<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE article PUBLIC "-//NLM//DTD JATS (Z39.96) Journal Publishing DTD v1.3 20210610//EN" "JATS-journalpublishing1-3.dtd">
<article article-type="research-article" dtd-version="1.3" xmlns:mml="http://www.w3.org/1998/Math/MathML" xmlns:xlink="http://www.w3.org/1999/xlink" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xml:lang="ru"><front><journal-meta><journal-id journal-id-type="publisher-id">vdgtu</journal-id><journal-title-group><journal-title xml:lang="ru">Вестник Дагестанского государственного технического университета. Технические науки</journal-title><trans-title-group xml:lang="en"><trans-title>Herald of Dagestan State Technical University. Technical Sciences</trans-title></trans-title-group></journal-title-group><issn pub-type="ppub">2073-6185</issn><issn pub-type="epub">2542-095X</issn><publisher><publisher-name>Daghestan State Technical University</publisher-name></publisher></journal-meta><article-meta><article-id pub-id-type="doi">10.21822/2073-6185-2023-50-4-93-100</article-id><article-id custom-type="elpub" pub-id-type="custom">vdgtu-1396</article-id><article-categories><subj-group subj-group-type="heading"><subject>Research Article</subject></subj-group><subj-group subj-group-type="section-heading" xml:lang="ru"><subject>ИНФОРМАЦИОННЫЕ ТЕХНОЛОГИИ И ТЕЛЕКОММУНИКАЦИИ</subject></subj-group><subj-group subj-group-type="section-heading" xml:lang="en"><subject>INFORMATION TECHNOLOGY AND TELECOMMUNICATIONS</subject></subj-group></article-categories><title-group><article-title>Разработка методов нейтрализации угроз «нулевого дня»</article-title><trans-title-group xml:lang="en"><trans-title>Development of methods for neutralizing «Zero-day» threats</trans-title></trans-title-group></title-group><contrib-group><contrib contrib-type="author" corresp="yes"><name-alternatives><name name-style="eastern" xml:lang="ru"><surname>Дубровина</surname><given-names>А. И.</given-names></name><name name-style="western" xml:lang="en"><surname>Dubrovina</surname><given-names>A. I.</given-names></name></name-alternatives><bio xml:lang="ru"><p>Дубровина Ангелина Игоревна - ассистент, кафедра «Вычислительные системы и информационная безопасность».</p><p>344000, Ростов-на-Дону, пл. Гагарина, 1; 2344000, Ростов-на-Дону, ул. Мечникова, 130</p></bio><bio xml:lang="en"><p>Angelina I. Dubrovina - Assistant, Department of Computer Systems and Information Security.</p><p>1 Gagarin Square, Rostov-on-Don 344000; 130 Mechnikova St., Rostov-on-Don 344000</p></bio><email xlink:type="simple">adubrovina@yug.gkovd.ru</email><xref ref-type="aff" rid="aff-1"/></contrib><contrib contrib-type="author" corresp="yes"><name-alternatives><name name-style="eastern" xml:lang="ru"><surname>Алкорди</surname><given-names>М. Х.</given-names></name><name name-style="western" xml:lang="en"><surname>Alcordi</surname><given-names>M. H.</given-names></name></name-alternatives><bio xml:lang="ru"><p>Алкорди Мустафа Хельми Муса - студент, кафедра «Вычислительные системы и информационная безопасность».</p><p>344000, Ростов-на-Дону, пл. Гагарина, 1</p></bio><bio xml:lang="en"><p>Mustafa H. Alcordi - Student, Department of Computer Systems and Information Security.</p><p>1 Gagarin Square, Rostov-on-Don 344000</p></bio><email xlink:type="simple">ministrelia69@yandex.ru</email><xref ref-type="aff" rid="aff-2"/></contrib></contrib-group><aff-alternatives id="aff-1"><aff xml:lang="ru"><institution>Донской государственный технический университет; Частное образовательное учреждение высшего образования «Южный университет» (Институт управления, бизнеса и права)</institution><country>Россия</country></aff><aff xml:lang="en"><institution>Don State Technical University; Southern University (Institute of Management, Business and Law)</institution><country>Russian Federation</country></aff></aff-alternatives><aff-alternatives id="aff-2"><aff xml:lang="ru"><institution>Донской государственный технический университет</institution><country>Россия</country></aff><aff xml:lang="en"><institution>Don State Technical University</institution><country>Russian Federation</country></aff></aff-alternatives><pub-date pub-type="collection"><year>2023</year></pub-date><pub-date pub-type="epub"><day>22</day><month>01</month><year>2024</year></pub-date><volume>50</volume><issue>4</issue><fpage>93</fpage><lpage>100</lpage><permissions><copyright-statement>Copyright &amp;#x00A9; Дубровина А.