Analysis of existing solutions for preventing invasion in information and telecommunication networks
Keywords:Сybernetic space, information and telecommunication network, cybernetic security, cybernetic attack, intrusion prevention system, fuzzy sets, data mining.
The article presents an overview of the current state of cybernetic space in the context of the growth of cybercrime (large-scale cyber attacks, which have received wide publicity in Ukraine and the world). A comparative analysis of the main existing software solutions for the prevention of intrusions into information and telecommunications networks, based on public licenses. The characteristics of the main methods for detecting attacks (intrusions) are given. There is identified its main shortcomings: lack of adaptability, persistence and verification, high level of erroneous attacks, those misses of cyber attacks, weak opportunities to identify new attacks, lack of ability to determine the attack in its initial stages, practical lack of identification of the attacker and the purpose of the attack, in real time, a significant load of the system and a weak interpretation of the current situation. Prospective ways of their elimination based on the use of hybrid intelligent intrusion prevention systems based on the methods of knowledge engineering, the mathematical apparatus of fuzzy sets theory and fuzzy inference, as well as methods and technologies for data mining are proposed. Obtained results can be considered as a basis for the implementation of new mechanisms for identifying cybernetic attacks and their application during the implementation of intrusion detection systems of the next generation in order to respond to previously unknown types of cybernetic attacks. This will increase the efficiency and validity of the decisions taken by the security administrator of information and telecommunication systems and networks in real time during the detection and prevention of cybernetic attacks.
I. Y. Subach, “Ways of improving the detection of cyber attacks”, at National Scientific Conference. Actual problems of ensuring information security of the state, Kyiv, 2014,
“Cisco Annual Information Security Report for 2016”. [Online]. Available: http://www.cisco.com/c/dam/m/en_en/internet-of-everything-oe/iac/assets/pdfs/security/cisco _2016_asr_011116_en.pdf. Accessed on: Febr. 06,2017.
S. Radkevych, ”Cyber security as a key element of combating hybrid aggression”. [Online]. Available: http://cacds.org.ua/ru/safe/theme/870. Accessed on: Jan. 23, 2017.
“Analysis of the Cyber Attack on the Ukrainian Power Grid”. [Online]. Available: https://ics.sans.org/media/E-SAC_SANS_Ukraine_DUC_5.pdf. Accessed on: March, 01, 2017.
“Cyber-Attack Against Ukrainian Critical Infrastructure”, [Online]. Available: https://ics-cert.us-cert.gov/alerts/IR-ALERT-H-16-056-01. Accessed on: Febr. 25, 2016.
“Cyberattack on “Ukrzaliznytsia”. [Online]. Available: https://www.depo.ua/rus/politics/ kibeataka-na-ukrzaliznitsyu-postavila-na-vuha-natspolitsiyu-16122016143800. Accessed on: Febr., 13, 2017.
“Italian Foreign Minister acknowledged the fact of hacker attacks on the ministry”. [Online]. Available: http://tass.ru/mezhdunarodnaya-panorama/4015482. Accessed on: Febr., 13, 2017.
D. I. Gamaiunov, “Detection of computer attacks based on the analysis of the behavior of network objects”, Faculty of computational mathematics and cybernetics, Lomonosov Moscow state university, Moscow, 2007.
O. I. Shelukhin, D. Z. Sakalema, and A.S. Filinova, Detection of intrusions into computer networks (network anomalies). Moscow, Russia: Goriachaia liniia – Telekom, 2016.
“The Bro Network Security Monitor”. [Online]. Available: https://www.bro.org. Accessed on: Febr., 06, 2017.
“OSSEC”. [Online]. Available: http://ossec.github.io. Accessed on: Febr., 06, 2017.
“Prelude”. [Online]. Available: http://www.prelude-siem.com. Accessed on: Febr., 06, 2017.
“Suricata”. [Online]. Available: https://suricata-ids.org. Accessed on: Febr., 06, 2017.
A. D. Falke, V. S. Fulsoundar, R. S. Pawase, S. B. Wale, and S. J. Ghule, “Network Intrusion Detection System using Fuzzy Logic”, International journal of scientific research and education, vol. 2, iss. 4, pp. 626-635, April 2014.
T. Lappas, and K. Pelechrinis, “Data Mining Techniques for (Network) Intrusion Detection Systems”. [Online]. Available: https://www.slideshare.net/Tommy96/data-mining-techniques-for-network-intrusion-detection-systems. Accessed on: Febr., 16, 2017.
T. I. Buldakova, and A. S. Dzhalolov, “Choosing Data Mining Technologies for Intrusion Detection Systems in the Corporate Network”, Engineering journal: science and innovation, no. 11 (23), pp. 1-14, 2013.
A. Youssef, and A. Emam, “Network intrusion detection using data mining and network behaviour analysis”, International journal of computer science & information technology, vol. 3, no. 6, pp. 87-98, December 2011.
A.A. Branitskii, and I. V. Kotenko, ”Analysis and classification of methods for detecting network attacks”, SPIIRAS Proceedings, iss., 45, pp. 207-244, 2016.
E. Zubkov, and V. Belov, “Methods of Data Mining and Intrusion Detection”, Bulletin of SibGUTI, no. 1, pp. 118-133, 2016.
S. А. Petrenko, “Methods for detecting intrusions and anomalies of the functioning of cybersystem”, Proceedings of ISA RAS, no. 41, pp. 194-202, 2009.
How to Cite
Copyright (c) 2020 Collection "Information technology and security"
This work is licensed under a Creative Commons Attribution 4.0 International License.
The authors that are published in this collection, agree to the following terms:
- The authors reserve the right to authorship of their work and pass the collection right of first publication this work is licensed under the Creative Commons Attribution License, which allows others to freely distribute the published work with the obligatory reference to the authors of the original work and the first publication of the work in this collection.
- The authors have the right to conclude an agreement on exclusive distribution of the work in the form in which it was published this anthology (for example, to place the work in a digital repository institution or to publish in the structure of the monograph), provided that references to the first publication of the work in this collection.
- Policy of the journal allows and encourages the placement of authors on the Internet (for example, in storage facilities or on personal web sites) the manuscript of the work, prior to the submission of the manuscript to the editor, and during its editorial processing, as it contributes to productive scientific discussion and positive effect on the efficiency and dynamics of citations of published work (see The Effect of Open Access).