The Properties of Computer Equipment Objects Evaluation to Ensure Post-Incident Audit

The study of computer incidents is an important area of activity in the field of information security. The paper considers a method for describing the properties of objects of computer equipment to ensure post-incident audit. The investigation of incidents is considered by analyzing the properties of objects of volatile memory, non-volatile memory, and network traffic. These properties are presented as a set of attributes and are analyzed by applying graph theory. To solve the final problem of determining and formalizing a computer incident, various algorithms on graphs and sets of properties can be used. The paper presents a computational experiment of post-incident audit of computer equipment by the example of determining a computer incident. The presented method minimizes the amount of information processed by using only attributes for analysis.

1. Derov E. Considering the Rapid Development and Growing Popularity of Big Data Technologies, There is a reason to Think about the Expediency of Their Use in the Investigation of Information Security Incidents. IT-kompaniia KABEST. 2014. Available from: http://kabest.ru/press/news/754/index.php?print=Y [Accessed 15th April 2016]. (in Russ.)

2. Bessonova E., Zikratov I., Roskov V. Analysis of Internet User Identification Methods. Scientific and Technical Journal of Information Technologies, Mechanics and Optics. 2012;6(82):128‒129. (in Russ.)

3. Bessonova E., Zikratov I., Kolesnikov Yu., Roskov V. Internet User Identification Method. Scientific and Technical Bulletin of information Technologies, Mechanics and Optics. 2012;3(79):133‒137. (in Russ.)

4. Pantiukhin I.S., Zikratov I.A., Levina A.B. Method of conducting post-incident internal audit of computer equipment based on graphs. Scientific and Technical Bulletin of Information Technologies, Mechanics and Optics. 2016;16(3):506‒512. (in Russ.) DOI:10.17586/2226-1494-2016-16-3-506-512

5. Christophides N. Graph Theory. Algorithmic Approach. Moscow: Mir Publ.; 1978. 432 p. (in Russ.)

6. Orebaugh A., Ramirez G., Beale J. Wireshark & Ethereal Network Protocol Analyzer Toolkit. Elsevier; 2006.

7. Wang S., Xu D.S., Y.S. Analysis and application of Wireshark in TCP/IP protocol teaching. IEEE International Conference on E-Health Networking, Digital Ecosystems and Technologies, EDT, 17‒18 April 2010, Shenzhen, China. IEEE, 2010. p.269‒272. DOI:10.1109/EDT.2010.5496372

8. Ndatinya V., Xiao Z., Manepalli V.R., Meng K., Xiao Y. Network forensics analysis using Wireshark. International Journal of Security and Networks. 2015;10(2):91‒106. DOI:10.1504/IJSN.2015.070421

9. Miller J.J. Graph Database Applications and Concepts with Neo4j. Proceedings of the Southern Association for Information Systems Conference, 23‒24 March 2013, Atlanta, USA. Association for Information Systems; 2013. p.141‒147.

10. Bruggen R.V. Learning Neo4j. 2014. p.222.

11. Guia J., Soares V.G., Bernardino J. Graph Databases: Neo4j Analysis. Proceedings of the 19th International Conference on Enterprise Information Systems, ICEIS, Porto, Portugal. SciTePress: 2017. vol.1. p.351‒356. DOI:10.5220/0006356003510356

12. Zbitsky P.V. Functional Signature of Computer Viruses. Reports of TUSUR. 2009;1(16):75‒76. (in Russ.)

13. Tatarinov A.A., Boldyrikhin N.V. Analysis of Methods for Detecting Malicious Software Based on Behavioral Signs. Proceedings of the All-Russian Scientific and Practical Conference on National Security of Russia: Current Aspects, 29 March 2020, St. Petersburg, Russia. St. Petersburg: Private Scientific and Educational Institution of Additional Professional Education Humanitarian National Research Institute "NATIONAL RAZVITIE" Publ.; 2020. p.18‒22. (in Russ.)

14. Nazarov A.V., Marienkov A.N., Kaliev A.B. Identification of behavioral signs of the cipher virus based on the analysis of changes in the values of computer system parameters. Caspian Journal: Management and High Technologies. 2018;1(41): 196‒204. (in Russ.)

15. Nazarov A.V., Marienkov A.N. The problem of detecting signs of a cryptographer virus in the operation of a computer system. Proceedings of the VII All-Russian Correspondence Internet Conference on Problems of Information Security, 20‒21 February 2018, Rostov-on-Don, Russia. Rostov: Federal State Educational Institution of Higher Education "Rostov State Economic University (RINH)" Rostov Regional Branch of the Free Economic Society of Russia Publ.; 2018. p.10‒14. (in Russ.)