Design of Technical Methods for Analysing Network Security Based on Identification of Network Traffic Anomalies

The article presents the design of a system for analysing technical networks with three main components. The attack generator monitors the network, checks its response, stability, and effectiveness to counter external threats. The database contains data about network parameters, their behaviour over time, network status, incidents, anomalies, etc. The network monitoring module uses information from the database for qualitative analysis of the network status. The technical data analysis system of the distributed information system consists of two subsystems: the “Attacker” and the “Analyzer.” The “Attacker” is a scanning tool for targeted information monitoring. It generates streams of network attacks with the aim to test the network response, stability, and effectiveness of network protection. The subsystem “Analyzer” collects information in predetermined periods of time, establishes criticality levels of network parameters; determines the time of the last criticality levels’ change, records criticality levels values, and reports on the status, errors and script execution. A R T I C L E I N F O : RECEIVED: 12 JUNE 2020 REVISED: 09 SEP 2020 ONLINE: 22 SEP 2020 K E Y W O R D S : database, network parameters, network monitoring, network traffic, anomaly Creative Commons BY-NC 4.0 Design of Technical Methods for Analysing Network Security