=Paper=
{{Paper
|id=Vol-3347/Paper_18
|storemode=property
|title=Data Processing Centre's Cyberattack Protection Directions on the Base of Neural Network Algorithms
|pdfUrl=https://ceur-ws.org/Vol-3347/Paper_18.pdf
|volume=Vol-3347
|authors=Yanina Shestak,Serhii Toliupa,Anatolii Shevchenko,Anna Torchylo,Ogbu James Onyigwang
|dblpUrl=https://dblp.org/rec/conf/iti2/ShestakTSTO22
}}
==Data Processing Centre's Cyberattack Protection Directions on the Base of Neural Network Algorithms==
https://ceur-ws.org/Vol-3347/Paper_18.pdf
Data Processing Centre's Cyberattack Protection Directions on
the Base of Neural Network Algorithms
Yanina Shestak 1, Serhii Toliupa 1, Anatolii Shevchenko 1, Anna Torchylo 1 and Ogbu James
Onyigwang 2
1
Taras Shevchenko National University of Kyiv, 24 B. Havrylyshyna Str., Kyiv, 04116, Ukraine
2
University of Ibadan, Ibadan 200284 Oyo State, Nigeria
Abstract
This paper describes the methods of organization of the data center protection strategy,
presented as a network distributed infrastructure, against potential external threats. This work
indicates the advantages of using neural network algorithms and deep learning neural network
architecture in the specified field. In accordance with the set of quantitative target indicators,
mathematical modeling of the evaluation of the effectiveness of the selection of cyber attack
software code was carried out. Based on the proposed mathematical apparatus, an evaluation
of the protection of the infrastructure of the data center against cyber attacks was carried out.
In particular, this article analyses using a neural network architecture such as an autoencoder,
a multi-layer autoencoder, a deep belief network, a convolutional neural network, a recurrent
neural network, a recursive neural network with the inclusion of algorithms based on a
restricted Boltzmann machine and a long-chain scheme of short-term memory. According to a
set of factors that correspond to the effectiveness of the application of neural network
algorithms in solving the task of organizing a data center infrastructure protection strategy,
objective functions were proposed. Besides, the determination of global extrema of these
functions provides an opportunity to solve the problem of optimizing the machine code analysis
system for the presence of a cyber attack.
Keywords 1
Data center, cyber attack, multi-layer autoencoder, deep belief network, convolutional neural
network, recurrent neural network, recursive neural network.
1. Introduction
The organization of data processing centers based on a Distributed Information System (DIS)
provides an opportunity to significantly expand the functionality of the specified network services and
increase the flexibility of the corresponding architecture depending on the requirements for
optimization, reorganization and scaling of the general infrastructure, which determines the prevalence
of the specified approach today. However, it should be noted that at the same time, the toolkit of a
potential attacker is also expanding, which can be used in the implementation of unauthorized access
to the service of the data processing center, with the subsequent task of significant material and
reputational damage to the owners of the service [1 5]. This indicates the high urgency of solving the
task of developing a holistic methodology for protecting network services from external threats, in
accordance with the concept of a Security Information and Event Management System (SIEM), the
generalized scheme of which is presented in fig. 1. This technology supports threat detection,
compliance and security incident management through the collection and analysis (both near real time
and historical) of security events, as well as a wide variety of other event and contextual data sources.
The development and optimization of SIEM system architecture is a complex task, the solution of which
Information Technology and Implementation (IT&I-2022), November 30 - December 02, 2022, Kyiv, Ukraine
EMAIL: yaninashestak@gmail.com (A. 1); tolupa@i.ua (A. 2); atorouss@gmail.com (A. 3); jamesisaac2000@hotmail.com (A. 4)
ORCID: 0000-0002-1703-0316 (A.1); 0000-0002-1919-9174 (A. 2); 0000-0002-9100-6939 (A. 3)
©️ 2022 Copyright for this paper by its authors.
Use permitted under Creative Commons License Attribution 4.0 International (CC BY 4.0).
CEUR Workshop Proceedings (CEUR-WS.org)
212
�includes the definition of the following key components, according to which the following groups of
target indicators can be obtained:
1. Peculiarities of identifying signs of a cyber attack by the SIEM system: typical samples from
the library of the training set or high-level signs.
2. The object of the cyber attack: the hardware platform of the SIEM complex, network protocols
of the service, the operating system, software applications and blocks of customer data stored on the
service platform.
