RADIOELECTRONIC AND COMPUTER SYSTEMS

Independent restructuring of the architecture of multicomputer systems during their operation is a complex task, since such systems are distributed. One of the tasks in this restructuring is to change the architecture of system centers. That is, the system can be rebuilt without changes in its center. But the specifics of the tasks of systems for detecting malicious software and computer attacks require such an organization of systems that it is difficult for attackers to understand their behavior. Therefore, the current task considered in the work is the development of rules for ensuring the restructuring of system centers according to different types of architecture. The aim of the work is to develop criteria for evaluating potential options for centralization in the architecture of multicomputer systems with traps and decoys. To ensure such an assessment, the work analyzed known solutions and established the insufficiency of mathematical support for organizing the restructuring of system centers during their operation. Taking into account the specifics of the tasks for such systems, no parameters were determined that could be taken into account for the formation of the restructuring of system centers. The analyzed works establish the main types of centralization used in the architecture of systems: centralized, partially centralized, partially decentralized, decentralized. However, algorithms and methods for the transition of systems from one type to another in the process of their functioning are not provided. Subject. The work defines characteristic properties that can be used when synthesizing systems. They determine the number of potential variants of the system architecture to which it will switch at the next step when making a decision on restructuring the architecture. With an increase in the number of characteristic properties, the number of possible variants will increase. When approving the variants for the transition, it was necessary to evaluate them taking into account the previous experience of the systems' functioning. To evaluate potential centralization variants in the architecture of systems, evaluation criteria were developed. A feature of the evaluation criteria is that according to them, it is possible to take into account the experience of using the centralization variant in the case of repetition and evaluate the prepared variants that are offered for the first time. That is, the evaluation criteria include the previous experience of the functioning of multi-computer systems. This experience made it possible to evaluate the repeated option based on the results of its previous use. This made it possible to diversify the choice of system centers. Methods. The work developed an objective function for evaluating the next centralization option in the system architecture. The objective function takes into account four evaluation criteria for operational efficiency, stability, integrity and security. All these criteria are focused on evaluating potential options for system centers. New mathematical models were developed for the criteria for operational efficiency, stability, integrity and security in relation to the system center, which, unlike the known mathematical models for evaluating system centers for selecting the next options for centralization, are presented in analytical expressions that take into account the features of the types of centralization in the system architecture, indicators of operational efficiency, stability, integrity and security in relation to the system center and allow forming on their basis an objective function for evaluating options for centralization in systems, the feature of which is the hiding of components with the system center from detection by attackers. Results. The work analyzed the results of an experiment conducted with a prototype of the system. The convergence of the experimental results and the results obtained by the theoretical method has been established. Conclusion. The study introduces mathematical models for evaluating system centers based on operational efficiency, stability, integrity, and security criteria. Unlike existing models, these are presented as analytical expressions that account for various centralization types within system architectures. The models enable the creation of objective functions to evaluate centralization options, emphasizing the concealment of system center components from attackers. Experimental results with a system prototype confirm the theoretical models' validity, showing minimal deviations in function graphs. Significant deviations in specific time intervals are addressed to achieve optimal centralization options.

Savenko, B., Kashtalian, A., Lysenko S., & Savenko O. Malware Detection By Distributed Systems with Partial Centralization, 2023 IEEE 12th International Conference on Intelligent Data Acquisition and Advanced Computing Systems: Technology and Applications (IDAACS), Dortmund, Germany, 2023, pp. 265-270, DOI: 10.1109/IDAACS58523.2023.10348773.

Savenko, O., Sachenko, A., Lysenko, S., Markowsky, G., & Vasylkiv, N. Botnet detection approach based on the distributed systems, International Journal of Computing, 2020, vol. 19, iss. 2, pp. 190-198. DOI: 10.47839/ijc.19.2.1761.

Kashtalian, A., Lysenko, S., Savenko, B., Sochor, T., & Kysil, T. Principle and method of deception systems synthesizing for malware and computer attacks detection, Radioelectronic and Computer Systems, 2023, vol. 4, pp.112-151. DOI: 10.32620/reks.2023.4.10.

Kashtalian, A., Lysenko, S., Savenko, O., Nicheporuk, A., Sochor, T., & Avsiyevych, V. Multi-computer malware detection systems with metamorphic functionality. Radioelectronic and Computer Systems, 2024, vol. 1, pp. 152-175. DOI: 10.32620/reks.2024.1.13.

