Analysis of existing solutions for preventing invasion in information and telecommunication networks
The article presents an overview of the current state of cybernetic space in the context of the growth of cybercrime (large-scale cyber attacks, which have received wide publicity in Ukraine and the world). A comparative analysis of the main existing software solutions for the prevention of intrusions into information and telecommunications networks, based on public licenses. The characteristics of the main methods for detecting attacks (intrusions) are given. There is identified its main shortcomings: lack of adaptability, persistence and verification, high level of erroneous attacks, those misses of cyber attacks, weak opportunities to identify new attacks, lack of ability to determine the attack in its initial stages, practical lack of identification of the attacker and the purpose of the attack, in real time, a significant load of the system and a weak interpretation of the current situation. Prospective ways of their elimination based on the use of hybrid intelligent intrusion prevention systems based on the methods of knowledge engineering, the mathematical apparatus of fuzzy sets theory and fuzzy inference, as well as methods and technologies for data mining are proposed. Obtained results can be considered as a basis for the implementation of new mechanisms for identifying cybernetic attacks and their application during the implementation of intrusion detection systems of the next generation in order to respond to previously unknown types of cybernetic attacks. This will increase the efficiency and validity of the decisions taken by the security administrator of information and telecommunication systems and networks in real time during the detection and prevention of cybernetic attacks.
Full Text:PDF (Українська)
I. Y. Subach, “Ways of improving the detection of cyber attacks”, at National Scientific Conference. Actual problems of ensuring information security of the state, Kyiv, 2014,
“Cisco Annual Information Security Report for 2016”. [Online]. Available: http://www.cisco.com/c/dam/m/en_en/internet-of-everything-oe/iac/assets/pdfs/security/cisco _2016_asr_011116_en.pdf. Accessed on: Febr. 06,2017.
S. Radkevych, ”Cyber security as a key element of combating hybrid aggression”. [Online]. Available: http://cacds.org.ua/ru/safe/theme/870. Accessed on: Jan. 23, 2017.
“Analysis of the Cyber Attack on the Ukrainian Power Grid”. [Online]. Available: https://ics.sans.org/media/E-SAC_SANS_Ukraine_DUC_5.pdf. Accessed on: March, 01, 2017.
“Cyber-Attack Against Ukrainian Critical Infrastructure”, [Online]. Available: https://ics-cert.us-cert.gov/alerts/IR-ALERT-H-16-056-01. Accessed on: Febr. 25, 2016.
“Cyberattack on “Ukrzaliznytsia”. [Online]. Available: https://www.depo.ua/rus/politics/ kibeataka-na-ukrzaliznitsyu-postavila-na-vuha-natspolitsiyu-16122016143800. Accessed on: Febr., 13, 2017.
“Italian Foreign Minister acknowledged the fact of hacker attacks on the ministry”. [Online]. Available: http://tass.ru/mezhdunarodnaya-panorama/4015482. Accessed on: Febr., 13, 2017.
D. I. Gamaiunov, “Detection of computer attacks based on the analysis of the behavior of network objects”, Faculty of computational mathematics and cybernetics, Lomonosov Moscow state university, Moscow, 2007.
O. I. Shelukhin, D. Z. Sakalema, and A.S. Filinova, Detection of intrusions into computer networks (network anomalies). Moscow, Russia: Goriachaia liniia – Telekom, 2016.
“The Bro Network Security Monitor”. [Online]. Available: https://www.bro.org. Accessed on: Febr., 06, 2017.
“OSSEC”. [Online]. Available: http://ossec.github.io. Accessed on: Febr., 06, 2017.
“Prelude”. [Online]. Available: http://www.prelude-siem.com. Accessed on: Febr., 06, 2017.
“Suricata”. [Online]. Available: https://suricata-ids.org. Accessed on: Febr., 06, 2017.
A. D. Falke, V. S. Fulsoundar, R. S. Pawase, S. B. Wale, and S. J. Ghule, “Network Intrusion Detection System using Fuzzy Logic”, International journal of scientific research and education, vol. 2, iss. 4, pp. 626-635, April 2014.
T. Lappas, and K. Pelechrinis, “Data Mining Techniques for (Network) Intrusion Detection Systems”. [Online]. Available: https://www.slideshare.net/Tommy96/data-mining-techniques-for-network-intrusion-detection-systems. Accessed on: Febr., 16, 2017.
T. I. Buldakova, and A. S. Dzhalolov, “Choosing Data Mining Technologies for Intrusion Detection Systems in the Corporate Network”, Engineering journal: science and innovation, no. 11 (23), pp. 1-14, 2013.
A. Youssef, and A. Emam, “Network intrusion detection using data mining and network behaviour analysis”, International journal of computer science & information technology, vol. 3, no. 6, pp. 87-98, December 2011.
A.A. Branitskii, and I. V. Kotenko, ”Analysis and classification of methods for detecting network attacks”, SPIIRAS Proceedings, iss., 45, pp. 207-244, 2016.
E. Zubkov, and V. Belov, “Methods of Data Mining and Intrusion Detection”, Bulletin of SibGUTI, no. 1, pp. 118-133, 2016.
S. А. Petrenko, “Methods for detecting intrusions and anomalies of the functioning of cybersystem”, Proceedings of ISA RAS, no. 41, pp. 194-202, 2009.
ISSN 2411-1031 (Print), ISSN 2518-1033 (Online)