3. The purpose of the cyber attack: unauthorized access, illegal copying of data or making
changes, disruption of the stable operation of the information network, external control by an
unauthorized user.
4. The method of monitoring the actions of a potential attacker using the SIEM system: machine
analysis of software code samples, the order of execution of procedures, the life cycle of a cyber attack.
Figure 1: Scheme of detection of external threats at the level of SIEM system
The identification of features of the organization of software code samples, behavior and the life
cycle of a cyber attack, both at the level of typical components and at the level of high-level features,
is most effectively implemented through the use of machine analysis based on neural network
algorithms [2-11], and deep learning neural network algorithms (DL-ANN: Deep Learning Artificial
Neural Networks) in particular.
Within the framework of this study, an analysis of relevant scientific publications was conducted
and it was noted that neural network algorithms that can be used in the construction of algorithms for
machine analysis of software code samples in order to identify signs of cyber attacks should be divided
into the following groups according to the organization of the architecture:
213
� • a neural network of the autoencoder type, which can be extended to a multilevel autoencoder
type architecture for the selection of high-level features [2, 3] which can be extended to a neural network
architecture of deep learning such as a multilayer autoencoder;
• deep belief neural networks (DBN), considered as generative graph models [4, 5];
• recurrent neural networks (RNN), on the basis of which machine analysis with sets of event
sequences is effectively carried out [6, 7];
• convolutional neural networks (CNN), used to highlight typical code patterns; within the
framework of this task, it should be noted that the choice of CNN provides an opportunity to reduce the
load on the computing resource of the general complex of machine analysis [8, 9];
• recursive neural networks (RvNN), based on the recursive application of one set of weights to
a structured data set [10, 11].
At the same time, it is necessary to build appropriate mathematical models, propose quantitative
indicators of the effectiveness of neural network algorithms, determine the extrema of the objective
functions, and correlate the obtained results with statistical data in order to assess the performance of
neural network algorithms accurately. This is considered as an unresolved part of the general research.
Thus, the aim of this work is to develop a methodology for optimizing SIEM system neural network
algorithms, which can be effectively used within the framework of the organization of the distributed
network infrastructure scheme in data processing center.
2. Principles of adaptation of deep learning neural network architecture for
cyber attack detection
The research is based on the construction of an adequate mathematical model of the machine analysis
procedure for the purpose of detecting a cyber attack on the DIS infrastructure. Thus, includes the need
to calculate such target indicators as the accuracy of the classification of program code patterns and the
order of execution of procedures, the total load on the components that determine the computing
resource, RAM and information storage of the hardware platform of the corresponding service, as well
as time processing of the flow of input data in accordance with the actual task of working in real time
(Fig. 2). In order to justify the costs of the event collection and correlation system, it is necessary that
the data not only was entered into the consolidated storage for their further analysis by the fact of the
incident, but also processed.
It is obvious that the tools of the given system will significantly speed up the incident analysis
process. However, the main task of cybersecurity system is timely detection, prompt response and
prevention of threats. For this, it is necessary to draw up the rules of correlation by drawing the risks
relevant for the company, as well as constant updating of the rules by specialists.
At the same time, deep learning neural network architecture require to learn the attack model from
historical threat data and use the trained models to detect intrusions for unknown cyber threats. Thus,
machine learning-driven solutions used to detect rare or anomalous patterns can improve detection of
new cyber threats and zero-day vulnerabilities.
DLNN solutions collect and correlate alerts, allowing analysts to gain more insight into a security
incident or attack and free up more time for more important investigations. Accordingly, these systems
analyze large volumes of data coming from multiple sources, monitor suspicious behavior,
automatically respond to potential attacks, and eliminate them, detect threats, notify about them, then
investigate and remediate them. Robust analytics are critical to understanding threats and make it easy
for experts to find threats that might otherwise go unnoticed, and provide visibility into their timeline.
At the same time, the researchers indicate the advantages of using the DL-ANN architecture within
the specified task, the adaptation features of which can be defined to the following categories (Fig. 3):
1. Productivity of machine analysis, which includes increasing the accuracy of pattern selection,
tools for selecting high-level features, as well as effective work with large data sets, the relevance of
which increases with the exponential growth of the bandwidth of information channels and the volume
of information storage.
2. Increasing the load on the computing resource, as well as the RAM resource and information
storage of the machine analysis complex, which may be unacceptable according to the limitations of
the hardware complex.
