Designing a decision support system for the weakly formalized problems in the provision of cybersecurity

Abstract

We devised a decision support system (DSS) for the weakly formalized problems of information protection and the provision of cybersecurity at the informatization objects. The system is based on the models that describe the tasks of information safety and cyberprotection in the conceptual and functional aspects. We described the process of compiling a knowledge base of DSS for the circumstances related to the detection of hard-to-explain attributes of anomalies and attacks. The DSS "Decision Support System of Management protection of information - DMSSCIS", which we designed, makes it possible to improve understanding of the analyzed situations that occur in the process of cyberprotection of mission critical computer systems. While tested at the enterprises, it was established that the "DMSSCIS" system enabled effective visualization and interpretation of results of current assessment of the revealed hard-to-explain attributes of anomalies and cyberattacks, as well as allowed us to describe current situation in the course of multistage targeted cyberattacks. It was established that the application of DSS "DMSSCIS" in the interaction with other systems for the intelligent recognition of illegitimate interference in the computer systems operations made it possible to improve efficiency of decision making on information security. While testing, it was found that the application of the "DMSSCIS" system allowed reducing the time required to inform persons, responsible for cybersecurity, about the incidents by 6.9-7.2 times.