Development of methods for neutralizing «Zero-day» threats

Abstract

Objective. The purpose of this study is to develop and analyze methods for neutralizing «zero-day» threats in order to increase the level of cybersecurity and protection of information systems. Method. In this article, a behavioral analysis of the threat is used. The characteristic features of the zero-day exploit behavior have been studied. The threat model is based on solving the tasks of timely detection and neutralization of the threat. Result. The actual problem of information systems security - the threat of «zero-day» is considered. The review of existing neutralization methods and discussion of effective new approaches were carried out. It has been revealed that the main vulnerability is outdated threat signatures. Threat detection is based on a study of the behavior of software a comparison with the previous day tracking is possible mainly by analyzing log files taken from an automated workplace. Conclusion. The content of this work emphasizes the importance of developing methods to neutralize «zero-day» threats in order to avoid the centralized spread of vulnerability and infection of a large number of automated workplaces, which can lead to the suspension of production processes within a large enterprise.