=Paper=
{{Paper
|id=Vol-2603/paper6
|storemode=property
|title=Intellectual analysis and basic modeling of complex threats
|pdfUrl=https://ceur-ws.org/Vol-2603/paper6.pdf
|volume=Vol-2603
|authors=Nikolai Korneev,Vyacheslav Merkulov
}}
==Intellectual analysis and basic modeling of complex threats==
https://ceur-ws.org/Vol-2603/paper6.pdf
Copyright © 2019 for this paper by its authors. Use permitted under Creative Commons License Attribution 4.0 International (CC BY 4.0)
Intellectual analysis and basic modeling of complex
threats
Nikolai Korneev Vyacheslav Merkulov
Faculty of Integrated Security of Fuel and Energy Complex Faculty of Integrated Security of Fuel and Energy Complex
Gubkin Russian State University of Oil and Gas (National Gubkin Russian State University of Oil and Gas (National
Research University) Research University)
Department of Data Analysis, Decision-Making and Moscow, Russia
Financial Technology niccyper@mail.ru
Financial University under the Government of the Russian
Federation
Moscow, Russia
niccyper@mail.ru
Abstract—The paper describes the basic principles of complex Consequences of threat implementation – a factor that
threats modeling, and the task of complex threats detection is is caused by a specific threat implementation; it can
formalized. The proposed modeling principles are based on the have a negative impact on the protected system or it
idea of identifying the links between elementary threats as part of can be an exploited vulnerability for another threat.
a complex one. As an example, the process of constructing a
complex threat model based on the proposed modeling rules is
given. Based on the examples presented in the work, the paper I. INTRODUCTION
includes the description of tasks while working with complex Scientific publications of both domestic and foreign
threats: the tasks of complex threats detection, the identification scientists [1-3, 7, 11-13, 15-20] show that in domestic
of their inner structure and purposes of the implementation. and foreign literature and practice in this area,
Based on the formulated principles of basic modeling, the rigorous mathematical models with criteria of control support
paper also gives a formal statement of complex threats efficiency in the field of comprehensive security generally
detection problem, which explains the possibility for applying do not exist, and the existing comprehensive security
data mining algorithms and big data processing technologies systems do not solve the task of automated building a
in the construction of protection systems against complex
component-based model of a facility as part of
threats and developing the neurographic theory of complex
security.
comprehensive facility safety control support [9].
In the case where the finite number of states of the
Keywords— complex threats; complex threat model ; complex controlled facility at each moment of time is unknown, it is
security; hybrid threats; complex threats detection; complex threats advisable to use a more sophisticated model similar
detection method ; data mining algorithms; big data neurographic model [9].
processing, neurographic theory of complex security
In retrospect, security threats were considered as atomic
TERMS USED units unconnected to each other. This approach has led to the
Protected system – a system in the conventional fact that elementary threats are currently well studied and
sense, consisting of many security objects, not necessarily classified [5, 6], effective hardware and software solutions
located in one space. have been developed to ensure security against them,
also organizational and legal methods, general principles of
Complex threat – a threat consisting of several different security are widely used.
elementary threats, connected by means of certain
synchronized mechanisms and not necessarily existing in one In practice, when analyzing security incidents and risks, it
space. often becomes obvious that there are internal links between
a set of elementary threats, which form a system.
Hybrid threat – a variation of a complex threat,
which necessarily contains elementary threats that affect The presence of certain properties in this system allows us
different areas of the protected system. to consider the constituent elements of the system not as atomic
(elementary) threats, but as a complex security threat.
Exploited threat vulnerability – a factor based on the
properties of the protected system or methods of The paper contains an example of the formation
protection, which is used in the implementation of a specific and implementation of a complex threat consisting of
elementary threat. several elementary threats connected in a certain way.
Threat implementation mechanism – a set of actions, which It is also worth noting that the existence of hybrid threats is
actively use available exploited vulnerabilities and are aimed at closely related to the term “hybrid war” [4, 8, 10]. These are
the threat implementation. subtypes of complex threats and characterized by the property
23
� Copyright © 2019 for this paper by its authors. Use permitted under Creative Commons License Attribution 4.0 International (CC BY 4.0)
of forming and implementing the threat components not in a III. EXAMPLE OF BUILDING A BASIC MODEL OF A
single space (for example, only in the physical) and in several COMPLEX THREAT
spaces simultaneously (for example, in physical and
Let us consider an example of the formation and
information space).
