DOI: https://doi.org/10.32515/2664-262X.2024.10(41).2.11-22
А Mathematical Model of Detecting Anomalous Connections Between Components of a Complex Computer System
About the Authors
Yelyzaveta Meleshko, Professor, Doctor in Technics (Doctor of Technic Sciences), Central Ukraіnian National Technical University, Kropyvnytskyi, Ukraine, e-mail: elismeleshko@gmail.com, ORCID ID: 0000-0001-8791-0063
Mykola Yakymenko, Associate Professor, PhD in TPhysical and Mathematicals (Candidate of Physical and Mathematical Sciences), Central Ukraіnian National Technical University, Kropyvnytskyi, Ukraine, e-mail: m.yakymenko@gmail.com, ORCID ID: 0000-0003-3290-6088
Volodymyr Mikhav, Doctor of Philosophy, Central Ukraіnian National Technical University, Kropyvnytskyi, Ukraine, e-mail: mihaw.wolodymyr@gmail.com, ORCID ID: 0000-0003-4816-4680
Yaroslav Shulika, post-graduate, Central Ukraіnian National Technical University, Kropyvnytskyi, Ukraine, e-mail: yar.shulika@gmail.com, ORCID ID: 0000-0002-6713-7269
Abstract
The object of the research is the process of detecting anomalies in high-load complex computer systems (HLCSS). The practical application area includes HLCSS such as banking transaction servers and cloud platforms, where stable operation must be ensured under heavy request loads. The problem addressed in the research is the lack of real-time anomaly detection models in HLCSS with a specified accuracy under resource constraints. Anomalies may signal system malfunctions, process mismatches, or potential cyberattacks. High-load systems are particularly sensitive to even minor disruptions, as they can cause significant delays or complete service unavailability for many users simultaneously, leading to financial losses and loss of customer trust.
Modern web services face issues such as attempts of DDoS attacks, significant fluctuations in user requests, database connection problems, memory leaks, and the impact of unexpected changes in network or hardware configuration. Therefore, ensuring timely anomaly detection is a critical aspect of high-load system security. Automating the analysis process and promptly identifying potential problems in real time help reduce risks and minimize downtime. Developing a mathematical model for anomaly detection in high-load web services aims not only to improve detection accuracy but also to ensure a timely response to potential threats under resource constraints. This helps avoid significant financial losses and enhances user trust in such services.
The paper creates and investigates a mathematical model for detecting anomalous connections between components of a complex computer system (HLCSS). The testing results of the model showed the following performance metrics: accuracy – 84%, precision – 87%, recall – 74%, F1-Score – 78%. The positive results of the study are explained by the following prerequisites: the HLCSS model uses projection matrices and orthogonal vector functions for anomaly analysis. This allows for the creation of spatial decompositions that reveal complex interconnections between components of a complex computer system using only eigenvalues and vectors. Thus, the model can be applied for operational data analysis and anomaly detection in resource-constrained environments.
Keywords
high-load complex computer systems, anomaly detection, mathematical models, dynamic chaos, complex networks
Full Text:
PDF
References
1. S. Yu, H. Jiang, S. Huang, X. Peng and A. Lu, "Compute-in-Memory Chips for Deep Learning: Recent Trends and Prospects," in IEEE Circuits and Systems Magazine, vol. 21, no. 3, pp. 31-56, thirdquarter 2021, doi: 10.1109/MCAS.2021.3092533. https://www.scimagojr.com/journalsearch.php?q=26004&tip=sid&clean=0
2. S. Kumar, S. Gupta and S. Arora, "Research Trends in Network-Based Intrusion Detection Systems: A Review," in IEEE Access, vol. 9, pp. 157761-157779, 2021, doi: 10.1109/ACCESS.2021.3129775. https://www.scimagojr.com/journalsearch.php?q=21100374601&tip=sid&clean=0
3. Lu, P.-J.; Lai, M.-C.; Chang, J.-S. A Survey of High-Performance Interconnection Networks in High-Performance Computer Systems. Electronics 2022, 11, 1369. https://doi.org/10.3390/electronics11091369
4. Semenov, S., Mozhaiev, O., Kuchuk, N., Mozhaiev, M., Tiulieniev, S., Gnusov, Y., Yevstrat, D., Chyrva, Y., & Kuchuk, H. (2022). Devising a procedure for defining the general criteria of abnormal behavior of a computer system based on the improved criterion of uniformity of input data samples. Eastern European Journal of Enterprise Technologies, 6 (4 (120)), 40–49. doi: https://doi.org/10.15587/1729¬4061.2022.269128
5. Meleshko, Y., Raskin, L., Semenov, S., & Sira, O. (2019). Methodology of probabilistic analysis of state dynamics of multi¬dimensional semi¬Markov dynamic systems. Eastern-European Journal of Enterprise Technologies, 6(4 (102), 6–13. https://doi.org/10.15587/1729-4061.2019.184637
6. Semenov, S., Zhang, L., Cao, W., Bulba, S., Babenko, V., & Davydov, V. (2021). Development of a fuzzy GERT-model for investigating common software vulnerabilities. Eastern-European Journal of Enterprise Technologies, 6(2 (114), 6–18. https://doi.org/10.15587/1729-4061.2021.243715
7. Meleshko, Y.V., Yakymenko, M., & Semenov, S. (2021). A Method of Detecting Bot Networks Based on Graph Clustering in the Recommendation System of Social Network. International Conference on Computational Linguistics and Intelligent Systems.
