Design of Technical Methods for Analysing Network Security Based on Identification of Network Traffic Anomalies
Publication Type:Journal Article
Source:Information & Security: An International Journal, Volume 47, Issue 3, p.306-316 (2020)
Keywords:anomaly, database, network monitoring, network parameters, network traffic
The article presents the design of a system for analysing technical networks with three main components. The attack generator monitors the network, checks its response, stability, and effectiveness to counter external threats. The database contains data about network parameters, their behaviour over time, network status, incidents, anomalies, etc. The network monitoring module uses information from the database for qualitative analysis of the network status.
The technical data analysis system of the distributed information system consists of two subsystems: the “Attacker” and the “Analyzer.” The “Attacker” is a scanning tool for targeted information monitoring. It generates streams of network attacks with the aim to test the network response, stability, and effectiveness of network protection. The subsystem “Analyzer” collects information in predetermined periods of time, establishes criticality levels of network parameters; determines the time of the last criticality levels’ change, records criticality levels values, and reports on the status, errors and script execution.