DOI: 10.18413/2518-1092-2024-9-4-0-2

ABOUT BEHAVIORAL ANALYTICS FOR THE SYSTEM FOR PROTECTION AGAINST TARGETED ATTACKS AND ITS APPLICATION FOR OPERATING SYSTEMS OF THE ASTRA LINUX FAMILY

Sergey Alexandrovich Lazarev
Konstantin Anatolievich Rubtsov

The article discusses the task of developing a behavioral analytics subsystem for a system of protection against targeted attacks and the application of its work on operating systems of the Astra Linux family. A review of possible types of targeted attacks and typical actions to be assessed when building a protection system against targeted attacks is provided. Various types of security systems and their ranking according to protection technologies are considered. It is proposed to use a multidimensional Gaussian distribution model (GMM) to analyze the behavior of objects of information interaction together with the domestic system of protection against targeted attacks AVSOFT ATHENA running the Astra Linux operating system, which analyzes network activity and analyzes the use of resources.

Keywords: protection systems against targeted attacks, behavioral analytics, domestic operating systems, multivariate Gaussian distribution model.

Number of views: 67 (view statistics)

Количество скачиваний: 177

Full text (PDF)To articles list

Information for citation:

Lazarev S.A., Rubtsov K.A. About behavioral analytics for a system of protection against targeted attacks and its application for operating systems of the Astra Linux family // Research result. Information technologies. – Т.9, №4, 2024. – P. 11-20. DOI: 10.18413/2518-1092-2024-9-4-0-2

User comments
Reference lists

While nobody left any comments to this publication.
You can be first.

Osipov V.Yu., Yusupov R.M. Information vandalism, crime and terrorism as modern threats to society // Tr. SPIIRAN, 8 (2009). – pp. 34-45.
Faleev M.I., Chernykh G.S. Threats to the national security of the state in the information sphere. – 2014. – Volume 4. – No. 1(6). – URL: https://iee.unn.ru/wp-content/uploads/sites/9/2018/02/2.Inf.ugrozy-vred.programmykomp. prestupleniya.pdf (access date: 10.07.2024).
Semenenko V.A. Information security // M.: MGIU, 2011. – 277 p.
Shangin V.F. Information security and information protection // M.: DMK, 2014. – 702 p.
Five styles of advanced threat defense. – Gartner Research, 2013. URL: https://www.gartner.com/en/documents/2576720 (access date: 04.07.2024).
User and Entity Behavioral Analytics (UEBA) systems. URL: https://www.anti-malware.ru/security/user-and-entity-behavior-analytics (access date: 06.02.2024).
How security systems analyze user behavior: pitfalls and specifics of UBA solutions. – Tadviser, 2019. URL: https://www.tadviser.ru/index.php/Статья:UBA_(User_Behavior _Analytics,_Анализ_поведения_в_сфере
_систем_обеспечения_безопасности) (access date: 12.02.2024).
Market overview of behavioral analysis systems – User and Entity Behavioral Analytics (UBA/UEBA). – Anti-Malware, 2017. URL: https://www.anti-malware.ru/analytics/Market_Analysis/user-and-entity-behavioral-analytics-ubaueba (access date: 19.07.2024).
Methodological document. Methodology for assessing threats to information security. – M.: FSTEC of Russia, 2021. URL: https://fstec.ru/dokumenty/vse-dokumenty/spetsialnye-normativnye-dokumenty/metodicheskij-dokument-ot-5-fevralya-2021-g (access date: 03.07.2024).
GOST R 50922-96. Data protection. Basic terms and definitions. – M.: Gosstandart of Russia, 1996. URL: https://docs.cntd.ru/document/1200004674 (access date: 22.07.2024)
GOST R ISO/IEC 27005-2010. Information technology. Methods and means of ensuring security. Information security risk management. URL: https://docs.cntd.ru/document/1200084141 (access date: 22.07.2024)
Prokhorenkova L., Gusev G., Vorobev A., Dorogush A.V., Gulin A. CatBoost: unbiased boosting with categorical features. Yandex, Moscow, 2019.
Siris V.A., Papagalou F. Application of anomaly detection algorithms for detecting SYN flooding attacks. Computer Communications. – 2006. – 29.
Ahmed T., Oreshkin B., Coates M. Machine Learning Approaches to Network Anomaly Detection. Second Workshop on Tackling Computer Systems Problems with Machine Learning Techniques. 2007, Cambridge
Shabtai A., Kanonov U., Elovici Yu., Glezer Ch., Weiss Ya. Andromaly: a behavioral malware detection framework for android devices. Journal of Intelligent Information Systems, 2010.
Kou Yu., Lu Ch.-T., Sinvongwattana S., Huang Yo.-P. Survey of Fraud Detection Techniques. International Conference on Networking, 2004.
Mishra A., Nadkarni K., Patcha A. Intrusion detection in wireless ad hoc networks. IEEE Wireless Communications, 2004.
Song Y., Salem M.B., Hershkop S. System Level User Behavior Biometrics using Fisher Features and Gaussian Mixture Models // IEEE Security and Privacy Workshops. – New York, USA: IEEE, 2013. – P. 52-59.

All journals

Send article

Research result. Information technologies is included in the scientific database of the RINTs (license agreement No. 765-12/2014 dated 08.12.2014).

Журнал включен в перечень рецензируемых научных изданий, рекомендуемых ВАК

The journal is indexed by the following scientific databases and platforms

Research Result. Research result. Information technologies (ISSN 2518-1092)

The journal materials and website are licensed under Creative Commons «Attribution» 4.0 International.

The Founder: Federal State Autonomous Educational Institution of Higher Education "Belgorod National Research University"The Founder’s address: 85 Pobedy Street, Belgorod, the Belgorod region, 308015, Russia

The Publisher: Federal State Autonomous Educational Institution of HigherEducation "Belgorod National Research University" The Founder’s address:85 Pobedy Street, Belgorod, the Belgorod region, 308015, Russia

Editors Office: chief editor Chernomorets Andrey Alekseevich, e-mail: RR_IT@bsuedu.ru, phone: +7 (4722) 30-13-92.

Registered by the Federal Service for Supervision of Communications, Information Technology and Mass Media (Roskomnadzor)

Certificate

Info letter (Russian)

Have questions?
You can write to us:

✉ Executive Secretary

✉ Site administration

✉ Content manager