implementation of a complex threat, which can be called
Complex threats, as a separate type of threat, require the hybrid, as elementary attacks in its composition exist in
creation of theoretical foundations for security; on their basis, it different spaces.
is possible to ensure the development of appropriate integrated
Example: a group of intruders implements a hybrid threat
security systems.
against a FEC enterprise. The purpose of the attack is to cause
economic and reputational damage to the enterprise; the subject
II. BASIC MODEL OF COMPLEX THREAT of the attack – confidential information of loyalty cards of end-
As an object of research, complex threats require certain use customers; the protected system is directly a FEC
methods of formalization, i. e. principles and tools for enterprise. In this example, the hybrid threat is implemented in
modeling, which are currently missing. The following are the several stages:
rules for basic models formation of complex threats. 1. Exploiting software vulnerability in corporate PACS,
The complex threat C can be represented as a combination inaccurate data is added to the identification code database.
of a set (1) of the elementary threats T and a set R of 2. Having the ability to pass the perimeter of physical
interconnections between them: protection freely, since there are false entries in PACS database,
C = ; the intruder penetrates into the protected area.
|T| > 1; (1) 3. While in the protected area, the intruder detects a storage
medium, which contains confidential data and creates its
|R| > 1. physical copy.
The elementary threat ti ∈ T consists of (2) (3) non-empty 4. Copied confidential information distributes to public
sets of exploited vulnerabilities V, mechanisms for sources, which causes economic and reputational damage to the
implementing M and consequences of implementing threat A: protected system.
t i = < Vti , Mti , Ati >, (2) Reputational damage involves the reduction of the
consumer trust to the company’s ability to ensure the protection
Vti = {v1 , v2 , … , vn };
of personal customer data.
Mti = {m1 , m2 , … , mk }, (3) The economic damage involves loyalty cards usage without
Ati = {a1 , a2 , … , ap }. the need for their legal acquisition and participation in the
loyalty program, as you can purchase stolen data from the
To avoid further conglomeration of indexes, we consider intruder.
records of the form v1 equivalent to v(1).
We formalize this example of a hybrid threat into a basic
A link ri,j ∈ R between elementary threats ti and tj exists, if model. Its general view (5):
at least, one consequence of the threat implementation ti (ap ∈ C = ;
Ati ) is an exploited threat vulnerability (vn ∈ Vtj ), i. e.
between ap and vn there is some equivalence relation. |T| = 4; (5)
Thus, the set R can be represented as a two-dimensional |R| = 4.
matrix, the rows and columns of which contain elements of the Let us consider the structure of elementary threats t1, t2, t3,
set T, and at the intersection of i row and j column there is an t4 and correlations r between them.
element ri,j, showing the existence of a connection between
threats ti and tj. To simplify the model, the power of the sets V, M, A of
every elementary threat is equal to one, i. e. |V| = 1, |M| = 1, |A|
The nature of such a connection is an open question for = 1 for all t ∈ T.
further research, however, in a simplified version it is proposed
to use binary values for elements of the set R (there is either a Further, we consider the problem of modeling non-
connection, then ri,j = 1, or not, in this case ri,j = 0) (4). obviousness and threat implementation, especially hybrid
threats, that depends on the power of the sets V, M, A.
1, ∃ ap ∈ Ati , �ap ~ vn � ∧ (vn ∈ Vtj )
ri,j = � �. (4) In this example, the elementary threat t1 arises, implements
0, otherwise and generates consequences only in the information space, as it
The above-mentioned modeling principles allow you to is based in the PACS software vulnerability and implements by
make a formalized model of a complex threat, which has a the intruder distantly, changing the reliability and accuracy of
minimum set of parameters for further research. the confidential database (6):
t1 = < Vt1 , Mt1 , At1 >, (6)
24
� Copyright © 2019 for this paper by its authors. Use permitted under Creative Commons License Attribution 4.0 International (CC BY 4.0)
software vulnerability
Vt1 = � �;
in the identifier store PACS
Mt1 = {exploiting a software vulnerability};
violation of data reliability
A t1 = � �.
in the identifier store
The elementary threat t2 arises in the information space, as
it is based on unreliable data in the identifier store; implemented
in the physical space by penetration of the intruder into the Fig. 1. Mapping elements of the set R in the matrix form
protected area; also produces consequences in physical space,
providing the intruder with access to physical storage media (7): In fact, the represented matrix is a connectivity matrix for a
t 2 = < Vt2 , Mt2 , At2 >, (7) directed graph (Fig. 2).
violation of data reliability
Vt2 = � �;
in the identifier store
penetration into the protected
Fig. 2. Representation of the C model as a directed graph
Mt2 = � area via PACS �;
without being detected The construction of such kind of graphs allows you to
At2 = {access to physical storage media}. visualize the investigated complex threats and the correlation of
elementary threats.
