DETECTING THE INFORMATION SECURITY ANOMALIES BASED ON AN ENTROPY ANALYSIS OF THE INFORMATION SYSTEM-Reference-Cited by-同舟云学术

DETECTING THE INFORMATION SECURITY ANOMALIES BASED ON AN ENTROPY ANALYSIS OF THE INFORMATION SYSTEM

Published:2022 Issue:1 Volume:59 Page:
ISSN:2223-0858
Container-title:Energy and automation
language:
Short-container-title:Energy and automation

Author:

Panchenko M.,Bigdan A.,Babenko T.,Tymofieiev D.

Abstract

Measures to protect against cyberattacks are unable to provide a 100% guarantee that an attacker cannot penetrate an information system. If an attacker has gained access to the system, then such actions should be detected as soon as possible and interrupt access, as well as an investigation to fix security gaps. Methods used to detect attacks are divided into detecting misuse and detecting anomalies. This paper investigates the applicability of a frequency method that detects anomalies in the system by analyzing the entropy of the event log. This method is typically used to detect anomalies in network traffic, and unauthorized activities can also be indicated by anomalies in the hosts' event log. Studies on the Windows event log have shown that by analyzing the entropy, it is possible to detect exceeding the security thresholds by the number of different messages in the event log. This may indicate anomalies in the operation of the information system. The proposed method can be integrated into intrusion detection systems that notify the security administrator of possible violations.

Publisher

National University of Life and Environmental Sciences of Ukraine

Subject

General Earth and Planetary Sciences,General Environmental Science

Reference8 articles.

1. Smith, Z. M., Lostri, E., Lewis, J. A. (2020). The Hidden Costs of Cybercrime. McAfee. Available at: https://www.mcafee.com/enterprise/en-us/assets/reports/rp-hidden-costs-of-cybercrime.pdf

2. Kolodchak, O. (2012). Suchasni metody vyiavlennia anomalii v systemakh vyiavlennia vtorhnen. [Modern methods of detecting anomalies in intrusion detection systems]. Visnyk Natsionalnoho un-tu «Lvivska politekhnika». Komp’iuterni systemy ta merezhi, 745, 98–104. Available at: https://science.lpnu.ua/sites/default/files/journal-paper/2017/nov/6726/16-98-104.pdf

3. Kazmirchuk, S. V., Korchenko, A. O., Parashchuk, T. I. (2018). Analiz system vyiavlennia vtorhnen [Analysis of intrusion detection systems]. Ukrainian Information Security Research Journal, 20(4). Available at: https://doi.org/10.18372/2410-7840.20.13425

4. Ruban, I. V., Martovytskyi, V. O., Partyka, S. O. (2016). Klasyfikatsiia metodiv vyiavlennia anomalii v informatsiinykh systemakh [Classification of methods for detecting anomalies in information systems]. Systemy ozbroiennia i viiskova tekhnika, (3), 100-105. Available at: http://nbuv.gov.ua/UJRN/soivt_2016_3_24

5. Radivilova, T., Kirichenko, L., Tawalbeh, M., Ilkov, A. (2021). Vyiavlennia anomalii v telekomunikatsiinomu trafiku statystychnymy metodamy [Detection of anomalies in the telecommunications traffic by statistical methods]. Cybersecurity: Education, Science, Technique, 11(3), 183–194. Available at: https://doi.org/10.28925/2663-4023.2021.11.183194

Cited by 1 articles. 订阅此论文施引文献订阅此论文施引文献，注册后可以免费订阅5篇论文的施引文献，订阅后可以查看论文全部施引文献

1. Optimising Bcrypt Parameters: Finding the Optimal Number of Rounds for Enhanced Security and Performance;Compiler;2024-05-31