ORGANIZATION OF DATA STORAGE IN COMPUTER ATTACK SYSTEMS AND TOOLS TAKING INTO ACCOUNT THE HISTORICAL ASPECT OF THEIR USE

Abstract

The article examines the problem of organizing data storage in systems and means of countering computer attacks on corporate networks, taking into account the historical aspect of their use. It is shown that when conducting computer attacks, attackers encounter a multi-level defense system that corresponds to the levels of the attacker's pain pyramid and includes various hardware and software tools. The effectiveness of the functioning of such means largely depends on the presence and organization of memory subsystems that accumulate historical data on the previous functioning of protection systems. With this in mind, attackers are increasingly trying to bypass not only sensors and detection mechanisms, but also memory elements that contain information about previous incidents, response scenarios, and data usage results.

To increase the level of cyber security, data storage models and a method of organizing their storage in systems and means of countering computer attacks are proposed. The method involves the division of data into initial, accumulated and used data, which ensures consideration of the full life cycle of data, i.e. from the moment of their formation to repeated application and evaluation of the effectiveness of such use. A feature of the proposed approach is the preservation and analysis of historical data usage experience using Markov models, dynamic Bayesian networks, and statistical methods. Markov models are used to describe sequences of states and scenarios of the development of events, dynamic Bayesian networks ensure consideration of cause-and-effect relationships and uncertainty in time, and statistical methods make it possible to generalize results and evaluate the effectiveness of decisions made.

The proposed method contributes to the accumulation of historical information on the use of data, increasing the efficiency of their reuse, adaptability and autonomy of the functioning of systems for countering computer attacks, in particular, in conditions of limited availability of specialized data storage facilities.

The development of the architecture of storage facilities, methods of optimization and data selection, as well as the integration of deception technologies into the processes of organization and the use of historical data in the protection systems of corporate networks are defined as promising directions for further research.