International Journal of Civil Engineering and Technology (IJCIET)
Volume 10, Issue 04, April 2019, pp. 1252-1261, Article ID: IJCIET_10_04_131
Available online at http://www.iaeme.com/ijciet/issues.asp?JType=IJCIET&VType=10&IType=04
ISSN Print: 0976-6308 and ISSN Online: 0976-6316
© IAEME Publication
Scopus Indexed
ALGORITHM OF FORMING
KNOWLEDGEBASE FOR DECISION TAKING
SUPPORT SYSTEMS IN CYBER SECURITY
TASKS
V.A. Lakhno
Professor, Department of Computer systems and networks,
National University of Life and Environmental Sciences of Ukraine, Kiev, Ukraine
B.B. Akhmetov
PhD, Yessenov University, Aktau, Kazakhstan
A.A. Doszhanova
PhD, Almaty University of Power Engineering and Telecommunications, Almaty,
Kazakhstan
T.S. Kartbayev
PhD, Almaty University of Power Engineering and Telecommunications, Almaty,
Kazakhstan
Sh.D. Tolybayev
PhD, Al-Farabi Kazakh National University, Almaty, Kazakhstan
ABSTRACT
In the article herein, we offer the total structure of modular decision taking support
system in cyber security tasks. There is described the model for fuzzy inference
subsystem. Being based on the fuzzy inference rules on the input values, which can be
obtained from the sensors, multiagent systems, SIEM systems, determining the threats
availability, cyberattacks, anomalies, it has been proposed to specify output values for
evaluating the critically important computer systems protection degree by means of
decision taking support system. The model is based on the supposition, that input
magnitudes for the fuzzy inference subsystems have been obtained as a result of
fuzzification procedure in the corresponding module. Every element of output value
characterizes the availability or absence of fuzzy situation signs, connected with
anomalies, attacks or other attempts of unauthorized interference into the critically
important computer systems operation. There is offered an algorithm of forming the
\http://www.iaeme.com/IJCIET/index.asp
1252
editor@iaeme.com
V.A. Lakhno, B.B. Akhmetov, A.A. Doszhanova, T.S. Kartbayev and Sh.D. Tolybayev
knowledgebase of fuzzy (emergency) and standard situations in the critically important
computer systems. The algorithm differs from the known ones by the fact, that it has
allowed forming the aggregate of standard variants cases for reacting at the threats,
anomalies and attacks in the critically important computer systems, as well, inference
rules for the fuzzy authentication, which are, first and foremost, linked with the taskoriented destructive impact at the critically important computer systems. Fuzzy logic
inference module usage allows maintaining the display of the most vulnerable CICS’s
components condition as a multiparameter “image”. Obtained multiparameter
“image” might be applied in the decision taking support system for the CICS protection
qualitative assessment.
Keyword head: critically important computer systems, cyber security, decision taking
support system, multiparameter “image”, protection assessment.
Cite this Article: V.A. Lakhno, B.B. Akhmetov, A.A. Doszhanova, T.S. Kartbayev
and Sh.D. Tolybayev, Algorithm of Forming Knowledgebase for Decision Taking
Support Systems in Cyber Security Tasks. International Journal of Civil Engineering
and Technology, 10(04), 2019, pp. 1252-1261
http://www.iaeme.com/IJCIET/issues.asp?JType=IJCIET&VType=10&IType=04
1. INTRODUCTION
In the process of critically important computer systems operation one of the priority tasks of
processing the data, incoming the information protection complex systems structure
(hereinafter referred to as – IPCS, where we suppose, first of all, hardware-software
constituents), is getting the information on the protection components state. Performance and
accuracy in the course of the CICS protection operational evaluation extent might tangle due
to the below enumerated factors impact. The first – incoming data (from SIEM sensors,
multiagent systems, sensors, defining the availability of threats, cyberattacks, anomalies,
further introduced the abbreviation SenS Sensor subsystem), can be different according to its
parameters Param ). The second – in the process of data obtaining there is possible the
influence of external actions, affecting the monitored characteristics authenticity. The third –
response to the destructive interference is limited with time frame, at that, there is remained the
minimal time for the analysis outcomes. The fourth – there are possible the situations, when
the CICS evaluated parameters combination brings to «fuzziness» during taking the decision
on the CICS protection current state (in distinction to the standard). In view of enumerated
reasons, operational and viable solutions in the process of analyzing the complex targeted
cyberattacks at the CICS and corresponding procedures of decision taking demand applying
the special analytical systems [1, 2]. Quite obvious, that such systems shall be based on CICS
and IPCS conditions identity check modern methods. As well, it is reasonable to use the
potential of decision taking support intelligent adaptive systems in cyber security tasks, as well,
in recognizing the threats, anomalies and cyberattacks. [3].
