=Paper=
{{Paper
|id=Vol-2588/paper12
|storemode=property
|title=Markov Model of Unsteady Profile of Normal Behavior of Network Objects of Computer Systems
|pdfUrl=https://ceur-ws.org/Vol-2588/paper12.pdf
|volume=Vol-2588
|authors=Ihor Tereikovskyi,Lyudmila Tereykovska,Shynar Mussiraliyeva,Mikola Tsiutsiura,Jugoslav Achkoski
|dblpUrl=https://dblp.org/rec/conf/cmigin/TereikovskyiTMT19
}}
==Markov Model of Unsteady Profile of Normal Behavior of Network Objects of Computer Systems==
https://ceur-ws.org/Vol-2588/paper12.pdf
Markov Model of Unsteady Profile of Normal Behavior
of Network Objects of Computer Systems
Ihor Tereikovskyi 1 [0000-0003-4621-9668], Lyudmila Tereykovska 2 [0000-0002-8830-0790],
Shynar Mussiraliyeva 3 [0000-0001-5794-3649], Mikola Tsiutsiura 2 [0000-0002-1946-9242] and
Jugoslav Achkoski 4 [0000-0003-2782-3739]
1
National Technical University of Ukraine “Igor Sikorsky Kyiv Polytechnic Insti-
tute”, Kyiv, Ukraine
2
Kyiv National University of Construction and Architecture, Kyiv, Ukraine
3
Al-Farabi Kazakh National University, Almaty, Kazakhstan
4
Military Academy “General Mihailo Apostolski”, Skopje, North Macedonia
terejkowski@ukr.net, tereikovskal@ukr.net, mussirali-
yevash@gmail.com, teodenor@gmail.com
Abstract. The article is devoted to the ongoing scientific and applied
issue on improvement of systems of detection of cyberattacks on net-
work objects of computer systems. Detection systems are considered
based on determining the tolerance of deviations of the current values of
the controlled functional parameters of the computer system from the
profiles of normal behavior. It is established that one of the main disad-
vantages of network cyberattack detection systems is the imperfection
of normal behavior profiles, which are insufficiently adapted to the typ-
ical non-stationary nature of the dynamics of the controlled functional
parameters. It is proposed to form non-stationary profiles of normal be-
havior of network objects of computer systems on the basis of multipe-
riodic Markov model, which allows to take into account the typical na-
ture of the dynamics of functional parameters that reflect the state of se-
curity of network objects of computer systems. The peculiarity of the
model is the modeling of each of the stationary sections of the dynamics
of the functional parameter using a homogeneous Markov chain with
successive transitions. It is experimentally established that the applica-
tion of the developed multiperiodic model allows to increase the accu-
racy of forecasting the dynamics of functional parameters up to 2 times.
Moreover, it is shown that the prospects for further research are associ-
ated with the development of methods for applying the solutions of the
theory of spectral analysis of data to determine the significant periods of
the process of changing functional parameters.
Keywords: recognition of network cyberattacks, normal behavior pro-
file, Markov’s model, dynamics of functional parameters.
Copyright © 2020 for this paper by its authors. Use permitted under Creative Commons License Attrib-
ution 4.0 International (CC BY 4.0) CMiGIN-2019: International Workshop on Conflict Management in
Global Information Networks.
�1 Introduction
The importance of improving the means of recognizing network cyberattacks is in-
creasing due to the constant danger of cybercrime, the dynamic growth of various and
diverse cyber threats, and the increase in the complexity and responsibility of com-
puter networks (CN) [1, 5, 11]. The basis of these tools is the data analysis module,
the main task of that is to generate a decision on the presence or absence of a cyberat-
tack on the object of protection at a given time [8, 10, 16]. It is generally recognized
that one of the most promising areas for improving the quality of data analysis is the
use of the anomaly detection method in recognition systems. An important advantage
of this method is the ability to recognize new types of attacks with unknown signa-
tures. In this case, the work of data analyzers is based on the assumption that the sign
of a network cyberattack is a deviation of the specified parameters of the CN from the
so-called normal behavior profile (NBP). Although a lot of scientific and practical
works are devoted to the development of NBP, however, successful attempts of net-
work attacks on a number of domestic and foreign institutions indicate the need for
their significant improvement, which explains the relevance of research in this direc-
tion.
