Dissertatsiya 2-bob

Algoritmlar va matematik modellar

CyberSentinel platformasida qo'llaniladigan asl ilmiy hissalar: Hybrid Cascade Ensemble klassifikatori, AHP/MCDM qaror dvigateli, Λ-metrikasi, MITRE ATT&CK mapping va Continuous Learning oqimi.

Hybrid Cascade Ensemble

Dissertatsiya 2.2-bo'lim

Ikki bosqichli klassifikator: tezkor Random Forest (200 daraxt) + chuqur XLM-RoBERTa (multilingual transformer). Bayes formulasi bilan birlashtiriladi: 

P(Y=c | X) = α · P_RF(Y=c | X) + (1 − α) · P_BERT(Y=c | X)
  • α = 0.35 — empirik baholangan optimum
  • τ = 0.65 — kaskad o'tish chegarasi
  • P95 latency: 12 ms (RF), 80 ms (cascade)
  • Theorem 1: ε(E) ≤ min(ε(M_RF), ε(M_BERT))
Batafsil

AHP / MCDM qaror dvigateli

Dissertatsiya 2.4-bo'lim

Saaty'ning Analytic Hierarchy Process metodi 8 ta kriteriya bo'yicha qaror chiqaradi: data sensitivity, source trust, destination reputation, working hours, country, network segment, user role, contextual risk.

  • Saaty 1-9 shkalasi — pairwise solishtirish
  • CR < 0.10 — consistency ratio validatsiyasi
  • 4 harakat: allow / alert / redact / block
  • Vazn vektor: normallashgan principal eigenvector
Batafsil

Λ-metrikasi

Dissertatsiya 2.4-bo'lim, formula (2.4)

Algoritm samaradorligini murakkabligiga nisbatan baholaydi: 

Λ(A) = I(A; Y) / log₂(C(A))
  • I(A; Y) — algoritm va label o'rtasidagi o'zaro axborot (Shannon mutual information)
  • C(A) — algoritm hisoblash murakkabligi (FLOPS, parametrlar, samples/sec)
  • Theorem 2: I(A; Y) ≤ min(H(A), H(Y))
  • Algoritmlarni Pareto-efficient solishtirish
Batafsil

MITRE ATT&CK mapping

Enterprise Framework v15+

DLP voqealarini real-time MITRE Tactics/Techniques bilan bog'laydi. STIX 2.1 formatidan to'g'ridan-to'g'ri mitre/cti repo'sidan yuklab olinadi.

  • 14 Tactics (TA0001 … TA0011, TA0040, TA0042)
  • 200+ Techniques (T1078, T1041, T1567, …)
  • Insider tahdid, Exfiltration, Cloud, C2 mapping
  • Time-based heuristics (off-hours, working segment)
MITRE ATT&CK

Continuous Learning

Dissertatsiya 2.5-bo'lim

Modeller production'da o'zgarib turuvchi taqsimotlarga moslashadi. Feedback buffer 50K namunaga to'lganida yoki PSI ≥ 0.25 (concept drift) aniqlangan paytda retrain ishga tushadi.

  • 4 trigger: buffer size, age, drift, F1 drop
  • Validation gate: yangi F1 ≥ joriy
  • Canary deploy: 10% → 50% → 100%
  • MLflow tracking + Airflow DAG (kuniga 02:00)

Anomaly Detection (4 algoritm)

Dissertatsiya 2.5, 3.1-jadval

Insider/outsider tahdid xulq-atvor anomaliyalarini real-time aniqlash:

  • Isolation Forest — point anomaliya (200 trees, 5% contamination)
  • STL decomposition — vaqt-qatori (Z-score residual, period 24h)
  • UBA — per-user baseline (login hour, files, bytes, IP, country)
  • Mahalanobis — multivariate (chi² test)

Matematik tasdiqlar

Dissertatsiyada isbotlangan asosiy teoremalar

Theorem 1

Cascade ensemble error bound

Hybrid Cascade'ning xato darajasi har bir komponent xatosidan kichik yoki teng: 

ε(E) ≤ min(ε(M_RF), ε(M_BERT))
Theorem 2

Mutual information bound

Λ-metrikasidagi numerator yuqoridan chegaralanadi (data processing inequality): 

I(A; Y) ≤ min(H(A), H(Y))
USL — Theorem 3

Universal Scalability Law

Mikroservis arxitekturasi N replica'da: 

S(N) = N / (1 + α(N−1) + βN(N−1))