CONCEPTUAL ARCHITECTURE OF DECEPTIVE SYSTEMS WITH BAITS AND TRAPS BASED ON POPULATION ALGORITHMS

Abstract

The problem of increasing the effectiveness of detection of cyber attacks (CA) and actions of malicious software (MAL) in corporate networks remains relevant in connection with the growing complexity of modern cyber threats. Its versatility is due to the variety of indicators, parameters and characteristics that can be updated or improved and affect the effectiveness of protection systems. A promising direction for strengthening attack detection mechanisms is the modernization of attack models and the development of the architecture of deception systems with decoys and traps that are capable of forming adaptive, flexible and self-organized defensive reactions. The proposed architecture of deception systems provides the ability to make automated decisions about further actions, organize the collective work of agents, and flexibly manage decoys and traps. This approach, combined with information about available network resources, creates a significant advantage over the means of attackers. The use of numerical characteristics of system elements makes it possible to evaluate their current state and determine the optimal next steps when countering attacks. These characteristics form the basis for effective control of bait and trap behavior in real time.

Within the framework of the work, it is proposed to synthesize population algorithms, in particular the moth and fire algorithm, with the architecture of deception systems to optimize the sequence of the next steps of the system and support its stable functioning under the conditions of long-term effects of the CA and actions of the MAL. It is shown that the configurations of network nodes in the scenarios of penetration from the outside or from the inside can be presented in the form of two representation schemes, which are generalized to a single structure or can be interpreted in three-dimensional space. This approach provides more flexible modeling of system behavior and increases the adaptability of its reactions.

Optimization with the help of population algorithms allows you to avoid a complete enumeration of possible actions, ensures fast convergence of optimal solutions in a dynamic environment, and allows you to rebuild the sequence of steps in accordance with changes in the corporate network. In addition, support for the dynamic activity of baits and traps guarantees long-term interaction of the system with attacking influences and increases its resistance to complex and repeated attacks.

The conducted experiments showed the prospects of the proposed direction of research and synthesis in the architecture of deceptive systems of population algorithms for optimizing their choice of further steps.

Prospects for further research are in deepening the integration of population algorithms into the architecture of deceptive systems with baits and traps, as well as in developing a method of organizing their functioning in accordance with the proposed conceptual model. The results of the work are aimed at increasing the level of cyber protection of corporate networks through the creation of intelligent adaptive systems for countering modern self-propelled missiles and anti-aircraft weapons.