2 Literature Review and Problem Postulation
As evidenced by the literature review, control cards Shuhart, EWMA, CUSUM, simu-
lation and neural network models mainly used for the construction of modern PNP, as
well as models based on classical methods of statistical analysis [5, 6, 18, 19]. It
should be noted that in most cases, these profiles describe the dynamics of the func-
tional parameters of the CN. The method and experimental system of detection of
attacks on resources of CN is developed in work [9]. The method uses the patterns of
normal behavior based on the simulation model of the functioning of network objects
of CN. It should be mentioned that the construction of this simulation model for real
CS is associated with great difficulties. The aim of the work [1] was to develop a
mathematical model of CS network behavior and a method of anomaly detection
based on the statistical study of changes in the characteristics of this system. This
paper proposes to divide the entire space of the performance on the indicators charac-
terizing the use of local system resources and indicators of interaction with the outside
world. The introduced mathematical model based on the assumption the use of the
sample homogeneity criterion to identify anomalies. In addition, the literature review
allows us to determine that the methods of statistical data processing can be addition-
ally used to clarify the obtained NBP. Thus, the article [4] describes the process of
developing templates for fixing abnormal behavior of CN on the basis of BDS-tests. It
is argued that such tests are effective methods for identifying dependencies in time
series in the framework of their nonlinear analysis and have been widely used for
�analysis of financial markets. In the article the mathematical apparatus of testing is
developed, and the results of numerical experiments are shown, confirming the possi-
bility of using such templates to define the malicious software by heuristic analyzers.
Article [13] is devoted to the development of adaptive patterns of fixation of abnor-
mal behavior of CN. The fact of possibility of use for these purposes of control cards
of Shuhart is confirmed. For the development and experimental studies, a software
model has been developed that allows to obtain a database of CN state templates and
to fix abnormal behavior of network objects. The possibility of using the developed
adaptive patterns in heuristic analyzers of intrusion detection systems is stated.
However, as studies have shown, these means of forming patterns are not devoid of
a number of drawbacks. SO EWMA control cards are insensitive to short manifesta-
tions of anomalies. At the same time, CUSUM maps detect small but constant chang-
es with a higher probability but have low accuracy (high probability of false positives)
under dynamic changes in the computer system display [2-5]. The analyzed patterns,
which are based on classical methods of statistical analysis, are characterized by a
high level of false positives when used in local networks, where the behavior of ob-
jects does not have a smooth, averaged character [8, 10]. Based on authors view, it is
possible to eliminate these shortcomings by using the theory of Markov processes,
which is successfully used to build statistical models of complex processes [7]. It
should be noted that the expediency of using Markov chains in the field of recognition
of cyberattacks has already been proved in the works [9, 19, 20]. Thus, the work [9] is
devoted to the use of hidden Markov chains for modeling the mental state of the CN
operator in the implementation of cyberattacks. The paper [14] describes in detail the
methodology of CN protection based on the game theory using the Markov model.
The possibility of choosing the most effective protection strategy is shown in the pre-
cases of a certain time window. A similar problem is considered in work [15], where
the Markov model is developed to determine the strategy of protection of a moving
target. In work [17] the algorithm of step-by-step detection of attacks on a computer
network on the basis of the hidden Markov model is offered. In work [20] the possi-
bility of formation of templates of normal behavior of network objects of CN on the
basis of a homogeneous Markov chain with consecutive transitions is proved. It is
determined that for the formation of patterns of normal behavior it is advisable to use
a Markov chain with the number of States equal to 20. The graph of process transi-
tions is developed, the corresponding mathematical support allowing to calculate the
basic parameters of the Markov link underlying the specified template is formed. The
results are experimental, confirming the effectiveness of the developed Markov model
for conditionally stationary dynamics of controlled parameters of protection. Moreo-
ver, the expediency of further studies in the field of justification of the nomenclature
of controlled parameters and adaptation of the Markov model of the typical non-
stationary nature of the functional parameters of the CN is shown. It should be noted
that the possibility of creating a Markov model of unsteady NBP is confirmed in theo-
�retical works devoted to the Markov approximation of multiperiodic unsteady pro-
cesses [7, 19].
Thus, as a result of the analysis of scientific and practical works [2-4, 7-17, 19, 20],
the prospects of using Markov chains for the formation of NBP are determined. In
addition, it is shown that the known mathematical models of NBP do not fully consid-
er the typical non-stationary nature of the dynamics of the functional parameters of
network CN.
