Method of Early Staged Cyber Attacks Detection in IT and Telecommunication Networks

Abstract

Increasing digitization together with the benefits has also brought a lot of problems related to the challenges in cyberspace. Due to the ongoing cyberattacks yearly increase, losses in sectors that are using Telecommunication and IT services are growing. The events of the past 10 years have shown that there are particularly dangerous incidents in the cyberspace, which are pre-planned, well-prepared and carried out by terrorist groups or even by some governments. Pre-planned cyber-attacks have some stages so it is possible to distinguish the early stages where attacks do not bring significant damage to data and information. This article examines the features of the attacks and their characteristics and is the first part of the study's generalization. There is proposed a method for early staged detection of such attacks using a number of the logical filters. Proposed methodology provides a network analysis structure, logical filter configuration and attack detection algorithms that enable the detection of network flow parameters that characterize potential attack vectors. The results of theoretical simulation have shown that proposed method is capable of determining early-staged cyberattacks.In the next paper, the logical mathematical model, an estimation of the sensitivity of such method and assessment of the probability of each initial stage will be presented.

DOI: http://dx.doi.org/10.5755/j01.eie.24.3.20981