PRINCIPLE OF SYNTHESIS OF MULTI-COMPUTER SYSTEMS FROM COMBINEDANTI-VIRUS BAITS AND TRAPS AND A DECISION-MAKING CONTROLLERFOR THE DETECTION OF MALICE SOFTWARE AND COMPUTER ATTACKS
DOI:
https://doi.org/10.31891/2307-5732-2023-329-6-386-393Keywords:
deception systems, principle, controller, malicious software, computer attacks, decoys, trapsAbstract
The work presents the results of research on deception systems for detecting malicious software and computer attacks. For this purpose, it is proposed to develop the principle of synthesis of multi-computer systems from combined antivirus baits and traps. This class of systems is one of the classes of deception systems. To develop the principle of synthesis, an analysis of the architecture of deception systems was carried out. The division of system architecture by internal structure made it possible to determine the necessary elements and components in the system architecture, which will contain a controller and specialized functionality, and is the basis for developing the concept and methodological foundations of the synthesis of such systems. In contrast to known principles of synthesis of multi-computer systems with combined decoys and traps and a decision-making controller for detecting and countering malicious software and computer attacks, the developed principle of synthesis of such systems contains two defining requirements for system architecture. The decision controller is separated from the center of the system, which makes it possible to form its architecture separately from the architecture of the system center and, as a result, to make decisions about the solutions developed in the center of the system independently of it. This is due to the specifics of the system and gives advantages to the system directly before the attackers or their means, because it forms different final responses of the system under the same initial conditions at different time intervals, which confuses the attackers. The presence of specialized functionality that will affect internal events in the system and changes in its architecture, i.e., interaction in the system of subsystems that ensure its direct functioning and specialized functionality for detecting and countering ZPZ and KA, makes it possible to improve the stability of the system and efficiency in decision-making.