Cyber attack monitoring
DOI:
https://doi.org/10.18372/2225-5036.26.15569Abstract
To date, the detection of cyberattacks is a very important task. Network monitoring is used for this purpose. Moreover, there is a need for rapid analytical processing of information, which requires the use of methods of data mining. Data mining helps to extract knowledge from acquired data. The purpose of applying data mining to solving problems of monitoring cybernetic attacks is to obtain previously unknown, non-trivial, understandable processes of knowledge, patterns in monitoring, i.e., data useful for supporting decision-making. An integral part of the recognition system is training, which has the ultimate goal of forming reference class descriptions, the form of which is determined by the way they are used in decision rules, as well as the choice of information features for recognizing these reference classes. During the writing of this paper, an attempt was made to set out in a certain logical sequence the main analytical methods for recognizing cyberattacks in modern conditions of cyber warfare, taking into account the monitoring of the information environment. The list of factors confirming expediency of application of methods of recognition of images for the analysis of data of monitoring of attacks is given. In addition, similarity measures used in cyberattack ranking and clustering algorithms are examined. It is shown that the expediency of their application depends on specific tasks.