2518-1092Research result. Information technologies2518-109210.18413/2518-1092-2024-9-4-0-23664AUTOMATION AND CONTROL<strong>ABOUT BEHAVIORAL ANALYTICS FOR THE SYSTEM&nbsp;FOR PROTECTION AGAINST TARGETED ATTACKS&nbsp;AND ITS APPLICATION FOR OPERATING SYSTEMS&nbsp;OF THE ASTRA LINUX FAMILY</strong><strong>ABOUT BEHAVIORAL ANALYTICS FOR THE SYSTEM&nbsp;FOR PROTECTION AGAINST TARGETED ATTACKS&nbsp;AND ITS APPLICATION FOR OPERATING SYSTEMS&nbsp;OF THE ASTRA LINUX FAMILY</strong>LazarevSergey AlexandrovichLazarevSergey Alexandrovichlazarev_s@bsu.edu.ruRubtsovKonstantin AnatolievichRubtsovKonstantin Anatolievich20249400

The article discusses the task of developing a behavioral analytics subsystem for a system of protection against targeted attacks and the application of its work on operating systems of the Astra Linux family. A review of possible types of targeted attacks and typical actions to be assessed when building a protection system against targeted attacks is provided. Various types of security systems and their ranking according to protection technologies are considered. It is proposed to use a multidimensional Gaussian distribution model (GMM) to analyze the behavior of objects of information interaction together with the domestic system of protection against targeted attacks AVSOFT ATHENA running the Astra Linux operating system, which analyzes network activity and analyzes the use of resources.

The article discusses the task of developing a behavioral analytics subsystem for a system of protection against targeted attacks and the application of its work on operating systems of the Astra Linux family. A review of possible types of targeted attacks and typical actions to be assessed when building a protection system against targeted attacks is provided. Various types of security systems and their ranking according to protection technologies are considered. It is proposed to use a multidimensional Gaussian distribution model (GMM) to analyze the behavior of objects of information interaction together with the domestic system of protection against targeted attacks AVSOFT ATHENA running the Astra Linux operating system, which analyzes network activity and analyzes the use of resources.

protection systems against targeted attacksbehavioral analyticsdomestic operating systemsmultivariate Gaussian distribution modelprotection systems against targeted attacksbehavioral analyticsdomestic operating systemsmultivariate Gaussian distribution modelСписок литературыOsipov V.Yu., Yusupov R.M. Information vandalism, crime and terrorism as modern threats to society // Tr. SPIIRAN, 8 (2009). &ndash; pp. 34-45.Faleev M.I., Chernykh G.S. Threats to the national security of the state in the information sphere. &ndash; 2014. &ndash; Volume 4. &ndash; No. 1(6). &ndash; URL: https://iee.unn.ru/wp-content/uploads/sites/9/2018/02/2.Inf.ugrozy-vred.programmykomp. prestupleniya.pdf (access date: 10.07.2024).Semenenko V.A. Information security // M.: MGIU, 2011. &ndash; 277 p.Shangin V.F. Information security and information protection // M.: DMK, 2014. &ndash; 702 p.Five styles of advanced threat defense. &ndash; Gartner Research, 2013. URL: https://www.gartner.com/en/documents/2576720 (access date: 04.07.2024).User and Entity Behavioral Analytics (UEBA) systems. URL: https://www.anti-malware.ru/security/user-and-entity-behavior-analytics (access date: 06.02.2024).How security systems analyze user behavior: pitfalls and specifics of UBA solutions. &ndash; Tadviser, 2019. URL:&nbsp;https://www.tadviser.ru/index.php/Статья:UBA_(User_Behavior _Analytics,_Анализ_поведения_в_сфере_систем_обеспечения_безопасности) (access date: 12.02.2024).Market overview of behavioral analysis systems &ndash; User and Entity Behavioral Analytics (UBA/UEBA).&nbsp;&ndash; Anti-Malware, 2017. URL: https://www.anti-malware.ru/analytics/Market_Analysis/user-and-entity-behavioral-analytics-ubaueba (access date: 19.07.2024).Methodological document. Methodology for assessing threats to information security. &ndash; M.: FSTEC of Russia, 2021. URL: https://fstec.ru/dokumenty/vse-dokumenty/spetsialnye-normativnye-dokumenty/metodicheskij-dokument-ot-5-fevralya-2021-g (access date: 03.07.2024).GOST R 50922-96. Data protection. Basic terms and definitions. &ndash; M.: Gosstandart of Russia, 1996. URL: https://docs.cntd.ru/document/1200004674 (access date: 22.07.2024)GOST R ISO/IEC 27005-2010. Information technology. Methods and means of ensuring security. Information security risk management. URL: https://docs.cntd.ru/document/1200084141 (access date: 22.07.2024)Prokhorenkova L., Gusev G., Vorobev A., Dorogush A.V., Gulin A. CatBoost: unbiased boosting with categorical features. Yandex, Moscow, 2019.Siris V.A., Papagalou F. Application of anomaly detection algorithms for detecting SYN flooding attacks. Computer Communications. &ndash; 2006. &ndash; 29.Ahmed T., Oreshkin B., Coates M. Machine Learning Approaches to Network Anomaly Detection. Second Workshop on Tackling Computer Systems Problems with Machine Learning Techniques. 2007, CambridgeShabtai A., Kanonov U., Elovici Yu., Glezer Ch., Weiss Ya. Andromaly: a behavioral malware detection framework for android devices. Journal of Intelligent Information Systems, 2010.Kou Yu., Lu Ch.-T., Sinvongwattana S., Huang Yo.-P. Survey of Fraud Detection Techniques. International Conference on Networking, 2004.Mishra A., Nadkarni K., Patcha A. Intrusion detection in wireless ad hoc networks. IEEE Wireless Communications, 2004.Song Y., Salem M.B., Hershkop S. System Level User Behavior Biometrics using Fisher Features and Gaussian Mixture Models // IEEE Security and Privacy Workshops. &ndash; New York, USA: IEEE, 2013. &ndash; P. 52-59.