the goal and partial tasks of the research were formed, namely:
Goal. Increasing the efficiency of the enterprise's information system by reducing the time it takes to search for and solve problems that arise during its operation through the timely detection of possible problems and harmful processes that can affect its functioning based on the identification and diagnosis of the states of logical objects.
In the second section, an extended model of the operation of the TSR protocol based on finite automata is developed, which allows you to visually review the states of logical objects with the help of state transition matrices, both in the rest state and admissible transitions in the extended state transition matrix of the TSR protocol.
In the third section, the selection of criteria for the parameters of logical objects that are subject to identification and diagnosis for the detection of malicious processes and the selection of optimal parameters for machine learning, which is based on the method of principal components based on the extended finite automaton of the TSR protocol, is improved. The method of machine learning based on the method of support vectors has been improved in order to improve the effectiveness of detecting malicious processes in the information system. The effectiveness of the method of detecting harmful processes in the information system of the enterprise was investigated. As a result, recommendations were developed for the implementation of the method of detecting malicious processes based on the identification and diagnosis of the states of logical objects.
The general result of the conducted research is a method of detecting malicious processes based on the identification and diagnosis of states of logical objects. This method makes it possible to increase the efficiency of identification and diagnosis of the states of logical objects in the organization's information system in real time by 65-99% compared to existing modern methods and to reduce the number of false positives by 13-14%.
The final part of the work contains general conclusions regarding the solution of the tasks set as part of the dissertation research, and a list of the sources used during the work.