Susukailo V. Development of a cybercrime investigation system model for information system infrastructure components

The dissertation solves an important scientific and practical problem of increasing the effectiveness of detecting cybercrimes in the infrastructure of information systems due to the use of artificial intelligence models, without reducing the effectiveness of detecting positive cyber attacks at various levels of the infrastructure of the information system. The mathematical apparatus for assessing the vulnerabilities of the infrastructure of information systems has been improved thanks to the addition and calculation of the attributes of the investigated information system, as well as the introduction of weighting factors. This has increased the accuracy of vulnerability assessment, allowing security teams to prioritize vulnerability remediation according to the specifics of the information system. For the first time, a method of collecting event logs from decoys based on Blockchain technology has been developed, which ensures data decentralization. The developed method made it possible to reduce the risks of distortion and loss of data during the storage of event logs. The mathematical apparatus for detecting cyber attacks has been further developed due to the implementation of the isolation forest model, GPT and the DevSecOps approach. By integrating the anomaly detection capabilities of the isolation forest, the processing properties of the predictive GPT models and the holistic security focus of DevSecOps, the structure of the mathematical apparatus has increased the accuracy and speed of cyber attack detection. For the first time, a model of a comprehensive cybercrime investigation system capable of detecting and analyzing cybercrimes at various levels of the information system has been developed. This model integrates artificial intelligence models isolation forest, GPT and the DevSecOps approach, differing from traditional information security incident investigation systems due to the use of an integrated approach and the integration of modern information security models and approaches into a single system. In particular, the use of isolation forest and GPT, as well as vulnerability analysis systems at different levels of development, increases the effectiveness of identifying the root causes of cybercrimes and reduces the response time to attacks. For the first time, a cybercrime research methodology using isolation forest models, GPT and the DevSecOps approach has been developed. This methodology, unlike the existing ones, detects cyber attacks on various levels of the information system infrastructure, including scanning attacks, malicious code injections, Directory Traversal attacks and detection of anomalies with violation of application logic, which may remain unnoticed by classic SIEM systems in the absence of behavioral signatures, guaranteeing a high level of data security.