Abstract
There are currently many threats to network security. This is especially true for telecom operators and telecommunication service providers, which are a key link in the data transmission infrastructure for any company. To ensure the protection of their infrastructure and cloud services provided to end-users, telecom operators have to use non-trivial solutions. At the same time, the accuracy of defining attacks by security systems is not the least. In the framework of this study, an approach was developed and attack detection was modeled based on the analysis of state chains of network nodes. The proposed approach allows the comparison of events occurring in the network with events recorded by intrusion detection systems. In our study, we solve the problem of formalizing a typical attack profile in a network of telecommunication service providers by constructing a sequence of transitions of states of network nodes and the time of the state change of individual devices under study. The study covers the most popular types of attacks. To formalize the rules for classifying states, the study uses a decision tree algorithm to build a chain of security events. In the experimental part of the study, the accuracy of the classification of known types of attacks recorded in security event logs using ROC analysis was assessed. The results obtained made it possible to evaluate the effectiveness of the developed model for recognizing network attacks in the infrastructure of telecommunication service providers. The experimental results show fairly high accuracy in determining the popular type of attack. This will also help in the future to reduce the response time to security incidents in a large network, due to earlier detection of illegitimate behavior.
Highlights
Анализ событий безопасности и выявление сетевых атак исследовался в ряде научных работ
Следующий момент времени и, следовательно, отследить для каждого узла полную цепочку событий
In the framework of this study, an approach was developed and attack detection was modeled based on the analysis of state chains of network nodes
Summary
В рамках настоящего исследования разработан подход и проведено моделирование обнаружения атак на основе анализа цепочек состояний сетевых узлов. В связи с этим разработка современных методов выявления вторжений и атак на сети провайдеров телекоммуникационных услуг в настоящее время направлена на фор-. 1. Обзор исследований Подход определения подозрительной сетевой активности, предложенный в данной работе, основан на анализе изменений состояний узлов сети провайдеров телекоммуникационных услуг и формировании на их базе профилей различных типов нелегитимного поведения. Этот метод может использоваться для обнаружения аномалий в анализе трафика и выявления подозрительной активности при доступе к облачным информационным ресурсам, расположенным на сайте поставщика телекоммуникационных услуг [4]. Ishitaki и др., разработан подход, основанный на использовании нейронной сети для идентификации сетевых соединений, организованных с использованием Tor. Авторы отмечают, что основными метриками выступали: число сетевых пакетов, время отклика, джиттер и число потерянных сетевых пакетов. Типовая схема сети провайдеров телекоммуникационных услуг представлена на рис. 1
Sign-in/Register to view highlights & summary Sign-in/Register to access full text options 
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a callMore From: Bulletin of the South Ural State University. Ser. Computer Technologies, Automatic Control & Radioelectronics
Disclaimer: All third-party content on this website/platform is and will remain the property of their respective owners and is provided on "as is" basis without any warranties, express or implied. Use of third-party content does not indicate any affiliation, sponsorship with or endorsement by them. Any references to third-party content is to identify the corresponding services and shall be considered fair use under The CopyrightLaw.
