An adaptive approach to cybersecurity risk assessment in distributed information systems based on neural networks

Abstract

This article investigates the current challenges of cybersecurity risk assessment within modern distributed information systems (DIS). It analyzes the key limitations of traditional approaches based on expert, probabilistic, or static methods. It is established that such methods lack sufficient adaptability and accuracy in a dynamic environment characterized by high complexity, heterogeneity of data sources, and infrastructure decentralization. Modern DIS, which process large volumes of real-time streaming data (logs, telemetry, transactions), require immediate responses to threats, rendering classic methods ineffective. Additional challenges include data heterogeneity, the absence of unified for mats, and the complexity of integration with IT asset inventory tools.
The necessity of developing a new adaptive approach to cyber risk assessment is substantiated, based on intelligent data analysis, correlation modeling, and the use of deep neural networks. The aim of the research is to increase the efficiency of this process by developing an adaptive method based on neural network analysis. To achieve this aim, a profile of key risk factors (KRFs) and corresponding security controls was developed. This profile includes dynamic control features such as average response time, anomaly frequency, traffic intensity, and topological network changes.
The paper describes the practical implementation of the method, which includes stages of unification, time synchronization, and aggregation of heterogeneous data streams. Based on IT infrastructure data, training datasets were formed, upon which a complex of neural network models (including recurrent neural networks and autoencoders) was built and tested for risk level evaluation. Special attention is given to solving the "concept drift" problem—the change in data statistical characterristics — by implementing online learning mechanisms and sliding windows. The proposed approach allows models to continuously update their parameters without full retraining, reacting to new types of threats.
The scientific novelty lies in the development of a complex of neural network models that synthesizes metric-oriented and standard-oriented approaches, and in the improvement of the KRF profile formation method. The practical significance is that the proposed approach provides a more accurate, scalable, and automated assessment of cyber risks. This enables a shift from reactive to proactive security management by predicting failures and detecting anomalies before they occur.

Keywords: computer network; machine learning; stream data processing; anomaly detection; concept drift; fault tolerance; intelligent data analysis; information security; correlation modeling.