Анализ систем обнаружения вторжений
DOI:
https://doi.org/10.26577/JMMCS-2019-3-26Ключевые слова:
атаки, кибератаки, аномалии, обнаружения аномалий в информационных системахАннотация
С развитием информационных технологий увеличивается количество уязвимостей и угроз различным системам обработки данных, поэтому для обеспечения их нормального функционирования и предотвращения вторжений необходимы специализированные средства безопасности, а перспективным направлением, которое активно развивается в сфере информационной безопасности является выявление кибератак и предотвращения вторжений в информационных системах со стороны неавторизованной стороны. Для обнаружения сетевых вторжений используются современные методы, модели, средства и комплексные технические решения для систем обнаружения и предотвращения вторжений, которые могут оставаться эффективными при появлении новых или модифицированных видов киберугроз. .Поэтому, в работе проведен обобщенный анализ программных средств систем обнаружения вторжений по определенной базовой множеством характеристик («Класс кибератак», «Адаптивность», «Методы выявления», «Управление системой», «Масштабируемость», «Уровень наблюдения», «Реакция на кибератаку», «Защищенность» и «Поддержка операционной системы»). Это даст определенные возможности по выбору таких средств и разработки для них наиболее эффективных механизмов безопасности при воздействиях кибератак.
Библиографические ссылки
[1] Kornienko A.A., Slyusarenko I.M., "Sistemyi i metodyi obnaruzheniya vtorzheniy: sovremennoe sostoyanie i napravleniya sovershenstvovaniya [Systems and methods of intrusion detection: current state and areas of improvement]", Moskva, CIT forum (2009): 7-10.
[2] Mustafaev A.G., "Neyrosetevaya sistema obnaruzheniya kompyuternyih atak na osnove analiza setevogo trafika. Elektronnyiy resurs [Neural network system for detecting computer attacks based on network traffic analysis]", Kaliningrad: ID «Yantarnyiy terem», Voprosyi bezopasnosti No 2 (2016): 1-7.
[3] Branitskiy A.A., Kotenko A.V., "Analiz i klassifikatsiya metodov obnaruzheniya setevyih atak [Analysis and classification of network attack detection methods]" , Tr. SPIIRAN No 2 (45) (2016): 207-244.
[4] Patel R., Thakkar A., Ganatra A., "A Survey and Comparative Analysis of Data Mining Techniques for Network Intrusion Detection Systems , India : International Journal of Soft Computing and Engineering (IJSCE) Vol. 2. Issue 1 (2012): 265-260.
[5] Al-Sakib Khan Pathan, "The State of the Art in Intrusion Prevention and Detection" , New York : Auerbach Publications (2014): 516.
[6] Los A.B., Danielyan Yu.Yu., "Sravnitelnyiy analiz sistem obnaruzheniya vtorzheniy, predstavlennyih na otechestvennom ryinke [Comparative analysis of intrusion detection systems presented in the domestic market]" , Vestnik Moskovskogo finasovo-yuridicheskogo universisteta No 3 (2012): 181-187.
[7] Akhemtov B., Korchenko A., Akhmetova S., Zhumangalieva N., "Improved method for the formation of linguistic standards for ofintrusion detection systems" , Journal of The oreticaland Applied Information Technology Vol. 87, No. 2 (2016): 221-232.
[8] Belova A.L., Borodavkin D.A., "Sravnitelnyiy analiz sistem obnaruzheniya vtorzheniy [Comparative analysis of the detection systems]" , Sibir : SFU. Aktualnyie problemyi aviatsii i kosmonavtiki Vol. 1, No 12 (2016): 742-744.
[9] Mohammad Sazzadul Hoque, Md. Abdul Mukit, Md. Abu Naser Bikas, "An implementation of intrusion detection system using genetic algorithm" , International Journal of Network Security & Its Applications (IJNSA). Sylhet Vol. 4, No. 2 (2012): 109-120.
[10] Lawal O.B. et al., "Analysis and Evaluation of Network-Based Intrusion Detectionand Prevention System in an Enterprise Network Using Snort Freeware" , African Journal of Computing & ICT. Ibadan Vol. 6, No. 2 (2013): 169-184.
