THE CRITERION OF PROMPTNESS IN CENTRALIZATION IN THE ARCHITECTURE OF MULTICOMPUTARY SYSTEMS WITH COMBINED ANTIVIRUS BAITS AND TRAPS TO DETECT MALICIOUS SOFTWARE AND COMPUTER ATTACKS

Abstract

The work analyzes existing methods of detecting malicious software and computer attacks using baits and traps. Systems that can be used to integrate baits and traps are considered. The architecture of such systems enables to carry out restructuring in the process of functioning without involving the administrator. In this process, the features and parameters that will influence the restructuring process and the choice of restructuring are important. Therefore, the work criterion for the next version of the system of the system in the architecture of the system to ensure its restructuring was developed.

The developed criteria of efficiency takes into account indicators such as time to determine new components with the functionality of the center and component without such functionality, time to notify the components of the next state of centralization and their purpose in the new architecture of the system, time to notify all components of the system about the completion of current type of centralization. in the architecture of the system, the time of receipt of confirmation from all the components of the system about the completion of the current type of centralization and the transition to a new type of centralization in the architecture of the system, the time of sending the team to all components of the system about the start of work with the new center of the system and obtaining confirmation from them about successful Transition, time sending messages between the components of the system of system for work coordination, the total number of components in the system, the number of active components of the system at the current time, the number of components in the system with the functionality of the system of the system at the current time, information about the components of the system at the current point in time in Corporate network nodes, information about the active and inactive components of the system of the system at the current time at the corporate network nodes, the number of inactive components with the functionality of the system center at the current time, the number of inactive components without the functionality of the system at the current time, the number of segments in the corporate network , in which the components of the system, the number of system components in the demilitarized zone of the corporate network, the number of system components in server units, the number of components with the functionality of the center center in the nodes in the demilitarized zone, the number of components with the functionality of the system center in server units.

As a result, the parameters have developed a criterion for promptness to determine the following centralization in the architecture of multicomputer systems detection of malicious software and computer attacks using baits and traps. In order to check the adequacy of the description of the criterion of efficiency of processes in the system, an experiment was conducted, the results of which confirmed the possibility of applying the criterion of efficiency for such systems.