期刊名称:Eastern-European Journal of Enterprise Technologies
印刷版ISSN:1729-3774
电子版ISSN:1729-4061
出版年度:2021
卷号:1
期号:9
页码:50-57
DOI:10.15587/1729-4061.2021.225646
语种:English
出版社:PC Technology Center
摘要:This paper reports a method of protection against zero-day attacks using SandBox technology based on the developed analytical model with a probabilistic ranking of information system states. The model takes into consideration the conditions of a priori uncertainty regarding the parameters of the destructive flow on the system, accounting for the typical procedures of the network SandBox.The proposed model of information system states makes it possible to analyze and track all possible states, as well as assess the level of security in these states, and the probability of transitions into them. Thus, it is possible to identify the most dangerous ones and track the activities that caused the corresponding changes. The fundamental difference between this model and standard approaches is the weight coefficients that characterize not the intensity of random events but the intensity of transitions between states.Direct implementation and application of the proposed analytical model involved the technology of multilevel network "SandBoxes".The difference from other popular anti-virus tools is the use of a priori mathematical threat assessment, which makes it possible to detect influences that are not considered threats by classical systems until the moment of harm to the system.The combination with standard security tools makes it possible to separately analyze files that are too large in size, whether they enter the system not through a common gateway controlled by the network "SandBox" but from the external media of end-users.The implementation of the developed analytical model has made it possible to improve the level of protection of the corporate network by 15?%, based on the number of detected threats. This difference is explained by the inability of classical software to detect new threats if they are not already listed in the database of the program, and their activity is not trivial.