The elementary threat t3 arises in the physical space,
because it is based on access factor of the intruder to physical As illustrated in the considered example, the proposed
storage media; it also implements in the physical space, using system of complex threats modeling can be used as a theoretical
the media copy mechanism; generates consequences in the basis for constructing formalized descriptions of complex
information space, that is characterized by the possession of threats for their further analysis.
confidential information (8):
IV. PROBLEMATICS OF COMPLEX THREATS
t 3 = < Vt3 , Mt3 , At3 >, (8)
The assumption about the sets V, M, A power is made to
Vt3 = {access to physical storage media}; simplify the understanding of the example. In practice, as it was
shown (2) (3), these sets are strictly non-empty, and their power
Mt3 = {copying of the physical storage media}; can be quite large. We give an example of a complete
At3 = {access to confidential data}. composition of these sets based on t2 (11):
The elementary threat t4 arises and is implemented in the violation of data reliability
⎧ of the identifier store; ⎫
information space, it means that an intruder has a confidential
⎪ ⎪
access and has the ability to distribute the confidential data to ⎪ PACS is unequipped by ⎪
general public; however, threat implementation generates ⎪ supplementary power supply; ⎪
consequences in the economic and social spaces, damaging the 𝑉𝑉𝑡𝑡2 = recruitment of a company employee; ;
company’s reputation and the financial performance of the ⎨ blackmailing a company employee; ⎬
company (9): ⎪ presence of weaknesses in the ⎪
⎪ ⎪
t 4 = < Vt4 , Mt4 , At4 >, (9) ⎪ physical guard band (obstacles); ⎪
⎩ the possibility of a power outage. ⎭
Vt4 = {access to confidential data};
penetration into the
Mt4 = {confidential data distribution}; ⎧ protected area via PACS ⎫
⎪ ⎪
image and economic ⎪ without being detected; ⎪
A t4 = � �. ⎪ penetration into the territory ⎪
damage to the enterprise
As the sets V, M, A were presented in a simplified form, the Mt2 = during the PACS shutdown; ; (11)
⎨ using ID of recruited ⎬
elements of the set R are also easy to model (10): ⎪ ⎪
⎪ agent to evade PACS; ⎪
Vt2 ~At1 → r1,2 = 1; penetration through the
⎪ ⎪
Vt3 ~At2 → r2,3 = 1; (10) ⎩weak point of physical obstacles.⎭
Vt4 ~At3 → r3,4 = 1.
For clarity, we also give the matrix form, representing the
set R in this case (Fig. 1).
25
� Copyright © 2019 for this paper by its authors. Use permitted under Creative Commons License Attribution 4.0 International (CC BY 4.0)
access to physical storage media;
⎧ physical access to workstations; ⎫
⎪ ⎪
⎪ physical access to servers; ⎪
⎪ physical access to internal ⎪
𝐴𝐴𝑡𝑡2 = computer communication; .
⎨ physical access to internal ⎬
⎪ electric service lines; ⎪
⎪ ⎪
⎪ physical access to the ⎪
⎩ fire protection system. ⎭
A deeper analysis of vulnerabilities can give the full Fig. 4. Mapping an example of the set R as a graph
composition of the sets V, M, A, however, we will focus on the
above example and make a few remarks: In the problem discussed above, the elementary threat t1 was
Comment 1. It is obvious that between the elements of sets accepted as ‘initial’, i.e. implemented the first (in terms of the
V and M must also be a certain connection. In this example, the linear time flow). The connection r4,1 means that there is a
presence of the intruder inside the protected system transition to the threat t1 from t4, i.e. literally ‘threat
(3) (4) implementation t4 will make consequences At4 , which can be
(vulnerability vt2 or vt2 ) allows not only to use its ID to
(3) used in the threat t1 as vulnerabilities Vt1 ’.
deceive the PACS (mechanism mt2 ), but also to break the
(6) Obviously, the connection may exist in the model, but it
power supply of the PACS (vulnerability vt2 ), then penetrate
(2)
does not make practical sense at first glance, if t1 is considered
the area while PACS' inoperability (mechanism mt2 ). as ‘initial’ threat, to which there is no need to return.