In the period of the burst growth of the cyberattacks complexity and quantity at the CICS
[4] and increase of parameters number incoming from IPCS sensor subsystems, there has
appeared the necessity of introducing the adaptive expert and decision taking support systems
into the information protection complex system structure. It is indispensable for the complex,
multicriteria analysis of the data from the information protection complex system’s sensor
subsystems, which form the indices for the CICS’s protection assessment.
http://www.iaeme.com/IJCIET/index.asp
1253
editor@iaeme.com
Algorithm of Forming Knowledgebase for Decision Taking Support Systems in Cyber Security
Tasks
Let’s single out, that one of the most effective methods for solving the given class tasks is
the one, supposing the adaptive expert and decision taking support systems construction on the
base of fuzzy set theory. As well, it is possible to use the fuzzy logics apparatus [3, 5, 6].
Using the adaptive expert and decision taking support systems gives the chance to minimize
the “human factor” influence at the quality of the decisions being taken, moreover, the decision
taking speed increases. Becoming less the possible situations, when the information security
services staff is distracted to routine works. Also, ultimately, the net cost of such complex’s
ownership is cut.
In the recent years the cyberattack scenario implementation has become complicated [4, 7].
There has been defined the quantity growth of the anomalies and other unauthorized
interference, fixed in the CICS complex digital systems work [4, 8]. Under such circumstances
there has occurred the researches guideline on intellectualization of decision taking support
procedures in the course of recognizing the threats, cyberattacks and anomalies. Existing world
experience analysis [4, 6–10] confirms, that extensional approach to solving the CICS cyber
security tasks at the expense of building up the means and measures on the information
protection, does not always bring to expected result. Researches upcoming trend has turned out
to be the works, dedicated to creating the intelligent decision taking support systems [3, 6] and
expert systems [5, 11] in the tasks of the informatization objects protection assessment. These
researches are not completed yet.
The works [3, 5, 6, 11] analyze the experience of introducing the commercial decision
taking support and expert systems into analysis tasks in respect of the threats, cyberattacks and
anomalies. It has been noted, that commercial systems have an insular nature and their
purchase by separate companies or organizations is linked with sufficient financial
expenditures.
Thus, taking into consideration the polemics in the works [1, 2, 5, 10, 11], there appears to
be relevant the task on developing the new and perfecting the existing models and algorithms
for adaptive decision taking support systems, operating in processing the data from different
sensor subsystems of CICS cyber security and information protection.
2. STUDY PURPOSE
Study purpose is to develop new or upgrade the existing models and algorithms for adaptive
decision taking support systems, which operate in the processes of analyzing the data from
sensor subsystem of CICS information protection and cyber security.
In the article herein, we have considered the tasks on elaboration of: module of «fuzzy logic
inference» for expert studying the data from CICS sensor subsystem; algorithm, forming the
knowledgebase on the standard and unexpected situations in CICS (it provides the CICS
protection extent expert analysis).
3. MODELS AND METHODS
General structure of being developed modular system of decision taking support in the cyber
security tasks: 1 – input device; 2 – server; 3 – rendering husk (visualization module); 4 –
defuzzification module; 5 – fuzzification module; 6 (6k) – fuzzy inference subsystem module;
7 (7k) – output device; 8 – module of analysis outcomes inference and recommendations on
the quitting from unexpected situations; 9 – module of processing the primary information,
incoming from the sensors, multiagent systems, sensors, determining the availability of threats,
cyberattacks, anomalies; 10 – module of the server with knowledgebase; 11 – module of CICS
operation main parameters analysis with an integrated protection assessment; 12 – modules of
http://www.iaeme.com/IJCIET/index.asp
1254
editor@iaeme.com
V.A. Lakhno, B.B. Akhmetov, A.A. Doszhanova, T.S. Kartbayev and Sh.D. Tolybayev
CICS cyber security and information protection services staff (according to the CICS
subsystems quantity); 13 – new rules (recommendations), added to the knowledge data; 14 –
recommendations on quitting from unexpected situations, linked with CICS cyber security.
Fuzzy logic inference module and algorithms, forming knowledgebase of the standard
(benchmark) and emergency situations for the decision taking support system according to the
CICS protection are described below.
Module «fuzzy logic inference» is destined for the fuzzy inference implementation (6–6k).
Being based on the fuzzy inference rules per sensor subsystem input values
Rd Ri ,ni t  , m Ri ,ni t  i  1, k ; ni  1, Ni ,
there
specified
input
magnitudes.
    
