UDK 004.056.53 Doi: 10.31772/2587-6066-2018-19-3-412-422
INVESTIGATION OF THE NETWORK ANOMALIES OF THE CORPORATE NETWORK OF KRASNOYARSK SCIENTIFIC CENTER
N. V. Kulyasov*, S. V. Isaev
Institute of Computational Modelling SB RAS, 50/44, Academgorodok, Krasnoyarsk, 660036, Russian Federation. *E-mail: razor@icm.krasn.ru
The problem of securing the corporate network of a research organization is being solved. The urgency of supporting preventive measures for protecting network resources for the organizations performing scientific support of hightech production, conducting space researches and creating high-tech equipment is grounded, where the loss of confi dential data with unauthorized external influence can lead to significant consequences. To solve the problem, it is suggested to analyze the anomalies of network traffic, which can indicate the occurrence of cyberthreats. The paper reviews the existing methods and software products designed to analyze anomalies. On their basis, we propose our own original software tool that allows automatic detection of anomalies and subsequent detailed analysis of network service logs according to the metrics chosen by the administrator. The software tool is designed as a web application integrated into the existing infrastructure of the corporate network of a scientific organization. The implementation of the web application showed topicality and relevance of the development of an anomaly detection system. To further expand the methods of protecting the corporate network, full-featured software has been developed (Autonomous Log Analysis System) that performs automatic analysis and aggregation of network services data and provides interactive means of visualizing results. The system has a convenient graphical interface that allows you to visually evaluate the statistics of detected anomalies. With the help of a software tool, the administrator can identify the most critical incidents and suppress them in the future, changing the configuration of active protection systems. The software contains tools for constructing diagrams that show the number of anomalies over time periods, their distribution by observable services, sources of threats. It shows data on active clients exposed to threats, frequency of requests for selected protocols, monitors the exceeding of thresholds. The application of the developed software allows the configuration of the first line of protection against network attacks, improves responsiveness and the effectiveness of intrusion prevention by detecting missed by standard means of protection of incidents.
Keywords: network anomalies, cybersecurity, anomaly detection system, intrusion detection system.
References

1. Isaev S. V. [Cybersecurity of a scientific institution – assets and threats]. Informatizatsiya i svyaz. 2015, No. 1, P. 53–57 (In Russ.).

2. Papadaki M. IDS or IPS: what is best? Network Security. 2004, No. 7, P. 15–19.

3. Kotov V. D., Vasilev V. I. [The current state of the problem of detecting network intrusions]. Vestnik UGATU. 2012, No. 3(48), P. 198–204 (In Russ.).

4. Mikova S. Y., Oladko V. S., Nesterenko M. A. [Approach to the classification of network traffic anomalies]. Innovatsionnaya nauka. 2015, No. 11-2, P. 78–80 (In Russ.).

5. Muniyandi A. P. Network Anomaly Detection by Cascading K-Means Clustering and C4.5 Decision Tree algorithm. Procedia Engineering. 2012, No. 30, P. 174–182.

6. Branickij A. A., Kotenko I. V. [Detection of network attacks based on the integration of neural, immune and neuron-fuzzy classifiers]. Informatsionnoupravlyayushchie sistemy. 2015, No. 4 (77), P. 69–77 (In Russ.).

7. Basarab M. A. Stroganov I. S. [Detection of anomalies in information processes based on multifractal analysis]. Voprosy kiberbezopasnosti. 2014, No. 4 (7), P. 30–40 (In Russ.).

8. Nesterenko V. A. [Construction and use of the density function in the characteristic space to detect abnormal events]. Izvestiya YuFU. Tekhnicheskie nauki. 2008, No. 8, P. 130–134 (In Russ.).

9. Kononov D. D. [Criteria for assessing security aspects in the development of Web applications]. Мaterialy XXI Mezhdunar. nauch. konf. “Reshetnevskie chteniya” [Materials XXI Intern. Scientific. Conf “Reshetnev readings”]. Krasnoyarsk, 2017, P. 413–414 (In Russ.).

10. Podkorytov D. A. [The Computer Systems Security Policy Model]. Informatsionno-upravlyayushchie sistemy. 2004, No. 1, P. 41–49 (In Russ.).

11. Babenko G. V. [Analysis of current threats to information security arising from network interaction]. Vestnik AGTU. Seriya: Upravlenie, vyichislitelnaya tekhnika i informatika. 2010, No. 2, P. 149–152 (In Russ.).

12. Kotov V. D., Vasilev V. I. [The current state of the problem of detecting network intrusions]. Vestnik UGATU. 2012, No. 3(48), P. 198–204 (In Russ.).

13. Trubachova I. S. [Why Linux and real-time systems?]. Vestnik VUiT. 2015, No. 2(24), P. 99–106 (In Russ.).

14. Shepelev A. N., Bukatov A. A., Pyihalov A. V. [Analysis of approaches and tools for processing service logs]. IVD. 2013, No. 4(27), P. 15–29 (In Russ.).

15. Ivanov A. N., Koznov D. V., Tyijgeev M. G. [Modeling the interface of full-featured Web-based applications that work intensively with data]. Vestnik SPbGU. Seriya 10. Prikladnaya matematika. Informatika. Protsessyi upravleniya. 2009, No. 3, P. 189–204 (In Russ.).

16. Chaudri A. Internet domain names and interaction with intellectual property. Computer Law & Security Review. 2007, No. 23(1), P. 62–66.


Kulyasov Nikita Vladimirovich – programmer, Institute of Computational Modelling SB RAS. Е-mail: razor@icm.krasn.ru.

Isayev Sergey Vladislavovich – Cand. Sc., Docent, Deputy Director for Research, Institute of Computational Modelling SB RAS. Е-mail: si@icm.krasn.ru.


  INVESTIGATION OF THE NETWORK ANOMALIES OF THE CORPORATE NETWORK OF KRASNOYARSK SCIENTIFIC CENTER