Перегляд за Автор "Onishchenko, Volodymyr"

Зараз показуємо 1 - 2 з 2
  • Ескіз
    ДокументВідкритий доступ
    Analysis of methods of classification of electronic messages based on neural network models
    (National Technical University of Ukraine "Igor Sikorsky Kyiv Polytechnic Institute", 2023) Onishchenko, Volodymyr; Minochkin, Anatolii
    In the article, the creation of a mechanism for detecting and classifying messages is considered, with an assessment of how effectively different neural networks work and can recognize and classify different types of electronic messages, including phishing attacks, spam, and legitimate messages. A preliminary analysis of incoming messages has been performed, encompassing their headers, text, and other relevant attributes. For instance, in the case of emails, these attributes could be the 'subject' and 'sender' of the message. Methods for data preparation and processing have been reviewed, including text vectorization, noise removal, and normalization, to be utilized in training neural networks. Message tokenization has been performed by transforming them into a numerical format while considering the selection of features. For text messages, it is crucial to execute both tokenization and text vectorization. The model training was performed on the test data with prior splitting into two parts: 80% for training and 20% for testing. The training set is utilized for training the model, while the test set is used to evaluate its effectiveness. The peculiarity of the class structure of the data, namely the uniformity of the distribution of classes, is considered. In this case, spam occurs less frequently than legitimate messages, so class balancing techniques such as random deletion of redundant examples, upsampling, and subsampling were applied to ensure adequate model training. Optimization of network parameters was performed, by researching the optimal parameters of neural networks, such as the number and size of layers, activation functions, and optimization of hyperparameters to achieve the best performance. Hyperparameter optimization includes determining optimal settings for neural networks, such as layer size, activation functions, learning rate, and other parameters. The effectiveness was assessed by comparing the results and performance of various classification methods based on neural networks using metrics such as precision and F1-score. It was determined how well the methods can avoid misclassifications where legitimate messages are mistakenly identified as spam, and vice versa. A comparison of the methods' effectiveness in processing a large volume of messages in real time was conducted. An analysis of different architectures of neural network models was performed. Based on the analysis, it was revealed how effectively different neural network models can recognize and classify messages as spam.
  • Ескіз
    ДокументВідкритий доступ
    Investigation of associative rule search method for detection of cyber incidents in information management systems and security events using CICIDS2018 test data set
    (Institute of Special Communication and Information Protection of National Technical University of Ukraine “Igor Sikorsky Kyiv Polytechnic Institute”, 2024) Onishchenko, Volodymyr; Puchkov, Oleksandr; Subach, Ihor
    Automated rule generation for cyber incident identification in information management and security event systems (SIEM, SYSTEM, etc.) plays a crucial role in modern cyberspace defense, where data volumes are exponentially increasing, and the complexity and speed of cyber-attacks are constantly rising. This article explores approaches and methods for automating the process of cyber incident identification rule generation to reduce the need for manual work and ensure flexibility in adapting to changes in threat models. The research highlights the need for utilizing modern techniques of Intelligent Data Analysis (IDA) to process large volumes of data and formulate behavior rules for systems and activities in information systems. The conclusion emphasizes the necessity of integrating multiple research directions, including analyzing existing methods and applying IDA algorithms to search for associative rules from large datasets. Key challenges addressed include the complexity of data modeling, the need to adapt to changes in data from dynamic cyber attack landscapes, and the speed of rule generation algorithms for their identification. The issue of the "dimensionality curse" and the identification of cybersecurity event sequences over time, particularly relevant to SIEM, are discussed. The research objective is defined as the analysis and evaluation of various mathematical methods for automated associative rule generation to identify cyber incidents in SIEM. The most effective strategies for enhancing the efficiency of associative rule generation and their adaptation to the dynamic change of the cybersecurity system state are identified to strengthen the protection of information infrastructure.