Centralized intrusion detection and prevention systems (IDS/IPS) and Security Information Event Management (SIEM) systems often fail to analyze and respond to information and cybersecurity threats that occur in distributed and heavily loaded environments due to computational, storage, and license limitations. In this chapter, we propose a novel distributed hierarchical system concept for early intrusion detection and subsequent assessment of cyber and information security risks based on anomalous behavior analysis without using predefined patterns. The developed approach aims to increase the security of distributed systems against decentralized attacks including both DDoS and non-specific, non-DDoS attacks, such as advanced persistent threats (APT) conducted by high-skilled cybercrimes and state-sponsored adversaries. We expect the proposed concept to improve the performance of SIEM systems compared to centralized solutions. The increasing productivity effectiveness indicator depends on the possible number of hierarchy levels in the analyzed systems (the possibility of their decomposition into subsystems).

A promising approach to raising the caliber and accessibility of healthcare services is the development of Smart Healthcare Systems. However, the union of wireless networks and smart medical devices has created additional security issues, such as the possibility of identity theft, data breaches, and denial-of-service assaults. These flaws emphasize the significance of creating a safe and dependable smart healthcare system that can safeguard patient data and guarantee the confidentiality of private medical information. This study suggests adopting 5G security standards to address the security issues with smart healthcare systems. The threat modeling approach, which includes six threat categories (spoofing, tampering, repudiation, information disclosure, denial of service, and elevation of privilege), is used in this study to investigate potential threats in smart healthcare systems. The report suggests using strong encryption protocols between smart healthcare equipment and 5G-AKA to reduce these potential threats. The proposed approach showed appreciable advancements in data security and privacy. According to the findings, 5G security standards can be used to efficiently reduce security risks in smart healthcare systems and establish a trustworthy and secure platform for delivering medical services. The study emphasizes the significance of including strong security controls in such systems to secure patient information and raise the standard of treatment generally. © 2023 Copyright for this paper by its authors.

The authors describe information technology for IT projects creative management, a corresponding structure of the database and a diagram of participants, which is based on genetic algorithm application, and is used to solve the optimization problem to achieve their maximum efficiency. To build a creative team that uses design thinking technologies and the concept of a minimum viable product, it is necessary to evaluate the following groups of indicators as: emotional intelligence of an individual as a team member; internal interactions of a team member; personal qualities of a team member. Criteria for selecting the best team members include experience, skills, cost, compatibility, and empathy. Appropriate methods and tests assess the initial level of applicants. Later, when applicants become a part of the project team, they carry out intra-team interaction, undergo the necessary learning and training for the missing positions to correct the behavior of the team members. Afterward, the testing is repeated after a certain time interval. Proposed information technology for IT projects creative management has powerful scaling capabilities, which allow it to effectively cope with the increase in the number of data and users, without losing productivity and speed. In conclusion, the presented system is a high-tech and innovative solution for creative management of IT project teams with an innovative component, which can find wide application among IT project managers and organizations that seek to improve the efficiency of their projects and achieve competitive advantages on the market. © The Author(s), under exclusive license to Springer Nature Switzerland AG 2024.

The research presented focuses on cryptographic-agility for End-to-End Encryption systems (E2EE) that could be implemented for telemetry data encryption. The recent report 1 by Microsoft after a security incident, describes the consequences that lead to encryption key leakage from telemetry data of highly protected production system. Internet of Things (IoT) and mobile devices constantly produce telemetry data which contains sensitive information. The data partially belongs to vendor, but IoT consumer’s consent is needed to access such data for troubleshooting or forensic analysis. Goyal et al [2] proposed Attribute Based Encryption (ABE) as a solution for legitimately access the audit log contents by engineering team. © 2024 Copyright held by the owner/author(s).

This paper reports an analysis of aspects of the project planning stage. The object of research is the decision-making processes that take place at this stage. This work considers the problem of building a hierarchy of tasks, their distribution among performers, taking into account restrictions on financial costs and duration of project implementation.

Verbal and mathematical models of the task of constructing a hierarchy of tasks and other tasks that take place at the stage of project planning were constructed.

Such indicators of the project implementation process efficiency were introduced as the time, cost, and cost-time efficiency. In order to be able to apply these criteria, the tasks of estimating the minimum value of the duration of the project and its minimum required cost were considered. Appropriate methods have been developed to solve them.

The developed iterative method for assessing the minimum duration of project implementation is based on taking into account the possibility of simultaneous execution of various tasks. The method of estimating the minimum cost of the project is to build and solve the problem of Boolean programming.

The values obtained as a result of solving these problems form an «ideal point», approaching which is enabled by the developed iterative method of constructing a hierarchy of tasks based on the method of sequential concessions. This method makes it possible to devise options for management decisions to obtain valid solutions to the problem. According to them, the decision maker can introduce a concession on the value of one or both components of the «ideal point» or change the input data to the task.

