ADAPTIVE METHOD FOR MITIGATING THE EFFECTS OF CYBERATTACKS IN INFORMATION SYSTEMS

Abstract

Modern information systems operate in multidimensional adaptive environments where data properties, process characteristics, and interactions between automated components and humans change extremely rapidly. Such changes are caused by both the natural evolution of work processes and external influences, among which cyberattacks are particularly dangerous. In these conditions, traditional approaches to ensuring the stability of information systems—based on fixed sets of rules, established behavior patterns, and static analysis schemes—are gradually losing their effectiveness.

The proposed adaptive method for mitigating the effects of cyberattacks eliminates these limitations by transforming data from multiple sources -event workflows, process execution information, user and device identification attributes, and auxiliary situational indicators -into consistent internal representations suitable for further processing in conditions of constant change. This gives the information system a holistic view of its state, allowing it to detect deviations caused by both natural changes and deliberate actions by attackers in a timely manner.

Methodologically, the approach involves continuous monitoring of the quality indicators of the information system and the properties of the data coming into it. When a change in the structure or nature of the data is detected, specialized cycles of internal system parameter adjustments are activated to mitigate the negative consequences. These cycles employ mechanisms that reduce the impact of damaged, unreliable, or atypical records that may arise during cyberattacks. This ensures the stability of the information system even under conditions of significant changes in the data environment, in particular during attempts by malicious actors to distort service information, overload transmission channels, or hide critical events.

An important feature of the method is its emphasis on reproducibility and controlled adaptation. If adjusting internal parameters leads to a deterioration in system performance, a return to the previous stable state is provided for.  The proposed approach was tested on real-world datasets, including NSL-KDD and CICIDS2017, supplemented with artificially generated high-throughput data reflecting a variety of operational scenarios. The experimental results showed that the adaptive method of mitigating the consequences of cyberattacks increases the accuracy of the information system, reduces the number of false alerts, ensures low processing latency, and allows the system to quickly adapt to changes without losing reliability.