Series "Computer Technologies, Automatic Control, Radioelectronics"

There are currently many threats to network security. This is especially true for telecom operators and telecommunication service providers, which are a key link in the data transmission infrastructure for any company. To ensure the protection of their infrastructure and cloud services provided to end-users, telecom operators have to use non-trivial solutions. At the same time, the accuracy of defining attacks by security systems is not the least. In the framework of this study, an approach was developed and attack detection was modeled based on the analysis of state chains of network nodes. The proposed approach allows the comparison of events occurring in the network with events recorded by intrusion detection systems. In our study, we solve the problem of formalizing a typical attack profile in a network of telecommunication service providers by constructing a sequence of transitions of states of network nodes and the time of the state change of individual devices under study. The study covers the most popular types of attacks. To formalize the rules for classifying states, the study uses a decision tree algorithm to build a chain of security events. In the experimental part of the study, the accuracy of the classification of known types of attacks recorded in security event logs using ROC analysis was assessed. The results obtained made it possible to evaluate the effectiveness of the developed model for recognizing network attacks in the infrastructure of telecommunication service providers. The experimental results show fairly high accuracy in determining the popular type of attack. This will also help in the future to reduce the response time to security incidents in a large network, due to earlier detection of illegitimate behavior.

Near-miss situation based visual analysis of SIEM rules for real time network security monitoring / A. Majeed, R. Ur Rasool, F. Ahmad et al. // Journal of Ambient Intelligence and Humanized Computing. – 2019. – Vol. 10 (4). – P. 1509–1526. DOI: 10.1007/s12652-018-0936-7

Парфёнов, Д.И. Разработка и исследование алгоритмов формирования правил для узлов сетевой безопасности в мультиоблачной платформе / Д.И. Парфёнов, И.П. Болодурина, В.А. Торчин // Моделирование и анализ информационных систем. – 2019. – Т. 26, № 1 (79). – С. 90–100.

Poltavtseva, M.A. The hierarchial data aggregation method in backbone traffic streaming analyzing to ensure digital systems information security / M.A. Poltavtseva, P.D. Zegzhda, Il.D. Pankov // Eleventh International Conference “Management of large-scale system development” (MLSD). – 2018. – Paper number 8551916. DOI: 10.1109/MLSD.2018.8551916

Olejnik, L. Towards web-based biometric systems using personal browsing interests / L. Olejnik, C. Castelluccia // The 8th International Conference on Availability, Reliability and Security (ARES). – 2013. – Paper number 6657252. DOI: 10.1109/ARES.2013.36

Ishitaki, T. A neural network based user identification for tor networks: data analysis using friedman test / T. Ishitaki, T. Oda, L. Barolli // 30th International Conference on Advanced Information Networking and Applications Workshops (WAINA). – 2016. – Paper number 7471164. DOI: 10.1109/WAINA.2016.143

Borkar, B.S. Post-attack detection using log files analysis / B.S. Borkar, A.S. Patil // International Journal of Innovative Research in Science, Engineering and Technology. – 2013. – Vol. 2 (1). – P. 1195–1199.

Ambre, A. Insider threat detection using log analysis and event correlation / A. Ambre, N. Shekokar // Procedia Computer Science. – 2015. – Vol. 45. – P. 436–445. DOI: 10.1016/j.procs.2015.03.175

Eliseev, V. Dynamic response recognition by neural network to detect network host anomaly activity / V. Eliseev, Y. Shabalin // Proceeding SIN '15 Proceedings of the 8th International Conference on Security of Information and Networks. – 2015. – P. 246–249. DOI: 10.1145/2799979.2799991

Nandi, A.K. Interdicting attack graphs to protect organizations from cyber attacks: A bi-level defender-attacker model / A.K. Nandi, H.R. Medal, S. Vadlamani // Computers & Operations Research. – 2016. – Vol. 75. – P. 118–131. DOI: 10.1016/j.cor.2016.05.005

Абрамов, Е.С. Применение комбинированного нейросетевого метода для обнаружения низкоинтенсивных DDoS-атак на web-сервисы / Е.С. Абрамов, Я.В. Тарасов // Инженерный вестник Дона. – 2017. – Т. 46, № 3 (46). – С. 59.

Нейросетевая технология обнаружения сетевых атак на информационные ресурсы / Ю.Г. Емельянова, А.А. Допира, И.П. Тищенко, В.П. Фраленко // Программные системы: теория и приложения. – 2011. – Т. 2, № 3. – С. 3–15.

Kotenko, I. Intelligent agents for network traffic and security risk analysis in cyber-physical systems / I. Kotenko, S. Ageev, I. Saenko // 11th International Conference on Security of Information and Networks. – 2018. – Paper number 3264487. DOI: 10.1145/3264437.3264487

Dagar, V. Analysis of pattern matching algorithms in network intrusion detection systems / V. Dagar, V. Prakash, T. Bhatia // 2nd International Conference on Advances in Computing, Communication, & Automation (ICACCA). – 2016. – Paper number 7748969. DOI: 10.1109/ICACCAF.2016.7748969

IDS 2017 | Datasets | Research | Canadian Institute for Cybersecurity | UNB // Canadian Institute for Cybersecurity. – https://www.unb.ca/cic/datasets/ids-2017.html (дата обращения: 01.08.2019).

Sharafaldin, I. Toward Generating a New Intrusion Detection Dataset and Intrusion Traffic Characterization / I. Sharafaldin, A.H. Lashkari // Proceedings of the 4th International Conference on Information Systems Security and Privacy (ICISSP 2018). – 2018. – P. 108–116. DOI: 10.5220/0006639801080116