The models and methods built can be used when planning projects in education, science, production, etc.

Anomaly detection across critical infrastructures is not only a key step towards detecting threats but also gives early warnings of the likelihood of potential cyber-attacks, faults, or infrastructure failures. Owing to the heterogeneity and complexity of the cybersecurity field, several anomaly detection algorithms have been suggested in the recent past based on the literature; however, there still exists little or no research that points or focuses on Non-Pattern Anomaly Detection (NP-AD) in Time-Series at the time of writing this paper. Most of the existing anomaly detection approaches refer to the initial profiling, i.e., defining which behavior represented by time series is “normal”, whereas everything that does not meet the criteria of “normality” is set as “abnormal” or anomalous. Such a definition does not reflect the complexity and sophistication of anomaly nature. Under different conditions, the same behavior may or may not be anomalous. Therefore, the authors of this paper posit the need for NP-AD in Time-Series as a step toward showing the relevance of deviating or not conforming to expected behaviors. Non-Pattern (NP), in the context of this paper, illustrates non-conforming patterns or a technique of deviating with respect to some characteristics while dynamically adapting to changes. Based on the experiments that have been conducted in this paper, it has been observed that the likelihood of NP-AD in Time-Series is a significant approach based on the margins of data streams that have been used from the perspective of non-seasonal time series with outliers, the Numenta Anomaly Benchmark (NAB) dataset and the SIEM SPLUNK machine learning toolkit. It is the authors’ opinion that this approach provides a significant step toward predicting futuristic anomalies across diverse cyber, critical infrastructures, and other complex settings. © 2023 by the authors.

This work is devoted to the study of the features of functioning in Collaborative Human-AI Decision-Making Systems with numerical channels. The system operates in automatic mode without external influences. The channels can be both artificial intelligence software and competent experts giving conclusions on the question under study. The cases considered are those in which an agreed solution must be numerical and logical. For each of these cases, decision rules for the system have been developed. The developed rules include the ability to take into account the reliability of the channels, which allows expanding their number in the system if necessary. © 2022 IEEE.

In the work, the complex investigation and analysis results of the compromise probability behavior in Traffic Engineering oriented secure routing model in software-defined networks have been presented. Within the framework of the study, the classical flow-based model based on load balancing in accordance with the principles of the Traffic Engineering concept was improved and supplemented with conditions that allow considering the network security parameters in the process of obtaining a routing solution. In this way it was obtained the secure traffic engineering routing model, the novelty of which lies in the modified conditions of load balancing considering such network characteristics as topology, features of the traffic transmitted, as well as links bandwidth and probabilities of their compromising. The use of such a model makes it possible to reduce the overload of network links with a high value of compromise probability, while more traffic will be transmitted over secure links without causing overload. Power and exponential forms of functional dependence of weighting coefficients on the link compromise probability have been used for comparison during obtaining the secure-based routing solutions. The secure traffic engineering routing flow-based model under investigation is proposed to use in a software-defined network data plane. © 2022, The Author(s), under exclusive license to Springer Nature Switzerland AG.

As a rule, modern approaches to protecting against cyberattacks do not guarantee the impossibility of compromising applications and operating systems. Therefore, detection and identification of vulnerabilities, and actions to avoid or mitigate their impact on businesses and cybersecurity processes are critical for the operation of information systems and the information security management system. To identify a possible attack vector, as a rule, the following methods could be applied: either those that allow detecting abuses or that allow detecting anomalies. This paper investigates the possibility of identifying the alleged attack vector based on the entropy analysis of cybersecurity events. The research results presented in the paper allow us to determine the required width of the sliding window and confirm that such entropy analysis detects exceeding security thresholds and anomalies in the operation of operating systems and applications and, accordingly, probable attack vectors. © 2022 Copyright for this paper by its authors. Use permitted under Creative Commons License Attribution 4.0 International (CC BY 4.0).

Existing models and methods of intrusion detection are mostly aimed at detecting intensive attacks, do not take into account the security of computer system resources and the properties of information flows. This limits the ability to detect anomalies in computer systems and information flows in a timely manner. The latest monitoring and intrusion detection solutions must take into account self-similar and statistical traffic characteristics, deep packet analysis, and the time it takes to process the information. An analysis of properties traffic and data collected at nodes and in the network was performed. Based on the analysis traffic parameters that will be used as indicators for intrusion detection were selected. A method of intrusion detection based on packet statistical analysis is described and simulated. A comparative analysis of binary classification of fractal time series by machine learning methods is performed. We consider classification by the example of different types of attack detection in traffic implementations. Random forest with regression trees and multilayer perceptron with periodic normalization were chosen as classification methods. The experimental results showed the effectiveness of the proposed methods in detecting attacks and identifying their type. All methods showed high attack detection accuracy values and low false positive values. © 2022, The Author(s), under exclusive license to Springer Nature Switzerland AG.