Integration and Adaptation of Open-Source Monitoring Tools for Detecting Anomalous User Activity in Astra Linux Special Edition
https://doi.org/10.21822/2073-6185-2025-52-4-23-38
Abstract
Objective. Development and evaluation of a method for integrating open-source monitoring tools for detecting abnormal activity in Astra Linux Special Edition, taking into account the built-in protection mechanisms.
Method. Integration of Wazuh, OSSEC, Suricata and audit tools.d; adaptation of the rules to the specifics of Astra Linux; testing based on MITRE ATT&CK techniques; analysis according to GOST R 59548-2022 and NIST SP 800-92 standards.
Result. A methodology for integrating and adapting open-source monitoring tools (Wazuh, Suricata, OSSEC) to detect abnormal user activity in the special-purpose operating system Astra Linux Special Edition. Adaptation of event correlation rules to the built-in OS protection mechanisms (mandatory control, Parsec audit) and integration with external threat analysis platforms (VirusTotal, URLhaus).
Conclusion. This methodology ensures effective detection of abnormal activity in Astra Linux. Adaptation of open-source software enabled compliance with security requirements. The system demonstrates high accuracy with minimal false positives. It is recommended for organizations migrating to domestic special-purpose operating systems.
About the Authors
I. I. AndreevRussian Federation
Ilya I. Andreev - Graduate Student, Department of Mathematical and Hardware Support of Information Systems.
15 Moskovsky Ave, Cheboksary 428015
S. O. Ivanov
Russian Federation
Sergey O. Ivanov - Senior Lecturer, Department of Mathematical and Hardware Support of Information Systems.
15 Moskovsky Ave, Cheboksary 428015
T. N. Kopyshevа
Russian Federation
Tatyana N. Kopysheva - Cand. Sci. (Physical and Mathematical), Assoc. Prof., Head of the Department of Mathematical and Hardware Support of Information Systems.
15 Moskovsky Ave, Cheboksary 428015
M. V. Nikandrov
Russian Federation
Maksim V. Nikandrov - Cand. Sci. (Eng.), Director of Intelligent Networks LLC.
1 Pristantsionnaya Str., 1, bldg. Cheboksary 428003
T. N. Smirnova
Russian Federation
Tatiana N. Smirnova - Cand. Sci. (Physical and Mathematical), Assoc. Prof., Assoc. Prof., Department of Mathematical and Hardware Support of Information Systems.
15 Moskovsky Ave, Cheboksary 428015
References
1. Filimonova A.V., Zalivina D.A., Mitrofanova T.V. On Social Engineering in Cybersecurity. Information Technologies. Problems and Solutions. 2020; 1 (10): 139-144. (In Russ)
2. Nazaryan A.K., Kartsan I.N. Modern Cyberattacks: Classification and Protection Methods. Informatics. Economics. Management. 2025; 4; 1: 1001-1007. (In Russ)
3. Safonova E.G., Egorova A.O., Mavrin S.A. The relevance of the problem of targeted cyberattacks on critical information infrastructure. Energy Plants and Technologies. 2025; 11; 1: 110-116. (In Russ)
4. Creating your own SOC using the MITRE classification and the ELK opensource stack / Stepanov Y.V., Kopysheva T.N., Mitrofanova T.V., et al. // Information Technologies in Science, Management, and Education: An Interdisciplinary Approach and Development Trends: Collection of Materials. All-Russian Scientific and Practical Conference, November 12, 2021. Dimitrovgrad: Publishing House of DITI, 2021: 229-236. (In Russ)
5. Ermak K.K. Methods of protection against cyberattacks: modern approaches and technologies. International student scientific bulletin. 2025; 1: P. 4. (In Russ)
6. Al-Kadhi M.A.A.A. Cyberattacks: Growing Threats, Awareness-Raising Strategies, and Effective Protection Measures. Current Research. 2025; 7-1(242): 71-73. (In Russ)
7. Mukashev O. Methods of protection against common types of cyberattacks. Internauka. 2025;18-4(382):65-68 (In Russ)
8. The Subsystem of Computer Attacks Prevention on Critical Information Infrastructure Facilities: Analysis of Functioning and Implementation / Kotenko I.V., Saenko I.B., Zakharenko R.I., Velichko D.V. Cybersecurity Issues. 2023; 1 (53): 13-27. (In Russ)
9. Nur'yarov R.R. Modern Methods and Tools for Identifying Targeted Cyberattacks. Internauka. 2025; 12-1(376): 36-39. (In Russ)
10. Isakova T.A. Information Security: Distributed System for Detecting Attacks. Actual Issues of Modern Economics. 2025; 3: 596-600. (In Russ)
11. Nuryarov R.R. SOC Architecture: Enhancing SOC Maturity to Improve Cyber Attack Detection and Prevention Mechanisms. Internauka. 2025; 17-2(381): 5-16. (In Russ)
12. The procedure for responding to the most popular methods of implementing cyber attacks in accordance with the techniques of the MITRE ATT&CK matrix / N.A. Nikolayev, A.N. Vishnyakova, I.V. Gorbachev, O.M. Golembiovskaya // Information security and personal data protection. Problems and ways to solve them: collection of materials. and dokl. XVI interregion. Scientific and Practical conference, Bryansk, April 29, 2024. Bryansk: Publishing house Bryansk. tech. University, 2024: 196-201. (In Russ)
13. Ivanov A.S. The use of natural language processing algorithms to identify techniques from the MITRE ATT&CK matrix // Nanotechnology. Information. Radio engineering (NIR-24): Materials of the All-Russian Thank you. Scientific and Practical conference, Omsk, April 18, 2024. Omsk: Publishing house of Omsk. tech. University, 2024: 68-71. (In Russ)
14. Zambianco M., Facchinetti C., Siracusa D. A Proactive Decoy Selection Scheme for Cyber Deception using MITRE ATT&CK. Computers & Security. 2025; 148: 104144.