According to the authors, this connection can be defined as In addition, with such a set of connections in R it becomes
follows: for an intruder to be able to use this mechanism mi ∈ unclear which elementary threat among t1-t4 is an aim for the
M to implement the elementary threat, this mechanism mi must intruder, i.е. that one of them will allow him to achieve the goal
be based on at least one exploited vulnerability vi ∈ V. At the of a complex attack.
same time, the increase of vulnerabilities vi, upon which the Returning to the considered example of complex threat, the
mechanism mi depends, have to increase the probability that whole process of its formation and implementation was known,
intruders will use the mi mechanism when implementing an therefore it became possible to make a model and track the
elementary threat. relation between threats. The tasks such as complex threat
Comment 2. Adding elements to all the sets V, M, A for the detection, the determination of its purpose and the order of
remaining elementary threats t1, t3 and t4, and having done an elementary threats implementation as a part of it, did not require
additional analysis of the received model, the content of the set a solution – this information was contained in the initial data.
R requires clarification, since one cannot rule out the possibility However, as follows from all of the above, it is these tasks that
of additional connections that will be modeled on the basis of are the main ones and the most difficult to solve.
the data added to the model.
Let us consider another example of mapping the set R into V. COMPLEX THREATS DETECTION
a matrix form, without reference to the previously considered In reality, for complex and hybrid threats protection, we can
problem, and make an appropriate graph (Fig. 3, Fig. 4). point out two the most important tasks:
1. Detection of a complex threat presence.
2. Determining the goal of a complex threat.
Ideally, the human thinking can assume the presence of a
complex threat only after the implementation of at least two
elementary attacks.
In the given example, if the security expert knows only the
fact of the attack, implementing the threat t1, it is quite
Fig. 3. Mapping an example of the set R into a matrix complicated for him to make a conclusion about the presence
of a complex threat based on such information.
The connection r2,3 and r2,4 (Fig. 4) means, that the threat t2 If the expert knows about the threat implementation t2 – he
can be implemented in the way, that the threat implementation may already have certain assumptions and conjectures about the
t3 will no longer be necessary before implementation t4, since existence of a connection between t1 and t2, i.е. about the
required vulnerabilities (Vt4 ) for t4 will already exist as a result existence of r1,2. We can make the following conclusions:
of the threat t2 (At2 ). However, such reasoning is true only if t4
is accepted as the target of a complex attack. 1. The task of detecting the presence of a complex threat
can be kept to define the set of links R, if the content of the set
26
� Copyright © 2019 for this paper by its authors. Use permitted under Creative Commons License Attribution 4.0 International (CC BY 4.0)
of elementary threats T is known (moreover, the full description |T| > 1; (12)
of this set is required).
|R| > 1;
2. Attempts to detect complex and hybrid threats by
humans will be “late” for at least two elementary attacks t, as T ⊆ Tp.
this number allows to conclude that there is at least one link r. That is, for any complex threat C, the set of elementary
If a complex threat consists of three planned attacks – the threats T will always be formed from the elements of the set of
‘human’ detection system is almost useless. potential elementary threats Tp.
Let us consider the question of determining the goal of a 2. Current complex threat model – an updated model in the
complex threat. Despite the fact that the complex threat includes form of C = , created on the basis of information
many elementary threats T, which can cause some damage on available at a discrete instant of time about the implemented
their own, the real (main) purpose of a complex threat, in complex threat C.
general, is only one – it is a deep systemic vulnerability in the
protected system. 3. Proposed complex threat model – immutable model
C = , formed by an intelligent algorithm based on its
The main purpose of a well-planned and implemented operational internal rules and knowledge about possible
complex threat is not obvious to the security service until the complex threats models.
intruder reaches the target, in some cases – after, because the
consequences of a complex threat implementation and the In fact, having extensive information about the components
achievement of the main goal can be hidden and stretched over of the set of potential elementary threats Tp, to synthesize the
time. rules of detection of a specific complex threat C you will have
to create a set of assumed integrated threat models C, and then
The example considered above (Fig. 4) is a visual – compare the assumed models with the current model to
representation of the purpose of a complex threat uncertainty. identify the most reliable ones.