Lysenko, S., Bobrovnikova, K., Shchuka, R., & Savenko, O. A Cyberattacks Detection Technique Based on Evolutionary Algorithms, 11th International Conference on Dependable Systems, Services and Technologies (DESSERT), 2020, vol. 1, pp. 127-132.

Kashtalian, A. The criterion of promptness in centralization in the architecture of multicomputary systems of combined antivirus baits and traps to detect malicious software and computer attack [The criterion of promptness in centralization in the architecture of multicomputary systems of combined antivirus baits and traps to detect malicious software and computer attacks]. Visnyk Khmelʹnytsʹkoho natsionalʹnoho universytetu. Tekhnichni nauky – Herald of Khmelnytskyi National University. Technical sciences, 2024, vol. 345, vol. 2, no. 6, pp. 172–178. Available at: https://elar.khmnu.edu.ua/handle/123456789/17828. (accessed 11.11.2024) (In Ukrainian).

Svanadze, V., & Gnatyuk, S. Challenges and solutions for cybersecurity and information security management in organizations, CEUR-WS, 2024, vol. 3654, pp. 497–504. Available at: https://ceur-ws.org/Vol-3654/short20.pdf. (accessed 11.11.2024)

Yevseiev, S., Melenti, Y., Voitko, О., Hrebeniuk, V., Korchenko, A., Mykus, S., Milov, O., Prokopenko, O., Sievierinov, О., & Chopenko, D. Development of a concept for building a critical infrastructure facilities security system, Eastern-European Journal of Enterprise Technologies, 2021, vol. 3, no. 9(111), pp. 63–83. DOI: 10.15587/1729-4061.2021.233533.

Dowling, S., Schukat, M., & Barrett, E. New framework for adaptive and agile honeypots. ETRI Journal, 2020, no. 42, pp. 965-975. DOIL 10.4218/etrij.2019-0155.

Viola, V. From honeypots to distributed deception platforms: Theory and testing of emerging technologies for IT security. Master Degree Thesis. Politecnico di Torino. 2019. 78 p. Available at: https://webthesis.biblio.polito.it/13096/1/tesi.pdf (accessed December 10, 2024).

Niakanlahiji, A., Jafarian, J., Chu, B.-T., & Al-Shaer, E. HoneyBug: Personalized cyber deception for web applications, Proceedings of the Hawaii International Conference on System Sciences (HICSS), 2020, article no. 233. DOI: 10.24251/HICSS.2020.233.

Kharchenko, V., Ponochovnyi, Y., Ivanchenko, O., Fesenko, H., & Illiashenko, O. Combining Markov and semi-Markov modelling for assessing availability and cybersecurity of cloud and IoT systems, Cryptography, 2022, vol. 6, no. 44. DOI: 10.3390/cryptography6030044.

Mukhin, V., Kornaga, Y., Bondarenko, V., Zavgorodnii, V., Herasymenko, O., & Sholokhov, O. Mathematical model for heterogeneous databases parameters estimation in distributed systems with dynamic structure, 2020 IEEE 2nd International Conference on Advanced Trends in Information Theory (ATIT), Kyiv, Ukraine, 2020, pp. 158–161. DOI: 10.1109/ATIT50783.2020.9349331 .

Moskalenko, V., Kharchenko, V., Moskalenko, A., & Kuzikov, B. Resilience and resilient systems of artificial intelligence: Taxonomy, models and methods, Algorithms, 2023, vol. 16, article no. 165. DOI: 10.3390/a16030165.

Amin, M. A. R. A., Shetty, S., Njilla, L., Tosh, D. K., & Kamhoua, C. Online cyber deception system using partially observable Monte-Carlo planning framework. In: Chen, S., Choo, KK., Fu, X., Lou, W., & Mohaisen, A. (eds), Security and Privacy in Communication Networks. SecureComm 2019, Lecture Notes of the Institute for Computer Sciences, Social Informatics and Telecommunications Engineering, vol. 305. Springer, Cham. DOI: 10.1007/978-3-030-37231-6_11.

Letychevskyi, O., & Peschanenko, V. Applying algebraic virtual machine to cybersecurity tasks, Proceedings of the IEEE 9th International Conference on Sciences of Electronics, Technologies of Information and Telecommunications (SETIT), IEEE, Hammamet, Tunisia, 2022, pp. 161–169. DOI: 10.1109/SETIT54465.2022.9875895.