214
� 3. An increase in the time of processing input data, which may be unacceptable in accordance
with peak loads when processing input data under real-time operating conditions, as well as the time of
learning neural network algorithms on the training sample.
Figure 2: Scheme of adaptation of neural network algorithms of deep learning in the organization
of the SIEM system of the data center
Thus, the task of optimizing algorithms based on the neural network architecture of deep learning
for the detection of cyber attack patterns, within the framework of the study, is solved by determining
the global maxima of the objective functions of the accuracy of machine analysis, the global minima of
the load on the computing resource and the resource of the hardware platform, as well as the global
minimum of the input flow processing time data when working in real-time mode under the conditions
of hardware platform resource limitation. In order to determine the quantitative indicators of the
accuracy of the identification and classification of cyberattack patterns, according to the statistical
215
�results of the study in relation to the total number of objects of analysis 𝑁𝛴 , the following designations
are introduced:
𝑁𝑇𝑃 as the number of true positives (TP) results of machine analysis;
𝑁𝑇𝑁 as the number of true negatives (TN) results of machine analysis;
𝑁𝐹𝑃 as the number of false positives (FP) results of machine analysis;
𝑁𝐹𝑁 as the number of false negatives (FN) of machine analysis results.
Figure 3: Features of adaptation of deep learning neural network architecture for detection of
cyber attack patterns
In addition, for the convenience of building a mathematical apparatus, additional statistical
indicators can be introduced:
𝑁𝛴𝑇 and 𝑁𝛴𝐹 as the total number of true and false classification results;
𝑁𝛴𝑁 and 𝑁𝛴𝑃 as the total number of negative and positive classification results.
Based on the specified static indicators, the objective functions of the accuracy of program code
pattern classification can be calculated as 𝐹𝐴𝐿 (AL: Accuracy Level) and 𝐹𝑃𝐿 (PL: Precision Level):
𝑁𝛴𝑇
𝐹𝐴𝐿 =
𝑁𝛴 𝑁 = 𝑁𝑇𝑃 + 𝑁𝑇𝑁
, де [ 𝛴𝑇 (1)
𝑁𝑇𝑃 𝑁𝛴𝑃 = 𝑁𝑇𝑃 + 𝑁𝐹𝑃
𝐹𝑃𝐿 =
[ 𝑁𝛴𝑃
In accordance with the specified objective functions of the accuracy of classification, an assessment
of the performance of the application of neural network algorithms can be carried out while limiting the
allowable processing time of the input stream of a fixed data volume for identical computing resources
and memory resources of the hardware platform.
216
�3. Evaluation of the performance of neural network algorithms according to
the target indicators of accuracy of machine analysis
In order to evaluate the performance of the application of neural network algorithms in accordance
with the target indicators of the accuracy of machine analysis, it is proposed to conduct research for
neural network architectures, which are considered relevant in solving the problem of identifying and
classifying cyber attack patterns nowadays. At the same time, it is proposed to compare classical neural
network architectures, which are characterized by a minimal load on the hardware resource of the
machine analysis system, with neural network architectures of deep learning [4 -7, 10-13] .
At the first stage, based on a set of statistical analysis indicators {𝑁𝑇𝑃 , 𝑁𝑇𝑁 , 𝑁𝐹𝑃 , 𝑁𝐹𝑁 } presented in
studies [2, 3], it is proposed to determine the ranges of values for the above objective functions {𝐹𝐴𝐿 }and
{𝐹𝑃𝐿 }for the architecture of the autoencoder and multi-level autoencoder according to equation (1).
The calculation results are shown in fig. 3. It demonstrates that the specified neural network
architecture shows mediocre performance values.
0 0
When moving from a standard autoencoder (values of the objective functions 𝐹𝐴𝐿 and 𝐹𝑃𝐿 ) to a deep
+
learning neural network of the multi-layered autoencoder (values of the objective functions 𝐹𝐴𝐿 and
+
𝐹𝑃𝐿 ), the accuracy of the analysis does not increase, but the spread of values significantly decreases,
which makes it possible to fix the target indicators at the maximum possible level of this model of
values. The reliability of the application of the deep learning architecture is based on the comparison of
the values obtained at the output of each layer, which corresponds to a separate autoencoder, with the
next layer.
Figure 4: Ranges of accuracy for detecting patterns of cyberattacks when using autoencoder and
multi-level autoencoder neural networks
In turn, neural network algorithms based on DBN architecture are based on the composition of basic
neural networks and classification layers. Within the framework of the SIEM system , the specified
approach is used to highlight high-level features of the software code at the level of deobfuscation.
