Abstract
An approach to recognition of malicious behavior based on analysis of the Security.evtx security log of Windows operating system upon investigation into a security incident is given. The use of an autoregression model is experimentally tested (Change Finder algorithm), from which the malicious activity of the users of the domain in the corporate network is revealed.
Similar content being viewed by others
REFERENCES
Positive technologies report “Cybersecurity 2020–2021”. https://www.ptsecurity.com/ru-ru/research/analytics/ kiberbezopasnost-2020-2021/. Cited February 21, 2021.
Smirnov, S.I., Eremeev, M.A., Gorbachev, I.E., Nefedov, V.S., and Izergin, D.A., Analysis of techniques and tools used by an attacker when moving horizontally in the corporate network, Zashchita Inf. Insaid, 2021, no. 1, pp. 58–61.
Makarenko, S.I. and Smirnov, G.E., Analysis of penetration testing standards and methodologies, Sist. Upr., Svyazi Bezop., 2020, no. 4, pp. 44–72. https://doi.org/10.24411/2410-9916-2020-10402
Frolov, P.V., Vershinin, E.V., and Medvedeva, S.A. Research of network attacks detection methods, Vopr. Radioelektron., 2019, no. 11, pp. 55–59. https://doi.org/10.21778/2218-5453-2019-11-55-59
Izergin, D.A., Eremeev, M.A., Magomedov, Sh.G., and Smirnov, S.I., Information security evaluation for Android mobile operating system, Russ. Tekhnol. J., 2019, vol. 7, no. 6, pp. 44–55. https://doi.org/10.32362/2500-316X-2019-7-6-44-55
Abasheva, I.V., Eremeev, M.A., Kriulin, A.A., Nefedov, V.S., and Poterpeev, G.Yu., Application of machine learning methods to the tasks of detecting malicious software, Tr. Voenno-Kosmich. Akad. Im. Mozhaiskogo, 2020, no. 675, pp. 164–171.
Magomedov, S.G., Kolyasnikov, P.V., and Nikulchev, E.V., Development of technology for controlling access to digital portals and platforms based on estimates of user reaction time built into the interface, Russ. Tekhnol. J., 2020, vol. 8, no. 6, pp. 34–46. https://doi.org/10.32362/2500-316X-2020-8-6-34-46
Iwata, T., Nakamura, K., Tokusashi, Yu., and Matsutani, H., Accelerating online change-point detection algorithm using 10 GbE FPGA NIC, Euro-Par 2018: Parallel Processing Workshops, Mencagli, G., Heras, D.B., Cardellini, V., Casalicchio, E., Jeannot, E., Wolf, F., Salis, A., Schifanella, C., Manumachu, R.R., Ricci, L., Beccuti, M., Antonelli, L., Garcia Sanchez, J.D., and Scott, S.L., Eds., Lecture Notes in Computer Science, vol. 11339, Cham: Springer, 2019, pp. 506–517. https://doi.org/10.1007/978-3-030-10549-5_40
Feng, X., Huang, J., Jiao, Yu., and Zhang, Sh., l 0-regularized high-dimensional accelerated failure time model, 2020. arXiv:2002.03318 [stat.ME]
Yamanishi, K. and Takeuchi, J., A unifying framework for detection outliers and change points from non-stationary time series data, Proc. Eigth ACM SIGKDD Int. Conf. on Knowledge Discovery and Data Mining, Edmonton, Canada, 2002, New York: Association for Computing Machinery, 2002, pp. 676–681. https://doi.org/10.1145/775047.775148
Author information
Authors and Affiliations
Corresponding authors
Ethics declarations
The authors declare that they have no conflicts of interest.
Additional information
Translated by A. Muravev
About this article
Cite this article
Smirnov, S.I., Eremeev, M.A. & Pribylov, I.A. Approach to Recognition of Malicious Behavior Based on Autoregression Model upon Investigation into Cyberincident. Aut. Control Comp. Sci. 55, 1099–1103 (2021). https://doi.org/10.3103/S0146411621080290
Received:
Revised:
Accepted:
Published:
Issue Date:
DOI: https://doi.org/10.3103/S0146411621080290