Quarterly journal published in SPbPU
and edited by prof. Peter Zegzhda
Peter the Great St. Petersburg Polytechnic University
Institute of computer sciences and technologies
information security of computer systems
Information Security Problems. Computer Systems
Published since 1999.
ISSN 2071-8217
AN APPROACH TO DETECTING MALICIOUS ACTIONS OF AN ATTACKER BASED ON THE AUTOREGRESSION MODEL IN THE INVESTIGATION OF A CYBER INCIDENT

Smirnov S. I., Eremeev M. A., Pribylov I. A.

Annotation: The article presents an approach to detecting malicious actions of an attacker based on the analysis of the Security.evtx event logs of the Windows operating system when investigating an information security incident. The authors experimentally tested the use of the autoregression model (the Change Finder algorithm), on the basis of which malicious activity of domain users in the corporate network was detected.
Keywords: information security incident, APT attack, horizontal movement, Security log Security. evtx, Change Finder algorithm.
Pages 41-47