Devising a method of protection against zero-day attacks based on an analytical model of changing the state of the network sandbox-Reference-Cited by-同舟云学术

Devising a method of protection against zero-day attacks based on an analytical model of changing the state of the network sandbox

Published:2021-02-27 Issue:9 (109) Volume:1 Page:50-57
ISSN:1729-4061
Container-title:Eastern-European Journal of Enterprise Technologies
language:
Short-container-title:EEJET

Author:

Buchyk Serhii^ORCID,Yudin Oleksandr^ORCID,Ziubina Ruslana^ORCID,Bondarenko Ivan^ORCID,Suprun Oleh^ORCID

Abstract

This paper reports a method of protection against zero-day attacks using SandBox technology based on the developed analytical model with a probabilistic ranking of information system states. The model takes into consideration the conditions of a priori uncertainty regarding the parameters of the destructive flow on the system, accounting for the typical procedures of the network SandBox. The proposed model of information system states makes it possible to analyze and track all possible states, as well as assess the level of security in these states, and the probability of transitions into them. Thus, it is possible to identify the most dangerous ones and track the activities that caused the corresponding changes. The fundamental difference between this model and standard approaches is the weight coefficients that characterize not the intensity of random events but the intensity of transitions between states. Direct implementation and application of the proposed analytical model involved the technology of multilevel network "SandBoxes". The difference from other popular anti-virus tools is the use of a priori mathematical threat assessment, which makes it possible to detect influences that are not considered threats by classical systems until the moment of harm to the system. The combination with standard security tools makes it possible to separately analyze files that are too large in size, whether they enter the system not through a common gateway controlled by the network "SandBox" but from the external media of end-users. The implementation of the developed analytical model has made it possible to improve the level of protection of the corporate network by 15 %, based on the number of detected threats. This difference is explained by the inability of classical software to detect new threats if they are not already listed in the database of the program, and their activity is not trivial

Publisher

Private Company Technology Center

Subject

Applied Mathematics,Electrical and Electronic Engineering,Management of Technology and Innovation,Industrial and Manufacturing Engineering,Computer Science Applications,Mechanical Engineering,Energy Engineering and Power Technology,Control and Systems Engineering

Cited by 14 articles. 订阅此论文施引文献订阅此论文施引文献，注册后可以免费订阅5篇论文的施引文献，订阅后可以查看论文全部施引文献

1. Method for Detecting Phishing Sites;Lecture Notes in Electrical Engineering;2024

2. An Improved Method of Detection and Localization of Signals in the Digital Range;2022 IEEE 4th International Conference on Advanced Trends in Information Theory (ATIT);2022-12-15

3. Studying Antenna-Feeder Matching Effects with Help of Computer Simulation Model;2022 IEEE 4th International Conference on Advanced Trends in Information Theory (ATIT);2022-12-15

4. Development of Model of Artificial Ecosystem on the Basis of Genetic Algorithm;2022 IEEE 4th International Conference on Advanced Trends in Information Theory (ATIT);2022-12-15

5. Ransomware Identification Through Sandbox Environment;Proceedings of the Future Technologies Conference (FTC) 2022, Volume 2;2022-10-13