Tymoshyk N. Improving the principles of construction of honeypot systems for protection of computer systems and networks

The dissertation is devoted to research on improving the height interactive honeypots with providing proof to identify and block registration and event monitoring systems by malicious. New approaches to solve that problem based on the virtualization approach and binary reconstruction of system calls passed thought virtual processor. Researched and developed new methods of registration and monitoring of fracture of computer systems, algorithms and mathematical model subsystem against attacks on the availability and functionality of honeypots. Proposed and developed methods have allowed the program to realize system protection and monitoring honeypots called "System of information gathering and analysis of Honeypots (SoIGAH). A behavioural model of interaction between the attacker and the honeypot is allowed to choose options for monitoring events in the honeypot. Based on this method was possible to identify and introduce ways of access attempts, allowing us to automate analysing attacks. By using equivalent parameters (as in Sebek v.3) our system show lower workload at monitoring system that confirms the efficacy, which made gains in productivity by 15%.