The Elementary threats t1-t4 are occurred through
vulnerabilities, which are the consequences of other threat. To detect complex threat C, let N putative models of
Neither goals of the complex threat nor the order of its complex threats (i = 1..N) be synthesized, with each
implementation is obvious. such model satisfying the rules (12) and (2). We introduce the
set to denote the current complex threat model C,
Fig. 5 presents a situational pattern, wherein the expert is which also satisfies (12) and (2).
aware of seven potential elementary threats and the existence of
the connection of r1,2: As the complex threat C is implemented, its current model
will be supplemented not only with new connections
r, but also with the elements of the set Tс. Having calculated the
evaluation function (13), where d (p, q) - is a certain measure
of similarity, we obtain the closest to the current model
the estimated model , which can be considered the most
likely case scenario at discrete time:
𝑁𝑁
min(𝑑𝑑𝑖𝑖=1 (< 𝑇𝑇𝑖𝑖 , 𝑅𝑅𝑖𝑖 >, < 𝑇𝑇𝑐𝑐 , 𝑅𝑅𝑐𝑐 >)). (13)
Thus, it is proposed to reduce the complex threat detection
to finding the most “similar” model among the set of pairs of
proposed models , which will be made by a special
intelligent algorithm.
Fig. 5. An example of a lack of knowledge about a partially implemented
complex threat
VII. CONCLUSION
The task of predicting the next threat implementation, in this The proposed rules for the complex threats formalization
case, seems to be quite difficult for human thinking even for into a basic model can be used as a basis for further research in
seven threats. In reality, the number of potential threats that can the direction of the theory of complex security and hybrid
be implemented next, can be measured in hundreds. threats protection, neurographic theory of complex security [9].
The example of constructing a basic model, given in the
VI. METHOD INTELLIGENT DETECTION METHOD OF work, shows its applicability. The basic model can be
COMPLEX THREATS supplemented with various aspects that will improve the
We introduce three main terms. accuracy of the created models.
1. Potential elementary threats Tp – the set of all elementary In addition, some aspects identified in the paper remain
threats existing within the considered protected system. In this open for further research, for example, the nature of the links
case, the elements of the set Tp also satisfy (2), and the record between elementary threats.
(1) can be supplemented in the following way (12): The second most important result of the work is the
C = ; conclusion of a formalized task of complex threats detection
27
� Copyright © 2019 for this paper by its authors. Use permitted under Creative Commons License Attribution 4.0 International (CC BY 4.0)
(13). The issue, in fact, directly leads to artificial intelligence [2] Barceló-Rico, F., Esparcia-Alcázar, A. I., & Villalón-Huerta, A. (2016).
algorithms usage and big data processing in the construction of Semi-supervised classification system for the detection of advanced
persistent threats. In Recent Advances in Computational Intelligence in
integrated security systems, as there are three big tasks: Defense and Security (pp. 225-248). Springer, Cham.
1. Potential modeling of complex threats. The problem can [3] Chan, K. Y., Kwong, C. K., Wongthongtham, P., Jiang, H., Fung, C. K.,
be solved by creating an artificial intelligence system that has Abu-Salih, B., ... & Jain, P. (2018). Affective design using machine
learning: a survey and its prospect of conjoining big data. International
decent knowledge about complex threats modeling, the Journal of Computer Integrated Manufacturing, 1-19.
structure of internal relationships, the features of the complex [4] Davis Jr, J. R. (2015). Continued evolution of hybrid threats. The Three
threats implementation, etc. Sword Magazine, 19(28).
Such knowledge can only be obtained by processing large [5] Elnagdy, S. A., Qiu, M., & Gai, K. (2016, June). Cyber incident
classifications using ontology-based knowledge representation for
amounts of data, collected during the operation of security cybersecurity insurance in financial industry. In 2016 IEEE 3rd
monitoring systems. In general, there arises a range of tasks International Conference on Cyber Security and Cloud Computing
typical for Big Data technologies, which are already widely (CSCloud) (pp. 301-306). IEEE.
used in many fields, including the fields of data security and [6] Elnagdy, S. A., Qiu, M., & Gai, K. (2016, June). Understanding taxonomy
cyber security systems [1, 9, 11, 13, 15, 16, 18]. of cyber risks for cybersecurity insurance of financial industry in cloud
computing. In 2016 IEEE 3rd International Conference on Cyber Security
2. Creation of rules for determining the most similar and Cloud Computing (CSCloud) (pp. 295-300). IEEE.
anticipated and current models of complex threats. The solution [7] He, Z., Situ, H., Zhou, Y., Wang, J., Zhang, F., & Qiu, M. (2018, May).
