Method to identify cybercriminals using network analysis of information systems with anonymization

Authors: Basynya E. A., Hitsenko V. E., Rudkovskiy A. A.

Annotation: In this paper, modern tactics of the hackers to conduct cyberattacks were analyzed, a strategy to investigate an object of attack using the combined virtual secure communication channel, anonymization tools are described, including overlay technologies and networks. An original method of counteraction of such unauthorized activities is provided. The scientific novelty of the work consist in the identification of intruders (performing active harvest of the data using technology of anonymization) by making assault vectors based on a number of parameters. For example, address space belonging to anonymization network, pool exhaustion for anonymization network address space (identity), type of active/passive scan, progress of the scan type, correlation of the parameters due to artificial delays and etc. The method to identify the attackers who are using tools of the automated active and passive analysis of traffic and information systems by applying technologies of anonymization, described in the article, is used together with the author's module of falsification of operating systems and the services functioning on them in a wide range of variations for various hackers. This allows misinforming successfully hacker on first step of the cyber-attacks. The software implementation of the author's method was successfully tested, experimentally investigated. The target area of application are server solutions that operate based on the TCP/IP Protocol stack

Keywords: anonymization overlay networks, scanning, prob- ing, misinformation