Igor Saenko

Design and Performance Evaluation of Improved Genetic Algorithm for Role Mining Problem

Role Mining Problem (RMP) is an important issue in RBAC design and development. Genetic algorithm (GA) can be an effective method for solving RMP, but known usual GAs used for RMP have low performance at high dimensions. The paper proposes an improved GA for solving RMP. This algorithm is based on implementing some changes applied to the usual GAs. The main upgrades are the representation of algorithm chromosomes as strings of variable lengths with complex gene structures, the modernization of crossover operation, and the local optimization of chromosome structures after crossover execution on the basis of proposed rules. The performance evaluation results show that improved GA has better performance then usual GA. Moreover, the improved GA has a larger performance gain, when the required access control scheme is characterized by greater role severity.

Improved genetic algorithms for solving the optimisation tasks for design of access control schemes in computer networks

Access control scheme design is the most important task in the field of computer network security, which has to be solved by security administrators and developers. The access control quality strongly affects such important security properties, as information privacy and accessibility. One of the solutions to this problem is to reduce it to a form of the optimisation task and its subsequent solving by mathematical methods. However, due to the large complexity of this task, applying traditional mathematical methods is very difficult. At the same time, genetic algorithms represent a new and very interesting way to solve this class of problems. This paper suggests an approach for designing access control schemes based on genetic algorithms. To enhance the implementation of genetic operations it proposes a number of significant improvements, which include the multi-chromosomal representation of individuals in populations, the usage of complex data types to represent genes in chromosomes and the use of special control chromosomes. The experimental evaluation of the approach is discussed. It is demonstrated that the proposed improved genetic algorithms are quite efficient means for access control schemes optimisation in computer networks.

The Ontology of Metrics for Security Evaluation and Decision Support in SIEM Systems

Analysis of computer network security is a serious challenge. Many security metrics has been proposed for this purpose, but their effective use for rapid and reliable security evaluation and generation of countermeasures in SIEM systems remains an important problem. The use of ontologies for security information representation in SIEM systems contributes largely to the success of this task. However, most of works on ontological security data representation does not take into account the ontologies of security metrics. This paper proposes a new approach on using security metrics which is based on their ontological representation and serves for comprehensive security evaluation and subsequent countermeasure generation. The novelty of the proposed approach is that ontology of security metrics is viewed as a core component of a countermeasure decision support system. The proposed solutions are tested on a specific example.

The Ontological Approach for SIEM Data Repository Implementation

The technology of Security Information and Event Management (SIEM) becomes one of the most important research applications in the area of computer network security, including distributed networks of internet enabled objects (as in the Internet of Things). The overall functionality of SIEM systems depends largely on the quality of solutions implemented at the data storage level, which is purposed for the representation of heterogeneous security events, their storage in the data repository and the extraction of relevant data for the analytical modules of SIEM systems. An ontological approach at present becomes more applicable for realizing these tasks in various spheres of information security. The paper discusses the possibilities of applying the ontological approach for implementation of the data repository of SIEM systems for distributed networks of Internet enabled objects. Based on the analysis of existing SIEM systems and standards, the choice of ontological approach is done, an example of the ontological data model of vulnerabilities is presented, a hybrid architecture of the ontological repository is proposed and the issues of developing and testing the repository for attack modelling and secure evaluation tasks are discussed.

Design and Implementation of a Hybrid Ontological-Relational Data Repository for SIEM Systems

The technology of Security Information and Event Management (SIEM) becomes one of the most important research applications in the area of computer network security. The overall functionality of SIEM systems depends largely on the quality of solutions implemented at the data storage level, which is purposed for the representation of heterogeneous security events, their storage in the data repository, and the extraction of relevant data for analytical modules of SIEM systems. The paper discusses the key issues of design and implementation of a hybrid SIEM data repository, which combines relational and ontological data representations. Based on the analysis of existing SIEM systems and standards, the ontological approach is chosen as a core component of the repository, and an example of the ontological data model for vulnerabilities representation is outlined. The hybrid architecture of the repository is proposed for implementation in SIEM systems. Since the most of works on the repositories of SIEM systems is based on the relational data model, the paper focuses mainly on the ontological part of the hybrid approach. To test the repository we used the data model intended for attack modeling and security evaluation, which includes both ontological and relational dimensions.

Genetic optimization of access control schemes in virtual local area networks

The paper presents the formulation of the problem of access control to information resources located in virtual local area networks. We define the initial data, the objective function and constraints of the problem. To solve the proposed problem we suggest the method of genetic optimization of access control scheme based on the poly-chromosomal representation of intermediate points. The results of computer simulation and evaluation of the proposed method are discussed.

A Genetic Approach for Virtual Computer Network Design

One of possible levels of computer protection may consist in splitting computer networks into logical chunks that are known as virtual computer networks or virtual subnets. The paper considers a novel approach to determine virtual subnets that is based on the given matrix of logic connectivity of computers. The paper shows that the problem considered is related to one of the forms of Boolean Matrix Factorization. It formulates the virtual subnet design task and proposes genetic algorithms as a means to solve it. Basic improvements proposed in the paper are using trivial solutions to generate an initial population, taking into account in the fitness function the criterion of minimum number of virtual subnets, and using columns of the connectivity matrix as genes of chromosomes. Experimental results show the proposed genetic algorithm has high effectiveness.

Neural network approach to forecast the state of the Internet of Things elements

The paper presents the method to forecast the states of elements of the Internet of Things based on using an artificial neural network. The offered architecture of the neural network is a combination of a multilayered perceptron and a probabilistic neural network. For this reason, it provides high efficiency of decision-making. Results of an experimental assessment of the offered neural network on the accuracy of forecasting the states of elements of the Internet of Things are discussed.

Using Genetic Algorithms for Design and Reconfiguration of RBAC Schemes

During last years for Role-Based Access Control (RBAC) model there were suggested several variants of optimization problems for design of RBAC schemes. These problems have mappings ≪users--roles> and ≪roles--permissions> under different conditions, concerning numbers of roles and links, as well as accuracy of reproduction of the initial mapping ≪users--permissions>. Different methods were suggested for solving these problems. Nevertheless the problem of reconfiguration of RBAC schemes is not studied in known papers. This paper gives the problem statement for reconfiguration of RBAC schemes and suggests a unified approach to solve both problems (design and reconfiguration), based on genetic algorithms. The suggested genetic algorithms have several enhancements. They use two chromosomes for each individuals, use columns of matrices as genes of chromosomes and take into consideration in fitness-functions several criteria at the same time. The results of the experiments show sufficiently high efficiency of the suggested approach.

The Genetic Approach for Design of Virtual Private Networks

Virtual private networks (VPNs) are now practically the only mean of establishing secure data exchange via the public networks (Internet). The problem of designing a virtual private network is to determine the required number of VPN channels, connecting the fragments of the distributed network infrastructure to each other. However, if the number of fragments is great, this problem becomes rather complex. In addition, the specific feature of solving the problem of designing VPN is the necessity for joint consideration of bandwidth, reliability and cost of the network. This paper offers an approach to solve this problem basing on genetic algorithms. On the basis of the queuing theory the paper examines the analytical models of bandwidth, reliability and cost of the network. The resulting analytical expressions for estimating these properties are then used to construct the fitness function of the genetic algorithm. The structure of the chromosome of the genetic algorithm is proved as a set of elements of the VPN connectivity matrix, lying above the main diagonal. Experimental results obtained for various modes of operation of the distributed infrastructure showed that the optimal structures of the VPN, obtained on the basis of the proposed approach, by the generalized indicator of efficiency have advantage up to 40 percent compared to standard options.