Analysis of statistical data from network infrastructure monitoring to detect abnormal behavior of system local segments

Abstract

We propose a method of information security monitoring for a wireless network segments of low-power devices, "smart house", "Internet of Things". We have carried out the analysis of characteristics of systems based on wireless technologies, resulting from passive surveillance and active polling of devices that make up the network infrastructure. We have considered a number of external signs of unauthorized access to a wireless network by the potential information security malefactor. The model for analysis of information security conditions is based on the identity, quantity, frequency, and time characteristics. Due to the main features of devices providing network infrastructure, estimation of information security state is directed to the analysis of the system normal operation, rather than the search for signatures and anomalies during performance of various kinds of information attacks. An experiment is disclosed that provides obtaining statistical information on the remote wireless devices, where the accumulation of data for decision-making is done by comparing the statistical information service messages from end nodes in passive and active modes. We present experiment results of the information influence on a typical system. The proposed approach to the analysis of network infrastructure statistical data based on naive Bayesian classifier can be used to determine the state of information security.