8. Semеnov, S., Gavrilenko, S. & Chelak, V. (2016), “Developing parametrical criterion for registering abnormal behavior in computer and telecommunication systems on basis of economic test”, Actual problems of economics, Kyiv, Vol. 4(178), рр. 451-459.
9. Devaney, Robert. (2021). An Introduction to Chaotic Dynamical Systems. 10.1201/9780429280801.
10. Göcs, László & Johanyák, Zsolt. (2023). Identifying Relevant Features of CSE-CIC-IDS2018 Dataset for the Development of an Intrusion Detection System. 10.48550/arXiv.2307.11544.
11. Göcs, László & Johanyák, Zsolt. (2023). Identifying Relevant Features of CSE-CIC-IDS2018 Dataset for the Development of an Intrusion Detection System. 10.48550/arXiv.2307.11544.
12. IDS 2018 | Datasets | Research | Canadian Institute for Cybersecurity | UNB.” [Online]. Available: https://www.unb.ca/cic/datasets/ids-2018.html. [Accessed: 05-Nov-2024].
13. Mohammed, Mahmood & Telek, Miklos. (2023). Anomaly Detection using combination of Autoencoder and Isolation Forest. 25 - 30. 10.3311/WINS2023-005.
14. Ribeiro, D.; Matos, L.M.; Moreira, G.; Pilastri, A.; Cortez, P. Isolation Forests and Deep Autoencoders for Industrial Screw Tightening Anomaly Detection. Computers 2022, 11, 54. https://doi.org/10.3390/computers11040054
15. Gavrylenko , S. Y. , & Sheverdin, I. V. (2021). DEVELOPMENT OF METHOD TO IDENTIFY THE COMPUTER SYSTEM STATE BASED ON THE «ISOLATION FOREST» ALGORITHM . Radio Electronics, Computer Science, Control, (1), 105–116. https://doi.org/10.15588/1607-3274-2021-1-11
16. Gavrylenko S., Semenov S., Sira O., Kuchuk N. Identification of the state of an object under conditions of fuzzy input data. Eastern-European Journal of Enterprise Technologies, 2019, Vol. 1, No. 4 (97), pp. 22–29. DOI: 10.15587/1729-4061.2019.157085
Citations
1. S. Yu, H. Jiang, S. Huang, X. Peng & A. Lu, "Compute-in-Memory Chips for Deep Learning: Recent Trends and Prospects," in IEEE Circuits and Systems Magazine, vol. 21, no. 3, pp. 31-56, thirdquarter 2021, doi: 10.1109/MCAS.2021.3092533. https://www.scimagojr.com/journalsearch.php?q=26004&tip=sid&clean=0
2. S. Kumar, S. Gupta and S. Arora, "Research Trends in Network-Based Intrusion Detection Systems: A Review," in IEEE Access, vol. 9, pp. 157761-157779, 2021, doi: 10.1109/ACCESS.2021.3129775. https://www.scimagojr.com/journalsearch.php?q=21100374601&tip=sid&clean=0
3. Lu, P.-J.; Lai, M.-C.; Chang, J.-S. A Survey of High-Performance Interconnection Networks in High-Performance Computer Systems. Electronics 2022, 11, 1369. https://doi.org/10.3390/electronics11091369
4. Semenov, S., Mozhaiev, O., Kuchuk, N., Mozhaiev, M., Tiulieniev, S., Gnusov, Y., Yevstrat, D., Chyrva, Y., Kuchuk, H. (2022). Devising a procedure for defining the general criteria of abnormal behavior of a computer system based on the improved criterion of uniformity of input data samples. Eastern European Journal of Enterprise Technologies, 6 (4 (120)), 40–49. doi: https://doi.org/10.15587/1729¬4061.2022.269128
5. Meleshko, Y., Raskin, L., Semenov, S., & Sira, O. (2019). Methodology of probabilistic analysis of state dynamics of multi¬dimensional semi¬Markov dynamic systems. Eastern-European Journal of Enterprise Technologies, 6(4 (102), 6–13. https://doi.org/10.15587/1729-4061.2019.184637
6. Semenov, S., Zhang, L., Cao, W., Bulba, S., Babenko, V., & Davydov, V. (2021). Development of a fuzzy GERT-model for investigating common software vulnerabilities. Eastern-European Journal of Enterprise Technologies, 6(2 (114), 6–18. https://doi.org/10.15587/1729-4061.2021.243715
7. Meleshko, Y.V., Yakymenko, M., & Semenov, S. (2021). A Method of Detecting Bot Networks Based on Graph Clustering in the Recommendation System of Social Network. International Conference on Computational Linguistics and Intelligent Systems.
