Comparative analysis of methods of searching signatures of computer attacks in the dictionary of symbols
Authors: Cheredanova E.M., Pechkurova I.R., Pechkurova V.R., Mamchenko E.A. | |
Published in issue: #8(25)/2018 | |
DOI: 10.18698/2541-8009-2018-8-359 | |
Category: Informatics, Computer Engineering and Control | Chapter: Methods and Systems of Information Protection, Information Security |
|
Keywords: signature method, DDoS attack, feature dictionary, iteration, hash-function, sequential method, iterative method, hash addressing method |
|
Published: 09.08.2018 |
The article states that the ability to identify computer DDoS attacks in real time is one of the key aspects of information security, ensuring the security of network resources, and limiting access to server computing facilities. Analysis of the effectiveness of the three types (sequential, iterative and by using hash addressing) of the signature method based on the search for signs of computer attack in the corresponding dictionary is conducted. As a result of the research, the merits and demerits of all the methods considered were revealed. The factors influencing the decision-making on the choice of a particular type of signature method are also identified. In a generalized form, brief recommendations to specialists in protecting information and securing network resources on the use of the three variants of the signature method for detecting a DDoS attack are generated.
References
[1] Shan’gin V.F. Zashchita informatsii v komp’yuternykh sistemakh i setyakh [Information protection in PC networks and systems]. Moscow, DMK Press publ., 2012, 592 p.
[2] Alferov A.P., Zubov A.Yu., Kuz’min A.S., Cheremushkin A.V. Osnovy kriptografii [Cryptography fundamentals]. Moscow, Gelios ARV publ., 2002, 480 p.
[3] Fedorov A.K. Protivodeystvie atake “Photon number splitting attack” pri kvantovom raspredelenii klyucha BB84 [“Photon number splitting attack” resistance at quantum distribution of BB84 key]. Studencheskiy nauchnyy vestnik. Sb. tezisov obshcheuniversitetskoy nauch.-tekh. konf. “Studencheskaya nauchnaya vesna — 2011”. T. XI, ch. II [Students science bulletin. Proc. Universiry Sci.-Tech. Conf “Students scientific spring-2011”. Vol. XI. P. II]. Moscow, Bauman Press, 2012, pp. 204–205.
[4] Abashev A.N, Pazukhin V.A, Slyshkin A.S. One step ahead cybercriminals. Informatsionnaya bezopasnost’ [Information Security], 2015, no. 1, pp. 8–11.
[5] Mazin A.V., Klochko O.S. Analiz metodov protivodeystviya ugrozam i atakam na vychislitel’nye sistemy [Analysis of counteraction methods to threats and attacks on computer networks]. Naukoemkie tekhnologii v priboro- i mashinostroenii i razvitie innovatsionnoy deyatel’nosti v vuze. Mater. Vseross. nauch. tekhnich. konf. T. 3 [High-end technologies in instrument and mechanical engineering and development of innovative activity in university. Proc. Russ. Sci.-Tec. Conf. Vol. 3]. Moscow, 2014, Bauman Press, pp. 71–76.
[6] Klimov S.M., Sychev M.P., Astrakhov A.V. Protivodeystvie komp’yuternym atakam. Metodicheskie osnovy [Counteractions to computer attacks. Methodical fundamentals]. Moscow, Bauman Press, 2013, 108 p.
[7] For A. Vospriyatie i raspoznavanie obrazov [Image acquisition and recognition]. Moscow, Mashinostroenie publ., 1989, 272 p.
[8] Kharitonov V.A. Osnovy teorii zhivuchesti funktsional’no izbytochnykh system [Theory fundamentals on survivability of functionally redundant systems]. Sankt-Petersburg, SPIIRAS publ., 1993, 60 p.
[9] Gamayunov D.Yu. Obnaruzhenie komp’yuternykh atak na osnove analiza povedeniya setevykh ob’’ektov. Diss. kand. fiz.-mat. nauk [Computer attack detection based on analysis of network objects behavior. Kand. Phys.-Math. Sci. Diss.]. Moscow, MSU publ., 2007, 88 p.