Detection of computer attacks using network entities monitoring
DOI:
https://doi.org/10.15587/2312-8372.2015.51120Keywords:
attack, computer network, network objects, intrusion, informational system, the state of the objectAbstract
This article discusses detection of computer attacks by analyzing behavior of the network elements. The aim of this study is to identify attacks using behavior of the network elements and their connections. Detection of computer attacks is the object of the work
Modern means of intrusion detection allows us to collect and analyze information from computer networks. In this paper, we propose a model of attacks in the form of transitions of network elements. Transitions can be switched from safe to dangerous mode. Transitions used to filter actions of the system.
The results presented in this work show that method is correct. Changes to the formula of attacks improved performance. A model of intrusion detection based on the information about the behavior of network entities can be used in real network.
The research results can be applied to protect information by experts in high-speed systems.
Achieved one of the main purposes of this work, which was to create a method of intrusion detection based on the analysis of the behavior of network entities. This method detects more dangerous transit ions than the works previously proposed.
References
- Denning, D. E. (1986). An intrusion-detection model. In Proc. IEEE Symposium on Security and Privacy, 118–131. doi:10.1109/sp.1986.10010
- Sheyner, O. (2004). Scenario Graphs and Attack Graphs. PhD thesis. SCS, Carnegie Mellon University, 141.
- Kvarnström, H. (1999). A survey of commercial tools for intrusion detection. Technical Report. Chalmers University of Technology, 99.
- Edward, G. (1999). Intrusion Detection: An Introduction to Internet Surveillance, Correlation, Trace Back, Traps, and Response. Sparta, New Jersey, USA: Intrusion Net Books, 224.
- Eckmann, S. T., Vigna, G., Kemmerer, R. A.; Dept. of Computer Science. (2000). STATL: An Attack Language for State-based Intrusion Detection. Santa Barbara: University of California, 71–103.
- Mizutani, M., Shirahata, S., Minami, M., Murai, J. (2006, March). The design and implementation of session-based IDS. Electronics and Communications in Japan (Part I: Communications), Vol. 89, № 3, 46–58. doi:10.1002/ecja.20251
- Vigna, G., Kemmerer, R. A. (1998). NetSTAT: a network-based intrusion detection approach. Proceedings 14th Annual Computer Security Applications Conference (Cat. No.98EX217). Institute of Electrical & Electronics Engineers (IEEE), 25–34. doi:10.1109/csac.1998.738566
- Gorodetski, V., Kotenko, I. (2002). Attacks against Computer Network: Formal Grammar-Based Framework and Simulation Tool. Lecture Notes in Computer Science. Springer Science + Business Media, 219–238. doi:10.1007/3-540-36084-0_12
- Gamayunov, D. Y., Smelianskiy, R. L. (2007). Model of behavior of network objects in distributed computing systems. Programming, 4, 20–31.
- Lee, W., Stolfo, S. (1998). Data mining approaches for intrusion detection. In Proc. of the 7th USENIX Security Symposium, 79–94.
Downloads
Published
How to Cite
Issue
Section
License
Copyright (c) 2016 Сергей Вячеславович Балакин
This work is licensed under a Creative Commons Attribution 4.0 International License.
The consolidation and conditions for the transfer of copyright (identification of authorship) is carried out in the License Agreement. In particular, the authors reserve the right to the authorship of their manuscript and transfer the first publication of this work to the journal under the terms of the Creative Commons CC BY license. At the same time, they have the right to conclude on their own additional agreements concerning the non-exclusive distribution of the work in the form in which it was published by this journal, but provided that the link to the first publication of the article in this journal is preserved.
