Introduction: The development of IT-technologies and the specifics of dynamic interaction of the parties within the conflict between critical information infrastructure objects and intruders lead to the emergence of new cyberattacks. Purpose: To develop a new approach to monitoring, analyzing and interrupting the attack chain even before it achieves the goal of invasion at early stages of attacks, with the results of confrontation modeling taken into account. Results: We structure the process of implementing a cyberattack, including the main phases: analysis and implementation, active impact and completion with data output. The features of modern methods of multi-stage attacks and the programs used by an intruder are taken into account. We develop a time model of a multi-stage attack and a state graph of an intruder's actions, which makes it possible to calculate the probabilistic and time characteristics of a successful intruder's impact on the network. We propose an algorithm for interrupting a cyberattack at the network scanning stage, which involves identifying attempts to scan the network, collecting and processing information about the intruder, as well as forming countermeasures to interrupt the attack and implementing an automated control of the system's effectiveness with the ability to adjust protection measures. As a result, we model the process of implementing active protection against cyberattacks for the information and computing network, which demonstrates the effectiveness of the proposed protection method. Practical relevance: The use of the method of interrupting the cyberattack cycle at critical information infrastructure objects will increase the efficiency of suppressing the impact of a cyberattack at early stages of penetration.