Development of models of cyberattacks in the plane enterprise information security

Abstract

Information security problems are caused by studies of vulnerabilities, models of cyberattacks, which consist of four groups: models of cyberattacks against standard software and proprietary applications; models of cyberattacks on the server configuration, the level of server patches, and cyberattack models on the network infrastructure. The corresponding vulnerabilities and problems of all cyber-attack groups at the enterprise are presented. Vulnerabilities and problems for standard software and proprietary applications include authentication, authorization, business logic, information disclosure, browser attacks, state management interpreter substitutions, dangerous trusted data management, dangerous functionality, dangerous methods, and denial of service. It is shown that the most common software vulnerabilities occur due to the use of software errors in memory, user input verification, race conditions and user access privileges. Generic server configuration vulnerabilities include configuration errors that could be exploited by cybercriminals in relation to all types of server software. Statistical data of cyberattacks in the field of activity of an IT enterprise is analyzed, which attracts a freelance resource to use temporal correlations between the number of cyberattacks over a time period to predict future intensity of cyber incidents, which should create an effective forecasting system. Predicting the number of cyberattacks within the established rational time period is necessary to determine the effective audit frequency. Cyber-attacks were detected and classified as cyber-attacks on web and email attacks, and their share in the total number of cyber-attacks was found. The time series of web threats and email attacks over a certain period and their smoothing by filtering by three points of the time series are investigated. An approximation of smoothing of the corresponding time series by analytical functions was carried out. It is shown that the use of logistic regression makes it possible to predict the risk of hosts against malware.

Keywords: cyber-attack, web threats, email, server, software, viruses, time series, filtering, approximation.

References
1. Barabash O.V. (2004) “Construction of functional sources of information systems distribution: monograph.”, NAOU: 224. Print
2. Moore A.P., Ellison R.J., Linger R.C. (2001) “Attack Modeling for Information Security and Survivability.” Technical Note CMU/SEI-2001-TN-001. Survivable Systems.
3. Ingols K., Chu M., Lippmann R., Webster S., Boyer S. (2009) “Modeling modern network attacks and countermeasures using attack graphs.” In Proc of Annual Computer Security Applications Conference (ACSAC ’09), Washington, D.C., USA, IEEE Computer Society: 117-126. Print
4. Wang L., Islam T., Long T., Singhal A., Jajodia S. (2008) “An attack graph-based probabilistic security metric.” In Proc. of the 22nd annual IFIP WG 11.3 working conference on Data and Applications Security. Springer-Verlag Berlin: 283-290. Print
5. Kheir N., Cuppens-Boulahia N., Cuppens F., Debar H. (2010) “A service dependency model for cost-sensitive intrusion response.” In Proc. of ESORICS 2010, Athens, Greece : 626-642. Print
6. Samtani Sagar, Ryan Chinn, and Hsinchun Chen. (2015) “Exploring hacker assets in underground forums.”, IEEE (ISI). Print
7. Thonnard Olivier, et al. (2015) “Are you at risk? Profiling organizations and individuals subject to targeted attacks.” International Conference on Financial Cryptography and Data Security. Springer.
8. Xu Tingyang, Jiangwen Sun, and Jinbo Bi. (2015) “Longitudinal lasso: Jointly learning features and temporal contingency for outcome prediction.” ACM, KDD.
9. Social engineering and "secure" protocols: new trends in cyberattacks. https://cybercalm.org/novyny/sotsialna-inzheneriya-ta-bezpechni-protokoly-novi-trendy-v-kiberatakah/
10. Langer T., Pohls H.C., Ghernaouti S. (2016) “Selected Cloud Security Patterns to Improve End User Security and Privacy in Public Clouds. Privacy Technologies and Policy.” APF. Lecture Notes in Computer Science; Springer: Cham, Switzerland, Volume 9857. Print
11. Spasic B., Rath A., Thiran P., Boucart N. (2018) “Security Pattern for Cloud SaaS: from system and data security to privacy.” In Proceedings of the 4th IEEE International Conference on Cloud Computing Technologies and Applications, Brussels, Belgium, 26–28 November 2018.
12. Subramaniam T.K., Deepa B. (2016) “Security attack issues and mitigation techniques in Cloud computing environments” Int. J. UbiComp (IJU), 7, doi:10.5121/iju.2016.7101.
13. Taherizadeh S., Stankovski V., Grobelnik M. (2018) “A Capillary Computing Architecture for Dynamic Internet of Things: Orchestration of Microservices from Edge Devices to Fog and Cloud Providers. Sensors”, 18: 2938. Print
14. Ondiege B., Clarke M., Mapp G. (2017) “Exploring a new security framework for remote patient monitoring devices” Computers, 6: 11. Print
15. Achbarou O., Kiram M.A.E., Bouanani S.E. (2017) “Securing Cloud Computing from Different Attacks Using Intrusion Detection Systems.” Int. J. Interact. Multimed. Artif. Intell., 4: 61–64. Print
16. Sapienza Anna, et al. (2017) "Early warnings of cyber threats in online discussions." Data Mining Workshops (ICDMW).
17. Okutan et al. Cybersecurity (2018) 1:15 https://doi.org/s42400-018-0016-5
18. Sapienza A., Bessi A., Damodaran S., Shakarian P., Lerman K., Ferrara E. (2017) “Early warnings of cyber threats in online discussions.” In: Proceedings of the 2017 IEEE International Conference on Data Mining Workshops (ICDMW): 667–674. Print
19. Maimon D., Fukuda A., Hinton S., Babko-Malaya O., Cathey R. (2017) “On the relevance of social media platforms in predicting the volume and patterns of web defacement attacks.” In: Proceedings of the 2017 IEEE International Conference on Big Data (Big Data): 4668–4673. Print