AN APPROACH TO DETECTING MALICIOUS ACTIONS OF AN ATTACKER BASED ON THE AUTOREGRESSION MODEL IN THE INVESTIGATION OF A CYBER INCIDENT
Smirnov S. I., Eremeev M. A., Pribylov I. A.
Annotation: The article presents an approach to detecting malicious actions of an attacker based on the analysis of the Security.evtx event logs of the Windows operating system when investigating an information security incident. The authors experimentally tested the use of the autoregression model (the Change Finder algorithm), on the basis of which malicious activity of domain users in the corporate network was detected.
Keywords: information security incident, APT attack, horizontal movement, Security log Security. evtx, Change Finder algorithm.