𝐷 𝐷
In addition to the basic architecture (values of the objective functions 𝐹𝐴𝐿 and 𝐹𝑃𝐿 ), the research
paper presents modeling results for DBN with a linear regression function (LR: Linear Regression). It
𝐿𝑅 𝐿𝑅
is the value of the objective functions 𝐹𝐴𝐿 and 𝐹𝑃𝐿 and the elements of the architecture of the
𝑃 𝑃
probabilistic neural network (PNN) are the values of the objective functions 𝐹𝐴𝐿 and 𝐹𝑃𝐿 , respectively
[12, 13]. As the simulation results show, neural network algorithms based on the DBN architecture
𝐿𝑅 𝐿𝑅
with LR layers provide maximum accuracy in both indicators ( 𝐹𝐴𝐿 ∈ [97%, 98%] and 𝐹𝐴𝐿 ~98%,
𝐿𝑅 𝐿𝑅
respectively) with minimal spread ( ∆𝐹𝐴𝐿 ~2%and ∆𝐹𝑃𝐿 ~1%, respectively).
The last group of neural network architectures, which was considered in this paper, includes such
architectures as CNNs using a long chain of short-term memory elements (LSTM - Long Short-Term
Memory) which includes the next values:
the value of the objective functions 𝐹𝐴𝐿𝐶
and 𝐹𝑃𝐿𝐶
, RNN , where the problem of short-term
memory is also solved through the use of the LSTM scheme ,
217
� 𝐶
the value of the objective functions 𝐹𝐴𝐿 𝐶
and 𝐹𝑃𝐿 , RvNN with internal memory, which makes it
possible to perform machine analysis of code sequences of arbitrary length, which increases
performance systems when working with large arrays,
𝐶
the values of the objective functions 𝐹𝐴𝐿 𝐶
and 𝐹𝑃𝐿 , as well as neural network algorithms based
on the restricted Boltzmann machine ( Restricted Boltzmann Machines , RBM ) are the values
𝑅𝐵 𝑅𝐵
of the objective functions 𝐹𝐴𝐿 and 𝐹𝑃𝐿 .
Figure 5: Ranges of accuracy for detecting patterns of cyberattacks when applying deep neural
networks of beliefs
As the simulation results demonstrates, neural network algorithms based on the RNN architecture
𝑅 𝑅
with the LSTM scheme provide maximum accuracy in both indicators ( 𝐹𝐴𝐿 ~96%and 𝐹𝐴𝐿 ~96%,
𝑅 𝑅
respectively) with minimal spread ( ∆𝐹𝐴𝐿 ~1%and ∆𝐹𝑃𝐿 ~1%, respectively).
The main advantage of the particular scheme is the flexibility of convolutional operators in reducing
the number of parameters. As a result, the CNN-LSTM network is becoming deeper. Such networks
provide superior performance by simulating signals in temporal information and provide highly
efficient threat level detection of suspicious events using a long chain of short-term memory cells. The
final classification layer of the CNN-LSTM architecture is a fully connected layer that provides a final
decision on the threat level within a certain period of time for each new SIEM instance.
In this way, the proposed approach can be adapted for a wide range of tasks in the field of
organization, configuration and optimization of the SIEM scheme through the assessment of the
accuracy of machine analysis in the selection and classification of cyber attack patterns according to a
specific task (threat level, volume of incoming data flow and available computing resource and the
memory resource of the hardware platform of the service).