8. Semеnov, S., Gavrilenko, S. and Chelak, V. (2016), “Developing parametrical criterion for registering abnormal behavior in computer and telecommunication systems on basis of economic test”, Actual problems of economics, Kyiv, Vol. 4(178), рр. 451-459.
9. Devaney, Robert. (2021). An Introduction to Chaotic Dynamical Systems. 10.1201/9780429280801.
10. Göcs, László & Johanyák, Zsolt. (2023). Identifying Relevant Features of CSE-CIC-IDS2018 Dataset for the Development of an Intrusion Detection System. 10.48550/arXiv.2307.11544.
11. Göcs, László & Johanyák, Zsolt. (2023). Identifying Relevant Features of CSE-CIC-IDS2018 Dataset for the Development of an Intrusion Detection System. 10.48550/arXiv.2307.11544.
12. IDS 2018 | Datasets | Research | Canadian Institute for Cybersecurity | UNB.” [Online]. Available: https://www.unb.ca/cic/datasets/ids-2018.html. [Accessed: 05-Nov-2024].
13. Mohammed, Mahmood & Telek, Miklos. (2023). Anomaly Detection using combination of Autoencoder and Isolation Forest. 25 - 30. 10.3311/WINS2023-005.
14. Ribeiro, D.; Matos, L.M.; Moreira, G.; Pilastri, A.; Cortez, P. Isolation Forests and Deep Autoencoders for Industrial Screw Tightening Anomaly Detection. Computers 2022, 11, 54. https://doi.org/10.3390/computers11040054
15. Gavrylenko , S. Y. , & Sheverdin, I. V. (2021). DEVELOPMENT OF METHOD TO IDENTIFY THE COMPUTER SYSTEM STATE BASED ON THE «ISOLATION FOREST» ALGORITHM . Radio Electronics, Computer Science, Control, (1), 105–116. https://doi.org/10.15588/1607-3274-2021-1-11
16. Gavrylenko S., Semenov S., Sira O., Kuchuk N. Identification of the state of an object under conditions of fuzzy input data. Eastern-European Journal of Enterprise Technologies, 2019, Vol. 1, No. 4 (97), pp. 22–29. DOI: 10.15587/1729-4061.2019.157085
Copyright (c) 2024 Yelyzaveta Meleshko, Mykola Yakymenko, Volodymyr Mikhav, Yaroslav Shulika
А Mathematical Model of Detecting Anomalous Connections Between Components of a Complex Computer System
About the Authors
Yelyzaveta Meleshko, Professor, Doctor in Technics (Doctor of Technic Sciences), Central Ukraіnian National Technical University, Kropyvnytskyi, Ukraine, e-mail: elismeleshko@gmail.com, ORCID ID: 0000-0001-8791-0063
Mykola Yakymenko, Associate Professor, PhD in TPhysical and Mathematicals (Candidate of Physical and Mathematical Sciences), Central Ukraіnian National Technical University, Kropyvnytskyi, Ukraine, e-mail: m.yakymenko@gmail.com, ORCID ID: 0000-0003-3290-6088
Volodymyr Mikhav, Doctor of Philosophy, Central Ukraіnian National Technical University, Kropyvnytskyi, Ukraine, e-mail: mihaw.wolodymyr@gmail.com, ORCID ID: 0000-0003-4816-4680
Yaroslav Shulika, post-graduate, Central Ukraіnian National Technical University, Kropyvnytskyi, Ukraine, e-mail: yar.shulika@gmail.com, ORCID ID: 0000-0002-6713-7269
Abstract
Keywords
Full Text:
PDFReferences
