The work provides an analysis of the network's systems to protect against malware. The subject of the study is the development of a method of integrated analysis and optimization of the management of the processing of input information of the computer network in the context of interaction with an open and unsafe network with high uncertainty and risks.
Analysis of the state of protection of the computer network from input malicious software products allowed to identify the problem - high intensity and high heterogeneity of the input information of the computer system in the context of interaction with the open network uncertainties and risks reduces the reliability of the protection and operation of the computing network. The aim of the study is to improve the effectiveness of the integrated analysis and optimization of the management of the processing of input information of the computer system in conditions of high uncertainty and risk. The problem is the high intensity of viral attacks.
The main focus of research is the creation of new and modificational existing methods of intelligent analysis of input data in order to effectively detect anomalies that threaten the functioning of the research facility. The work shows the options for construction, the criteria for optimization. The work examines the task of managing the operation of a comprehensive antivirus protection system, consisting of agreed on the decision levels of several antivirus programs. The results of mathematical modeling of the system are given, a list of interconnected tasks necessary for solving optimization problems with the selection of varieties of antivirus scanners, setting their thresholds, methods of adoption private decisions on the combination of methods of the same levels of probability of the first and second kind, methods with different levels of thresholds, as well as methods of making a common collective decision on the assigned criterion.
Recommendations for the optimal architecture and parameters of antivirus scanning of input traffic have been developed. Analysis of the results of the experimental test of the method allowed to determine the conditions and limitations of the algorithm. Recommendations have been developed on how many channels the system has been set up, the number of levels of collective decision-making rules in training mode, with blurred requirements for the input model of the malicious product, and the degree of risk when using the method in real-world conditions. Thus, the structure of the multi-parametric serial-parallel matrix system of information network protection, customization methods and decision-making algorithms with an increased level of detection of malware is proposed.