INCREASING THE REDUNDANCY OF INFORMATION FIELDS OF ADAPTIVE CLASSIFIERS OF THE INFORMATION SECURITY SYSTEM.

INCREASING THE REDUNDANCY OF INFORMATION FIELDS OF ADAPTIVE CLASSIFIERS OF THE INFORMATION SECURITY SYSTEM..

INCREASING THE REDUNDANCY OF INFORMATION FIELDS OF ADAPTIVE CLASSIFIERS OF THE INFORMATION SECURITY SYSTEM.

NESTERUK Gennady Filippovich, Candidate of Technical Sciences
MOLDOVYAN Alexander Andreevich, Candidate of Technical Sciences
NESTERUK Filipp Gennadievich
VOSKRESENSKY Stanislav Igorevich
KOSTIN Andrey Aleksandrovich

INCREASING THE REDUNDANCY OF INFORMATION FIELDS OF ADAPTIVE CLASSIFIERS OF THE INFORMATION SECURITY SYSTEM

The article considers the issues of increasing the redundancy of information fields of neuro-fuzzy networks, necessary for the implementation of the main advantages of the neural network element base, such as adaptability, functional stability, distributed redundant storage of information. The need to use information on the state of the information security system (ISS) as one of the sources of input data for neuro-fuzzy classifiers of hierarchical levels of the adaptive ISS model is discussed.

In the adaptive protection model, the classifier of the hierarchical level of the information security system (ISS) contains a clear self-learning neural network (NN) for solving the problem of clustering input vectors, a fuzzy NN, the structure of which reflects the system of fuzzy rules of logical inference, a system of fuzzy rules describing the work of the classifier taking into account expert assessments [1].

At the same time, the initial system of fuzzy inference rules is formulated by an expert and may be incomplete or contradictory, and the type and parameters of the membership functions describing the input and output variables of the system are selected subjectively and may not adequately reflect reality. To eliminate these shortcomings, the adaptability property of fuzzy systems is used, which is most fully implemented in fuzzy NNs.

A fuzzy neural network is identical in structure to a multilayer neural network trained, for example, using the backpropagation algorithm, but the hidden layers in it correspond to the stages of fuzzy inference [2]:

  • the input layer of neurons performs the function of introducing fuzzification based on the specified input membership functions;
  • the hidden layers display a set of fuzzy inference rules;
  • the output layer performs the function of defuzzification.

The main advantage of fuzzy neural networks implementing a given system of fuzzy inference rules is called the structural transparency of the NN information field (for subsequent analysis) after completion of the neural network training stage. To illustrate the correspondence between the stages of bottom-up fuzzy logical inference and the specialization of fuzzy NN layers, let us refer to Fig. 1 [3]:

Fig. 1. Specialization of fuzzy NN layers

  1. the layer of input membership functions A1 A3, B1 – B3 transforms each of the crisp input values ​​х1 and х2 into the degree of truth of the corresponding premise for each rule mАi, mBi, i = 1, 2, 3 (introduction of fuzziness);
  2. the layer of fuzzy rules R1 – R6 according to the degree of truth of premise mАi, mBi, i = 1, 2, 3
  3. generates fuzzy subsets of conclusions for each of the rules mRi, i = 1,…6 (fuzzy logical inference)

  4. the layer of output membership functions С1, С2 combines fuzzy subsets mRi, i = 1,…6 into fuzzy subsets mСi, i = 1, 2 (composition);
  5. the output layer generates a crisp output value y from fuzzy subsets mСi, i = 1, 2

If we use a pair of complementary functions of the type L (large) and S (small) as membership functions, which add up to 1 (complementary functions), then for classification purposes it is convenient to use fuzzy NNs similar to the one shown in Fig. 2.


Fig. 2. Application of fuzzy NN for classification purposes

The fuzzy classifier under consideration identifies input vectors with the same coordinates (the logical function equivalence). In the input layer, a pair of complementary functions L and S for each crisp variable forms a pair of mutually opposite fuzzy statements (FP). FPs in accordance with the logical function equivalence are combined into terms by the operation min of logical inference on formal neurons (FN) of the hidden layer of the NN. The final operation maxcomposition is performed on the FN, at the outputs of which a pair of complementary functions L and S are implemented.

The downside of the specialization of the layers of a fuzzy NN, which ensures the structural transparency of the information field, is the practical absence of information redundancy, which negatively affects the functional stability and protection of the NN information fields from destructive influences.

While maintaining the specialization of individual layers of neuro-fuzzy networks in accordance with the rules of fuzzy logical inference, convenient for subsequent analysis, it is necessary to introduce redundancy into the information field of the neuro-fuzzy classifier [4]. Redundancy of the information field creates prerequisites for distributed storage of information in structured fields of fuzzy NN in the form of a system of complementary fuzzy connections [1], and the structural specialization of NF layers in fuzzy NNs allows us to analyze the results of training the information fields of the NN.

The system of fuzzy rules of logical inference can be identified with a formal description of logical transformations of fuzzy statements. As an apparatus for formalizing transformations over NF, one can use an analog of normal forms for crisp statements in the form of disjunctive (DNF) and conjunctive (CNF) normal forms. Moreover, NF at the output of the function S corresponds to the inverse value of some fuzzy variable, and L to the direct value of the same variable (Fig. 3).


