The article herein presents the method and algorithms
for forming the feature space for the base of intellectualized
system knowledge for the support system in the cyber threats
and anomalies tasks. The system being elaborated might be used
both autonomously by cyber threat services analysts and jointly
with information protection complex systems. It is shown, that advised
algorithms allow supplementing dynamically the knowledge
base upon appearing the new threats, which permits to cut the
time of their recognition and analysis, in particular, for cases of
hard-to-explain features and reduce the false responses in threat
recognizing systems, anomalies and attacks at informatization
objects. It is stated herein, that collectively with the outcomes of
previous authors investigations, the offered algorithms of forming
the feature space for identifying cyber threats within decisions
making support system are more effective. It is reached at the
expense of the fact, that, comparing to existing decisions, the
described decisions in the article, allow separate considering the
task of threat recognition in the frame of the known classes, and
if necessary supplementing feature space for the new threat types.
It is demonstrated, that new threats features often initially are
not identified within the frame of existing base of threat classes
knowledge in the decision support system. As well the methods
and advised algorithms allow fulfilling the time-efficient cyber
threats classification for a definite informatization object.

J.Petit, S.E.Shladover, ”Potential Cyberattacks on Automated Vehicles”,

IEEE Transactions on Intelligent Transportation Systems,Vol. 16 Iss. 2,

–556 (2015) DOI: 10.1109/TITS.2014.2342271.

F. Miao, Q. Zhu, M.G.Pajic, J. Pappas, ”Coding Schemes for Securing

Cyber-Physical Systems Against Stealthy Data Injection Attacks”, IEEE

Transactions on Control of Network Systems, Vol. PP,Iss. 99, 1 (2016)

DOI: 10.1109/TCNS.2016.2573039.

O. Petrov, B. Borowik, M. Karpinskyy, ”Immune and defensive corporate

systems with intellectual identification of threats, Pszczyna : Slaska

Oficyna Drukarska”, 222 p. ISBN: 978–83–62674–68–8 (2016).

T. Sawik, ”Selection of optimal countermeasure portfolio in it security

planning”,Decision Support Systems, 2013, Vol. 55, Iss. 1, P. 156–164.

http://dx.doi.org/10.1016/j.dss.2013.01.001

A. Fielder, E. Panaousis, P. Malacaria, C. Hankin, F.

Smeraldi, ”Decision support approaches for cyber security

investment”, Decision Support Systems,2016, Vol. 86, P. 13–23.

http://dx.doi.org/10.1016/j.dss.2016.02.012

L. Atymtayeva, K. Kozhakhmet, G. Bortsova, ”Building a Knowledge

Base for Expert System in Information Security”, Chapter Soft Computing

in Artificial Intelligence of the series Advances in Intelligent

Systems and Computing,2014, Vol. 270, P. 57–76. DOI:10.1007/978-

-319-05515-27

M.M. Gamal, B. Hasan, A.F. Hegazy, ”A Security Analysis Framework

Powered by an Expert System”, International Journal of Computer

Science and Security (IJCSS),2011, Vol. 4, No. 6, P. 505–527.

S. Dua, X. Du, ”Data Mining and Machine Learning in Cybersecurity”,

UK, CRC press, 2016, p. 225.

A.L. Buczak, E. Guven, ”A Survey of Data Mining and Machine

Learning Methods for Cyber Security Intrusion Detection”, IEEE Communications

Surveys and Tutorials, 2016, Vol. 18, Iss. 2. – P. 1153—

DOI: 10.1109/COMST.2015.2494502

O. Al-Jarrah, A. Arafat, ”Network Intrusion Detection System using

attack behavior classification”, 2014 5th International Conference

on Information and Communication Systems (ICICS), 2014,. DOI:

1109/iacs.2014.6841978

N. Ben–Asher, C. Gonzalez, ”Effects of cyber security knowledge on

attack detection”,Computers in Human Behavior, (48), 51—61, (2015).

A.Kh. Nishanov, K.F.Kerimov, ”Methods of Counteraction from Attacks

Carried out Against Users in a Network the Internet”,ICEICElectronics,

news and communications,IX-the conference, Tashkent,

, P. 298–299.

