T. Bakšys “Development of early staged cyber attack detection method for IT&T networks” doctoral dissertation defence

Author, Institution: Tautvydas Bakšys, Kaunas University of Technology

Science area, field of science: Technological Sciences, Electrical and Electronics Engineering, T 001

Scientific Supervisor: Assoc. Prof. Dr. Saulius Japertas (Kaunas University of Technology, Technological Sciences, Electrical and Electronics Engineering, T 001).

Dissertation Defence Board of Electrical and Electronics Engineering Science Field:
Prof. Dr. Arminas Ragauskas (Kaunas University of Technology, Technological Sciences, Electrical and Electronics Engineering, T 001) – chairman;
Prof. Dr. Raimundas Matulevičius (University of Tartu, Technological Sciences, Informatics Engineering, T 007);
Prof. Dr. Dalius Navakauskas (Vilnius Gediminas Technical University, Technological Sciences, Electrical and Electronics Engineering, T 001);
Prof. Dr. Dangirutis Navikas (Kaunas University of Technology, Technological Sciences, Electrical and Electronics Engineering, T 001),
Prof. Dr. Jevgenijus Toldinas (Kaunas University of Technology, Technological Sciences, Informatics Engineering, T 007).

The doctoral dissertation is available at the library of Kaunas University of Technology (Donelaičio 20, Kaunas).

Annotation:

Existing cyber-attack detection systems and methods only identify an ongoing or already occurring attack when it is too late to take preventive action. Recent scientific sources on cyber security state that it is crucial to identify the early stages of an attack when it is possible to prevent it and reduce potential losses. Early detection of attacks is only possible through detailed monitoring of network and system parameters, thus precisely determining the early stage of the attack and stopping the attack chain.

This dissrtation examines the characteristics and characteristics of cyber attacks that allow the early stages of attacks to be distinguished. Detection of features of early attacks is performed using logical indicator filters that distinguish network and system characteristics and identify possible anomalies. These abnormalities form the factors that make up cyber attacks. When the method indicates possible system anomalies, the flow is further analyzed, the information is processed by logic circuits, binary vectors characterizing the attacks are obtained.

The thesis suggests a network analysis structure, logical filter configuration, and attack detection algorithms that allow you to identify possible early-stage attack vectors from network traffic and system parameters.