Моделі кібератак мережного та хостового типу
Вантажиться...
Файли
Дата
2019
Автори
Лисенко, С.М.
Lysenko, S.
Назва журналу
Номер ISSN
Назва тому
Видавець
Хмельницький національний університет
Анотація
В роботі представлено моделі кібератак мережного та хостового типу, які на відміну від відомих, враховують не тільки особливості їх поведінки, але й архітектурні особливості, що дозволить створити базу поведінок атак мережного та хостового типу для їх використання в процесі виявлення атак. Запропоновані принципи складають основу для розробки моделей опису здійснення кібератак на комп’ютерні системи і діляться на класи: моделі теоретико-множинного опису кібератак; моделі теоретико-множинного опису шкідливого програмного забезпечення мережного типу; моделі теоретико-множинного опису шкідливого програмного забезпечення хостового типу.
Today cybercriminals find more ways to obtain the profit from the legitimate businesses and enterprises, which are the target of extortion and a lucrative source of income for organized crime groups because of the personally identifiable information stored and processed by these establishments. Botnets are one of the most powerful tools used by cybercriminals to commit such malicious acts. Cyberattacks are capable of spreading to any end device, including servers, routers, Network Attached Storage devices, digital video recorders, IP cameras and other smart devices. They use exploits to take over devices and enlist them with their command and control server. Antivirus software using signature-based technologies can not normally detect cyberattacks, since such new signatures are not available for newly created malware. An analysis of known methods to combat cyberattacks shows their lack of efficiency, so building a new method for detecting cyber-threats is an extremely urgent task. The article presents models of the network and host cyberattacks which, unlike the known ones, take into account not only their behavior but also architectural features, which will allow to create a base of behavior of network and host type attacks for their use in the process of attacks detecting. The proposed principles form the basis for developing cyberattack descriptive models for computer systems and are divided into: cyberattack models of network-type malware models; host-type malware description models. Developed models take into account components of the attacks, describes interaction between hosts, servers, firewalls of the networks and attacks, describe the set of actions of intruders including usage of Command and Control servers (C&C) describe the stages of the life cycle of the cyberattacks and the functions that are determined by the corresponding life cycle phase of cyberattack.
Today cybercriminals find more ways to obtain the profit from the legitimate businesses and enterprises, which are the target of extortion and a lucrative source of income for organized crime groups because of the personally identifiable information stored and processed by these establishments. Botnets are one of the most powerful tools used by cybercriminals to commit such malicious acts. Cyberattacks are capable of spreading to any end device, including servers, routers, Network Attached Storage devices, digital video recorders, IP cameras and other smart devices. They use exploits to take over devices and enlist them with their command and control server. Antivirus software using signature-based technologies can not normally detect cyberattacks, since such new signatures are not available for newly created malware. An analysis of known methods to combat cyberattacks shows their lack of efficiency, so building a new method for detecting cyber-threats is an extremely urgent task. The article presents models of the network and host cyberattacks which, unlike the known ones, take into account not only their behavior but also architectural features, which will allow to create a base of behavior of network and host type attacks for their use in the process of attacks detecting. The proposed principles form the basis for developing cyberattack descriptive models for computer systems and are divided into: cyberattack models of network-type malware models; host-type malware description models. Developed models take into account components of the attacks, describes interaction between hosts, servers, firewalls of the networks and attacks, describe the set of actions of intruders including usage of Command and Control servers (C&C) describe the stages of the life cycle of the cyberattacks and the functions that are determined by the corresponding life cycle phase of cyberattack.
Опис
Ключові слова
кібератака, кіберзагроза, резильєнтність, комп’ютерна система, шкідливе програмне забезпечення, модель кібератаки, DoS-атака, повільна кібеатака, виявлення кібератак, cyberattack, cyberthreat, resilience, computer system, malware, cyberattack model, DoS attack, slow attack, cyberattack detection
Бібліографічний опис
Лисенко С. М. Моделі кібератак мережного та хостового типу [Текст] / С. М. Лисенко // Вимірювальна та обчислювальна техніка в технологічних процесах. – 2019. – №2. – С. 65-72.