A study of dynamics and classification of attacks on corporate network web services

The article presents a study of the dynamics of attacks on web services using the classification of cyber threats by type on the example of the corporate network of the Krasnoyarsk Scientific Center of the Siberian Branch of the Russian Academy of Sciences. The analysis was carried out on the basis of web services logs and allows solving urgent problems of ensuring the integrated security of web services, including identifying both existing and potential cybersecurity threats. A review of the main approaches to the processing and analysis of logs is provided. The authors describe the type and composition of data sources and provide a list of the software used. A feature of the study is the long observation period. The structure of the processing system is proposed and software tools for attack analysis and classification are implemented. The work shows that the use of classified samples allows detecting periodicity and reveal trends of certain types of attacks. Unclassified attacks have similar distribution parameters for different years, while in the case of classification, the distribution parameters change significantly, which makes it possible to track risks in automated intrusion prevention systems. A correlation matrix by type of attack was constructed. The analysis showed that most attack types have weak correlation, with the exception of the attacks “command injection”, “directory browsing”, “Java code injection”, which can be aggregated. The authors proposed a heuristic method of risk comparison based on cyber threat classification. The method uses statistical parameters of sample distributions and allows working with different time intervals. The paper georeferenced the IP addresses from which the attacks were carried out, built attack profiles for different countries, and provided a list of countries with a stable attack profile. The conclusion indicates the features of the proposed method and outlines the prospects for its use in other areas.