4. A comprehensive technique for evaluating the performance of neural
network algorithms
In order to build a universal methodology for evaluating the performance of machine analysis with
the aim of further adapting it according to specific tasks, the above target functions of the accuracy of
determining and classifying cyber attack patterns should be supplemented with such categories as the
ratio of false results and the ratio of correct detection results ( 𝜅𝐹 and 𝜅 𝑇 , respectively) and the
completeness indicator 𝐹𝑅𝑒𝑐 :
218
� 𝑁𝛴𝐹
𝜅𝐹 =
𝑁𝛴
𝑁𝛴𝑇
𝜅 = (2)
{ 𝑇 𝑁𝛴
𝑁𝑇𝑃
𝐹𝑅𝑒𝑐 =
[ 𝑁𝑇𝑃 + 𝑁𝐹𝑁
and on the basis of the objective functions 𝐹𝑅𝑒𝑐 , and 𝐹𝑃𝐿 in turn, the F1 -classification accuracy
indicator can be determined as:
2𝐹𝑅𝑒𝑐 ∙ 𝐹𝑃𝐿
𝐹𝐹1 = (3)
𝐹𝑅𝑒𝑐 + 𝐹𝑃𝐿
Figure 6: Ranges of accuracy for detecting patterns of cyberattacks when using algorithms based on
RBM , CNN , RNN and RvNN
Thus, the task of optimizing the complex of machine analysis based on neural network algorithms
for the detection and classification of cyber attack patterns can be reduced to the task of finding the
global extremum of the objective function, as suggested above. At the same time, in accordance with
the specific task of the organization of the SIEM system, one of the accuracy functions of the set 𝐹𝐴𝐿 ,
𝐹𝑃𝐿 , 𝐹𝑅𝑒𝑐 and 𝐹𝐹1 is considered as a target function, and for the others, together with the indicator of the
number of false classification results 𝜅𝐹 or the indicator of the number of true classification results 𝜅 𝑇 ,
permissible limits are introduced:
permissible limits of the number of false or true pattern classification results as 𝜅𝐹 ∈ [0%; 𝜅𝐹𝑚𝑎𝑥 ]or
𝜅 𝑇 ∈ [𝜅 𝑚𝑖𝑛
𝑇 ; 100%], respectively, where the values of 𝜅𝐹
𝑚𝑎𝑥
and 𝜅 𝑚𝑖𝑛
𝑇 are chosen in accordance
with the requirements determined at the level of the SIEM -system organization depending on the
task;
permissible limits of the classification accuracy function 𝐹𝐴𝐿 ∈ [𝐹𝐴𝐿 𝑚𝑖𝑛
; 100%], where the value
𝑚𝑖𝑛
𝐹𝐴𝐿 is chosen in accordance with the requirements determined at the level of the SIEM -system
organization, depending on the task;
219
� 𝑚𝑖𝑛
permissible limits of the classification accuracy function 𝐹𝑃𝐿 ∈ [𝐹𝑃𝐿 ; 100%], where the value
𝑚𝑖𝑛
𝐹𝑃𝐿 is chosen in accordance with the requirements determined at the level of the SIEM -system
organization, depending on the task;
permissible limits of the classification accuracy function 𝐹𝑅𝑒𝑐 ∈ [𝐹𝑅𝑒𝑐 𝑚𝑖𝑛
; 100%], where the value
𝑚𝑖𝑛
𝐹𝑅𝑒𝑐 is chosen in accordance with the requirements determined at the level of the SIEM -system
organization, depending on the task;
permissible limits of the F 1 classification accuracy indicator 𝐹F1 ∈ [𝐹F1
𝑚𝑖𝑛
; 100%], where the value
𝑚𝑖𝑛
𝐹F1 is chosen in accordance with the requirements determined at the level of the SIEM -system
organization, depending on the task.
According to the proposed approach, the arguments of the objective function and the functions that
determine the permissible limits set by the researcher will be the following categories:
a set of parameters defining the neural network architecture;
a set of parameters that determine the selection of the activation function;
set parameters that determine the peculiarities of neural network training and preparation of the
training sample.
The specified technique allows to generalize the currently relevant approaches to optimizing
machine analysis in order to detect cyberattacks on the components of the infrastructure of the data
processing center, represented as DIS , and can be used in the future to solve a wide range of tasks
related to the organization, configuration, reorganization, scaling and optimization of the
SIEM -system.
5. Conclusion
In conclusion, there was presented a strategy based on neural network algorithms to raise the data
center protection against distributed cyber attacks in this paper. As a result of the work carried out, the
peculiarities of building mathematical models, which are used for the evaluation and optimization of
neural network algorithms for the selection and classification of cyber attack patterns, in particular
algorithms based on the neural network architecture of deep learning, were analyzed.
At the same time, within the framework of this study:
• a generalized scheme for detecting external threats at the level of the information security event
management system was developed;
• approaches for adapting the neural network architecture of deep learning to identify cyber
attack patterns are proposed;
• the ranges of accuracy of detection of cyber attack patterns when using autoencoder neural
networks, multi-level autoencoder, deep belief neural networks, convolutional neural networks,
recurrent neural networks, recursive neural networks and restricted Boltzmann machine are determined;
• the toolkit for evaluating the performance of the application of neural network algorithms has
been expanded through the introduction of a set of machine analysis accuracy indicators, which act as
target functions and permissible limits defined at the quantitative level.
