Formal Methods for Information Protection Technology. Task 2: Mathematical Foundations, Architecture and Principles of Implementation of Multi-Agent Learning Components for Attack Detection in Computer Networks. Part 1

摘要

This report results from a contract tasking St. Petersburg Institute For Informatics & Automation of the Russian Academy of Sciences as follows: Formal Methods for Information Protection Technology The use of open computer networks as an environment for exchange of information across the globe in distributed applications requires improved security measures on the network, in particular, to information resources used in applications. Integrity, confidentiality and availability of the network resources must be assured. To detect and suppress different types of computer unauthorized intrusions, modern network security systems (NSS) must be armed with various protection means and be able to accumulate experience in order to increase its ability to front against known types of intrusions, and to learn new types of intrusions. The project will perform three main tasks. 1. Develop a mathematical model and a tool that simulates various coordinated intrusion scenarios against computer networks; 2. Develop the mathematical foundations, architecture, and principles of implementation of autonomous-software-tool technology implementing the learning system for intrusion detection; 3. Develop the fundamentals, architecture and software for the computer security system based on multi-level encoding for information protection in mass application. Currently, scientific efforts in network security area are undertaken mainly in the development of the network defense mechanisms. Unfortunately, substantially less attention is paid to the study of the nature of intrusions and, in particular, remote distributed intrusion attempts. No appropriate tools for intrusion/attack simulation nor research on a formal framework for intrusion specification exists.