Analysis Of the Behavior of Cyberattacks on Online Services Using the Cyber Threat Classification

The paper contains a study of the dynamics of attacks on online services using the categorization of cyber threats by type in the corporate network of the Krasnoyarsk Scientific Center of the Siberian Branch of the Russian Academy of Sciences. The study was conducted using online service logs and allows solving pressing issues related to ensuring the built-in security of web services, such as: identifying both current and future cybersecurity risks. A summary of the most important logging and analysis techniques is provided. The authors describe the nature and content of the data sources and the software used. The extensive observation period of the study is one of its outstanding features. The structure of the processing system is provided and software tools for attack analysis and categorization are created. The paper shows that using categorized sampling allows for the detection of periodicity and the identification of patterns in specific types of attacks. A correlation matrix was created based on the type of attack. Except for Command Injection, Directory Browsing, and Java Code Injection attacks, which can be aggregated, the research found that most attack types had poor correlation. Based on the classification of cyber threats, the authors proposed a heuristic technique of risk comparison.