Rdс t , mRdс t i  1, k; n


 1, N i ; j  1,.J . At that, we assume, that input values have
been obtained as a result of a fuzzification procedure in the corresponding model (module 5).
Every element of output value, in its turn, characterizes the availability (absence) of emergency
indicator (hereinafter referred to as– EmS ). Then a definite sign of an emergency  j  , for
instance, appeared because of a cyberattack at the CICS, might be described using the variables
outlines below.
j
i ,ni
j
i ,ni
i
There introduced the following variables: Md i ,jni t   discreet state characteristics of ni -
Param , for instance, bites number from the source to an addressee, feedback bites to a
customer, uniting indicators, quantity of "root" accesses, files creation procedures number,
quantity of inquiries on mantles submission, procedures number for an access to the files
control, etc. (accept per KDD 99) [12, 13]. The given variable might adopt one of the following
magnitudes: «1» – deviation from the norm above; «0» – the standard situation (or norm); «1» – deviation from the norm below; «2» – deviation from the norm below or above;
m Md i ,jni t   experimental evaluation of ni -value influence explicit extent (parameter -


Param ) i  of CICS subsystem on emergence of j  EmS (for example, anomalies in CICS
network), at every time instant t  .
Rules of detecting j  EmS might be described as:
If


Rd Ri ,ni t   Md i ,jni t   1 that is  j 


j
with an explicit extent m Md i , ni t  ;
If


(1)
Rd Ri ,ni t   Md i ,jni t   1 that is  j 


Rd R t   1 or Md t   1  Md t   2 that is  j 
with an explicit extent mMd t .
j
with an explicit extent m Md i , ni t  ;
If
i ,ni
j
i ,ni
(2)
j
i ,ni
j
i , ni
(3)
At every instant t  to detect EmS according to the indicator  j  there can be changed
only one of the enumerated three rules (1) – (3). We assume, that each rule, described in the
decision taking support system’s knowledgebase recognizing the threats, anomalies and
cyberattacks in the CICS, i.e., j  EmS , can compare Ri,nn t  deviations values at the moment
t 
for ni - Param of i - CICS subsystem to the impact explicit extent of the ni -parameter at
EmS , which equals to mMd i ,jni t .
http://www.iaeme.com/IJCIET/index.asp
1255
editor@iaeme.com
Algorithm of Forming Knowledgebase for Decision Taking Support Systems in Cyber Security
Tasks
In the result of using the rules (1) – (3) for ni - Param of i - CICS subsystem it is possible
to formulate J  of output values, i.e.,
Rdс t , mRdс t i  1, k; n

 1, N i ; j  1,.J .
Let’s mark off, that for the fixed, for instance, critical numbers of j  EmS , we suppose: if
there is an active rule from (1) – (3) then there is possible the j  EmS , i.e.,
Rdcij,ni t   mRi ,ni t   mRdcij,ni t   mMd i ,jni t ; in case there are no active rules (1) – (3)
j
i ,ni
j
i ,ni
i



then j  EmS is not possible, i.e., Rdcij,ni t   0  m Rdcij,ni t   m Md i ,jni t  .
In
defuzzification
J 
module
Rdс t , mRdс t i  1, k; n

