Markov model of normal conduct template of computer systems network objects

The article is devoted to solving a relevant scientific-applied problem of enhancement of cyberattacks on computer systems network objects detection systems. Detection systems based on determining the admissibility of current values of the monitored functional parameters of a computer system deviations from a normal conduct pattern are studied. It is shown that one of the main Haws of modern network cyberattacks detection systems is the imperfection of methodological maintenance, which is used to form normal conduct templates. As a result of the research, the possibility of forming a normal conduct template of computer systems network objects based on a homogeneous Markov chain with successive transitions is substantiated. It is defined that for the formation of the normal conduct template it is advisable to use the Markov chain with the number of states equal to 20. A graph of a process of transitions is developed, corresponding mathematical maintenance is worked out, which makes it possible to calculate the main parameters of the used Markov chain. Numerical experiments which confirmed the prospects of the offered solutions have been carried out. The practicability of further research in the field of substantiation of the nomenclature and the method for estimating the monitored parameters is presented.