1. S. Yu, H. Jiang, S. Huang, X. Peng and A. Lu, "Compute-in-Memory Chips for Deep Learning: Recent Trends and Prospects," in IEEE Circuits and Systems Magazine, vol. 21, no. 3, pp. 31-56, thirdquarter 2021, doi: 10.1109/MCAS.2021.3092533. https://www.scimagojr.com/journalsearch.php?q=26004&tip=sid&clean=0
2. S. Kumar, S. Gupta and S. Arora, "Research Trends in Network-Based Intrusion Detection Systems: A Review," in IEEE Access, vol. 9, pp. 157761-157779, 2021, doi: 10.1109/ACCESS.2021.3129775. https://www.scimagojr.com/journalsearch.php?q=21100374601&tip=sid&clean=0
3. Lu, P.-J.; Lai, M.-C.; Chang, J.-S. A Survey of High-Performance Interconnection Networks in High-Performance Computer Systems. Electronics 2022, 11, 1369. https://doi.org/10.3390/electronics11091369
4. Semenov, S., Mozhaiev, O., Kuchuk, N., Mozhaiev, M., Tiulieniev, S., Gnusov, Y., Yevstrat, D., Chyrva, Y., & Kuchuk, H. (2022). Devising a procedure for defining the general criteria of abnormal behavior of a computer system based on the improved criterion of uniformity of input data samples. Eastern European Journal of Enterprise Technologies, 6 (4 (120)), 40–49. doi: https://doi.org/10.15587/1729¬4061.2022.269128
5. Meleshko, Y., Raskin, L., Semenov, S., & Sira, O. (2019). Methodology of probabilistic analysis of state dynamics of multi¬dimensional semi¬Markov dynamic systems. Eastern-European Journal of Enterprise Technologies, 6(4 (102), 6–13. https://doi.org/10.15587/1729-4061.2019.184637
6. Semenov, S., Zhang, L., Cao, W., Bulba, S., Babenko, V., & Davydov, V. (2021). Development of a fuzzy GERT-model for investigating common software vulnerabilities. Eastern-European Journal of Enterprise Technologies, 6(2 (114), 6–18. https://doi.org/10.15587/1729-4061.2021.243715
7. Meleshko, Y.V., Yakymenko, M., & Semenov, S. (2021). A Method of Detecting Bot Networks Based on Graph Clustering in the Recommendation System of Social Network. International Conference on Computational Linguistics and Intelligent Systems.
8. Semеnov, S., Gavrilenko, S. & Chelak, V. (2016), “Developing parametrical criterion for registering abnormal behavior in computer and telecommunication systems on basis of economic test”, Actual problems of economics, Kyiv, Vol. 4(178), рр. 451-459.
9. Devaney, Robert. (2021). An Introduction to Chaotic Dynamical Systems. 10.1201/9780429280801.
10. Göcs, László & Johanyák, Zsolt. (2023). Identifying Relevant Features of CSE-CIC-IDS2018 Dataset for the Development of an Intrusion Detection System. 10.48550/arXiv.2307.11544.
11. Göcs, László & Johanyák, Zsolt. (2023). Identifying Relevant Features of CSE-CIC-IDS2018 Dataset for the Development of an Intrusion Detection System. 10.48550/arXiv.2307.11544.
12. IDS 2018 | Datasets | Research | Canadian Institute for Cybersecurity | UNB.” [Online]. Available: https://www.unb.ca/cic/datasets/ids-2018.html. [Accessed: 05-Nov-2024].
13. Mohammed, Mahmood & Telek, Miklos. (2023). Anomaly Detection using combination of Autoencoder and Isolation Forest. 25 - 30. 10.3311/WINS2023-005.