the
output
values
 1, N i ; j  1,.J are assigned a numeric value (fuzzy).
According to that value henceforth by means of the decision taking support system we define
the recommendations set on quitting from emergencies ( EmS ).
Weight factors, for example, for j  EmS , have been specified as:
j
i ,ni
j
i ,ni
 mRdc t Rdc t 
Ni
 i j t  
i
j
i ,ni
ni 1
j
i ,ni
.
 mRdc t 
Ni
ni 1
j
i ,ni
(4)
*
We suppose, that EmS ( j ) has occurred in i -CICS subsystem, if:
 i j t   max  i j t    i j t   thvi ,
*
*
j 1, J
(5)
where thvi  threshold value of detection extent (for instance, one-fold detected, partially
detected, not detected) EmS . We assume, that thvi  0,1.
In case  i j t   thvi , then EmS in i -subsystem for the moment t  has not been identified.
In such situation there should be started an interactive analysis by an expert of cyber security
and decision taking support system. At that, there might be used the knowledgebase formation
algorithm for the fuzzy inference system, see the Fig. 1.
The algorithm, forming the knowledgebase for the standard (benchmark) and emergency
situations for the decision taking support system is described further.
Initial data for the fuzzy inference subsystem includes: tolerable limitations
min
ri ,ni t , ri max
,ni t  , defining the CICS operation standard regimes; membership function to
emergency modes in the CICS to trace the parameters at the situations of their deviation from
the tolerable limits.
Personal knowledgebase forming for the CICS operation standard modes is fulfilled based
on the instructions on the CICS standard behavior.
Proceeding from the outcomes of the CICS components’ software and hardware operation
there takes place the decision taking support system’s knowledgebase filling in with an actual
data on the system’s operation standard regime.
*




We suppose: function m Ri,ni t  for factual tolerances is a piece linear function by means
of which there is established the explicit degree (ownership): If «0», then Param is in the
factual zone of tolerable limits; If «1», then Param is out of the tolerable limits computational
domain.
http://www.iaeme.com/IJCIET/index.asp
1256
editor@iaeme.com
V.A. Lakhno, B.B. Akhmetov, A.A. Doszhanova, T.S. Kartbayev and Sh.D. Tolybayev
Threshold values tvqn t ,
i
q
ni
 1, Qni

have been computed upon an enquiry to the
knowledgebase using the following formulae:

 Q
tvqni t   tvQni  qni  1
 su,
stni
ni

1
stni
,
stni  u  1
(6)
where st  the knowledgebase filling degree for a concrete parameter; u  number of tests,
having been accounted in the statistics; su  decision taking support system’s tests quantity,
upon which the knowledgebase is considered to be filled in (knowledgebase fragment of the
decision taking support system’s prototype «Cyberhreats analyzer» [14]).
The knowledgebase formation procedure, including the rules for the fuzzy inference
module in the process of automated processing the data from SIEM sensors, multiagent
systems, sensors, determining the presence of threats, cyberattacks, anomalies is described
below. New or existing rules of detecting the emergency situations in the CICS according to
the value ni  parameter ni  1, N i for the CICS subsystem i  1, k will be formed based on






Rd Ri ,jni t , Md i ,jni t  . Further there should be defined the impact explicit degree
 j  1, J  EmS , using the rules, described by
expressions (1)–(3). Initial magnitudes for detection  j  1, J  EmS : Md t   parameters,
characterizing the discreet states of n  parameter n  1, N  for the CICS subsystem i  1, k 
, influencing the appearance  j  1, J  EmS ; mMd t   parameters, characterizing the
expert evaluation of the influence explicit extent of n -parameter on the occurrence  j  1, J 