И., Алкорди М.Х., 2024</copyright-statement><copyright-year>2024</copyright-year><copyright-holder xml:lang="ru">Дубровина А.И., Алкорди М.Х.</copyright-holder><copyright-holder xml:lang="en">Dubrovina A.I., Alcordi M.H.</copyright-holder><license xml:lang="ru" license-type="creative-commons-attribution" xlink:href="https://creativecommons.org/licenses/by/4.0/" xlink:type="simple"><license-p>Данная работа распространяется под лицензией Creative Commons Attribution 4.0.</license-p></license><license xml:lang="en" license-type="creative-commons-attribution" xlink:href="https://creativecommons.org/licenses/by/4.0/" xlink:type="simple"><license-p>This work is licensed under a Creative Commons Attribution 4.0 License.</license-p></license></permissions><self-uri xlink:href="https://vestnik.dgtu.ru/jour/article/view/1396">https://vestnik.dgtu.ru/jour/article/view/1396</self-uri><abstract><p>Цель. Целью данного исследования является разработка и анализ методов нейтрализации угроз «нулевого дня» с целью повышения уровня кибербезопасности и защиты информационных систем. Метод. В настоящей статье использован поведенческий анализ угрозы. Изучены характерные признаки поведения эксплойта «нулевого дня». Модель угрозы основана на решении задач по своевременному обнаружению и нейтрализации угрозы. Результат. Рассмотрена актуальная проблема безопасности информационных систем - угроза «нулевого дня». Проведены обзор существующих методов нейтрализации и обсуждение эффективных новых подходов. Выявлено, что основным уязвимым местом являются устаревшие сигнатуры угроз. Обнаружение угроз основано на исследовании поведения программных обеспечений – сравнение с предыдущим днем, отслеживание возможно преимущественно засчет анализа log-файлов, снятых с автоматизированного рабочего места. Вывод. Доказана важность разработки методов нейтрализации угроз «нулевого дня» во избежание централизованного распространения уязвимости и заражения большого числа автоматизированных рабочих мест, что может привести к приостановке производственных процессов в рамках большого предприятия.</p></abstract><trans-abstract xml:lang="en"><p>Objective. The purpose of this study is to develop and analyze methods for neutralizing «zero-day» threats in order to increase the level of cybersecurity and protection of information systems. Method. In this article, a behavioral analysis of the threat is used. The characteristic features of the zero-day exploit behavior have been studied. The threat model is based on solving the tasks of timely detection and neutralization of the threat. Result. The actual problem of information systems security - the threat of «zero-day» is considered. The review of existing neutralization methods and discussion of effective new approaches were carried out. It has been revealed that the main vulnerability is outdated threat signatures. Threat detection is based on a study of the behavior of software a comparison with the previous day tracking is possible mainly by analyzing log files taken from an automated workplace. Conclusion. The content of this work emphasizes the importance of developing methods to neutralize «zero-day» threats in order to avoid the centralized spread of vulnerability and infection of a large number of automated workplaces, which can lead to the suspension of production processes within a large enterprise.