[11] Gamayunov D.Yu., Smelyanskiy R.L., "Sovremennyie nekommercheskie sredstva obnaruzheniya atak [Modern noncommercial attack detection tools]" , M.: F-t VMiK MGU. Programmnyie sistemyi i instrumentyi. Tematicheskiy sbornik (2002): 20.
[12] Kuznetsov A.A. et al., "The statistical analysis of a network traffic for the intrusion detection and prevention systems" , Telecommunications and Radio Engineering. Kharkiv Vol. 74, No. 1 (2015).
[13] Baboshin V.A., Vasilev V.A., "Obzor zarubezhnyih i otechestvennyih sistem obnaruzheniya kompyuternyih atak [Review of foreign and domestic computer attack detection systems]" , SPb : Sankt-Peterburgskaya nauchno-tehnicheskaya obschestvennaya organizatsiya «Institut telekommunikatsiy». Informatsiya i kosmos Vol. 2 (2015): 36-41.
[14] Marjan Kuchaki Rafsanjani, Zahra Asghari Varzaneh "Intrusion Detection By Data Mining Algorithms" , Journal of New Results in Science. Tokat : Gaziosmanpasa University No. 2 (2013): 76-91.
[15] Korchenko A.A., Ahmetova B.S., "Klassifikatsiya sistem obnaruzheniya vtorzheniy [Classification of intrusion detection systems]" , K.: NAU, InformatsIyna bezpeka No 1 (13); No 2 (14) (2014): 168-175.
[16] Korchenko A.G. Postroenie sistem zaschityi informatsii na nechetkih mnozhestvah [The construction of security systems on the fuzzy sets] (K.: MK-Press, Teoriya i prakticheskie resheniya, 2006): 320.
[17] Cheswick B., "An Evening with Berferd In Which a Cracker is Lured, Endured, and Studied" , NY : Management Analytics and Others (1997): 147.
[18] Andriy Dugin, "Cisco IDS/IPS. Bezopasnaya nastroyka [Cisco IDS/IPS. Secure configuration]" , M. : OOO Izdatelskiy dom «Polozhevets i partneryi». Sistemnyiy administrator No. 8 (81). (2009).
[19] "Arbor Networks Spectrum [Electronic resourse]" , Tehnicheskie dannyie sistemyi Arbor. Burlignton : Arbor Networks Inc. (2016): 4.
[20] "InfoWatch automation system advanced protector [Electronic resourse]" , Zaschita ot atak na informatsionnuyu infrastrukturu ASU TP. Moskva : GK InfoWatch, 2018.
[21] "IPS Software Blade contracts" , SecureKnowledge Details : [website]. San Carlos : Check Point Software Technologies Ltd. 2015.
[22] Northcutt Stephen, "Intrusion Detection: Shadow Style-Step by Step Guide" , Dahlgren: SANS Institute (1998).
[23] Mark Alexander Bain, "Build an IDS with Snort, Shadow, and ACID [Electronic resourse]" , Security. San Francisco : The Linux Foundation 2005. URL: https://www.linux.com/news/build-ids-snort-shadow-and-acid
[24] "Kaspersky Anti Targeted Attack (KATA) Platform" , Kaspersky Lab : [website]. M.: AO Laboratoriya Kasperskogo (2017). "Peredovaya platforma dlya zaschityi ot tselevyih atak i slozhnyih ugroz" , Kaspersky Anti Targeted Attack Platform : [website]. Minsk : Gazeta Pravda (2017).
[25] Kuznetsov A.A., "The statistical analysis of a network traffic for the intrusion detection and prevention systems" , Telecommunications and Radio Engineering. Kharkiv Vol. 74, No. 1 (2015).
[26] "HP TippingPoint Next Generation Intrusion Prevention System [Electronic resourse]" , Geert Busse. Vilvoorde : Westcon-Comstor, 2018. URL: http://be.westcon.com/content/vendors/hp-enterprise-security-solutions/hp-tippingpoint-ngips
[27] "SANS – Intrusion Prevention with TippingPoint [Electronic resourse]" , Dave Shackleford. SANS Analyst Program. Swansea : SANS Institute by Trend Micro, 2015. URL: https://www.trendmicro.com/content/dam/trendmicro/global/en/business/products/network/integratedatp/ SANS_TrendMicroTippingPoint2600NX.pdf
[28] "Kratkiy analiz resheniy v sfere SOV i razrabotka neyrosetevogo detektora anomaliy v setyah peredachi dannyih [Electronic resourse]" , Habr : [website] 2018. URL: https://habr.com/post/358200/
[29] Chi-Ho Tsang, Sam Kwong, Hanli Wang, "Genetic-Fuzzy Rule Mining Approach and Evaluation of Feature Selection Techniques for Anomaly Intrusion Detection" , Pattern Recognition Vol. 40, No 9. (2007): 2373-2391.
