Analysis Of the Behavior of Cyberattacks on Online Services Using the Cyber Threat Classification
Abstract
The paper contains a study of the dynamics of attacks on online services using the categorization of cyber threats by type in the corporate network of the Krasnoyarsk Scientific Center of the Siberian Branch of the Russian Academy of Sciences. The study was conducted using online service logs and allows solving pressing issues related to ensuring the built-in security of web services, such as: identifying both current and future cybersecurity risks. A summary of the most important logging and analysis techniques is provided. The authors describe the nature and content of the data sources and the software used. The extensive observation period of the study is one of its outstanding features. The structure of the processing system is provided and software tools for attack analysis and categorization are created. The paper shows that using categorized sampling allows for the detection of periodicity and the identification of patterns in specific types of attacks. A correlation matrix was created based on the type of attack. Except for Command Injection, Directory Browsing, and Java Code Injection attacks, which can be aggregated, the research found that most attack types had poor correlation. Based on the classification of cyber threats, the authors proposed a heuristic technique of risk comparison.
Downloads
References
Landauer M., Skopik F., Wurzenberger M., Rauber A. System log clustering approaches for cyber security applications: A survey. Computers & Security. 2020, Vol. 92, P. 101739.
He P., Zhu J., He S., Li J. et al. Towards Automated Log Parsing for Large-Scale Log Data Analysis. IEEE Transactions on Dependable and Secure Computing. 2017, Vol. 15, No. 6, P. 931–944.
Moh M., Pininti S., Doddapaneni S., Moh T. Detecting Web Attacks Using Multi-stage Log Analysis. IEEE 6th International Conference on Advanced Computing (IACC). 2016, P. 733–738.
Zhu J. et al. Tools and Benchmarks for Automated Log Parsing. IEEE/ACM 41st International Conference on Software Engineering: Software Engineering in Practice (ICSE-SEIP). 2019, P. 121–130.
Efimova Yu. V., Gavrilov A. G. [Modeling an information security system based on the analysis of system logs]. Inzhenernyi vestnik Dona. 2019, No. 6 (57), P. 40 (In Russ.).
Bolodurina I. P., Parfenov D. I., Zabrodina L. S. et al. [Modeling the identification of a cyber attack profile based on the analysis of the behavior of devices in the network of a telecommunications service provider]. Vestnik Yuzhno-Ural'skogo gosudarstvennogo universiteta. 2019, No. 4, P. 48–59 (In Russ.).
He P., Zhu J., Zheng Z., Lyu M. R. Drain: an online log parsing approach with fixed depth tree. Proc. of the International Conference on Web Services (ICWS). IEEE, 2017, P. 33-40.
Reidemeister T., Jiang M., Ward P. A. Mining unstructured log files for recurrent fault diagnosis. Proc. of the Int. Symp. on Integrated Netw. Mgmt. IEEE, 2011, P. 377–384.
Sidorova D. N., Pivkin E. N. [Algorithms and methods of data clustering in the analysis of information security event logs]. Bezopasnost' tsifrovykh tekhnologii. 2022, No. 1 (104), P. 41–60 (In Russ.).
Juvonen A., Sipola T., Hamalainen T. Online anomaly detection using dimensionality reduction techniques for http log analysis. Computer Networks. 2015, No. 91, P. 46–56.
Wurzenberger M., Skopik F., Landauer M., Greitbauer P., Fiedler R., Kastner W. Incremental clustering for semi-supervised anomaly detection applied on log data. Proc. of the 12th International Conference on Availability, Reliability and Security, ACM (2017), P. 31:1–31:6.
Aharon M., Barash G., Cohen I., Mordechai E. One graph is worth a thousand logs: uncovering hidden structures in massive system event logs. Proc. of the Joint Eur. Conf. on Machine Learning and Knowledge Discovery in Databases. Springer, 2009, P. 227–243.
Jia T., Yang L., Chen P., Li Y., Meng F., Xu J. Logsed: anomaly diagnosis through mining time-weighted control flow graph in logs. Proc. of the 10th Int. Conf. on Cloud Comp. (CLOUD). IEEE, 2017, P. 447–455.
Kononov D., Isaev S. Analysis of the dynamics of Internet threats for corporate network web services. CEUR Workshop Proceedings. The 2nd Siberian Scientific Workshop on Data Analysis Technologies with Applications 2021. 2021, Vol. 3047, P. 71–78.
Helmiawan M. A., Firmansyah E., Fadil I., Sofivan Y., Mahardika F. and Guntara A. Analysis of Web Security Using Open Web Application Security Project 10. 8th International Conference on Cyber and IT Service Management (CITSM). 2020, P. 1–5.
OWASP ModSecurity Core Rule Set. Available at: https://owasp.org/www-projectmodsecurity-core-rule-set/ (accessed: 13.05.2022)
Copyright (c) 2022 Journal of Systems Engineering and Information Technology (JOSEIT)
This work is licensed under a Creative Commons Attribution 4.0 International License.
Authors who publish with this journal agree to the following terms:
- Authors retain copyright and grant the journal right of first publication with the work simultaneously licensed under Creative Commons Attribution 4.0 International License that allows others to share the work with an acknowledgment of the work's authorship and initial publication in this journal.
- Authors are able to enter into separate, additional contractual arrangements for the non-exclusive distribution of the journal's published version of the work (e.g., post it to an institutional repository or publish it in a book), with an acknowledgment of its initial publication in this journal.
- Authors are permitted and encouraged to post their work online (e.g., in institutional repositories or on their website) prior to and during the submission process, as it can lead to productive exchanges, as well as earlier and greater citation of published work (Refer to The Effect of Open Access).