</p></trans-abstract><kwd-group xml:lang="ru"><kwd>информационная безопасность</kwd><kwd>атака нулевого дня</kwd></kwd-group><kwd-group xml:lang="en"><kwd>information security</kwd><kwd>zero-day attack</kwd></kwd-group></article-meta></front><back><ref-list><title>References</title><ref id="cit1"><label>1</label><citation-alternatives><mixed-citation xml:lang="ru">Journal of Information Security and Applications // Volume 46 June 2019 Pages 164-172</mixed-citation><mixed-citation xml:lang="en">Journal of Information Security and Applications. June 2019; 46:164-172</mixed-citation></citation-alternatives></ref><ref id="cit2"><label>2</label><citation-alternatives><mixed-citation xml:lang="ru">Huang, L., Joseph, A., Nelson, H., &amp; Rubinstein, B. Adversarial machine learning // Proceedings of the 4th ACM workshop on Security and artificial intelligence. ACM, 2011. Pp. 43-58.</mixed-citation><mixed-citation xml:lang="en">Huang, L., Joseph, A., Nelson, H., &amp; Rubinstein, B. Adversarial machine learning. Proceedings of the 4th ACM workshop on Security and artificial intelligence. ACM, 2011; 43-58.</mixed-citation></citation-alternatives></ref><ref id="cit3"><label>3</label><citation-alternatives><mixed-citation xml:lang="ru">Rieck, K., Trinius, P., Willems, C., Holz, T., &amp; Bos, H. Automatic analysis of malware behavior using machine learning // Journal of Computer Security, 19(4), 639-668.</mixed-citation><mixed-citation xml:lang="en">Rieck, K., Trinius, P., Willems, C., Holz, T., &amp; Bos, H. Automatic analysis of malware behavior using machine learning. Journal of Computer Security, 19(4), 639-668.</mixed-citation></citation-alternatives></ref><ref id="cit4"><label>4</label><citation-alternatives><mixed-citation xml:lang="ru">DDoS-атаки. Причины возникновения, классификация и защита от DDoS-атак [Электронный ресурс]. URL: http://efsol.ru/articles/ddos-attacks.html (дата обращения 19.07.2023).</mixed-citation><mixed-citation xml:lang="en">DDoS attacks. Causes of occurrence, classification and protection from DDoS attacks [Electronic resource]. URL: http://efsol.ru/articles/ddos-attacks.html (accessed 07.19.2023).</mixed-citation></citation-alternatives></ref><ref id="cit5"><label>5</label><citation-alternatives><mixed-citation xml:lang="ru">Флёнов М. Linux глазами хакера. - СПб.:БХВ-Петербург, 2010.- 480 с.</mixed-citation><mixed-citation xml:lang="en">Flenov M. Linux through the eyes of a hacker. - St. Petersburg:BHV-Petersburg, 2010; 480. (In Russ).</mixed-citation></citation-alternatives></ref><ref id="cit6"><label>6</label><citation-alternatives><mixed-citation xml:lang="ru">Нigh-Tech Crime Trends 2017. Group-IB Report. – URL: https://www.group-ib.ru/resources/threat-research/2017-report.html. (Accessed: 18.03.18).</mixed-citation><mixed-citation xml:lang="en">Нigh-Tech Crime Trends 2017. Group-IB Report. – URL: https://www.group-ib.ru/resources/threat-research/2017-report.html. (Accessed: 18.03.18).</mixed-citation></citation-alternatives></ref><ref id="cit7"><label>7</label><citation-alternatives><mixed-citation xml:lang="ru">Topical Cyber-threats 2017. Positive Technologies Report. – URL: https://www.ptsecurity.com/upload/corporate/ru-ru/webinars/ics/webinar_290218.pdf (Accessed: 14.03.18).</mixed-citation><mixed-citation xml:lang="en">Topical Cyber-threats 2017. Positive Technologies Report. – URL: https://www.ptsecurity.com/upload/corporate/ru-ru/webinars/ics/webinar_290218.pdf (Accessed: 14.03.18).</mixed-citation></citation-alternatives></ref><ref id="cit8"><label>8</label><citation-alternatives><mixed-citation xml:lang="ru">Meicong Li, Wei Huang. The Study of APT Attack Stage Model. – URL: https://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&amp;arnumber=7550947&amp;tag=1 (Accessed: 18.03.18).</mixed-citation><mixed-citation xml:lang="en">Meicong Li, Wei Huang. The Study of APT Attack Stage Model. – URL: https://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&amp;arnumber=7550947&amp;tag=1 (Accessed: 18.03.18).