3 Purposes and Objectives of the Study
The main purpose of this study is to develop a Markov model of the non-stationary
profile of the normal behavior of network objects of computer systems, which is
adapted to the typical non-stationary nature of the dynamics of the auxiliary parame-
ters of such objects.
4 Development of the Markov model
In the construction of the Markov model, the position of the theory of dynamic data
series is used, according to which the multiperiodic NBP can be represented as a sum
of single-period profiles. The graph of single-period NBP is shown in Fig. 1, and the
graph of multiperiodic PNP is shown in Fig. 2.
Fig. 1. Single-period NBP graph.
Fig. 2. Graph of multiperiodic NBP.
The actual NBP corresponds to the function X=f(t). In Fig. 1, the letters A and B de-
note the transition (extreme) points of the function X=f (t)., the maxima of the func-
�tion are denoted as A2, A4, ... AD, and the minima as B1, B2, ... BD-1. Indices 1,2, ... D
correspond to the numbers of transition points. At intervals of type Bd Ad 1 and
Ad 1 Bd 2 single-period NBP has a stationary character. On intervals of type Bd Ad 1
the function X=f (t) increases, and on intervals of type Ad 1 Bd 2 the function X=f (t)
decreases.
According to theoretical studies in the field of the theory of Markov processes, the
basis of NBP on a stationary interval of the dynamics of operational parameters of CN
is a homogeneous Markov chain described by a system of Kolmogorov-Chapman
equations and a normalization condition that can be written using expressions:
P1 (t ) P1 (t 1) P1 (t 1) p1,i ... P1 (t 1) p1, N Pi (t 1) pi ,1... PN (t 1) p N ,1
, (1)
Pi (t ) Pi (t 1) Pi (t 1) pi ,1... Pi (t 1) pi , N P1 (t 1) p1,i ... PN (t 1) p N ,i
PN (t ) PN (t 1) PN (t 1) p N ,1... PN (t 1) p N ,i P1 (t 1) p1, N ... Pi (t 1) pi , N
N
Pi (t ) 1 (2)
i 1
where Pi(t) is the probability of finding the functional parameter in the i-th state at
time t[0, tmax], pi,j - is the probability of transition from state i to state j in one step
of the process, N is the number of States of the Markov chain.
If we accept the postulate that at the initial moment of time the simulated parame-
ter is in the first state of the Markov chain, then the initial conditions of modeling can
be written as follows:
P1 (0) 1 (3)
The disadvantages of the described Markov chain is the complexity of the calcula-
tion of transition probabilities, which is determined primarily by the fully connected
character of possible transitions of the process by states.
Therefore, based on the results of [7, 8, 19], the assumption is made about the pos-
sibility of using a Markov chain in which only successive transitions are possible
between states, the number of which is equal to 10. At the same time, the accuracy of
the model remains sufficient for the task of forming the NBP. Due to the accepted
simplification, expression (1) is modified as follows:
� P1 (t ) P1 (t 1) P1 (t 1) p1, 2 P2 (t 1) p2,1
, (4)
Pi (t ) Pi (t 1) Pi (t 1) pi ,i 1 Pi 1 (t 1) pi 1,i
PN (t ) PN (t 1) PN (t 1) p N , N 1 PN 1 (t 1) p N 1, N
where N =10 is the number of states of the Markov chain.
In case of approximation of dynamics of operational parameters of computer
networks it is recommended that the states with numbers from 1 to (N-1) correspond
to such values of parameters at which the software and hardware of a network will be
in a working state, and the N-th state corresponds to a non-working state 7. In a
one-sided region of operability, the first (N-1) states will be defined by the lower and
upper bounds, and the last N state by the lower bound only. Using the procedure of
uniform quantization of the region of operability, the state boundaries are defined as
follows:
Lbi i , (5)
Lei (i 1) , (6)
L , (7)
N 1
L Lb Le , (8)
where , L
b
i , L is the upper and lower bound of the i-th state, –is the width of the
e
i
b e
state, L –- width of the region of operability, L , L - upper and lower limit of the
region of operability.
