Исследование методов прогнозирования атак на информационные системы

Abstract

The article analyzes the methods of forecasting attacks on information systems. Within the framework of experimental studies, the best method for predicting attacks on information systems has been identified. At the present stage of society’s development, the problems of information security come to the fore in most areas of the company’s activities. This is due to a significant number of informatization projects currently being implemented. Most of them are aimed at building a unified information space in order to optimize the processing of large volumes of various kinds of information, including ensuring its reliable storage and prompt access for participants of information exchange. Priority tasks in this direction are: identification, analysis and classification of existing mechanisms for the implementation of threats to information security; assessment of possible damage; identification of basic measures to counter threats; elimination of vulnerabilities; development of security criteria and protection mechanisms. One of the means of solving these problems is the detection of computer attacks. Malicious impacts on information systems can be presented in the form of network attacks. A network attack is an intentional action by third parties aimed at establishing control over a local or remote computer or computer system. As a result of attacks, attackers can disrupt the network, change account rights, receive users’ personal data and implement other goals. Network attacks by the nature of the impact on the network can be divided into active and passive. The active ones affect the network, which may cause the network to malfunction, or modification of its settings. This type of exposure leaves traces in the network, which is why it is immediately calculated that it will be detected. A passive attack is carried out without affecting the network. But her work violates network security. It is much more difficult to detect it than the active one due to the lack of direct intervention. Basically, the purpose of the attack is unauthorized access to protected information, distorting it or intercepting it. In the first case, the data is changed, in the second, access is performed without interfering with the data structure.