RADIOELECTRONIC AND COMPUTER SYSTEMS

The dynamic expansion of cyber threats poses an urgent need for the development of new methods, methods, and systems for their detection. The subject of the study is the process of ensuring the resilience of computer systems in the presence of cyber threats. The goal is to develop a self-adaptive method for computer systems resilience in the presence of cyberattacks. Results. The article presents a self-adaptive system to ensure the resilience of corporate networks in the presence of botnets’ cyberattacks. Resilience is provided by adaptive network reconfiguration. It is carried out using security scenarios selected based on a cluster analysis of the collected network features inherent cyberattacks. To select the necessary security scenarios, the proposed method uses fuzzy semi-supervised c-means clustering. To detect host-type cyberattacks, information about the hosts’ network activity and reports of host antiviruses are collected. To detect the network type attacks, the monitoring of network activity is carried out, which may indicate the appearance of a cyberattack. According to gathered in the network information concerning possible attacks performed by botnet the measures for the resilient functioning of the network are assumed. To choose the needed scenario for network reconfiguration, the clustering is performed. The result of the clustering is the scenario with the list of the requirement for the reconfiguration of the network parameters, which will assure the network’s resilience in the situation of the botnet’s attacks. As the mean of the security scenario choice, the semi-supervised fuzzy c-means clustering was used. The clustering is performed based on labeled training data. The objects of the clustering are the feature vectors, obtained from a payload of the inbound and outbound traffic and reports of the antiviral tool about possible hosts’ infection. The result of clustering is a degree of membership of the feature vectors to one of the clusters. The membership of feature vector to cluster gives an answer to question what scenario of the network reconfiguration is to be applied in the situation of the botnet’s attack. The system contains the clusters that indicate the normal behavior of the network. The purpose of the method is to select security scenarios following cyberattacks carried out by botnets to mitigate the consequences of attacks and ensure a network functioning resilience. Conclusions. The self-adaptive method for computer systems resilience in the presence of cyberattacks has been developed. Based on the proposed method, a self-adaptive attack detection, and mitigation system has been developed. It demonstrates the ability to ensure the resilient functioning of the network in the presence of botnet cyberattacks at 70 %.

botnet; cyber threat; cyberattack; botnet detection; network defense; self-adaptive systems; resilience; security scenario; malware; DDoS attack

NEXUSGUARD. DDoS Threat Report 2019 Q3. Available at: https://www.nexusguard.com /threat-report-q3-2017 (аccessed 9.11.2019).

Oxford Dictionaries. Available at: http://www. oxforddictionaries.com/definition/english/botnet?q=botnet (аccessed 9.11.2019).

SearchDataCenter. Data center resiliency. Available at: http://searchdatacenter.techtarget. com/definition/resiliency (аccessed 9.11.2019).

Giudice, M., Wilkinson, C. Crowe Horwath. Resilience Going Beyond Security to a New Level of Readiness, 2016. Available at: https://www. crowehorwath.com/insights/asset/cyber-resilience-readiness-level (аccessed 9.11.2019).

Knapp, E. D., Langill, J. T. Industrial Network Security: Securing critical infrastructure networks for smart grid, SCADA, and other Industrial Control Systems. Syngress, 2014. 460 p.

Cheng, B. H., De Lemos, R., Giese, H., Inverardi, P., Magee, J., Andersson, J., Serugendo, G. D. M. Software engineering for self-adaptive systems: A research roadmap. In: Software engineering for self-adaptive systems, Springer Berlin Heidelberg, 2009, pp. 1-26.

Macas-Escriv, F. D., Haber, R., Del Toro, R., Hernandez, V. Self-adaptive systems: A survey of current approaches, research challenges and applications. Expert Systems with Applications, 2013, vol. 40, no. 18, pp. 7267-7279.

Zuzcak, M., Sochor, T. Behavioral analysis of bot activity in infected systems using honeypots. In: Communications in Computer and Information Science: Springer, Cham, 2017, vol. 718, pp. 118-133.

Sochor, T., Zuzcak, M. Attractiveness Study of Honeypots and Honeynets in Internet Threat Detection. In: 22nd Int. Conf. Computer Networks: Communications in Computer and Information Science: Springer International, Cham, 2015, pp. 69-81.

Wang, H., Jia, Q., Fleck, D., Powell, W., Li, F., Stavrou, A. A moving target DDoS defense mechanism. Computer Communications, vol. 46, 2014, pp. 10-21.

Javadianasl, Y., Manaf, A. A., Zamani, M. A Practical Procedure for Collecting More Volatile Information in Live Investigation of Botnet Attack. In: Multimedia Forensics and Security, Springer, 2017, pp. 381-414.

Khattak, S., Ramay, N. R., Khan, K. R., Syed, A. A., Khayam, S. A. A taxonomy of botnet behavior, detection, and defense. IEEE communications surveys & tutorials, 2014, vol. 16, no. 2, pp. 898-924.