of this problem includes a wide range of possibilities for A Fast Security Evaluation of Support Vector Machine Against Evasion
applying data mining algorithms (Data Mining). Attack. In 2018 IEEE 4th International Conference on Big Data Security
on Cloud (BigDataSecurity), IEEE International Conference on High
Among the Data Mining algorithms used in relation to this Performance and Smart Computing,(HPSC) and IEEE International
Conference on Intelligent Data and Security (IDS) (pp. 258-263). IEEE.
problem can be noted clustering, classification and affinity
[8] Hunter, E., & Pernik, P. (2015). The challenges of hybrid warfare.
analysis. It is possible to use regression analysis and genetic International Centre for Defence and Security.
algorithms. Data Mining technologies are also widely used in
[9] Korneev, N. V. (2019, January). A Neurograph as a Model to Support
many areas of activity, successfully solving assigned tasks, Control Over the Comprehensive Objects Safety for BIM Technologies.
including the field of security [2, 3, 7, 9, 12, 17]. In IOP Conference Series: Earth and Environmental Science (Vol. 224,
No. 1, p. 012021). IOP Publishing.
3. Tracking and current integrated threat modeling.
[10] Mälksoo, M. (2018). Countering hybrid warfare as ontological security
According to the authors, this task can be solved by creating management: the emerging practices of the EU and NATO. European
certain analysis and information system, which can be based on security, 27(3), 374-392.
existing corporate information systems and security tools [11] Mishra, A. D., & Singh, Y. B. (2016, April). Big data analytics for security
within specific enterprises. Integration and data flow and privacy challenges. In 2016 International Conference on Computing,
monitoring [14], emphasis on critical deviations, events Communication and Automation (ICCCA) (pp. 50-53). IEEE.
recording and relation determination by methods of intellectual [12] Mohammed, B., Awan, I., Ugail, H., & Younas, M. (2019). Failure
analytics are the main assets, the totality of which will solve this prediction using machine learning in a virtualised HPC system and
application. Cluster Computing, 22(2), 471-485.
problem.
[13] More, Rohit, et al. "Real time threat detection system in cloud using big
The paper describes the basic principles of complex threats data analytics." 2017 2nd IEEE International Conference on Recent
modeling, and the task of complex threats detection is Trends in Electronics, Information & Communication Technology
(RTEICT). IEEE, 2017.
formalized. The proposed modeling principles are based on the
[14] Offia, C. E., & Crowe, M. (2019). A theoretical exploration of data
idea of identifying the links between elementary threats as part management and integration in organisation sectors. International Journal
of a complex one. As an example, the process of constructing a of Database Management Systems, 11(1), 37-56.
complex threat model based on the proposed modeling rules is [15] Petrenko, S. A., & Makoveichuk, K. A. (2017). Big data technologies for
given. Based on the examples presented in the work, the paper cybersecurity. In CEUR Workshop (pp. 107-111).
includes the description of tasks while working with complex [16] Rawat, D. B., Doku, R., & Garuba, M. (2019). Cybersecurity in Big Data
threats: the tasks of complex threats detection, the identification Era: From Securing Big Data to Data-Driven Security. IEEE Transactions
of their inner structure and purposes of the implementation. on Services Computing.
Based on the formulated principles of basic modeling, the paper [17] Singh, J. (2014, March). Real time BIG data analytic: Security concern
also gives a formal statement of complex threats detection and challenges with Machine Learning algorithm. In 2014 Conference on
IT in Business, Industry and Government (CSIBIG) (pp. 1-4). IEEE.
problem, which explains the possibility for applying data
[18] Srivastava, Neha, and Umesh Chandra Jaiswal. "Big Data Analytics
mining algorithms and big data processing technologies in the Technique in Cyber Security: A Review." 2019 3rd International
construction of protection systems against complex threats and Conference on Computing Methodologies and Communication (ICCMC).
developing the neurographic theory of complex security [9]. IEEE, 2019.
[19] Stepanova, T., Pechenkin, A., Lavrova, D. Ontology-based big data
approach to automated penetration testing of large-scale heterogeneous
REFERENCES systems (2015) ACM International Conference Proceeding Series, 08-10-
[1] Anavangot, Vijay, Varun G. Menon, and Anand Nayyar. "Distributed Big Sep-2015, DOI: 10.1145/2799979.2799995.
Data Analytics in the Internet of Signals." 2018 International Conference [20] Probabilistic Modeling in System Engineering / By ed. A. Kostogryzov –
on System Modeling & Advancement in Research Trends (SMART). London: IntechOpen, 2018. 278 p. DOI: 10.5772/intechopen.71396.
IEEE, 2018.
28
