MODELING AND DEVELOPMENT OF A CONCEPT OF A MULTI-LAYERED FRAMEWORK FOR CYBERSECURITY SYSTEM
DOI:
https://doi.org/10.31891/2307-5732-2024-337-3-20Keywords:
Cybersecurity, Machine learning, Neural network, Security pattern, Cyberattack, Security model, Security incidentAbstract
In this article, the concept and architecture of a multi-layered framework for developing and configuring a data-driven security model in a cybersecurity system, was described. The initial layer involves collecting security data, which forms a bridge between security issues in the cyber-infrastructure and appropriate data-driven solutions. Collecting security patterns or insights from security data and building an appropriate data-driven model is crucial for making the security system automated and intelligent. Security data preparation layer is responsible for providing training and learning data from various sources for the resultant model. Both data quality and quantity determine the ability to solve a security problem, effective data pre-processing, cleaning, and normalization can play a significant role to build an effective security model. The ML based security modeling layer is the main step where insights and knowledge are extracted from the prepared data for further model composing. For this purpose, several ML methods, such as feature engineering, data clustering and classification can be used, as well as DL methods based on recurrent or convolutional neural networks. At this level, the model learns to classify and predict threats, as well as detect anomalous behavior using classification and regression methods. Gradual learning and dynamism layer is concerned with finalizing of the resultant security model. On this step, the security model is being updated by incorporating the latest DD security patterns to improve efficiency. All modules can be applied either together or separately, depending on the specific security issue. Thus, the multilayered framework will allow to build a security model to ensure the resilience and stability of security system under cyberattacks and other security incidents.