| Abstract [eng] |
The object of the dissertation research is the detection of intelligent cyber-attack techniques allowing early detection of cyber attack parameters and their specific characteristics from complex IT systems and the telecommunication network behavioural pathway and ensuring the detection of cyber attacks in the early (1–3) stages. Intelligent cyber attacks cause the most significant damage in Information and Telecommunications systems. Such attacks can take a very long time, require considerable financial and human resources, and, therefore, they can only be organized by large interest groups. Furthermore, the current Intrusion detection systems, Intrusion prevention systems and Intrusion response systems used to protect against cyber attacks suffer from several shortcomings. Such systems respond only to the attack itself when it is too late to take preventive action, and they are not suitable for detecting an attack in its early stages when it is still possible to block the attack and minimize the losses. Early detection requires detailed monitoring of network and system parameters to be able to accurately identify the early stages of the attack when it is still possible to ‘kill the attack chain‘. The early-staged cyber attack detection method based on the attack chain analysis while using logical filter system is suggested. This method requires limited computing resources; therefore, it can be implemented in mobile devices, as well. The aim of this work is to develop and examine a method that would enable the detection of early-stage cyber attacks based on parametric logic filter analysis, identifying early attack traits from attack-forming complex factors isolated from cached network traffic and system performance data. The work intends to perform the following tasks: 1. Perform analysis of the main stages of attacks and their detection methods; 2. Analyze network and system monitoring data by indicating parameters and regularities that enable early detection; 3. Create a system and algorithms capable of determining the necessary detection features for monitoring data streams; 4. Create a method that will enable detection of attacks at early moments by using the collected set of parameters; 5. Experimentally test the created system by collecting monitoring data, obtaining the attacks parameters from the complex traffic and detecting cyber attacks in their early stages. |