Gao, Y., Zhang, G., & Xing, C. A multiphase dynamic deployment mechanism of virtualized honeypots based on intelligent attack path prediction. Security and Communication Networks, 2021, vol. 2021, article no. 6378218. 15 p. DOI: 10.1155/2021/6378218.

Thang, N., Park, M., & Joo, Y. EVHS - Elastic Virtual Honeypot System for SDNFV-Based Networks. International Journal of Communication Networks and Information Security (IJCNIS), 2022, vol. 12, iss. 3. DOI: 10.17762/ijcnis.v12i3.4701.

Kareem, S. A., Sachan, R. C., & Malviya, R. K, AI-Driven Adaptive Honeypots for Dynamic Cyber Threats. SSRN, 2024, pp. 1-9. DOI: 10.2139/ssrn.4966935.

Islam, M. M., & Al-Shaer, E. Active Deception Framework: An Extensible Development Environment for Adaptive Cyber Deception. 2020 IEEE Secure Development (SecDev), Atlanta, GA, USA, 2020, pp. 41-48. DOI: 10.1109/SecDev45635.2020.00023.

Belalis, I., Kavallieratos, G., Gkioulos, V., & Spathoulas, G. Enabling defensive deception by leveraging software defined networks. International Academy, Research and Industry Association (IARIA), 2020. Available at: https://hdl.handle.net/11250/2685618 (accessed December 10, 2024).

Gao, C., Wang, Y., & Xiong, X. A cyber deception defense method based on signal game to deal with network intrusion. Security and Communication Networks, 2022, vol. 2022, iss. 1, article no. 3949292. DOI: 10.1155/2022/3949292.

Sajid, M. S. I., Wei, J., Alam, M. R., Aghaei, E., & Al-Shaer, E. DodgeTron: Towards autonomous cyber deception using dynamic hybrid analysis of malware. 2020 IEEE Conference on Communications and Network Security (CNS), Avignon, France, 2020, pp. 1-9. DOI: 10.1109/CNS48642.2020.9162202.

Acosta, J. C., Basak, A., Kiekintveld, C., Leslie, N., & Kamhoua, C. Cybersecurity deception experimentation system. 2020 IEEE Secure Development (SecDev), Atlanta, GA, USA, 2020, pp. 34–40. DOI: 10.1109/SecDev45635.2020.00022.

Khoroshko, V., Khokhlachova, Y., & Vyshnevska, N. Choice of indicators for forecasting cyber protection of computer systems. Ukrainian Scientific Journal of Information Security, 2023, vol. 29, no. 1, pp. 41–47.

Yi, H., Li, F., Wang, R., Hu, N., & Tian, Z. A survey of deception defense: Approaches used to counter malicious behavior. 2023 IEEE 12th International Conference on Cloud Networking (CloudNet), Hoboken, NJ, USA, 2023, pp. 418–422. DOI: 10.1109/CloudNet59005.2023.10490043.

Shinde, A., Doshi, P., & Setayeshfar, O. Cyber attack intent recognition and active deception using factored interactive POMDPs. Proceedings of the 20th International Conference on Autonomous Agents and MultiAgent Systems, International Foundation for Autonomous Agents and Multiagent Systems, 2021, pp. 1200-1208.

Putrevu, V. S. C., Mukhopadhyay, S., Manna, S., Rani, N., Vaid, A., Chunduri, H., Putrevu, M. A., & Shukla, S. ADAPT: Adaptive camouflage-based deception orchestration for trapping advanced persistent threats. Digital Threats: Research and Practice, 2024, vol. 5, no. 3, article 21. 35 p. DOI: 10.1145/3651991.

Li, T., Chen, B., Yu, L., & Zhang, W.-A. Active security control approach against DoS attacks in cyber-physical systems, IEEE Transactions on Automatic Control, 2021, vol. 66, no. 9, pp. 4303–4310. DOI: 10.1109/TAC.2020.3032598.

Ferguson-Walter, K., Fugate, S., Mauger, J., & Major, M. Game theory for adaptive defensive cyber deception. HotSoS '19: Proceedings of the 6th Annual Symposium on Hot Topics in the Science of Security, 2019, article no. 4. 8 p. DOI:10.1145/3314058.3314063.

