01673nas a2200217 4500000000100000000000100001008004100002260000900043653001200052653001300064653002300077653002300100653002000123100001600143700001700159700001900176245011600195300001200311490000700323520112500330 2020 d c202010aanomaly10adatabase10anetwork monitoring10anetwork parameters10anetwork traffic1 aIhor Skiter1 aIvan Burmaka1 aAndriy Sigayov00aDesign of Technical Methods for Analysing Network Security Based on Identification of Network Traffic Anomalies a306-3160 v473 a
The article presents the design of a system for analysing technical networks with three main components. The attack generator monitors the network, checks its response, stability, and effectiveness to counter external threats. The database contains data about network parameters, their behaviour over time, network status, incidents, anomalies, etc. The network monitoring module uses information from the database for qualitative analysis of the network status.
The technical data analysis system of the distributed information system consists of two subsystems: the “Attacker” and the “Analyzer.” The “Attacker” is a scanning tool for targeted information monitoring. It generates streams of network attacks with the aim to test the network response, stability, and effectiveness of network protection. The subsystem “Analyzer” collects information in predetermined periods of time, establishes criticality levels of network parameters; determines the time of the last criticality levels’ change, records criticality levels values, and reports on the status, errors and script execution.