An illustration of the described quantization procedure is Fig. 3, which shows
graphs of the dynamics of some operational parameter X for the same type of con-
trolled objects. In Fig. 3, the following notations are accepted: tk – moments of regis-
tration; 1...N – numbers of states of a Markov chain; ni – borders of states; O1, O2,
O3, O4, O5 -realizations of X. The calculation of the probabilities of transition of the
controlled parameter from state i to state j in one step of the process is implemented
as follows:
p(tk )i 1,i R(tk )i / R(tk )r , (9)
I
pi 1,i p (t k ) i 1,i / I , (10)
i 1
where p(tk)i-1,i – is the probability of transition between (i-1)-th and i-th state in one
step of calculation of Markov chains R(t k)i – the number of controlled objects that are
�moved from (i-1)-th to i-th state for the time interval tk, which corresponds to one step
of the Markov chain. R(tk)r –– the total number of operable objects at the time tk, pi-1,i
-the probability of transition between (i-1)-th and i-th state, I-the number of registra-
tions of the parameter.
Fig. 3. The graphs of dynamics of values of operational parameter for controlled ob-
jects
In the simplest case, to simulate one period of a single-period process of changing
the operational parameter X, the graph of which is shown in Fig. 3, the model will
consist of two homogeneous Markov chains given by expressions (2, 3, 4). The first
circuit is designed to simulate the AB section, the second-for the BC section. In this
case, the probabilities of the first Markov chain at time B are the initial distribution of
the form (1) for the second Markov chain.
For a two-period process, the graph of which is shown in Fig. 4, the Mars model
will be more complex. In such a model, it is necessary to consider that the BF section
is non-stationary only in the CE section. In this case, the half-periods CD and DE are
nested in the half-period BF.
Fig. 3. The half-life graph of a single-period process
� Fig. 4. The graph of two-period process
To construct a multiperiodic Markov model, the authors developed an approach based
on the Markov model described in [19, 20] of a one-periodic nonstationary NBP
process X f t , which increases sequentially at stationary intervals of
type Bd Ad 1 and decreases at stationary intervals of type Ad 1Bd 2 , where d is the
number of the transition point (see Fig. 1). The Markov model of one-period NBP
M BAB consists of two homogeneous Markov chains M BA and M AB , designed to
simulate the dynamics of functional parameters at stationary intervals of type Bd Ad 1
and Ad 1Bd 2 . By analogy with [2, 3] in the model of multiperiodic NBP, it is also
assumed that each of the stationary sites is modeled by its own homogeneous Markov
chain. For example, the NBP of a two-period process, the graph of which is shown in
fragments in Fig. 4, a sequential simulation of each of the stationary intervals AB,
BC, CD, DE, and EF is provided by a proper homogeneous Markov chain. As for the
case of a one-period NBP, the finite probability distribution of the stay of the previous
Markov chain is the initial conditions for the subsequent chain.. Thus, the Markov
model of multiperiodic NBP M BAB , the structure of which is shown in Fig. 5, con-
1 2 K
sists of modules M BAB , M BAB ,..., M BAB designed to simulate K significant periods
of the dynamics of the functional parameter under study. In this case, an arbitrary K-
k
th module M BAB is a Markov model of a one-period NBP developed in [19, 20], de-
k
signed for modeling the k-th periodic component. In turn M BAB , it consists of two
k k
LM- M BA and M AB , designed to model the k-th periodic component of the NBP..
k
The output of the k-th module M BAB at the τ -th step of the calculation is
Pk the probability distribution vector for the k-th periodic component of the
NBP. The number of states and state boundaries of the Markov chain of each of the
modules should be calculated individually using the expressions (5-8). Also, the val-
ues of transition probabilities should be calculated separately for each Markov chain.
For this purpose, it is possible to use expressions (9, 10), having modified them a little
for processing of statistics on the corresponding interval of functioning (half-life):
pz (tk )i 1,i Rz (tk )i /Rz (tk )r tk , (11)
� Iz
p z ,i 1,i p z (t k )i 1,i / I z , (12)
i 1
where z is the half-period in question.
Other symbols (11, 12) correspond to expressions (9, 10).
Fig. 5. Markov model of multiperiodic NBP
The output of the model M BAB at the τ t-th step of calculation is the probability dis-
tribution vector of the form:
P P1 , P2 ,..., PN , (13)
where Pi
is the integral probability of finding the parameter in the i-th state
of the Markov chain at the τ -th step of the calculation.
Pi
it is calculated as follows:
K
Pi
K 1 Pi k , (14)
k 1
where Pi
k
is the probability of the functional parameter staying in the i-th
state of the K-th Markov chain at the τ-th calculation step.