m Md i ,jni t 
ni  parameter on occurrence
j
i , ni
i
i
i
j
i , ni
i
EmS .
Obtained values have been recorded into the decision taking support systems
knowledgebase «Cyberthreats analyzer» [14], it is the initial expert’s description. As well, it is
possible to record the data into the knowledgebase upon automatic/automated indices
collection from SIEM sensors, multiagent systems, sensors, defining the presence of threats,
cyberattacks, anomalies.
If an expert has detected a new emergency situation (abnormal) in the CICS protection,
he/she has a possibility to react at the messages of the decision taking support system’s
window-type interface. Whereupon, the expert makes a note into the knowledgebase. A new
record characterizes the subsystems current state, which identified the emergency situations.
Further there have been described some outcomes of testing the prototype of the decisions
taking support modular system «Cyberthreats analyzer» in cyber security tasks [14]. These
outcomes continue the researches, the results of which have been given in the works [14, 15]
previously.
4. EXPERIMENT
With the aim of model validation for «fuzzy logic inference» module and algorithm of forming
the CICS knowledgebase of the emergency and standard situations in cyber security there have
been carried out the test experiments on the prototype of the decision taking support system
«Threats analyzer».
Figures 1 and 2 show the comparative results, obtained upon the information protection
and cyber security services personnel survey of 14 enterprises (Ukraine (10) and Kazakhstan
http://www.iaeme.com/IJCIET/index.asp
1257
editor@iaeme.com
Algorithm of Forming Knowledgebase for Decision Taking Support Systems in Cyber Security
Tasks
(4)) and by means of the decision taking support system «Cyberthreats analyzer» prototype.
Figure 1 demonstrates the outcomes of evaluating the CICS network protection degree by
specialists. Thereat, the specialists’ assessment has been executed based on independent indices
visual tracing from SIEM sensors, multiagent systems, sensors, determining the presence of
threats, cyberattacks, anomalies (red color) and by means of the decision taking support system
(blue color). The reference value of being evaluated protection parameter has been adopted as
equal to 1 [3, 14, 16]. If the parameter evaluation equals to 0 – protection is absent. Similar
assessment has been performed for the CICS server’s protection factor, Fig. 2.
It is seen from Fig. 1 and 2, that divergence in the opinions of the experts used the decision
taking support system’s «Threats analyzer», approximately 14–18 % less, than for the
evaluation version without the decision taking support system usage.
Figure 1 – Outcomes of assessing the
CICS protection extent by experts
independently and by means of DTSS
“Cyberthreats analyzer”
Figure 2 – Outcomes of assessing the CICS
servers protection extent by experts
independently and by means of DTSS
“Cyberthreats analyzer”
Obtained outcomes show, that without applying the decision taking support system
«Threats analyzer» prototype the experts assessed more optimistically the CICS general
protection state and its servers. But at that, time consuming without automation procedures of
collecting and processing the indices from SIEM sensors, multiagent systems, sensors,
determining the availability of threats, cyberattacks, anomalies turned out to be 1,2–2,5 times
more.
5. DISCUSSION
Developed algorithms for expert studying the data from the sensors subsystem and CICS
emergency and standard situations knowledgebase forming allow:
– accumulate the knowledge, concerning the emergency situations in the CICS;
–reduce the time, spent for decisions taking in the process of the threats, anomalies and
cyberattacks analysis in the CICS. It allows in the real time mode, in emergency situations,
caused with the attempts of unauthorized impact at the system, assessing promptly the situation
and not permitting it to develop into the emergency;
http://www.iaeme.com/IJCIET/index.asp
1258
editor@iaeme.com
V.A. Lakhno, B.B. Akhmetov, A.A. Doszhanova, T.S. Kartbayev and Sh.D. Tolybayev
– rise the objectivity of taken decisions in the analysis of the data from the sensors and
information protection gauges in the CICS;
– expand functional abilities and work performance of the CICS information protection and
cyber security subdivisions personnel. It is achieved at the expense of the possibility to
automate the process of decision taking support, in case there have been fixed the deviations
