Zuev D.O., Usov A.Y., Kropachev A.V., Mostovshchikov D.N.

Zuev Denis Olegovich - Independent Consultant,

COLORADO, UNITED STATES OF AMERICA;

Usov Aleksey Yevgenyevich - Technical Architect,

RUSSIAN GOVT INSURANCE, MOSCOW;

Kropachev Artemii Vasilyevich – Manager,

AUTOMATION SOLUTION DEPARTMENT,

BELL INTEGRATOR, COLORADO, UNITED STATES OF AMERICA;

Mostovshchikov Dmitrii Nikolaevich – Manager,

SYSTEM INSTALLATION SOLUTIONS DEPARTMENT,

BELL INTEGRATOR, MOSCOW

Abstract: Data Center cyber-protection methods based on host-based intrusion prevention systems and network based intrusion prevention systems were considered. Basic algorithm of intrusion prevention system functioning and operational readiness evaluation which includes objects of analysis, procedures and evaluation indicators was discussed. It was shown that procedures to be done by Data Center cyber-protection system are identification of the event, signatures database management and denial management. Evaluation of intrusion prevention system efficiency was proved to be based on errors’ numbers and scalability. Thereby it should include accuracy, robustness, performance and scalability parameters.  Main prevention systems which show model of detection systems interaction with monitored environment events were discussed. Specifically detection strategy based classification which includes cyber-attack signatures analysis, anomalies analysis, hybrid strategy, detection system behavior based classification which includes active behavior, passive behavior, monitored environment based classification which includes local network, global network, hybrid environment, detection system architecture based classification which includes centralized architecture, distributed architecture, hierarchical architecture, detection system performance based classification which includes real time analysis, offline analysis were analyzed. It was mentioned that anomaly-based systems development has to be supervised by operators and adapted to the parameters of the Data Center network. They were divided to three groups: statistical modeling, knowledge based modeling and modeling based on machine learning techniques. It was mentioned that cyber-threats could be modeled as process of transmission of data in hidden channel that change state of some functional node of Data Center. Unified mathematical model of intrusion detection system work which includes states of the infrastructure functional nodes, events involved in a system and transition between the states caused by those events was proposed.

Keywords: Data Center, intrusion prevention system, robustness, hybrid environment, anomaly-based system, machine learning, mathematical model.

References

1. Yeung D.Y., Ding Y. Host-Based Intrusion Detection using Dynamic and Static Behavioral Models. Pattern Recognition 36/1, 2003. 229–243.
2. Undercoffer Jeffrey L. Intrusion detection: modeling system state to detect and classify anomalous behaviors, 2004.
3. Lee W., Miller M., Stolfo S.J., Fan W. Toward Cost-Sensitive Modeling for Intrusion Detection and Response. Journal of Computer Security10. August, 2002. 5–22.
4. Cheng T.H., Lin Y.D. Evasion Techniques: Sneaking through Your Intrusion Detection/Prevention Systems. IEEE Communications Surveys Tutorials 14/4, 2012. 1011–1020.
5. Kumar M. Encrypted Traffic and IPsec Challenges for Intrusion Detection System. In: Proceedings of the International Conference on Advances in Computing. August, 2012. 721–727.
6. Thonnard O., Bilge L., O’Gorman G. Industrial Espionage and Targeted Attacks: Understanding the Characteristics of an Escalating Threat. In: Proceedings of the 15th International Conference on Research in Attacks, Intrusions, and Defenses, Berlin, Heidelberg, Springer-Verlag, 2012. 64–85.
7. Wang L., Jajodia S., Singhal A. K-zero Day Safety: Measuring the Security Risk of Networks Against Unknown Attacks. In: Proceedings of the 15th European Conference on Research in Computer Security, Berlin, Heidelberg, Springer-Verlag, 2010. 573–587.
8. Salah S., Maciá-Fernández G., Díaz-Verdejo J.E. A Model-Based Survey of Alert Correlation Techniques. Computer Networks 57/5, 2013. 1289–1317.
9. Elshoush H.T., Osman I.M. Alert Correlation in Collaborative Intelligent Intrusion Detection Systems–A Survey. Applied Soft Computing 11/7, 2011. 4349–4365.
10. Nehinbe J. Log Analyzer for Network Forensics and Incident Reporting. In: Proceedings of the International Conference on Intelligent Systems, Modelling and Simulation, 2010. 356–361.
11. Standard I. Information technology - Security Techniques - Selection, Deployment and Operations of Intrusion Detection Systems. Technical Report ISO/IEC, ISO/IEC (June 2006).
12. Gu G., Porras P., Yegneswaran V., Fong M., Lee W. BotHunter: Detecting Malware Infection Through IDS-driven Dialog Correlation. In: Proceedings of the 16th USENIX Security Symposium, Berkeley. CA. USA. USENIX Association, 2007. 167–182.
13. Chandola V., Banerjee A., Kumar V. Anomaly Detection: A Survey. ACM Computing Surveys 41/3. July, 2009. 1–58.
14. Golovko V., Bezobrazov S., Kachurka P. Neural Network and Artificial Immune Systems for Malware and Network Intrusion Detection. Advances in Machine Learning II. Volume 263 of Studies in Computational Intelligence. Springer Berlin Heidelberg, 2010. 485–513.
15. Bridges S.M., Vaughn R.B. Data Mining for Intrusion Detection: From Outliers to True Intrusions. In: Proceedings of the 13th Pacific-Asia Conference on Advances in Knowledge Discovery and Data Mining. April 27–30, 2009. 891–898.

Ссылка для цитирования данной статьи 

		Тип лицензии на данную статью – CC BY 4.0. Это значит, что Вы можете свободно цитировать данную статью на любом носителе и в любом формате при указании авторства.
Полная ссылка для цитирования. Zuev D.O., Usov A.Y., Kropachev A.V., Mostovshchikov D.N. BASIC APPROACHES OF DEVELOPMENT OF DATA CENTER PROTECTION SYSTEMS // Научные исследования №4(24). 2018 / XXIII Международная научно-практическая конференция «Научные исследования: ключевые проблемы III тысячелетия» (Россия. Москва. 02 апреля 2018). С. {см. журнал}. Краткая ссылка. Zuev D.O., Usov A.Y., Kropachev A.V., Mostovshchikov D.N. BASIC APPROACHES OF DEVELOPMENT OF DATA CENTER PROTECTION SYSTEMS // Научные исследования №4(24). 2018. С. {см. журнал}.

Поделитесь данной статьей, повысьте свой научный статус в социальных сетях

Tweet