DETECTION ENVIRONMENT FORMATION METHOD FOR ANOMALY DETECTION SYSTEMS

Due to the intensive development of the digital business, malicious software and other cyber threats are becoming more common. In order to increase the level of security there are needed appropriate special countermeasures, which are able to remain effective when new types of threats occur, and which allow to detect cyberattacks targeting on a set of information system resources in fuzzy conditions. Different attacking effects on the corresponding resources generate various sets of anomalies in a heterogeneous parametric environment. There is known a tuple model of the formation of a set of basic components that allow to identify cyber-attacks. For its effective application a formal implementation of the approach to the formation of sets of basic detection rules is necessary. For this purpose, there has been developed a method that focuses on solving problems of cyber-attacks detection in computer systems, which is implemented through three basic steps: