Signature and statistical analyzers in the cyber attack detection system
Keywords:Cyberspace, cyber attack, signature analyzer, decision-making system, cyber intrusion
The globalization of information exchange and the widespread introduction of information technologies in all spheres of society's life created the problem of protecting information processed in information systems from challenges and threats in the cybernetic space. The presence of important information in the functioning of the systems and critical national infrastructures objects enables its usage by the negatively-minded elements and groupings for the implementation of unlawful actions in the cyberspace by violating the integrity, availability, and confidentiality of information, and inflicting damage on information resources and information systems. In this case, the possibility of using information technologies in the cybernetic space in the interests of carrying out military-political and power confrontation, terrorism, and hacking cyber attacks are of particular concern. Today, intrusion detection and attack systems are usually software or hardware-software solutions that automate the process of monitoring events occurring in the information system or network, and independently analyze these events in search of security issues signs. An analysis of modern approaches to the development of such systems shows that it is the signature analysis of network traffic provides effective results in the development of protection modules of cyber systems. In addition, for the reliable protection of information systems, it is not only necessary to develop separate mechanisms of protection, but also to implement a systematic approach that includes a set of interrelated measures. The purpose of the article is to develop a system for recognizing cyber threats based on signature analysis, which would reduce the time of an attack detection of a cyber defense system while the number and complexity of cyber attacks are increasing
U. Drejs, M. Movchan, “Analiz neganivnih naslidkiv kiberatak na informacijni resursi objektiv kritichnoji infrastrukturi derjavi”, in Proc. Third International Scientific and Practical Conference Topical issues of cyber security and information security, Кyiv: European University, 2017, pp. 71-74.
M.I. Masyuk, “NSD: teoriya i praktika”, Spetsialnaya Tehnika, no. 3, pp. 128-140, 2003.
A. A. Malyuk, S. V. Pazizin, N. S. Pogozhin, Vvedenie v zaschitu informatsii v avtomatizirovannyih sistemah. Moscow, Russia: Goryachaya liniya-Telekom, 2001.
L. V. Astahova, V. I. Tcimbol, “Primenenie samoobuchauschejsy sistemy koreljacii sobitiy informacionnoy bezopasnosty na osnove nechotkoy logiki pri avtomatizacii sistem menedjmenta informacionnoy bezopasnosty”, Vestnik JUUrGU, series Computer technologies, management, radio electronics, vol. 16, no. 1, pp. 165-169, 2015.
“ТОP-10 vredonosnih program v Ukraine”. [Online]. Available: https://eset.ua/ru/news/view/572/index0/-10-2018. Accessed on: Sept. 10, 2018.
O. U. Cherednichenko, V. V. Fesjoha, U. O. Procjuk, and T. V. Bondarenko, “Analiz isnujuchih pidhodiv protidiji najposhirenishim kibernitichnim vtruchanjam v informatcijno-telekomunikatcijny mereji”, Modern Information Technologies in the Sphere of Security and Defence, № 2 (32), pp. 13-16, 2018.
P. Kabiri, and A. Ghorbani, “Research on Intrusion Detection and Response: A Survey”, International Journal of Network Security, vol. 1, no. 2, pp. 84-102, Sept. 2005.
H. Sh. Mondal, T. Hasan, B. Hossain, E. Rahaman, and R. Hasan, “Enhancing secure cloud computing environment by Detecting DDoS attack using fuzzy logic”, in Proc. Third International Conference on Electrical Information and Communication Technology, New Jersey, 2017. [Online]. Available: https://ieeexplore.ieee.org/abstract/document/8275211. Accessed on: Dec. 17, 2018. doi: 10.1109/EICT.2017.8275211.
S. Douzi, I. Benchaji, and B. ElOuahidi, “Hybrid Approach for Intrusion Detection Using Fuzzy Association Rules”, in Proc. Second syber security in networking conference (CSNet), Paris, 2018. [Online]. Available: https://ieeexplore.ieee.org/document/8602882. Accessed on: Dec. 17, 2018. doi: 10.1109/CSNET.2018.8602882.
G. Manasi, “Taxonomy of Anomaly Based Intrusion Detection System: A Review”, International Journal of Scientific and Research Publications, vol. 2, iss. 12, Dec. 2012. [Online]. Available: http://www.ijsrp.org/research-paper-1212.php?rp=P12460. Accessed on: Dec. 17, 2018.
L. K. Babenko, O. B. Makarevich, and O. Yu. Peskova, “Razrabotka kompleksnoy sistemyi obnaruzheniya atak”, in Proc. Fifth International Scientific and Practical Conference Information Security, Taganrog, 2003, pp. 235-239.
How to Cite
Copyright (c) 2020 Collection "Information technology and security"
This work is licensed under a Creative Commons Attribution 4.0 International License.
The authors that are published in this collection, agree to the following terms:
- The authors reserve the right to authorship of their work and pass the collection right of first publication this work is licensed under the Creative Commons Attribution License, which allows others to freely distribute the published work with the obligatory reference to the authors of the original work and the first publication of the work in this collection.
- The authors have the right to conclude an agreement on exclusive distribution of the work in the form in which it was published this anthology (for example, to place the work in a digital repository institution or to publish in the structure of the monograph), provided that references to the first publication of the work in this collection.
- Policy of the journal allows and encourages the placement of authors on the Internet (for example, in storage facilities or on personal web sites) the manuscript of the work, prior to the submission of the manuscript to the editor, and during its editorial processing, as it contributes to productive scientific discussion and positive effect on the efficiency and dynamics of citations of published work (see The Effect of Open Access).