INTELLIGENT DECISION-MAKING SYSTEM FOR SELECTING COUNTERMEASURES AGAINST HIDDEN INFORMATION LEAKAGE CHANNELS IN SPECIAL-PURPOSE NETWORKS

Abstract

This paper presents an intelligent decision-making system for selecting optimal countermeasures against covert exfiltration channels in special-purpose networks (SPN). Adaptive exfiltration scenarios pose a particular danger, in which the attacker dynamically changes the operating parameters of the covert channel depending on the response of the cybersecurity system.

A mathematical model for the adaptive selection of protective measures is proposed, based on an integrated assessment of the risk of a covert channel, network service quality indicators, and the probability of changes in the attacker’s tactics. An optimization objective function is introduced that strikes a balance between minimizing information leakage and maintaining an acceptable level of critical information infrastructure performance. A two-level structure for an intelligent system has been developed, in which the first level performs analysis of network traffic anomalies and assessment of the risk of a hidden channel, while the second level selects a countermeasure adaptively based on the criterion of minimizing total losses.

A mechanism has been developed for the intelligent control of countermeasures under conditions of incomplete information and dynamic changes in the operation of the SPN, due to network anomalies, changes in user behavior, and the attacker’s ability to adapt to defense mechanisms. Analytical conditions for the stability of the decision-making system have been derived, and the convergence of the algorithm for selecting defense measures has been proven. Numerical simulations of the system’s operation were conducted, demonstrating that the proposed approach reduces the risk of information leakage without significantly compromising the performance of the SPN and enhances the effectiveness of adaptive cybersecurity in the face of modern network threats.