Burmaka I. Information technology for the detection and analysis of anomalous events for the protection of computer networks of small and medium-sized enterprises based on blockchain.

Українська версія

Thesis for the degree of Doctor of Philosophy (PhD)

State registration number

0824U002467

Applicant for

Specialization

  • 122 - Комп’ютерні науки

Specialized Academic Board

ДФ10/2024 (ID 6467)

Chernihiv Polytechnic National University

Essay

The thesis addresses the current scientific task of developing models and methods for information technology for protecting computer networks, taking into account the specifics of networks of small and medium-sized enterprises, which are based on methods of information storage and distribution using blockchain technology. Additionally, an important task is to determine the architecture of the intrusion detection information system for small and medium-sized enterprise networks that uses blockchain components. The object of the research is the information processes in cybersecurity systems and the analysis of anomalous traffic in computer networks. The subject of the research was selected methods, models, and elements of collaborative information technology for protection against cyber-attacks and anomalous traffic for computer networks of small and medium-sized enterprises based on blockchain technology. The purpose of the research is to increase the efficiency of protecting computer networks of small and medium-sized enterprises based on blockchain technology. The research task is to build a model of a distributed computer network protection system based on blockchain, relying on the analysis results of the main threats to computer networks, especially networks of small and medium-sized enterprises. The research methodology is based on simulation modeling, UML design of blockchain technology components, mathematical modeling methods for determining optimal parameters of the blockchain subsystem. Expert assessment methods were used to select typical attacks and loads on attacked systems when building simulation models. Object-oriented analysis and functional modeling methods, including SADT design, were used in conceptualizing business processes in the IDEF0 notation, which served as the basis for designing information technology for detecting and analyzing anomalous events to protect computer networks of small and medium-sized enterprises based on blockchain. The main results of the research and the scientific novelty of the work lie in the development of methods, models, and algorithms for protecting computer networks of small and medium-sized enterprises based on blockchain. Based on the analysis of current threats to computer networks of small and medium-sized enterprises, the most effective methods and means of protecting such networks were determined, taking into account the specifics of their operation. The work proposes a list of main classifiers for information technology for protecting computer networks, which can be combined into a comprehensive classifier to improve the accuracy of detecting unknown anomalous events by the distributed intrusion detection system. The developed method for improving the efficiency of resource utilization by evaluating of the probability of successful block creation, and allows reducing the consumption of resources by the blockchain subsystem. For the first time, a conceptual model of a distributed information system for detecting and analyzing anomalous events in the computer networks of small and medium-sized enterprises has been developed. Unlike existing models, it includes a blockchain component for detecting, accumulating, storing, and sharing information about anomalous events, as well as a multi-classifier block for determining the presence of threats, which allows for increased response speed to unknown attacks. A method for selecting a consensus protocol for a distributed intrusion detection system based on blockchain has been proposed for the first time. Unlike existing methods, it takes into account the requirements for equipment, scalability, and management of participants in intrusion detection systems in computer networks, providing support for decision-making when designing protection systems for the computer networks of small and medium-sized enterprises. The functional model of a distributed computer network protection system based on blockchain technology has been further developed for detecting, accumulating, storing, and sharing information about anomalous events. This model defines the main input and output parameters, constraints, and resources with three levels of detail and serves as the foundation for designing protection systems for the computer networks of small and medium-sized enterprises. The practical significance of the obtained results is that they collectively form a new information technology for detecting and analyzing anomalous events to protect the computer networks of small and medium-sized enterprises based on blockchain. The proposed information technology can be used by developers of computer network protection systems, as well as network administrators and IT security specialists of small and medium-sized enterprises. The developed business processes and architecture serve as the basis for developing more powerful and functional distributed intrusion detection systems.

Research papers

1. Burmaka, I., Stoianov, N., Lytvynov, V., Dorosh, M., & Lytvyn, S., "Proof of stake for blockchain based distributed intrusion detecting system," Dorosh, M., & Lytvyn, S. (2020, August). Proof of Stake for Blockchain Based Distributed Intrusion Detecting System. In Mathematical Modeling and Simulation of Systems (MODS'2020): Selected Papers of 15th International Scientific-practical Conference, MOD, vol. 1265, p. 237, 2020.

2. Burmaka, I., Dorosh, M., Skiter, I., & Lytvyn, S, "Architecture of Distributed Blockchain Based Intrusion Detecting System for SOHO Networks," Mathematical Modeling and Simulation of Systems (MODS'2020): Selected Papers of 15th International Scientific-practical Conference, MODS, 2021 June 28–July 01, Chernihiv, Ukraine. Springer Nature, pp. 313-326, 2021.

3. Burmaka, I., Zlobin, S., Lytvyn, S., & Nekhai, V., "Detecting flood attacks and abnormal system usage with artificial immune system," Mathematical Modeling and Simulation of Systems: Selected Papers of 14th International Scientific-Practical Conference, MODS, 2019 June 24-26, Chernihiv, Ukraine, pp. 131-143, 2019.

4. Skiter, I., Burmaka, I., & Sigayov, A., "Design of Technical Methods for Analysing Network Security Based on Identification of Network Traffic Anomalies," Information & Security, vol. 47, no. 3, pp. 306-316, 2020

5. Burmaka, I. A., Lytvynov, V. V., Skiter, I. S., & Lytvyn, S. V., "Evaluating a blockchain-based network performance for the intrusion detection system" Математичні машини і системи, vol. 1, pp. 99-109, 2020.

6. V. Lytvynov, N. Stoianov, I. Stetsenko, I. Skiter, O. Trunova, A. Hrebennyk, V. Nekhai, I. Burmaka. Attacks defense of computer nets by tools using extended information about environment: monograph – Chernihiv: Chernihiv Politechnic National University, 2021. – 212 с.

7. I. Burmaka, «CONSENSUS ALGORITHM COMPARISON FOR BLOCKCHAIN BASED INTRUSION DETECTING SYSTEM». Безпека ресурсів інформаційних систем: збірник тез I Міжнародної науково-практичної конференції(м. Чернігів 16-17 квітня 2020р.). –Чернігів: НУЧП, 2020. –c.6-14

8. Бурмака І.А., «КЛАСИФІКАЦІЯ СИСТЕМ ВИЯВЛЕНЯ ВТОРГНЕНЬ В РОЗПОДІЛЕНІ ІНФОРМАЦІЙНІ СИСТЕМИ». Проблеми зняття з експлуатації об’єктів ядерної енергетики та відновлення навколишнього середовища (INUDECO 17): збірник матеріалів ІI Міжнародної конференції (25–27 квітня 2017, м. Славутич). – Чернігів: ЧНТУ, 2017. – c. 59-63

9. Бурмака Іван Анатолійович, «Архітектура розподіленої системи виявлення вторгнень на основі blockchain технології». Проблеми зняття з експлуатації об’єктів ядерної енергетики та відновлення навколишнього середовища (INUDECO 2020) в режимі онлайн: збірник матеріалів V Міжнародної конференції (27–29 квітня 2020, м. Славутич). – Чернігів : ЧНТУ, 2020. c.54-59

10. І. А. Бурмака, М. С. Дорош «Оптимізація використання обчислювальних ресурсів розподіленою системою виявлення вторгнень на основі blockchain». Проблеми зняття з експлуатації об’єктів ядерної енергетики та відновлення навколишнього середовища (INUDECO 21) : збірник матеріалів VІ Міжнародної конференції (27–29 квітня 2021,м. Славутич). – Чернігів : НУ «Чернігівська політехніка», 2021. – с. 47-50

Similar theses