Cybernetics And Systems Analysis logo
Editorial Board Announcements Abstracts Authors Archive
Cybernetics And Systems Analysis
International Theoretical Science Journal
-->

UDC 004.7.056.5
V. Tkach1, A. Kudin2, V. Zadiraka3, I. Shvidchenko4


1 Blekinge Institute of Technology, Karlskrona, Sweden; National Technical University of Ukraine “Igor Sikorsky Kyiv Polytechnic Institute,” Kyiv, Ukraine

volodymyr.tkach@bth.se, vntkach@gmail.com

2 National Technical University of Ukraine “Igor Sikorsky Kyiv Polytechnic Institute;” National Bank of Ukraine, Kyiv, Ukraine

pplayshner@gmail.com

3 V.M. Glushkov Institute of Cybernetics of the NAS of Ukraine, Kyiv, Ukraine

zvk140@ukr.net

4 V.M. Glushkov Institute of Cybernetics of the NAS of Ukraine, Kyiv, Ukraine

inetsheva@gmail.com

SIGNATURELESS ANOMALOUS BEHAVIOR DETECTION
IN INFORMATION SYSTEMS

Abstract. The early detection of cyber threats with cyber-attacks adapted to the nature of information systems is a crucial cybersecurity problem. This problem and the task of recognizing normal and abnormal states and behavior of various processes in information systems are closely related. An additional condition is often the absence of templates, signatures, or rules of normal behavior that would allow using existing statistical or other known methods of data analysis. We analyze the existing and propose a new method for detecting abnormal behavior without the use of signatures based on the finite state machine (FSM) model and the Security Information and Events Management (SIEM) system.

Keywords: anomaly detection, finite state machine, SIEM, time-series, cybersecurity.


full text

REFERENCES

  1. Akinlade E., Adeleye E. Designing a secure interactive system: balancing the conflict between security, usability, and functionality. 2022. URL: https://www.researchgate.net/publication/366252638_Designing_a_secure_interactive_system_balancing_the_conflict_between_security_usability_ and_functionality .

  2. Rainie L., Anderson J., Connolly J. Cyber attacks likely to increase. 2014. URL: https://www. pewresearch.org/internet/2014/10/29/cyber-attacks-likely-to-increase .

  3. On Basic Principles of Cyber Security in Ukraine: the Law of Ukraine of October 5, 2017 № 2163-VIII. The official gazette of Ukraine, 2017. Issue № 91. P. 2765. URL: https://zakon .rada.gov.ua/laws/show/2163-19.

  4. Letychevskyi O., Hryniuk Y., Yakovlev V., Peschanenko V., Radchenko V. Algebraic matching of vulnerabilities in a low-level code. The ISC International Journal of Information Security. 2019. Vol. 11, Iss. 3. P. 1–7. "https://doi.org/10.22042/isecure.2019.11.0.1.

  5. Letychevskyi O., Polhul T. Detection of fraudulent behavior using the combined algebraic and machine learning approach. Proc. 2019 IEEE International Conference on Big Data (Big Data) (09-12 December 2019, Los Angeles, CA, USA). Los Angeles, 2019. P. 4289–4293. https://doi.org/10.1109/BigData47090.2019.9006546.

  6. Chandola V., Banerjee A., Kumar V. Anomaly detection: A survey. ACM Computing Surveys. 2009. Vol. 41, Iss. 3. P. 1–58. https://doi.org/10.1145/1541880.1541882.

  7. Huang H. Rank based anomaly detection algorithms.: PhD Thesis, Syracuse University, 2013. 182 p. URL: https://surface.syr.edu/eecs_etd/331/.

  8. Hawkins S., He H., Williams G., Baxter R. Outlier detection using replicator neural networks. In: Data Warehousing and Knowledge Discovery. DaWaK 2002. Kambayashi Y., Winiwarter W., Arikawa M. (Eds). Lecture Notes in Computer Science. 2002. Vol. 2454. P. 170-180. https://doi.org/10.1007/3-540-46145-0_17 .

  9. Yan W., Yu L. On accurate and reliable anomaly detection for gas turbine combustors: a deep learning approach. Proc. Annual Conference of the Prognostics and Health Management Society 2015 (18–24 October 2015, Coronado, CA, USA). Coronado, 2015. URL: https://arxiv.org/ pdf/1908.09238.pdf .

  10. Dewa Z., Maglaras L.A. Data mining and intrusion detection systems. International Journal of Advanced Computer Science and Applications. 2016. Vol. 7, Iss. 1. P. 62–71. https://dx.doi. org/10.14569/IJACSA.2016.07010.

  11. Amer M., Goldstein M., Abdennadher S. Enhancing one-class support vector machines for unsupervised anomaly detection. Proc. ACM SIGKDD Workshop on Outlier Detection and Description (11 August 2013, Chicago, Illinois, USA). Chicago, 2013. P. 8–15. https://doi.org/ 10.1145/2500853.2500857 .

  12. Tkach V., Kudin A., Kebande V.R., Baranovskyi O., Kudin I. Non-pattern-based anomaly detection in time-series. Electronics. 2023. Vol. 12, Iss. 3. 721. https://doi.org/10.3390/electronics12030721.




© 2023 Kibernetika.org. All rights reserved.