Дослідження ефективності інструментів виявлення і запобігання вторгнень на вузли в корпоративних мережах
Вантажиться...
Дата
2023
Автори
Мостовий, С.
Петляк, Н.
Голота, І.
Mostovyi, S.
Petlyak, N.
Holota, I.
Назва журналу
Номер ISSN
Назва тому
Видавець
Хмельницький національний університет
Анотація
В роботі наведено результати досліджень ефективності систем виявлення вторгнень в корпоративну мережу при
різній інтенсивності трафіка та для різних типів атак.
The increase in the number of various methods of intrusions and their implementation in the form of attacks requires the need to improve existing technologies and means of data protection in corporate computer networks. Among the conditions that have a serious impact on the suitability of various methods, it is possible to single out a rapid increase in the volume of traffic and bandwidth of the communication channel. This means that there is a need to find an algorithm that reduces the amount of calculations. The mechanism for detecting intrusions into the system is based on the assumption of stationarity of network traffic, that is, any deviation from the stationary characteristics of network traffic is understood as an attack. It follows that the problem of traffic analysis and detection of intrusions into the corporate network requires further research. Despite the large number of methods, they all work in real time and are based on signature analysis, which makes them unsuitable for detecting new, previously unknown types of attacks. Most of the free software systems for detecting and preventing attacks available today use signature analysis. The paper presents the results of research into the effectiveness of systems for detecting intrusions into the corporate network at different traffic intensities and for different types of attacks. The effectiveness of the most common systems for detecting intrusions into the corporate network was investigated experimentally. The results showed that these systems give a stable result with a small amount of traffic and only for known types of attacks, since they are based on signature analysis. When the amount and intensity of traffic increases, these systems show rather poor results: they have a lot of packet loss and heavily load server resources. In order to increase the reliability of information security of corporate networks, there is a need to improve approaches to attack detection and traffic analysis
The increase in the number of various methods of intrusions and their implementation in the form of attacks requires the need to improve existing technologies and means of data protection in corporate computer networks. Among the conditions that have a serious impact on the suitability of various methods, it is possible to single out a rapid increase in the volume of traffic and bandwidth of the communication channel. This means that there is a need to find an algorithm that reduces the amount of calculations. The mechanism for detecting intrusions into the system is based on the assumption of stationarity of network traffic, that is, any deviation from the stationary characteristics of network traffic is understood as an attack. It follows that the problem of traffic analysis and detection of intrusions into the corporate network requires further research. Despite the large number of methods, they all work in real time and are based on signature analysis, which makes them unsuitable for detecting new, previously unknown types of attacks. Most of the free software systems for detecting and preventing attacks available today use signature analysis. The paper presents the results of research into the effectiveness of systems for detecting intrusions into the corporate network at different traffic intensities and for different types of attacks. The effectiveness of the most common systems for detecting intrusions into the corporate network was investigated experimentally. The results showed that these systems give a stable result with a small amount of traffic and only for known types of attacks, since they are based on signature analysis. When the amount and intensity of traffic increases, these systems show rather poor results: they have a lot of packet loss and heavily load server resources. In order to increase the reliability of information security of corporate networks, there is a need to improve approaches to attack detection and traffic analysis
Опис
Ключові слова
корпоративна мережа, виявлення вторгнень, ефективність виявлення та запобігання вторгненням, corporate network, intrusion detection, intrusion detection and prevention effectiveness
Бібліографічний опис
Мостовий С. Дослідження ефективності інструментів виявлення і запобігання вторгнень на вузли в корпоративних мережах / С. Мостовий, Н. Петляк, І. Голота // Вимірювальна та обчислювальна техніка в технологічних процесах. – 2023. – № 2. – С. 5-8.