M.M. Gamal, B.Hasan, A.F.Hegazy ”A Security Analysis Framework

Powered by an Expert System”,International Journal of Computer

Science and Security (IJCSS), 2011, Vol. 4, No. 6, P. 505–527.

Li-Yun. Chang, Zne-Jung. Lee, ”Applying fuzzy expert system to

information security risk Assessment”, – A case study on an attendance

system, International Conference on Fuzzy Theory and Its Applications

(iFUZZY), 2013,346 – 351. DOI: 10.1109/iFuzzy.2013.6825462

M.Kanatov, L.Atymtayeva, B.Yagaliyeva ”Expert systems for information

security management and audit”,Implementation phase issues,

Soft Computing and Intelligent Systems (SCIS), Joint 7th International

Conference on and Advanced Intelligent Systems (ISIS), 2014, P. 896 –

DOI:10.1109/SCIS-ISIS.2014.7044702

Kuo-Chan.Lee, C.-H. Hsieh, L.-J. Wei, C.-H. Mao, J.-H. Dai, Y.-

T. Kuang, ”Sec-Buzzer: cyber security emerging topic mining with

open threat intelligence retrieval and timeline event annotation”, Soft

Computing, 2016, P. 1–14. DOI:10.1007/s00500-016-2265-0

S. Pan, T.Morris, U.Adhikari ”Developing a Hybrid Intrusion Detection

System Using Data Mining for Power Systems”,IEEE Transactions

on Smart Grid, 2015, Vol. 6, Iss. 6, P. 3104 – 3113. DOI:

1109/TSG.2015.2409775

V. Lakhno, S. Kazmirchuk, Y. Kovalenko, L. Myrutenko,T. Zhmurko,

”Design of adaptive system of detection of cyber-attacks, based

on the model of logical procedures and the coverage matrices of

features”,Eastern-European Journal of Enterprise Technologies, 2016,

No 3/9(81), P. 30–38. DOI: 10.15587/1729-4061.2016.71769

P. Louvieris, N. Clewley, X.Liu ”Effects-based feature identification for

network intrusion detection”,Neurocomputing, 2013, Vol. 121, Iss. 9, P.

–273. DOI:10.1016/j.neucom.2013.04.038

Z. Wang, X. Zhou, Z. Yu, Y. Zhang, D. Zhang,”Inferring User Search

Intention Based on Situation Analysis of the Physical World”,Chapter

Ubiquitous Intelligence and Computing, 2010, Vol. 6406, P. 35–51. DOI:

1007/978-3-642-16355-56

V. Lakhno, S. Zaitsev, Y. Tkach, T. Petrenko, ”Adaptive Expert Systems

Development for Cyber Attacks Recognition in Information Educational

Systems on the Basis of Signs’ Clustering”,Part of the Advances in

Intelligent Systems and Computing book series (AISC), 2018, Vol. 754,

P. 673–682.

B. Akhmetov, V. Lakhno, Y. Boiko, A. Mishchenko, ”Designing a

decision support system for the weakly formalized problems in the

provision of cybersecurity”, Eastern-European Journal of Enterprise

Technologies, 1(2(85)), 4—15 (2017).

V. Lakhno, B. Akhmetov, A. Korchenko, Z. Alimseitova, V. Grebenuk,

”Development of a decision support system Based on expert evaluation

for the situation center of transport cybersecurity”, Journal of theoretical

and applied information technology, 2018, Vol.96. No 14, P. 4530–4540.

M. Al Hadidi, Y.K.Ibrahim, V. Lakhno, A. Korchenko, A. Tereshchuk,

A. Pereverzev ”Intelligent systems for monitoring and recognition of

cyber attacks on information and communication systems of transport”,

International Review on Computers and Software, 2016, Vol. 11, No 12,

P. 1167–1177.

G. Beketova, B. Akhmetov, A. Korchenko, A. Lakhno, ”Simulation modeling

of cyber security systems in MATLAB and SIMULINK”,Bulletin

of the national academy of sciences of the republic of Kazakhstan, 2017,

Vol. 3, P. 54–64.