from the standard (normal) modes of the CICS operation.
The work certain disadvantages might be the situations, occurring upon the CICS sensors
subsystems data shortage. But let’s note, that the knowledgebase forming process for the test
trials has gone promptly enough upon the personnel’s enough qualification, so the denoted
above disadvantage will not bring to the CICS protection extent reducing.
It is also stated, that at the knowledgebase forming initial stages for the decision taking
support system «Cyber threats analyzer» it is required to attract sufficient amount of qualified
experts. It is explained with the necessity to treat objectively the SIEM sensors indices,
multiagent systems, sensors, defining the presence of threats, cyberattacks, anomalies for
definite CICS, possessing different architecture of information protection and cyber security.
It was established, that applying the decision taking support system «Cyberthreats
analyzer» prototype, equipped with modules for automatic and automated information
collection from SIEM sensors, multiagent systems, sensors, defining the availability of threats,
cyberattacks, anomalies allowed reducing presence of threats, cyberattacks, anomalies, cutting
expenditures on arranging the complex information protection systems for 12–15 % comparing
to alternative methodologies [17–20]. The described solutions supplement the existing
researches [6, 14] in view of solving the tasks of the CICS protection management, based on
implementation the intelligent decision taking support and expert systems in the cyber security
complex systems.
Executed researches are the continuation of the works [6, 14, 15]. The outlook of
developing the research herein is filling in the knowledgebase and the decision taking support
system prototype logic rules considering the expansion of test information and «Cyber threats
analyzer» validation outcomes. Also, it is supposed to carry out the works in order to widen
the functional potentials of the offered decision taking support system «Cyberthreats analyzer»
prototype and its validation at the CICS big quantity at the enterprises.
6. GRATITUDE
The work has been executed in the framework of the grant financing project AP05132723
«Development of adaptive expert systems in the field of critically important objects
informatization cyber security» (Republic of Kazakhstan).
7. CONCLUSIONS
In the work herein for the first time ever there has been offered:
a mockup for the «fuzzy logic inference» module, which is destined for the fuzzy inference
subsystem implementation. Founding on the fuzzy inference rules there have been defined the
output values to assess the CICS protection degree by means of the decision taking support
system according to sensors subsystem input magnitudes. Model is based on the supposition,
that the input values for the sensor’s subsystem have been obtained proceeding from the
fuzzification procedure in the appropriate module. Every element of output value characterizes
the presence (absence) of the unexpected situation sign, linked with anomalies, cyberattacks or
other attempts of unauthorized interference into the CICS operation; algorithm of forming the
knowledgebase of emergency and standard situations in the CICS.
http://www.iaeme.com/IJCIET/index.asp
1259
editor@iaeme.com
Algorithm of Forming Knowledgebase for Decision Taking Support Systems in Cyber Security
Tasks
The algorithm, in distinction from the known ones, has allowed forming the aggregate of
common versions of response to the threats, anomalies and cyberattacks in the CICS, as well,
the inference rules for identity checking the emergency situations, which first and foremost are
connected with purposeful destructive impact at the CICS.
REFERENCES
[1]
[2]
[3]
[4]
[5]
[6]
[7]
[8]
[9]
[10]
[11]
[12]
[13]
Cherdantseva, Y., Burnap, P., Blyth, A., Eden, P., Jones, K., Soulsby, H., & Stoddart, K.
(2016). A review of cyber security risk assessment methods for SCADA systems.
Computers & security, 56, pp. 1–27.
Tucker, C. S., Burrows, M., Lesniak, K., & Klein, S. (2017). Cybersecurity policies and
their impact on dynamic data driven application systems. In Foundations and Applications
of Self* Systems (FAS* W), 2017 IEEE 2nd International Workshops on (pp. 363–365).
IEEE.
Lakhno, V., Boiko, Y., Mishchenko, A., Kozlovskii, V., & Pupchenko, O. (2017).
Development of the intelligent decision-making support system to manage cyber protection
at the object of informatization. Eastern-European Journal of Enterprise Technologies,
(2(9)), pp. 53–61.
