Detection of computer attacks using network entities monitoring

Authors

DOI:

https://doi.org/10.15587/2312-8372.2015.51120

Keywords:

attack, computer network, network objects, intrusion, informational system, the state of the object

Abstract

This article discusses detection of computer attacks by analyzing behavior of the network elements. The aim of this study is to identify attacks using behavior of the network elements and their connections. Detection of computer attacks is the object of the work

Modern means of intrusion detection allows us to collect and analyze information from computer networks. In this paper, we propose a model of attacks in the form of transitions of network elements. Transitions can be switched from safe to dangerous mode. Transitions used to filter actions of the system.

The results presented in this work show that method is correct. Changes to the formula of attacks improved performance. A model of intrusion detection based on the information about the behavior of network entities can be used in real network.

The research results can be applied to protect information by experts in high-speed systems.

Achieved one of the main purposes of this work, which was to create a method of intrusion detection based on the analysis of the behavior of network entities. This method detects more dangerous transit ions than the works previously proposed.

Author Biography

Сергей Вячеславович Балакин, National Aviation University, 1, Avenue Kosmonavta Komarova, Kyiv, Ukraine, 03680

Postgraduate

Department of Computer Systems and Networks

References

  1. Denning, D. E. (1986). An intrusion-detection model. In Proc. IEEE Symposium on Security and Privacy, 118–131. doi:10.1109/sp.1986.10010
  2. Sheyner, O. (2004). Scenario Graphs and Attack Graphs. PhD thesis. SCS, Carnegie Mellon University, 141.
  3. Kvarnström, H. (1999). A survey of commercial tools for intrusion detection. Technical Report. Chalmers University of Technology, 99.
  4. Edward, G. (1999). Intrusion Detection: An Introduction to Internet Surveillance, Correlation, Trace Back, Traps, and Response. Sparta, New Jersey, USA: Intrusion Net Books, 224.
  5. Eckmann, S. T., Vigna, G., Kemmerer, R. A.; Dept. of Computer Science. (2000). STATL: An Attack Language for State-based Intrusion Detection. Santa Barbara: University of California, 71–103.
  6. Mizutani, M., Shirahata, S., Minami, M., Murai, J. (2006, March). The design and implementation of session-based IDS. Electronics and Communications in Japan (Part I: Communications), Vol. 89, № 3, 46–58. doi:10.1002/ecja.20251
  7. Vigna, G., Kemmerer, R. A. (1998). NetSTAT: a network-based intrusion detection approach. Proceedings 14th Annual Computer Security Applications Conference (Cat. No.98EX217). Institute of Electrical & Electronics Engineers (IEEE), 25–34. doi:10.1109/csac.1998.738566
  8. Gorodetski, V., Kotenko, I. (2002). Attacks against Computer Network: Formal Grammar-Based Framework and Simulation Tool. Lecture Notes in Computer Science. Springer Science + Business Media, 219–238. doi:10.1007/3-540-36084-0_12
  9. Gamayunov, D. Y., Smelianskiy, R. L. (2007). Model of behavior of network objects in distributed computing systems. Programming, 4, 20–31.
  10. Lee, W., Stolfo, S. (1998). Data mining approaches for intrusion detection. In Proc. of the 7th USENIX Security Symposium, 79–94.

Published

2015-09-22

How to Cite

Балакин, С. В. (2015). Detection of computer attacks using network entities monitoring. Technology Audit and Production Reserves, 5(6(25), 36–38. https://doi.org/10.15587/2312-8372.2015.51120