ПОБУДОВА СИСТЕМ ВИЯВЛЕННЯ КІБЕРАТАК ЗА ДОПОМОГОЮ ПРИХОВАНОЇ МАРКІВСЬКОЇ МОДЕЛІ

One of the most promising ways to improve the quality of data analysis is to use the anomaly detection method in network cyberattack detection systems. In this method, the work of data analyzers is based on the assumption that a sign of a cyberattack is a certain deviation of the controlled parameters of a computer system (CS) from the parameters that characterize the normal functioning of the network. The values of the monitored parameters under normal operating conditions are called patterns of normal behavior. That is why the choice or formation of such a template that would adequately reproduce the functional portrait of the network object of the CS and allow to determine the anomalous behavior of this object with a given accuracy is a very important task. Massive cyberattacks initiate the creation of special technical solutions, means and systems of counteraction. To detect network intrusions, modern methods, models, tools and complex technical solutions for intrusion detection and prevention systems are used, which can remain effective when new or modified types of cyber threats appear. But in fact, when new threats and anomalies appear, generated by attacking actions with unidentified or vaguely defined properties, these tools do not always remain effective and require long time resources for their appropriate adaptation. Therefore, intrusion detection systems (IDSs) must be continually researched and improved to ensure their effective continuity. The issue of security and protection of information systems (IS) has been studied by domestic and foreign researchers, some of them are T. Ptaceka, O. Camp, P. Albers, I. Tereykovsky, А. Korchenko, V. Buryachok, V. Dudikevich and other. Undoubtedly, the relevant direction in the field of information security, which has intensive development, is the direction of detecting cyberattacks and protection against interference in the work of information systems by unauthorized parties. In addition, it should be noted that attacks on information systems are becoming more frequent, methods of their implementation are becoming more sophisticated, and the scale is increasingly global. If we talk about intrusion and attack detection systems, then of course they have numerous flaws in terms of security solutions. In order to increase the efficiency of these systems, not only in terms of detecting harmful effects on protected objects of information systems infrastructure, but also it is necessary to take into account the factors of the daily operation of these tools. In addition, an important issue is economic efficiency, given the optimization of information resources of the owner of the protection system. One of the most effective methods for detecting intrusions and attacks is the method based on the signature approach. As for signature-based methods for identifying attacks, they form a set of rules or a formal model for describing attacks. Regarding the formal model, in this case it can use a character string and a semantic expression in a special language, etc. The main mechanism of the signature method is the use of signatures (a specialized database of certain patterns) of attacks. These signatures are used to search for actions that show signs of an "attack". As a result of the research, the possibility of forming patterns of normal behavior of network objects of computer systems based on a homogeneous Markov chain with successive transitions has been substantiated. The structure of the model has been developed, a corresponding mathematical instruments have been formed. An important area of further research is the development of model dependencies of the overall change in parameters that determine the safety of the CS. In addition, the development of patterns of normal behavior of the CS is inappropriate without substantiating the nomenclature and method for assessing the controlled parameters. So, another important area of further research should be the development of a system for selecting and assessing the safety parameters of the CS.