Effective Solutions for Rapid Detection of Committed PCS in the Infocommunication Networks

Чернігівський, Іван Андрійович та Крючкова, Лариса Петрівна (2025) Effective Solutions for Rapid Detection of Committed PCS in the Infocommunication Networks Телекомунікаційні та інформаційні технології, 87 (2). с. 24-32. ISSN 2412-4338

[thumbnail of Chernihivskyi_I_Kriuchkova_L_TiT_2_87_2025.pdf] Текст
Chernihivskyi_I_Kriuchkova_L_TiT_2_87_2025.pdf

Download (494kB)
Офіційне посилання: https://tit.dut.edu.ua/index.php/telecommunication...

Анотація

Recently, the need to solve problems in conditions of limited time resources has become increasingly relevant. This could be, for example, a network attack on a company's corporate resources, as a result of which an unknown number of PCs have been compromised, while being completely ignored by AV and IPS, which in turn imposes a significant time constraint, since it is necessary to quickly establish the "degree of infection" of each individual PC and isolate it from other computers in the infocommunication network. In this case, the traditional forensic analysis of digital traces collected using Forensic Triage will be too long. When under normal conditions, these tasks were performed by well-known programs and this time was enough, now the question arises, how to speed up the "execution" of tasks if there are no competitive analogues for the program? Therefore, there is a need for additional capabilities that would reduce the program for extracting digital artifacts execution time while maintaining sufficient efficiency. Or reduce the time an IT analyst spends analyzing one PC, which will allow him to check more PCs per unit of time. The purpose of the study is to substantiate effective solutions to reduce the time an information security analyst spends on identifying a specific PC in the infocommunication network as infected/not infected. The work identifies a component/tactic without which modern computer viruses usually do not work. A list of programs for rapid virus detection and an optimization script using a relational table of artifacts are proposed, which allow reducing the number of elements required for further research by more than ten times. This helps IT analysts significantly save time on detecting the infection of a specific PC in the infocommunication network as "infected/not infected"

Тип елементу : Стаття
Ключові слова: information; cybersecurity; computer forensics; computer digital artifacts; Windows; MITRE; autostart; viruses
Типологія: Статті у періодичних виданнях > Фахові (входять до переліку фахових, затверджений МОН)
Підрозділи: Факультет інформаційних технологій та математики > Кафедра інформаційної та кібернетичної безпеки ім. професора Володимира Бурячка
Користувач, що депонує: Павло Миколайович Складанний
Дата внесення: 25 Черв 2025 13:31
Останні зміни: 25 Черв 2025 13:31
URI: https://elibrary.kubg.edu.ua/id/eprint/52210

Actions (login required)

Перегляд елементу Перегляд елементу