It is shown that the presented mathematical model is generalized and when the mathematical
apparatus is expanded, it provides an opportunity to organize, configure, reorganize, scale and optimize
the SIEM system at an automatic level for a wide range of tasks that arise in the organization of data
centers.
6. References
[1] Aiyetoro, G., & Owolawi, P. (2019). Spectrum management schemes for internet of remote things
(IORT) devices in 5G networks via Geo Satellite. Future Internet, 11 (12), 257.
https://doi.org/10.3390/fi11120257.
[2] Yu, Y., Long, J., & Cai, Z. (2017). Network intrusion detection through stacking dilated
convolutional autoencoders. Security and Communication Networks, 2017, 1–10.
https://doi.org/10.1155/2017/4184196.
220
�[3] Song, Y., Hyun, S., & Cheong, Y.-G. (2021). Analysis of autoencoders for network intrusion
detection. Sensors, 21 (13), 4294. https://doi.org/10.3390/s21134294.
[4] He, J., Tan, Y., Guo, W., & Xian, M. (2020). A small sample DDOS attack detection method based
on Deep Transfer Learning. 2020 International Conference on Computer Communication and
Network Security (CCNS). https://doi.org/10.1109/ccns50731. 2020.00019.
[5] Sarker, IH (2021). Deep cybersecurity: A comprehensive overview from neural network and Deep
Learning Perspective. SN Computer Science, 2 (3). https://doi.org/10.1007/ s42979-021-00535-6.
[6] Ma, X., Zhang, X., Dong, C., & Chen, X. (2021). A survey on Secure Outsourced Deep Learning.
Cyber Security Meets Machine Learning, 129–163. https://doi.org/10.1007/978-981-33-6726-5_6.
[7] Toliupa, S., Buchyk, S., Nakonechnyi, V., ...Parkhomenko, I., Lukova-Chuiko, N. Building an
Intrusion Detection System in Critically Important Information Networks with Application of Data
Mining Methods. Proceedings - 16th International Conference on Advanced Trends in
Radioelectronics, Telecommunications and Computer Engineering, TCSET 2022, 2022, стр. 128–
133.
[8] Shtanenko, S., Samokhvalov, Y., Toliupa, S., Silko, O. Increasing survivability of technological
systems based on the technology of programmable logic device. CEUR Workshop Proceedings,
2022, 3132, стр. 237–245.
[9] Abu Al-Haija, Q., & Al-Dala'ien, M. (2022). Elba-IoT: An ensemble learning model for botnet
attack detection in IoT networks. Journal of Sensor and Actuator Networks, 11 (1), 18.
https://doi.org/10.3390/jsan11010018.
[10] Jiang, P., Wu, H., & Xin, C. (2021). DeepPOSE: Detecting GPS spoofing attack via deep recurrent
neural network. Digital Communications and Networks.
https://doi.org/10.1016/j.dcan.2021.09.006
[11] Mao, X., & Li, Q. (2020). Generative Adversarial Networks (GANS). Generative adversarial
networks for image generation, 1–7. https://doi.org/10.1007/978-981-33-6048-8_1.
[12] Saisindhutheja, R., & Shyam, GK (2021). A deep belief network based attack detection using a
secure SAAS framework. 2021 International Conference on Innovative Practices in Technology
and Management (ICIPTM). https://doi.org/10.1109/ iciptm52218.2021. 9388329.
[13] Ma, X., Zhang, X., Dong, C., & Chen, X. (2021). A survey on Secure Outsourced Deep Learning.
Cyber Security Meets Machine Learning, 129–163. https://doi.org/10.1007/978-981-33-6726-5_6.
[14] Hnatiienko, H., Kiktev, N., Babenko, N., Desiatko, A., Myrutenko, L. Prioritizing Cybersecurity
Measures with Decision Support Methods Using Incomplete Data // Selected Papers of the XXI
International Scientific and Practical Conference "Information Technologies and Security", Kyiv,
Ukraine, December 9, 2021 / CEUR Workshop Proceedings, 2021, 3241, pp. 169–180.
[15] Song, H., Zhuqing, J., Men, A., Yang, B. A hybridsemi-supervised anomaly detection model for
high-dimensional data. Computational intelligence and neuroscience, vol. 2017, 2017
[16] Manikopoulos, C., Papavassiliou, S. Network in-trusion and fault detection: a statistical anomaly
approach. IEEE Communications Magazine, vol. 40, no. 10, pp. 76–82, 2002.
221
