Andrey Shorov

Analysis and Evaluation of Web Pages Classification Techniques for Inappropriate Content Blocking

The paper considers the problem of automated categorization of web sites for systems used to block web pages that contain inappropriate content. In the paper we applied the techniques of analysis of the text, html tags, URL addresses and other information using Machine Learning and Data Mining methods. Besides that, techniques of analysis of sites that provide information in different languages are suggested. Architecture and algorithms of the system for collecting, storing and analyzing data required for classification of sites are presented. Results of experiments on analysis of web sites’ correspondence to different categories are given. Evaluation of the classification quality is performed. The classification system developed as a result of this work is implemented in F-Secure mass production systems performing analysis of web content.

Investigation of DDoS Attacks by Hybrid Simulation

At present protection against distributed attacks of the type “denial of service” (DDoS) is one of the important tasks. The paper considers a simulation environment for DDoS attacks of different types using the combination of a simulation approach and real software-hardware testbeds. In the paper we briefly describe the system architecture and a series of experiments for DDoS attack simulation on transport and application levels. The experimental results are provided, and the analysis of these results is performed.

Decomposition of Data Mining Algorithms into Unified Functional Blocks

The present paper describes the method of creating data mining algorithms from unified functional blocks. This method splits algorithms into independently functioning blocks. These blocks must have unified interfaces and implement pure functions. The method allows us to create new data mining algorithms from existing blocks and improves the existing algorithms by optimizing single blocks or the whole structure of the algorithms. This becomes possible due to a number of important properties inherent in pure functions and hence functional blocks.

Detecting the Origin of DDoS Attacks in OpenStack Cloud Platform Using Data Mining Techniques

The paper presents the results of the design and implementation of detection system against DDoS attacks for OpenStack cloud computing platform. Proposed system uses data mining techniques to detect malicious traffic. Formal models of detecting components are described. To train data mining models real legitimate traffic was combined with modelled malicious one. Paper presents results of detecting the origin of DDoS attacks on cloud instances.

Discrete-Event Simulation of Botnet Protection Mechanisms

The common use of computers, connected to the Internet, as well as insufficient level of security, allow malefactors to execute large-scale infrastructure attacks, engaging in criminal activity a huge number of computing nodes. Attacks of such type have been traditionally performing by botnets. There are examples of successful large-scale attacks fulfilled by armies of bots. For example, attacks such as distributed denial of service (DDoS), aimed at government websites of Estonia in 2007 and Georgia in 2008 had led to the practical inaccessibility of these sites for several days. In 2009 and 2010 spying botnets “GhostNet” and “Shadow Network” have been occurred in many countries around the world.

Simulation of Botnets: Agent-Based Approach

The paper considers an approach intended to investigate botnets and botnet defence using agent-based simulation. We explore various botnet attacks and counteraction against them on the example of defence against Distribute Denial of Service (DDoS) attacks. We represent botnet and defence components as agent teams. Agents are supposed to collect information from various network sources, operate different situational knowledge, and react to actions of other agents. The paper describes the common simulation framework, agent-based simulation environment, and the results of experiments aimed to investigate botnets and DDoS defence mechanisms.

Towards visual analytics tasks for the security information and event management

Visual analytics is an actively developing multidisciplinary research area which can be successfully used in the field of information security management. The visual analytics techniques are used to monitor information security level of the information system and form situation awareness of the security officer. However, there are still some open issues in visual analytics tasks to be considered. This paper presents main challenges existing in this area and proposes possible solutions of these challenges.

Network traffic processing module for infrastructure attacks detection in cloud computing platforms

The paper presents the results of the design and implementation of a network data processing module for the security component protecting OpenStack cloud computing platform again DDoS attacks. The module processes both internal and external relative cloud infrastructure network traffic, and thus, enables security component to detect DDoS attacks the sources of which can be located inside or outside cloud infrastructure. The paper also presents the results of the module load testing that shows that the developed module is able to process volumes of network traffic exceeding the power of modern DDoS attacks.

Investigation of website classification methods based on data mining techniques

The article describes the development of a Web page classification model using data mining techniques. The model allows to perform a multi-label soft classification of Web pages. In order to develop this classification model we combined new, with already existing methods. The experiments show an increased classification precision.

DDoS Attacks Detection in Cloud Computing Using Data Mining Techniques

Cloud computing platforms are developing fast nowadays. Due to their increasing complexity, hackers have more and more opportunities to attack them successfully. In this paper, we present an approach for detection internal and external DDoS attacks in cloud computing using data mining techniques. The main features of the cloud security component that implements suggested approach is an ability to detect both types of DDoS attacks and usage of data mining techniques. The component prototype is implemented in OpenStack cloud computing platform. The paper presents the results of the experiments with different types of DDoS attacks.