[30] Zadeh L.A., "Outline of a New Approach to the Analysis of Complex Systems and Decision Processes" , IEEE Transactions on Systems, Man, and Cybernetics Vol. SMC-3, No 1. (1973): 28-44.
[2] Mustafaev A.G., "Neyrosetevaya sistema obnaruzheniya kompyuternyih atak na osnove analiza setevogo trafika. Elektronnyiy resurs [Neural network system for detecting computer attacks based on network traffic analysis]", Kaliningrad: ID «Yantarnyiy terem», Voprosyi bezopasnosti No 2 (2016): 1-7.
[3] Branitskiy A.A., Kotenko A.V., "Analiz i klassifikatsiya metodov obnaruzheniya setevyih atak [Analysis and classification of network attack detection methods]" , Tr. SPIIRAN No 2 (45) (2016): 207-244.
[4] Patel R., Thakkar A., Ganatra A., "A Survey and Comparative Analysis of Data Mining Techniques for Network Intrusion Detection Systems , India : International Journal of Soft Computing and Engineering (IJSCE) Vol. 2. Issue 1 (2012): 265-260.
[5] Al-Sakib Khan Pathan, "The State of the Art in Intrusion Prevention and Detection" , New York : Auerbach Publications (2014): 516.
[6] Los A.B., Danielyan Yu.Yu., "Sravnitelnyiy analiz sistem obnaruzheniya vtorzheniy, predstavlennyih na otechestvennom ryinke [Comparative analysis of intrusion detection systems presented in the domestic market]" , Vestnik Moskovskogo finasovo-yuridicheskogo universisteta No 3 (2012): 181-187.
[7] Akhemtov B., Korchenko A., Akhmetova S., Zhumangalieva N., "Improved method for the formation of linguistic standards for ofintrusion detection systems" , Journal of The oreticaland Applied Information Technology Vol. 87, No. 2 (2016): 221-232.
[8] Belova A.L., Borodavkin D.A., "Sravnitelnyiy analiz sistem obnaruzheniya vtorzheniy [Comparative analysis of the detection systems]" , Sibir : SFU. Aktualnyie problemyi aviatsii i kosmonavtiki Vol. 1, No 12 (2016): 742-744.
[9] Mohammad Sazzadul Hoque, Md. Abdul Mukit, Md. Abu Naser Bikas, "An implementation of intrusion detection system using genetic algorithm" , International Journal of Network Security & Its Applications (IJNSA). Sylhet Vol. 4, No. 2 (2012): 109-120.
[10] Lawal O.B. et al., "Analysis and Evaluation of Network-Based Intrusion Detectionand Prevention System in an Enterprise Network Using Snort Freeware" , African Journal of Computing & ICT. Ibadan Vol. 6, No. 2 (2013): 169-184.
[11] Gamayunov D.Yu., Smelyanskiy R.L., "Sovremennyie nekommercheskie sredstva obnaruzheniya atak [Modern noncommercial attack detection tools]" , M.: F-t VMiK MGU. Programmnyie sistemyi i instrumentyi. Tematicheskiy sbornik (2002): 20.
[12] Kuznetsov A.A. et al., "The statistical analysis of a network traffic for the intrusion detection and prevention systems" , Telecommunications and Radio Engineering. Kharkiv Vol. 74, No. 1 (2015).
[13] Baboshin V.A., Vasilev V.A., "Obzor zarubezhnyih i otechestvennyih sistem obnaruzheniya kompyuternyih atak [Review of foreign and domestic computer attack detection systems]" , SPb : Sankt-Peterburgskaya nauchno-tehnicheskaya obschestvennaya organizatsiya «Institut telekommunikatsiy». Informatsiya i kosmos Vol. 2 (2015): 36-41.
[14] Marjan Kuchaki Rafsanjani, Zahra Asghari Varzaneh "Intrusion Detection By Data Mining Algorithms" , Journal of New Results in Science. Tokat : Gaziosmanpasa University No. 2 (2013): 76-91.
