Notation and modification of a methodology for detecting computer incidents in accordance with the GOST 59709-59712

Annotation: The paper describes the regulatory framework governing the operation of the state system aimed at identifying, preventing and eliminating the consequences of cyberattacks on the infor-mation resources of the Russian Federation. The authors pre-sent a notation of the process ащк detecting such attacks in accordance with the GOST 59709-59712 standards. A modifi-cation of the methodology for identifying computer attacks is proposed, which – unlike existing approaches based on signa-ture analysis – incorporates the use of machine learning algo-rithms. As a result of the study, a hybrid methodology for de-tecting computer incidents has been formulated, containing a formalized process notation that ensures compliance with the national standards, as well as mechanisms for predictive analy-sis based on machine learning.

Keywords: machine learning, idf0 notation, method-ology, computer incident, gost 59709-59712, gossopka