Using the proposed Markov model, the software package MarkPr was developed,
which allows to simulate Markov processes of various types. So, in Fig.6 shows the
simulation results of a two-period Markov process with 10 states. The graph shown in
Fig. 6. corresponds to the mathematical expectation of the controlled parameter.
�Fig. 6. The graphs of the dynamics of the mathematical expectation of the number of
requests
On the basis of the described Markov model, given by the expressions (2-14), a
two-period NBP of a Web server is developed. Statistical data were used to construct
the model [19, 20]. The simulation was carried out using the mentioned MarkPr pro-
gram. As a security parameter, the number of web server accesses per 1 minute is
used. The simulation results are partially presented in Fig.7, on which 1 denotes a
graph based on statistical data, 2 If based on a one-period model [20], and 3 based on
the proposed two-period model.
Fig. 7. The graphs of the dynamics of the mathematical expectation of the number of
requests
It is important to mention that for a one-period model, the average modeling error
is 0.09 [19-22], for a two - period (author's) model-0.04, and for common polynomial
models [1, 4] - 0,140,18. Therefore, the application of the proposed two-period
model allowed to reduce the error of modeling with respect to the one-period model
by about 2 times, and with respect to common polynomial models-by about 4 times.
Consequently, the results of the experiments confirm the effectiveness of the pro-
�posed two-period Markov model of NBP. At the same time, the issue of determining
the number of significant periods that need to be taken into account in the NBP re-
mains unresolved. Based on the results [12], it can be assumed that this deficiency can
be corrected by using the theory of spectral analysis of data.
5 Conclusion
As a result of the conducted researches, it is justified expediency forming of multipe-
riodic profiles of normal behavior of network objects of computer systems on the
basis of a Markov chain with consecutive transitions is proved. The developed Mar-
kov model of the non-stationary profile of normal behavior allows to consider the
typical multi periodic nature of the dynamics of functional parameters, which reflect
the state of security of network objects of computer systems. As a result of experi-
mental studies, it was found that the application of the developed multiperiodic model
allowed to increase the accuracy of forecasting the dynamics of functional parameters
up to 2 times relative to the best known models of similar purpose. It is shown that the
prospects for further research are associated with the development of methods for
applying solutions of the theory of spectral analysis of data to determine the signifi-
cant periods of the process of change of functional parameters.
References
1. Baranov P. A. Detection of anomalies based on an analysis of the uniformity of
parameters of computer systems: the dissertation ...Candidate of Technical Sci-
ences: 05.13.19 St. Petersburg, 2007 155 p.
2. Choudhury, H., Mandal, S., Prasanna, S.R.M. Comparative study of Markov
Model based synthesis and recognition systems. (2017). IEEE Region 10 Annual
International Conference, Proceedings/TENCON pp. 272-276.
3. Choudhury, H., Mandal, S., Prasanna, S.R.M. Comparative study of Markov
Model based synthesis and recognition systems. (2017). IEEE Region 10 Annual
International Conference, Proceedings/TENCON pp. 272-276.
4. Design templates for identification state of computer systems are based on BDS-
test / Semenov S.G, S. Yu. Gavrilenko, V.V Chelak // Herald of the National
Technical University "KhPI". Subject issue: Information Science and Modelling.
– Kharkov: NTU "KhPI". – 2016. – No 21 (1193). – Р . 118 – 127.
5. Dychka, I., Tereikovskyi, I., Tereikovska, L., Pogorelov, V., Mussiraliyeva,
S.(2018), Deobfuscation of computer virus malware code with value state de-
pendence graph, Advances in Intelligent Systems and Computing, pp 370-379.
6. Dychka, I., Chernyshev, D., Tereikovskyi, I., Tereikovska, L., Pogorelov, V.
Malware Detection Using Artificial Neural Networks Advances in Computer Sci-
� ence for Engineering and Education II. ICCSEEA 2019. Advances in Intelligent
Systems and Computing, vol 938. Springer, Cham. Pages 3-12.
7. Ignatov V.A., Manshin G.G., Traynev V.A. Statistical optimization of the quality
of functioning of electronic systems. M .: Energy, 1974, 264 p. (In Russian).
8. Gavrilenko S.Yu., Gornostal A.A. Development of adaptive patterns for fixing
abnormal behavior of a computer system. Information Processing Systems, 2016,
issue 3. p. 11-14.
