Predicting of cyber attacks on critical information infrastructure
Abstract According to modern statistics and analytical reviews, targeted computer attacks (cyber attacks) are becoming more and more numerous. Attackers began to use non-standard schemes for implementing attacks, using employees of organizations as intermediaries, which reduces the efficiency of detecting violations. At the same time, the targets of attackers are increasingly critical information infrastructure (CII) objects. The number of cyberattacks on the critical infrastructure of the Russian Federation increased by 150%. Successful attacks on CII are associated with a lack of software updates for industrial equipment, personnel errors, incorrect configuration of protection tools and can potentially lead to disasters. Prediction of computer attacks on CII based on a comprehensive analysis of the characteristics of incidents and system users can significantly increase the efficiency of incident detection, since it is obvious that technical and anthropogenic characteristics in this case should be taken into account together. It is difficult to classify computer incidents due to the volume and heterogeneity of the data about them. The paper proposes approaches that provide for the initial systematization of system log data and user characteristics, an assessment of their informativeness. This will reduce the complexity of further data processing and increase the performance of the computer attack forecasting system by excluding some uninformative data from a single secure storage. The second important task is to create test systems based on available platforms for analyzing and detecting computer incidents in order to train future information security specialists in big data analysis technologies.