Fig. 3. Input node of the neuro-fuzzy classifier

If we apply a similar approach of complementary duplication to the hidden layers of the neuro-fuzzy network, we can achieve the formation of mutually opposite results for both the logical inference stage and the composition stage, which allows us to double the redundancy of the information fields of the neuro-fuzzy classifier (Fig. 4).


Fig. 4. Structure of the redundant neuro-fuzzy classifier

Further introduction of redundancy of the information field of the neuro-fuzzy classifier can be ensured if the formal record of the system of fuzzy predicate rules is presented in a form similar to the perfect DNF and CNF, i.e. terms implementing the operation minlogical inference at the outputs , represent min-terms (respectively, at the outputs – max-terms).

The following form of introducing redundancy into the information field of the neuro-fuzzy classifier seems appropriate – increasing the dimensionality of the input data by adding the vector Х to the input vector Z the current state of the NIS (Fig. 5).


Fig. 5. Correction of the hierarchical level of the neuro-fuzzy classifier

Such a correction of the structure of the NIS causes not only an increase in the dimensionality of the input data of the classifier, but also expands the system of fuzzy rules of logical inference, which takes into account not only the coordinates of the input vector X, but also the coordinates of the vector Z of the current state of the NIS, which, in turn, also leads to an increase in the redundancy of the information field of the neuro-fuzzy classifier.

During the operation of the classifier, not only is the vector Y identified by the vectors X and Z, but proposals C are also formed to change the state of the system.

Let's consider the model (Fig. 6) of the adaptive information security system [1], which reflects changes in the structure of protection levels similar to those shown in Fig. 5.


Fig. 6. Model of the adaptive information security system

For the immune level of protection, the coordinates of the vector Z can reflect the system characteristics of the IT system, such as:

  • type of installed software and updates to it;
  • running services;
  • multitasking support;
  • multi-user mode support;
  • presence in the IT system of such input/output devices as disk drives, CD, DVD drives, USB ports, etc.;
  • presence of “hot” swap devices, for example, RAID arrays, other means of data backup;
  • possibility of wireless access to the system;
  • other.

For the receptor level of protection, the coordinates of the vector Z can reflect the structural characteristics of the ISS, such as:

  • the set of protection mechanisms (PM) used in the ISS;
  • the distribution of PM by the ISS hierarchy;
  • the activity of the ISS hierarchy levels;
  • the activity of the protection mechanisms used in the ISS;
  • the security indicators of the IT system, including rating indicators;
  • other.

The presence of status registers in the hierarchical levels of the SIB leads to a significant increase in the redundancy of the SIB information fields both due to an increase in the dimensionality of the input vectors of the classifiers and the subsequent reduction of the formal notation of the system of fuzzy rules of logical inference to an analogue of the perfect form (for example, SovDNF).

Analysis of information fields of trained fuzzy NN classifiers of adaptive protection levels, formed taking into account the current state of the IT system and the ISS, allows us to assess the influence of individual coordinates of the vectors X and Z on the vector Y (for example, on threat identification).

In particular, at the immune level of protection, it is advisable to take into account the state of the IT system, including the hardware and software component of the ISS, when identifying threats, and at the receptor level of protection — the activity of individual MZ, ISS levels, and IT system security indicators.

Literature

  1. Nesteruk F.G., Osovetskiy L.G., Nesteruk G.F., Voskresenskiy S.I. On modeling an adaptive information security system/Prospective information technologies and intelligent systems. 2004, No. 4, pp. 25 – 31
  2. Kruglov V.V., Borisov V.V. Artificial neural networks. Theory and practice. – 2nd ed., stereotype. – Moscow: Goryachaya Liniya – Telecom, 2002.
  3. Negnevitsky M. Artificial intelligence: a guide to intelligent systems. Addison-Wesley, 2002.
  4. Nesteruk G.F., Kupriyanov M.S., Elizarov S.I. On the solution of the problem of neuro-fuzzy classification/Coll. reports of the VI Int. conf. SCM’2003. — St. Petersburg: SPETU, 2003. v. 1. pp. 244 — 246.
  5. Osovetsky L.G., Nesteruk G.F., Bormotov V.M. On the issue of immunology of complex information systems/News of universities. Instrument making. 2003. v. 46, No. 7, pp. 34 — 40.
  6. Lobashev M.E. Genetics. — L.: Publishing house of Leningrad University, 1969.
  7. Melik-Gainazyan I.V. Information processes and reality. M.: Nauka, 1998. – 192 p.
  8. Nesteruk G.F., Osovetskiy L.G., Nesteruk F.G. On the application of neuro-fuzzy networks in adaptive information security systems/Neuroinformatics – 2005: Proceedings of the VII All-Russian scientific and technical conference. M.: MEPhI (TU), 2005, part 1. pp. 163 – 171.
  9. Fuller R. Neural Fuzzy Systems. — Abo: Abo Akademi University, 1995.
  10. Nesteruk G.Ph., Kupriyanov M.C. Neural-fuzzy systems with fuzzy links/Proc. of the VI-th Int. Conference SCM’2003. – St.Pb: StPSETU “LETI”, 2003. v. 1. p. 341 344.

Мы используем cookie-файлы для наилучшего представления нашего сайта. Продолжая использовать этот сайт, вы соглашаетесь с использованием cookie-файлов.
Принять