|
advertisement |
|
|
|
|
|
|
Industrial Automatic Control Systems and Controllers Annotation << Back
Research of Efficiency of Measures of Protection when Detecting the Symptoms of the Availability of Activity of Harmful Software |
A.S. Smirnov, N.R. Pandykly, A.V. Dushkin, N.I. Goncharov
The article compares the methods of protecting information in information systems using only automated tools for working with indicators of network activity of malicious software and when used in conjunction with expert methods for detecting signs of such activity. For this, a research complex based on the Oracle VM VirtualBox platform is considered. A method has been developed for modeling malware infections of an information system. The examples use the Metasploit Framework, which allows an unprivileged user to be elevated to the administrator level. After successfully infecting the host, network dumps are taken and TCP streams are analyzed to determine where the malicious software is likely to be active. Based on this analysis, the signatures of Yara Rules are compiled, later introduced into the means of automatic monitoring of the system state. Next, an assessment is made of the effectiveness of information protection measures, using only automated tools for working with indicators, and sharing them with expert methods to detect signs of the presence of malicious software activity.
Keywords: automatic monitoring; malware; network activity indicator; signature; expert method.
Contacts: E-mail: w-nekit-p@mail.ru, E-mail: a_dushkin@mail.ru, E-mail: nikigoncharov@ya.ru
Pp. 40-52. |
|
|
|
Last news:
Выставки по автоматизации и электронике «ПТА-Урал 2018» и «Электроника-Урал 2018» состоятся в Екатеринбурге Открыта электронная регистрация на выставку Дефектоскопия / NDT St. Petersburg Открыта регистрация на 9-ю Международную научно-практическую конференцию «Строительство и ремонт скважин — 2018» ExpoElectronica и ElectronTechExpo 2018: рост площади экспозиции на 19% и новые формы контент-программы Тематика и состав экспозиции РЭП на выставке "ChipEXPO - 2018" |