[15] Korchenko A.A., Ahmetova B.S., "Klassifikatsiya sistem obnaruzheniya vtorzheniy [Classification of intrusion detection systems]" , K.: NAU, InformatsIyna bezpeka No 1 (13); No 2 (14) (2014): 168-175.
[16] Korchenko A.G. Postroenie sistem zaschityi informatsii na nechetkih mnozhestvah [The construction of security systems on the fuzzy sets] (K.: MK-Press, Teoriya i prakticheskie resheniya, 2006): 320.
[17] Cheswick B., "An Evening with Berferd In Which a Cracker is Lured, Endured, and Studied" , NY : Management Analytics and Others (1997): 147.
[18] Andriy Dugin, "Cisco IDS/IPS. Bezopasnaya nastroyka [Cisco IDS/IPS. Secure configuration]" , M. : OOO Izdatelskiy dom «Polozhevets i partneryi». Sistemnyiy administrator No. 8 (81). (2009).
[19] "Arbor Networks Spectrum [Electronic resourse]" , Tehnicheskie dannyie sistemyi Arbor. Burlignton : Arbor Networks Inc. (2016): 4.
[20] "InfoWatch automation system advanced protector [Electronic resourse]" , Zaschita ot atak na informatsionnuyu infrastrukturu ASU TP. Moskva : GK InfoWatch, 2018.
[21] "IPS Software Blade contracts" , SecureKnowledge Details : [website]. San Carlos : Check Point Software Technologies Ltd. 2015.
[22] Northcutt Stephen, "Intrusion Detection: Shadow Style-Step by Step Guide" , Dahlgren: SANS Institute (1998).
[23] Mark Alexander Bain, "Build an IDS with Snort, Shadow, and ACID [Electronic resourse]" , Security. San Francisco : The Linux Foundation 2005. URL: https://www.linux.com/news/build-ids-snort-shadow-and-acid
[24] "Kaspersky Anti Targeted Attack (KATA) Platform" , Kaspersky Lab : [website]. M.: AO Laboratoriya Kasperskogo (2017). "Peredovaya platforma dlya zaschityi ot tselevyih atak i slozhnyih ugroz" , Kaspersky Anti Targeted Attack Platform : [website]. Minsk : Gazeta Pravda (2017).
[25] Kuznetsov A.A., "The statistical analysis of a network traffic for the intrusion detection and prevention systems" , Telecommunications and Radio Engineering. Kharkiv Vol. 74, No. 1 (2015).
[26] "HP TippingPoint Next Generation Intrusion Prevention System [Electronic resourse]" , Geert Busse. Vilvoorde : Westcon-Comstor, 2018. URL: http://be.westcon.com/content/vendors/hp-enterprise-security-solutions/hp-tippingpoint-ngips
[27] "SANS – Intrusion Prevention with TippingPoint [Electronic resourse]" , Dave Shackleford. SANS Analyst Program. Swansea : SANS Institute by Trend Micro, 2015. URL: https://www.trendmicro.com/content/dam/trendmicro/global/en/business/products/network/integratedatp/ SANS_TrendMicroTippingPoint2600NX.pdf
[28] "Kratkiy analiz resheniy v sfere SOV i razrabotka neyrosetevogo detektora anomaliy v setyah peredachi dannyih [Electronic resourse]" , Habr : [website] 2018. URL: https://habr.com/post/358200/
[29] Chi-Ho Tsang, Sam Kwong, Hanli Wang, "Genetic-Fuzzy Rule Mining Approach and Evaluation of Feature Selection Techniques for Anomaly Intrusion Detection" , Pattern Recognition Vol. 40, No 9. (2007): 2373-2391.
[30] Zadeh L.A., "Outline of a New Approach to the Analysis of Complex Systems and Decision Processes" , IEEE Transactions on Systems, Man, and Cybernetics Vol. SMC-3, No 1. (1973): 28-44.
Загрузки
Как цитировать
ZHUMANGALIYEVA, N. K., Korchenko, A. A., Doszhanova, A. A., & Avkurova, Z. S. (2019). Анализ систем обнаружения вторжений. Вестник КазНУ. Серия математика, механика, информатика, 103(3), 55–74. https://doi.org/10.26577/JMMCS-2019-3-26
Выпуск
Раздел
Информатика
