| main| | new issue| | archive| | editorial board| | for the authors| | publishing house| |
 Ðóññêèé |
 |
 |
 |
 |
 |
 |
|
|
ABSTRACTS OF ARTICLES OF THE JOURNAL "INFORMATION TECHNOLOGIES".
No. 2. Vol. 28. 2022
DOI: 10.17587/it.28.75-80
A. V. Pavlov, Postgraduate Student, ITMO University, St. Petersburg, Russian Federation
Analysis of Network Interaction of Modern Exploits
During targeted attack campaigns a malicious actor may use proxy servers to hide the attack path and origin. This approach may be used during the reconnaissance and exploitation phases. It can make the investigation process for Blue Team harder as security events can be assigned to different incidents by security software or some important data may be missing. In this paper the statistics of public exploits for 2018-2020 is considered. For the most frequent types of vulnerabilities based on CWE classification during this period, an analysis of the features of network interaction is performed. Additional factors that may have an impact on the total number of requests during exploitation, like authorization, CSRF protection and extra information gathering are investigated. Based on the number of requests and the possibility of detection by security mechanisms, the possibility of restoring the connectivity of the requests of the attacker using proxy servers for requests is determined. This classification may be used to develop Alert Correlation System methods and mechanisms, identify attacker groups and perform attack attribution.
Keywords: information security, cybersecurity, exploit, intrusion detection, attack attribution, vulnerabilities, traffic analysis, attacker groups, attack reconstruction, threat intelligence, alert correlationP. 75–80