Theoretical approach to solving the problem of detecting malicious processes based on the analysis of the states of the entity of the information system

Abstract

Today information systems of organizations operate in conditions of vulnerabilities and their exploitation by hackers. This is evidenced by the reports of global companies on the analysis of information on threats, as well as proposals for the implementation of appropriate cybersecurity measures. Despite the measures taken to ensure the cybersecurity of these systems, the number of identified vulnerabilities is constantly increasing. One of the ways to solve this problem is to monitor the security status of the functional components of information systems during data processing and exchange.
The reasons for the occurrence of malicious processes in the functioning of information systems of organizations have been established. The main reason for the presence of vulnerabilities is the properties of the functional components of this information system.
The analysis of existing methods for detecting intrusions into information systems of organizations is carried out. The application of the discovery method based on the analysis of protocol states makes it possible to determine and monitor the state of network, transport and application protocols that have state concepts.
A theoretical approach to solving the problem of detecting malicious processes is proposed, based on the analysis of the states of the entity of an information system as part of the cybersecurity system of an organization's information system.
The implementation of this theoretical approach will make it possible to correctly formulate and solve the problem of detecting malicious processes based on the analysis of the states of the entity of the information system in real time. And in the event of a change in security, the state of this entity, when it is affected by destructive non-target processes, react to such events and restore its safe state.

Keywords: vulnerability of the information system, security of the information system, monitoring the state of the entity of the information system.

References
1. X-Force Threat Intelligence Index 2021. IBM Security. 2021. https://www.ibm.com/downloads/cas/M1X3B7QG.
2. Microsoft Vulnerabilities Report 2021. Evolving Threats, The Dangers of Admin Rights & How To Address Them. BeyondTrust. 2021. https://www.beyondtrust.com/assets/documents/BeyondTrust-Microsoft-Vulnerabilities-Report-2021.pdf.
3. 2021 CWE Top 25 Most Dangerous Software Weaknesses. https://cwe.mitre.org/top25/archive/2021/2021_cwe_top25.html#methodology.
4. Scarfone K., Mell P. Guide to Intrusion Detection and Prevention Systems (IDPS). (National Institute of Standards and Technology, Gaithersburg, MD), NIST Special Publication (SP) 800-94. February 2007. p. 127. https://doi.org/10.6028/NIST.SP.800-94.
5. Gakhov S.O. The application of the principal propositions of immunology in the secure information systems theory. Modern Information Security. 2018. № 2. P. 59 – 64.
6. ISO/IEC 7498-1:1994. Information Technology. Open Systems Interconnection. Basic Reference Model: The Basic Model. International Telecommunication Union, 1994, 07. 59 p.