DESIGNING CYBER DEFENSE OF ELECTRONIC SERVICES IN THE REENGINEERING PROCESS: ZERO TRUST, EVENT ANALYTICS, AND DETECTION OF FIRMWARE AND NETWORK ATTACKS USING DEEP LEARNING METHODS

Abstract

The paper proposes a targeted architecture for cyber protection of electronic services in the process of reengineering,
which combines a zero-trust approach, an event-based monitoring loop based on an intrusion detection system and a security
information and event management system, as well as anomaly detection modules based on deep learning. The relevance is due
to hybrid cyberattacks, where network exploits are combined with modification of embedded software in supply and update
chains and with exploitation of vulnerabilities in the Secure Transport Layer Protocol and Simple Network Management
Protocol in embedded devices. The goal is to integrate enterprise-level security into the service architecture and confirm
detection and response by time to detection, time to mitigation, and false positive rates. A two-level correlation is proposed:
deterministic rules for indicators of compromise and a machine learning correlator for hidden dependencies between events. For
time sequences, an autoencoder with a long-short-term memory recurrent neural network is used, where the reconstruction error
is a measure of anomaly. For binary and batch structures, byte sequence to image transformation and convolutional neural
network connection with a long-short-term memory recurrent neural network are used. The simulation covers downgrade of the
secure connection, certificate validation errors, compromise of the control protocol community strings and write access, as well
as injection of modified firmware into update channels. It is shown that the time to detection and noise reduction of incidents
are reduced compared to the approach based only on signatures. The practical value lies in the patterns of mutual authentication
of services policies, public key infrastructure, the principle of least privilege and checkpoints in firmware update chains and
protocol settings.
Keywords: zero-trust approach, intrusion detection system, security information and event management system, secure
transport layer protocol, simple network control protocol, embedded software, byte sequence to image conversion, convolutional
neural network, long short-term memory recurrent neural network, autoencoder, security event correlation.

References
1. von Solms R., van Niekerk J. From information security to cybersecurity // Computers & Security. 2013. Vol.
38. P. 97–102. DOI: https://doi.org/10.1016/j.cose.2013.04.004.
2. Marler R. T., Arora J. S. Survey of multi-objective optimization methods // Structural and Multidisciplinary
Optimization. 2004. Vol. 26. P. 369–395. DOI: https://doi.org/10.1007/s00158-003-0368-6.
3. Nataraj L., Karthikeyan S., Jacob G., Manjunath B. S. Malware images: visualization and automatic
classification // Proceedings of the 8th International Symposium on Visualization for Cyber Security (VizSec 2011). 2011.
P. 1–7. DOI: https://doi.org/10.1145/2016904.2016908.
4. Nguyen V. Q., Ma L., Kim J. LSTM-based anomaly detection on big data for smart factory monitoring //
Journal of Digital Contents Society. 2018. Vol. 19, No. 4. P. 789–799. DOI: https://doi.org/10.9728/dcs.2018.19.4.789.
5. Malhotra P., Ramakrishnan A., Anand G., Vig L., Agarwal P., Shroff G. LSTM-based encoder–decoder for
multi-sensor anomaly detection // Proceedings of the ICML 2016 Workshop on Anomaly Detection. 2016. DOI:
https://doi.org/10.48550/arXiv.1607.00148.
6. Rose S., Borchert O., Mitchell S., Connelly S. Zero Trust Architecture : NIST Special Publication 800-207.
Gaithersburg : NIST, 2020. DOI: https://doi.org/10.6028/NIST.SP.800-207.
7. National Institute of Standards and Technology. The NIST Cybersecurity Framework (CSF) 2.0 : NIST CSWP
29. Gaithersburg : NIST, 2024. DOI: https://doi.org/10.6028/NIST.CSWP.29.
8. Tao F., Qi Q., Wang L., Nee A. Y. Digital twins and cyber-physical systems toward smart manufacturing and
industry 4.0: correlation and comparison // Engineering. 2019. Vol. 5. P. 653–661. DOI:
https://doi.org/10.1016/j.eng.2019.01.014.
9. Kritzinger W., Karner M., Traar G., Henjes J., Sihn W. Digital Twin in manufacturing: a categorical literature
review and classification // IFAC-PapersOnLine. 2018. Vol. 51, No. 11. P. 1016–1022. DOI:
https://doi.org/10.1016/j.ifacol.2018.08.474.
10. Cui A., Stolfo S. A quantitative analysis of the insecurity of embedded network devices: results of a wide-area
scan // Proceedings of the 26th Annual Computer Security Applications Conference (ACSAC 2010). 2010. P. 97–106.
DOI: https://doi.org/10.1145/1920261.1920276.
11. van der Aalst W. M. P. Process Mining: Data Science in Action. 2nd ed. Berlin ; Heidelberg : Springer, 2016.
467 p. DOI: https://doi.org/10.1007/978-3-662-49851-4.
12. Scarfone K., Mell P. Guide to Intrusion Detection and Prevention Systems (IDPS) : NIST Special Publication
800-94. Gaithersburg : NIST, 2007. DOI: https://doi.org/10.6028/NIST.SP.800-94.
13. Kim T. Y., Cho S. B. Web traffic anomaly detection using C-LSTM neural networks // Expert Systems with
Applications. 2018. Vol. 106. P. 66–76. DOI: https://doi.org/10.1016/j.eswa.2018.04.004.
14. Hasan S., Raza M., Ghosh S., et al. Zero-trust design and assurance patterns for cyber–physical systems //
Journal of Systems Architecture. 2024. DOI: https://doi.org/10.1016/j.sysarc.2024.103261.
15. Sheeraz M., Durad M. H., Paracha M. A., Mohsin S. M., Kazmi S. N., Maple C. Revolutionizing SIEM
Security: An Innovative Correlation Engine Design for Multi-Layered Attack Detection // Sensors. 2024. Vol. 24, No.
15. Art. 4901. DOI: https://doi.org/10.3390/s24154901.
16. Abdallah M., Le-Khac N.-A., Jahromi H. Z., Jurcut A. D. A Hybrid CNN-LSTM Based Approach for Anomaly
Detection Systems in SDNs // Proceedings of the 16th International Conference on Availability, Reliability and Security
(ARES 2021). 2021. DOI: https://doi.org/10.1145/3465481.3469190.
17. Hussain O. A., Chen Z., et al. sSecure Net: A Hybrid CNN-LSTM-based Intrusion Detection System for
Securing IoT Networks // Proceedings (ACM). 2025. DOI: https://doi.org/10.1145/3727648.3727736.