9. Gamayunov D. Falsifiability of network security research: The good, the bad, and
the ugly. In Proceedings of the 1st ACM SIGPLAN Workshop on Reproducible
Research Methodologies and New Publication Models in Computer Engineering,
TRUST ’14, pages 4:1–4:3. ACM New York, NY, USA, 2014.
10. Gnatyuk S. Critical Aviation Information Systems Cybersecurity, Meeting Secu-
rity Challenges Through Data Analytics and Decision Support, NATO Science
for Peace and Security Series, D: Information and Communication Security. -
IOS Press Ebooks, Vol.47, №3, рр. 308-316, 2016.
11. Gnatyuk S., Sydorenko V., Aleksander M. Unified data model for defining state
critical information infrastructure in civil aviation, Proceedings of the 2018 IEEE
9th International Conference on Dependable Systems, Services and Technologies
(DESSERT), Kyiv, Ukraine, May 24-27, 2018, pp. 37-42.
12. Hu, Z., Tereikovskyi, I., Tereikovska, L., Tsiutsiura, M., Radchenko, K. Applying
Wavelet Transforms for Web Server Load Forecasting. Advances in Computer
Science for Engineering and Education II. ICCSEEA 2019. Advances in Intelli-
gent Systems and Computing, vol 938. Springer, Cham. Pages 13-22.
13. Kuznetsov G.V., Ivanov A.M. Data analysis methods for detecting attacks in
computer systems and networks of banking structures. - K .: Inf. security. Sat.
NAU, 2004, S. 45-50.
14. Liu, S.-Z., Liao, Z.-F., Hu, J., Fan, X.-P. (2014) Classified time homogeneous
Markov model for recommendation based on implicit feedback Tien Tzu Hsueh
Pao/Acta Electronica Sinica 42(4), pp. 703-710.
15. Mustafayev AG (2016) Neyrosetevaya sistema obnaruzheniya komp'yuternykh
atak na osnove analiza setevogo trafika. Voprosy bezopasnosti, 2:1-7. Access
mode: URL: http://nbpublish.com/library_read_article.php?id=18834 (reference
date: August 22, 17).
16. Pavlov D., Chertov O. (2019) How Click-Fraud Shapes Traffic: A Case Study. In:
Chertov O., Mylovanov T., Kondratenko Y., Kacprzyk J., Kreinovich V., Stefa-
nuk V. (eds) Recent Developments in Data Science and Intelligent Analysis of In-
formation. ICDSIAI 2018. Advances in Intelligent Systems and Computing, vol
836. Springer, Cham
17. Penagarikano, M., Bordel, G. (2004) Layered Markov models: A New architec-
tural approach to automatic speech recognition. Machine Learning for Signal
� Processing XIV - Proceedings of the 2004 IEEE Signal Processing Society Work-
shop pp. 305-314.
18. Taran, V., Gordienko, N., Kochura, Y., Gordienko, Y., Rokovyi, A., Alienin, O.,
Stirenko, S.: Performance evaluation of deep learning networks for semantic
segmentation of traffic stereo-pair images. In: Proceedings of the 19th Interna-
tional Conference on Computer Systems and Technologies, pp. 73–80. ACM,
September 2018.
19. Yu. Danik, R. Hryschuk, S. Gnatyuk, Synergistic effects of information and cy-
bernetic interaction in civil aviation, Aviation, Vol. 20, №3, рр. 137-144, 2016.
20. Tereikovskiy, I., Parkhomenko, I., Toliupa, S., Tereikovska, L. Markov model of
normal conduct template of computer systems network objects // 14th Interna-
tional Conference on Advanced Trends in Radioelectronics, Telecommunications
and Computer Engineering, TCSET 2018 – Proceedings. pp. 498 – 501.
21. A. Tikhomirov, N. Kinash, S. Gnatyuk, A. Trufanov, O. Berestneva et al, Net-
work Society: Aggregate Topological Models, Communications in Computer and
Information Science. Verlag: Springer International Publ, Vol. 487, рр. 415-421,
2014.
22. Toliupa, S., Tereikovska, L., Toliupa, S., Tereikovska, L., Korystin, O., Na-
konechnyi, V. One-periodic template marks model of normal behavior of the
safety parameters of information systems networking resources // 2019 Interna-
tional Scientific-Practical Conference Problems of Infocommunications. Science
and Technology, PIC S&T′2019. 08-11 October 2019 Kyiv, Ukraine, pp. 774 –
779.
