[105] Intelligence algorithms for intrusion and anomaly detection in virtual cloud networks, software and experiment design

Federal State Budget Educational Institution of Higher Education, Moscow State University of Psychology and Education, Moscow, Russia
Tel: +7 916 470 80 40; Email: g.a.yuryev@gmail.com

This work describes experience concerning the development and application of a distributed threat detection system in a virtual cloud infrastructure. It presents the architecture of the complex and the concept of its operation in the operator-controlled mode of experimental data collection and in the autonomous mode of identifying threats and deviant behaviour in a virtual local network.
It presents diagrams of the interaction of subsystems in BPMN 2 notation, which was chosen for the task of simulating business processes due to the extensive support of expressive means designed to reflect event-driven asynchronous processes.
A significant role in building a comprehensive picture of the complex operation is played by the correct understanding of the order in which events are processed by the complex components and the principles of prioritising responses.
A number of ‘abstract’ subsystems are distinguished in the structure (hereinafter, the abstract subsystem is understood to be a subsystem that is not represented by a particular flow of execution and arises as a result of the interaction of the complex components).