Wang, P., Wu, L., Aslam, B., Zou, C. C. Analysis of Peer-to-Peer botnet attacks and defenses. In: Propagation phenomena in real world networks, Springer International Publishing, 2015, pp. 183-214.

Bhuyan, M. H., Bhattacharyya, D. K., Kalita, J. K. An empirical evaluation of information metrics for low-rate and high-rate DDoS attack detection. Pattern Recognition Letters, vol. 51, 2015, pp. 1-7.

Hoque, N., Bhuyan, M. H., Baishya, R. C., Bhattacharyya, D. K., Kalita, J. K. Network attacks: Taxonomy, tools and systems. Journal of Network and Computer Applications, vol. 40, 2014, pp. 307-324.

Wang, B., Zheng, Y., Lou, W., Hou, Y. T. DDoS attack protection in the era of cloud computing and software-defined networking. Computer Networks, vol. 81, 2015, pp. 308-319.

Pathan, A. S. K. (Ed.). Security of self-organizing networks: MANET, WSN, WMN, VANET. CRC press, 2016. 638 p.

Branitskiy, A., Kotenko, I. Network Attack Detection Based on Combination of Neural, Immune and Neuro-Fuzzy Classifiers. In: 2015 IEEE 18th International Conference on Computational Science and Engineering (CSE), 2015, pp. 152-159.

Komar, M., Sachenko, A., Bezobrazov, S., Golovko, V. Intelligent Cyber Defense System Using Artificial Neural Network and Immune System Techniques. In: Ginige A. et al. (eds) Information and Communication Technologies in Education, Research, and Industrial Applications. ICTERI 2016. Communications in Computer and Information Science: Springer, Cham, vol. 783, 2017, pp. 36-55.

Bezobrazov, S., Sachenko, A., Komar, M., Rubanau, V. The methods of artificial intelligence for malicious applications detection in Android OS. International Journal of Computing, 2016, vol. 15, no. 3, pp. 184-190.

Lysenko, S., Savenko, O., Kryshchuk, A., Kljots, Y. Botnet detection technique for corporate area network. In: Proceedings of the 2013 IEEE 7th International Conference on Intelligent Data Acquisition and Advanced Computing Systems (IDAACS), 2013, pp. 363-368.

Savenko, O., Lysenko, S., Kryshchuk, A. Multi-agent Based Approach for Botnet Detection in a Corporate Area Network Using Fuzzy Logic. In: International Conference on Computer Networks: Springer, 2013, pp. 146-156.

Pomorova, O., Savenko, O., Lysenko, S., Kryshchuk, A., Bobrovnikova, K. Antievasion technique for the botnets detection based on the passive DNS monitoring and active DNS probing. In: International Conference on Computer Networks: Springer International Publishing, 2016, pp. 83-95.

Lysenko, S., Savenko, O., Bobrovnikova, K., Kryshchuk, A., Savenko, B. Information Technology for Botnets Detection Based on Their Behaviour in the Corporate Area Network. In: International Conference on Computer Networks: Springer, Cham, 2017, pp. 166-181.

IMPERVA INCAPSULA. Available at: https://www.incapsula.com/ddos/attack-glossary

(аccessed 9.11.2019).

Najafabadi, M. M., Khoshgoftaar, T. M., Napolitano, A., Wheelus, C. RUDY Attack: Detection at the Network Level and Its Important Features. In: FLAIRS Conference, 2016, pp. 288-293.

Alejandre, F. V., Corts, N. C., Anaya, E. A. Botnet Detection using Clustering Algorithms. Research in Computing Science, vol. 118, 2016, pp. 65-75.

Pedrycz, W., Waletzky, J. Fuzzy clustering with partial supervision. IEEE Transactions on Systems, Man, and Cybernetics, Part B (Cybernetics), 1997, vol. 27, no. 5, pp. 787-795.

VIRUS BULLETIN. Grooten, M. VB2017 videos on attacks against Ukraine, 2017. Available at: https://www.virusbulletin.com/blog/2017/12/vb2017-videos-attacks-against-ukraine/ (аccessed 9.11.2019).

SOURCE FORGE. R-U-Dead-Yet? (RUDY) Original source code files. Available at: https:// sourceforge.net/projects/r-u-dead-yet/ (аccessed 9.11.2019).

SOURCE FORGE. Hyenae. Available at: https://sourceforge.net/projects/hyenae/ (аccessed 9.11.2019).

dsniff. Available at: https://www.monkey.org/ ~dugsong/dsniff (аccessed 9.11.2019).

Linkov, I., Palma-Oliveira, J. M. (Eds.) Resilience and risk: Methods and application in environment, cyber and social domains. Springer, 2017. 580 p.