</mixed-citation></citation-alternatives></ref><ref id="cit9"><label>9</label><citation-alternatives><mixed-citation xml:lang="ru">Targeted Attack Anatomy. Kaspersky Lab. — URL: https://www.kaspersky.ru/blog/targeted-attack-anatomy/4388/ (Accessed: 15.03.18). (In Russ).</mixed-citation><mixed-citation xml:lang="en">Targeted Attack Anatomy. Kaspersky Lab. — URL: https://www.kaspersky.ru/blog/targeted-attack-anatomy/4388/ (Accessed: 15.03.18). (in Russ.).</mixed-citation></citation-alternatives></ref><ref id="cit10"><label>10</label><citation-alternatives><mixed-citation xml:lang="ru">B. B. Gupta, Aakanksha Tewari. Fighting against phishing attacks: state of the art and future challenges. – URL: https://link.springer.com/content/pdf/10.1007%2Fs00521-016-2275-y.pdf (Accessed: 25.03.18).</mixed-citation><mixed-citation xml:lang="en">B. B. Gupta, Aakanksha Tewari. Fighting against phishing attacks: state of the art and future challenges. – URL: https://link.springer.com/content/pdf/10.1007%2Fs00521-016-2275-y.pdf (Accessed: 25.03.18).</mixed-citation></citation-alternatives></ref><ref id="cit11"><label>11</label><citation-alternatives><mixed-citation xml:lang="ru">Spear-Phishing Attacks. Why they are successful and how to stop them. FireEye Report. – URL: https://www.fireeye.com/content/dam/fireeye-www/global/en/products/pdfs/wp-fireeye-how-stop-spearphishing.pdf (Accessed: 25.03.18).</mixed-citation><mixed-citation xml:lang="en">Spear-Phishing Attacks. Why they are successful and how to stop them. FireEye Report. – URL: https://www.fireeye.com/content/dam/fireeye-www/global/en/products/pdfs/wp-fireeye-how-stop-spearphishing.pdf (Accessed: 25.03.18).</mixed-citation></citation-alternatives></ref><ref id="cit12"><label>12</label><citation-alternatives><mixed-citation xml:lang="ru">How social engineering opens a door to your organization. Positive Technologies Report. – URL: https://www.ptsecurity.com/upload/corporate/ru-ru/analytics/Social-engineering-rus.pdf (Accessed: 16.04.2018). (in Russian).</mixed-citation><mixed-citation xml:lang="en">How social engineering opens a door to your organization. Positive Technologies Report. – URL: https://www.ptsecurity.com/upload/corporate/ru-ru/analytics/Social-engineering-rus.pdf (Accessed: 16.04.2018). (In Russ).</mixed-citation></citation-alternatives></ref><ref id="cit13"><label>13</label><citation-alternatives><mixed-citation xml:lang="ru">Topical Cyberthreats 2017— Trends and forecasts. Positive Technologies Report. – URL: https://www.ptsecurity.com/upload/corporate/ru-ru/analytics/Cybersecurity-threatscape-2017-rus.pdf (Accessed: 15.03.18). (in Russian).</mixed-citation><mixed-citation xml:lang="en">Topical Cyberthreats 2017 Trends and forecasts. Positive Technologies Report. – URL: https://www.ptsecurity.com/upload/corporate/ru-ru/analytics/Cybersecurity-threatscape-2017-rus.pdf (Accessed: 15.03.18). (In Russ).</mixed-citation></citation-alternatives></ref><ref id="cit14"><label>14</label><citation-alternatives><mixed-citation xml:lang="ru">Tzipora Halevi, Nasir Memon, Oded Nov. Spear-Phishing in the Wild: A Real-World Study of Personality, Phishing Self-efficacy and Vulnerability to Spear-Phishing Attacks. – URL: https://papers.ssrn.com/sol3/papers.cfm?abstract_id=2544742 (Accessed: 16.04.2018).</mixed-citation><mixed-citation xml:lang="en">Tzipora Halevi, Nasir Memon, Oded Nov. Spear-Phishing in the Wild: A Real-World Study of Personality, Phishing Self-efficacy and Vulnerability to Spear-Phishing Attacks. – URL: https://papers.ssrn.com/sol3/papers.cfm?abstract_id=2544742 (Accessed: 16.04.2018).</mixed-citation></citation-alternatives></ref><ref id="cit15"><label>15</label><citation-alternatives><mixed-citation xml:lang="ru">Scott Donnelly. Soft Target: The Top 10 Vulnerabilities Used by Cybercriminals. RecordedFuture Report. – URL: https://go.recordedfuture.com/hubfs/reports/cta-2018-0327.pdf (Accessed: 16.04.2018).