Iasiello, E. (2013, June). Cyber attack: A dull tool to shape foreign policy. In Cyber Conflict
(CyCon), 2013 5th International Conference on (pp. 1–18). IEEE.
Goztepe, K. (2012). Designing Fuzzy Rule Based Expert System for Cyber Security,
International Journal of Information Security Science, 1(1), pp. 13–19.
Akhmetov, B., Lakhno, V., Boiko, Y., Mishchenko, A. (2017). Designing a decision
support system for the weakly formalized problems in the provision of cybersecurity,
Eastern-European Journal of Enterprise Technologies, 1(2 (85)), pp. 4–15.
Hu, X., Xu, M., Xu, S., & Zhao, P. (2017). Multiple cyber attacks against a target with
observation errors and dependent outcomes: Characterization and optimization. Reliability
Engineering & System Safety, 159, pp. 119–133.
Yang, Y., Xu, H. Q., Gao, L., Yuan, Y. B., McLaughlin, K., & Sezer, S. (2017).
Multidimensional intrusion detection system for IEC 61850-based SCADA networks.
IEEE Transactions on Power Delivery, 32(2), pp. 1068–1078.
Wong, K., Dillabaugh, C., Seddigh, N., & Nandy, B. (2017). Enhancing Suricata intrusion
detection system for cyber security in SCADA networks. In Electrical and Computer
Engineering (CCECE), 2017 IEEE 30th Canadian Conference on (pp. 1–5). IEEE.
Lakhno, V., Boiko, Y., Mishchenko, A., Kozlovskii, V., Pupchenko, O. (2017).
Development of the intelligent decision-making support system to manage cyber protection
at the object of informatization, Eastern-European Journal of Enterprise Technologies, 2/9
(86), pp. 53–61.
Elhag, S., Fernández, A., Bawakid, A., Alshomrani, S., & Herrera, F. (2015). On the
combination of genetic fuzzy systems and pairwise learning for improving detection rates
on intrusion detection systems. Expert Systems with Applications, 42(1), pp. 193–202.
Moustafa, N., & Slay, J. (2016). The evaluation of Network Anomaly Detection Systems:
Statistical analysis of the UNSW-NB15 data set and the comparison with the KDD99 data
set. Information Security Journal: A Global Perspective, 25(1-3), pp. 18–31.
Villaluna, J. A., & Cruz, F. R. G. (2017). Information security technology for computer
networks through classification of cyber-attacks using soft computing algorithms. In
Humanoid, Nanotechnology, Information Technology, Communication and Control,
Environment and Management (HNICEM), 2017 IEEE 9th International Conference on
(pp. 1–6). IEEE.
http://www.iaeme.com/IJCIET/index.asp
1260
editor@iaeme.com
V.A. Lakhno, B.B. Akhmetov, A.A. Doszhanova, T.S. Kartbayev and Sh.D. Tolybayev
[14]
[15]
[16]
[17]
[18]
[19]
[20]
[21]
Lakhno, V., Kazmirchuk, S., Kovalenko, Y., Myrutenko, L., & Zhmurko, T. (2016). Design
of adaptive system of detection of cyber-attacks, based on the model of logical procedures
and the coverage matrices of features. Eastern-European Journal of Enterprise
Technologies, (3 (9)), pp. 30–38. DOI: 10.15587/1729-4061.2016.71769.
Lakhno, V., Tkach, Y., Petrenko, T., Zaitsev, S., & Bazylevych, V. (2016). Development
of adaptive expert system of information security using a procedure of clustering the
attributes of anomalies and cyber attacks. Eastern-European Journal of Enterprise
Technologies, (6 (9)), pp. 32–44. DOI: 10.15587/1729-4061.2016.85600
Zhang, Y., Wang, L., Xiang, Y., & Ten, C. W. (2016). Inclusion of SCADA cyber
vulnerability in power system reliability assessment considering optimal resources
allocation. IEEE Transactions on Power Systems, 31(6), pp. 4379–4394.
Savola, R. M. (2007). Towards a taxonomy for information security metrics, Proceedings
of the 2007 ACM workshop on Quality of protection, pp. 28–30.
DOI:10.1145/1314257.1314266
Hoffman, B., Buchler, N., Doshi, B., & Cam, H. (2016). Situational Awareness in Industrial
Control Systems. In Cyber-security of SCADA and Other Industrial Control Systems (pp.
187–208). Springer, Cham.
Liang, G., Zhao, J., Luo, F., Weller, S. R., & Dong, Z. Y. (2017). A review of false data
injection attacks against modern power systems. IEEE Transactions on Smart Grid, 8(4),
pp. 1630–1638.
Wurm, J., Jin, Y., Liu, Y., Hu, S., Heffner, K., Rahman, F., & Tehranipoor, M. (2017).
Introduction to cyber-physical system security: A cross-layer perspective. IEEE Trans.
Multi-Scale Comput. Syst, 3(3), pp. 215–227.
Lakhno, V. A., Kravchuk, P. U., Pleskach, V. L., Stepanenko, O. P., Tishchenko, R. V., &
Chernyshov, V. A. (2017). Applying the functional effectiveness information index in
cybersecurity adaptive expert system of information and communication transport systems.
Journal of Theoretical and Applied Information Technology, 95(8), pp. 1705–1714.
http://www.iaeme.com/IJCIET/index.asp
1261
editor@iaeme.com