14. Ribeiro, D.; Matos, L.M.; Moreira, G.; Pilastri, A.; Cortez, P. Isolation Forests and Deep Autoencoders for Industrial Screw Tightening Anomaly Detection. Computers 2022, 11, 54. https://doi.org/10.3390/computers11040054
15. Gavrylenko , S. Y. , & Sheverdin, I. V. (2021). DEVELOPMENT OF METHOD TO IDENTIFY THE COMPUTER SYSTEM STATE BASED ON THE «ISOLATION FOREST» ALGORITHM . Radio Electronics, Computer Science, Control, (1), 105–116. https://doi.org/10.15588/1607-3274-2021-1-11
16. Gavrylenko S., Semenov S., Sira O., Kuchuk N. Identification of the state of an object under conditions of fuzzy input data. Eastern-European Journal of Enterprise Technologies, 2019, Vol. 1, No. 4 (97), pp. 22–29. DOI: 10.15587/1729-4061.2019.157085
Citations
1. S. Yu, H. Jiang, S. Huang, X. Peng & A. Lu, "Compute-in-Memory Chips for Deep Learning: Recent Trends and Prospects," in IEEE Circuits and Systems Magazine, vol. 21, no. 3, pp. 31-56, thirdquarter 2021, doi: 10.1109/MCAS.2021.3092533. https://www.scimagojr.com/journalsearch.php?q=26004&tip=sid&clean=0
2. S. Kumar, S. Gupta and S. Arora, "Research Trends in Network-Based Intrusion Detection Systems: A Review," in IEEE Access, vol. 9, pp. 157761-157779, 2021, doi: 10.1109/ACCESS.2021.3129775. https://www.scimagojr.com/journalsearch.php?q=21100374601&tip=sid&clean=0
3. Lu, P.-J.; Lai, M.-C.; Chang, J.-S. A Survey of High-Performance Interconnection Networks in High-Performance Computer Systems. Electronics 2022, 11, 1369. https://doi.org/10.3390/electronics11091369
4. Semenov, S., Mozhaiev, O., Kuchuk, N., Mozhaiev, M., Tiulieniev, S., Gnusov, Y., Yevstrat, D., Chyrva, Y., Kuchuk, H. (2022). Devising a procedure for defining the general criteria of abnormal behavior of a computer system based on the improved criterion of uniformity of input data samples. Eastern European Journal of Enterprise Technologies, 6 (4 (120)), 40–49. doi: https://doi.org/10.15587/1729¬4061.2022.269128
5. Meleshko, Y., Raskin, L., Semenov, S., & Sira, O. (2019). Methodology of probabilistic analysis of state dynamics of multi¬dimensional semi¬Markov dynamic systems. Eastern-European Journal of Enterprise Technologies, 6(4 (102), 6–13. https://doi.org/10.15587/1729-4061.2019.184637
6. Semenov, S., Zhang, L., Cao, W., Bulba, S., Babenko, V., & Davydov, V. (2021). Development of a fuzzy GERT-model for investigating common software vulnerabilities. Eastern-European Journal of Enterprise Technologies, 6(2 (114), 6–18. https://doi.org/10.15587/1729-4061.2021.243715
7. Meleshko, Y.V., Yakymenko, M., & Semenov, S. (2021). A Method of Detecting Bot Networks Based on Graph Clustering in the Recommendation System of Social Network. International Conference on Computational Linguistics and Intelligent Systems.
8. Semеnov, S., Gavrilenko, S. and Chelak, V. (2016), “Developing parametrical criterion for registering abnormal behavior in computer and telecommunication systems on basis of economic test”, Actual problems of economics, Kyiv, Vol. 4(178), рр. 451-459.
9. Devaney, Robert. (2021). An Introduction to Chaotic Dynamical Systems. 10.1201/9780429280801.
10. Göcs, László & Johanyák, Zsolt. (2023). Identifying Relevant Features of CSE-CIC-IDS2018 Dataset for the Development of an Intrusion Detection System. 10.48550/arXiv.2307.11544.
11. Göcs, László & Johanyák, Zsolt. (2023). Identifying Relevant Features of CSE-CIC-IDS2018 Dataset for the Development of an Intrusion Detection System. 10.48550/arXiv.2307.11544.
12. IDS 2018 | Datasets | Research | Canadian Institute for Cybersecurity | UNB.” [Online]. Available: https://www.unb.ca/cic/datasets/ids-2018.html. [Accessed: 05-Nov-2024].
13. Mohammed, Mahmood & Telek, Miklos. (2023). Anomaly Detection using combination of Autoencoder and Isolation Forest. 25 - 30. 10.3311/WINS2023-005.
14. Ribeiro, D.; Matos, L.M.; Moreira, G.; Pilastri, A.; Cortez, P. Isolation Forests and Deep Autoencoders for Industrial Screw Tightening Anomaly Detection. Computers 2022, 11, 54. https://doi.org/10.3390/computers11040054
15. Gavrylenko , S. Y. , & Sheverdin, I. V. (2021). DEVELOPMENT OF METHOD TO IDENTIFY THE COMPUTER SYSTEM STATE BASED ON THE «ISOLATION FOREST» ALGORITHM . Radio Electronics, Computer Science, Control, (1), 105–116. https://doi.org/10.15588/1607-3274-2021-1-11
16. Gavrylenko S., Semenov S., Sira O., Kuchuk N. Identification of the state of an object under conditions of fuzzy input data. Eastern-European Journal of Enterprise Technologies, 2019, Vol. 1, No. 4 (97), pp. 22–29. DOI: 10.15587/1729-4061.2019.157085