Purpose. An applied anomaly detection system that, due to cyber-attack databases, rules and standards, allows to expand the functionality of modern intrusion detection systems and automate the process of generating parameter standards for detecting anomalies in the cyber environment for a certain period of time.
Scope. The applied system can be used for cyber security.
Advantages. The growing complexity of hardware and software and the shortcomings of modern IT lead to the improvement of cyber attacks. It should be noted that unauthorized actions on the resources of information systems are also carried out on the cyber environment, generating, as a result, certain anomalies in it. Such an environment is usually heterogeneous, unclearly defined, and to solve the problems of detecting cyber attacks that have created anomalies in this environment, appropriate means are needed. Such means should facilitate the detection of intrusions by many different characteristic features, including their dynamic component, which is monitored in real time. The developed application system for detecting cyberattacks, due to the procedures for determining the level of an anomaly state, the characteristic influence of a certain type of cyberattack in a weakly formalized fuzzy environment, allows for the effective detection of non-signature and new types of cyberattacks, as well as zero-day threats in real time, which puts it on par with the best world analogues.
Description. This application system for detecting anomalies was developed using a basic algorithm and a number of procedures (construction of a coordinate grid; initialization of values based on a set of databases and modules; graphical formation of parameters; search for common points according to basic rules and graphical interpretation of the result) to detect anomalies generated by cyberattacks in a weakly formalized cyber environment. It can be used autonomously or as an expander of the functionality of modern intrusion detection systems.