15. Zhang Sh., Xue X. DeepOP: A Hybrid Framework for MITRE ATT&CK Sequence Prediction via Deep Learning and Ontology. Electronics. 2025; 14; 2: P. 257.
16. Golovashov S., Agatiy I. Approaches to Ensuring Information Security When Using Astra Linux Special Edition in Embedded Equipment. System Administrator. 2024; 5(258): 26-41. (In Russ)
17. Zima V.M., Kryukov R.O. Approach to Controlling the Actions of Privileged Users in Critical Automated Systems. Issues of Defense Technology. Series 16: Technical Means of Countering Terrorism, 2021: 72-82. (In Russ)
18. Mylitsyn R.N., Devyanin P.N. The Practice of Building Information Systems in a Protected Design Based on the ASTRA LINUX SPECIAL EDITION Operating System // The State and Prospects of Modern Science Development in the Field of Information Security. Collection of Articles from the II All-Russian Scientific and Technical Conference. Vol. 2. Anapa: Military Innovative Technopolis ERA, 2020: 448-453. (In Russ)
19. A Comprehensive Review of Cyber Security Vulnerabilities, Threats, Attacks, and Solutions // Ömer Aslan, Semih Serkant Aktug, Merve Ozkan Okay, Ab-dullah Asım Yılmaz, Erdal Akin / March 2023 // Electronics 12(6):1-42 // DOI:10.3390/electronics12061333.
20. Review and insight on the behavioral aspects of cybersecurity // Rachid Ait Maalem Lahcen, Bruce Caulkins, Ram Mohapatra, Manish Kumar / April 2020 // Cyber-security 3(1) // DOI:10.1186/s42400-020-00050-w.
21. On Approval of Requirements for Ensuring the Security of Significant Objects of the Critical Information Infrastructure of the Russian Federation. Order of the FSTEC of Russia No. 239 of December 25, 2017. (In Russ)
22. On Measures to Ensure the Technological Independence and Security of the Critical Information Infrastructure of the Russian Federation. Decree of the President of the Russian Federation No. 166 of March 30, 2022. (In Russ)
23. On Additional Measures to Ensure the Information Security of the Russian Federation. Decree of the President of the Russian Federation No. 250 of May 1, 2022. (In Russ)
24. GOST R 59548-2022. Information Protection. Registration of Security Events. Requirements for Registered Information. (In Russ)
25. Guide to Computer Security Log Management NIST SP 800-92.
26. https://attack.mitre.org/matrices/enterprise/linux/ (accessed July 23, 2025). Matrix Enterprise|MITRE ATT&CK [Electronic resource]: Linux Matrix.
27. Order of the FSB of Russia dated June 19, 2019 No. 281 "On approval of the Procedure, technical conditions for the installation and operation of tools designed to detect, prevent, and eliminate the consequences of computer attacks and respond to computer incidents, with the exception of tools designed to search for signs of computer attacks in telecommunication networks used to organize the interaction of critical information infrastructure facilities of the Russian Federation" (In Russ)
Review
For citations:
Andreev I.I., Ivanov S.O., Kopyshevа T.N., Nikandrov M.V., Smirnova T.N. Integration and Adaptation of Open-Source Monitoring Tools for Detecting Anomalous User Activity in Astra Linux Special Edition. Herald of Dagestan State Technical University. Technical Sciences. 2025;52(4):23-38. (In Russ.) https://doi.org/10.21822/2073-6185-2025-52-4-23-38
JATS XML