</mixed-citation><mixed-citation xml:lang="en">Scott Donnelly. Soft Target: The Top 10 Vulnerabilities Used by Cybercriminals. RecordedFuture Report. – URL: https://go.recordedfuture.com/hubfs/reports/cta-2018-0327.pdf (Accessed: 16.04.2018).</mixed-citation></citation-alternatives></ref><ref id="cit16"><label>16</label><citation-alternatives><mixed-citation xml:lang="ru">Gone in a Flash: Top 10 Vulnerabilities Used by Exploit Kits. RecordedFuture Report. — URL: https://www.recordedfuture.com/top-vulnerabilities-2015/ (Accessed: 16.04.2018).</mixed-citation><mixed-citation xml:lang="en">Gone in a Flash: Top 10 Vulnerabilities Used by Exploit Kits. RecordedFuture Report. — URL: https://www.recordedfuture.com/top-vulnerabilities-2015/ (Accessed: 16.04.2018).</mixed-citation></citation-alternatives></ref><ref id="cit17"><label>17</label><citation-alternatives><mixed-citation xml:lang="ru">New Kit, Same Player: Top 10 Vulnerabilities Used by Exploit Kits in 2016.] Recorded Future Report. – URL: https://www.recordedfuture.com/top-vulnerabilities-2016/ (Accessed: 16.04.2018).</mixed-citation><mixed-citation xml:lang="en">New Kit, Same Player: Top 10 Vulnerabilities Used by Exploit Kits in 2016.] Recorded Future Report. – URL: https://www.recordedfuture.com/top-vulnerabilities-2016/ (Accessed: 16.04.2018).</mixed-citation></citation-alternatives></ref><ref id="cit18"><label>18</label><citation-alternatives><mixed-citation xml:lang="ru">Daniela Oliveira Harold Rocha Huizi Yang. Dissecting Spear Phishing Emails for Older vs Young Adults: On the Interplay of Weapons of Influence and Life Domains in Predicting Susceptibility to Phishing. – URL: https://dl.acm.org/citation.cfm?id=3025831(Accessed: 16.04.2018).</mixed-citation><mixed-citation xml:lang="en">Daniela Oliveira Harold Rocha Huizi Yang. Dissecting Spear Phishing Emails for Older vs Young Adults: On the Interplay of Weapons of Influence and Life Domains in Predicting Susceptibility to Phishing. – URL: https://dl.acm.org/citation.cfm?id=3025831(Accessed: 16.04.2018).</mixed-citation></citation-alternatives></ref><ref id="cit19"><label>19</label><citation-alternatives><mixed-citation xml:lang="ru">Thomas, J. E. Individual Cyber Security: Empowering Employees to Resist Spear Phishing to Prevent Identity Theft and Ransomware Attacks. – URL: https://papers.ssrn.com/sol3/papers.cfm?abstract_id=3171727 (Accessed: 16.04.2018).</mixed-citation><mixed-citation xml:lang="en">Thomas, J. E. Individual Cyber Security: Empowering Employees to Resist Spear Phishing to Prevent Identity Theft and Ransomware Attacks. – URL: https://papers.ssrn.com/sol3/papers.cfm?abstract_id=3171727 (Accessed: 16.04.2018).</mixed-citation></citation-alternatives></ref><ref id="cit20"><label>20</label><citation-alternatives><mixed-citation xml:lang="ru">Zhurin S.I., Comprehensiveness of Response to Internal Cyber-Threat and Selection of Methods to Identify the Insider. ICT Res. Appl., Vol. 8, No. 3, 2015, p. 230 – 248.</mixed-citation><mixed-citation xml:lang="en">Zhurin S.I., Comprehensiveness of Response to Internal Cyber-Threat and Selection of Methods to Identify the Insider. ICT Res. Appl., 2015; 8(3): 230 – 248.</mixed-citation></citation-alternatives></ref><ref id="cit21"><label>21</label><citation-alternatives><mixed-citation xml:lang="ru">Zhurin S.I. Basics of countermesuares against insider threats. Tutorial for students. MEPhI, 2014. p. 262.</mixed-citation><mixed-citation xml:lang="en">Zhurin S.I. Basics of countermesuares against insider threats. Tutorial for students. MEPhI, 2014; 262.</mixed-citation></citation-alternatives></ref></ref-list><fn-group><fn fn-type="conflict"><p>The authors declare that there are no conflicts of interest present.</p></fn></fn-group></back></article>