Kong, T., Wang, L., Ma, D., Xu, Z., Yang, Q., Lu, Z., & Lu, Y. Automated honeynet deployment strategy for active defense in container-based cloud, 2020 IEEE 22nd International Conference on High Performance Computing and Communications; IEEE 18th International Conference on Smart City; IEEE 6th International Conference on Data Science and Systems (HPCC/SmartCity/DSS), 2020, pp. 483–490.

Moric, Z., Mršić, L., Kunić, Z., Đambić, G. Honeypots in Cybersecurity: Their Analysis, Evaluation and Importance. Preprints, 2024. https://doi.org/10.20944/preprints202408.0946.v1

Subhash, P., Qayyum, M., Varsha, C.L., Mehernadh, K., Sruthi, J., & Nithin, A. A security framework for the detection of targeted attacks using honeypot. In: Devi, B.R., Kumar, K., Raju, M., Raju, K.S., & Sellathurai, M. (eds), Proceedings of Fifth International Conference on Computer and Communication Technologies (IC3T 2023). Lecture Notes in Networks and Systems, vol. 897, Springer, Singapore, 2024. DOI: 10.1007/978-981-99-9704-6_16.

Lobanchykovaa, N. M., Pilkevychb, I. A., & Korchenko, O. Analysis of attacks on components of IoT systems and cybersecurity technologies. QuaInT+ doors, 2021, pp. 83–96. Available at: https://ceur-ws.org/Vol-2850/paper6.pdf. (accessed 11.11.2024).

Surber, J., & Zantua, M. Intelligent interaction honeypots for threat hunting within the Internet of Things. Journal of The Colloquium for Information Systems Security Education, 2022, vol. 9, pp. 1–5. DOI: 10.53735/cisse.v9i1.147.

Pour, M. S., Khoury, J., & Bou-Harb, E. HoneyComb: A darknet-centric proactive deception technique for curating IoT malware forensic artifacts. NOMS 2022-2022 IEEE/IFIP Network Operations and Management Symposium, Budapest, Hungary, 2022, pp. 1–9. DOI: 10.1109/NOMS54207.2022.9789827.

Seo, S., & Kim, D. IoDM: A study on an IoT-based organizational deception modeling with adaptive general-sum game competition. Electronics, 2022, vol. 11, article no. 1623. DOI:10.3390/electronics11101623.

Kehret, O., Walz, A., & Sikora, A. Integration of Hardware Security Modules into a Deeply Embedded TLS Stack. International Journal of Computing, 2016, vol. 15, iss. 1, pp. 22-30. DOI:10.47839/ijc.15.1.827.

Komar, M., Sachenko, A., Golovko, V., & Dorosh, V. Compression of Network Traffic Parameters for Detecting Cyber Attacks Based on Deep Learning, Proceedings of the 9th IEEE International Conference on Dependable Systems, Services and Technologies (DESSERT’2018), Kyiv, Ukraine, 2018, pp. 44-48.

Kharchenko, V., Ponochovnyi, Y., Abdulmunem, A.-S. M. Q., & Boyarchuk, A. Security and Availability Models for Smart Building Automation Systems, International Journal of Computing, 2017, vol. 16(4), pp. 194-202. DOI: 10.47839/ijc.16.4.907.

Komar, M., Golovko, V., Sachenko, A., & Bezobrazov, S. Development of Neural Network Immune Detectors for Computer Attacks Recognition and Classification, Proceedings of the 7th IEEE International Conference on Intelligent Data Acquisition and Advanced Computing Systems: Technology and Applications (IDAACS), Berlin, Germany, 2013, pp. 665-668.

Obeidat, I., & AlZubi, M. Developing a Faster Pattern Matching Algorithms for Intrusion Detection System, International Journal of Computing, 2019, vol. 18, iss. 3, pp. 278-284. DOI: 10.47839/ijc.18.3.1520.

Doukas, N., Stavroulakis, P., & Bardis, N. Review of artificial intelligence cyber threat assessment techniques for increased system survivability. In Malware Analysis Using Artificial Intelligence and Deep Learning, Springer International Publishing, 2021, pp. 207-222. DOI: 10.1007/978-3-030-62582-5_7.

Lysenko, S., & Savenko, B. Distributed Discrete Malware Detection Systems Based on Partial Centralization and Self-Organization. International Journal of Computing. 2023. vol. 22, pp. 117-139. DOI: 10.47839/ijc.22.2.3082.