|
|
 Darya Novikova, Vasiliy Podvigin
Gubkin Russian State University of Oil and Gas (National Research University),
Moscow, 119991, Russian Federation
DOI 10.31854/2307-1303-2026-14-1-22-34
EDN DIUDHK
|
|
 Full text
 XML JATS
Abstract
Problem statement. A significant share of information security incidents on workstations is associated with process execution that deviates from typical user behavior. Traditional protection tools focused on signatures and network events do not provide behavioral context at the endpoint level, which limits the detection of rare processes and atypical parent – child process chains. The aim of the study is to improve the effectiveness of detecting deviations in user process activity by developing an agent-based monitoring system that accumulates process execution history and evaluates its typicality on workstations. Methods. The solution is based on an agent – server architecture including periodic collection of process state snapshots, process session construction, accumulative storage, and rule-based server-side analysis. Detection relies on process rarity assessment based on occurrence frequency, analysis of parent–child process chains, and rule-based identification of combined deviations without using machine learning methods. The novelty lies in a rule-based approach to behavioral analysis of processes on workstations based on the combination of a cumulative session storage, catalogs of allowed processes and process chains, and centralized server-side deviation detection logic. In contrast to existing approaches, the analysis focuses on assessing activity typicality rather than classifying maliciousness. Results. A prototype system for the Windows operating system has been developed, including a lightweight client agent and a server application based on FastAPI and SQLite. The system collects and stores process execution history, detects rare and atypical process launches, and generates alerts. Functional validation confirmed the correctness of the implemented analytical rules and the ability to generate informative signals of atypical activity. Practical significance. The proposed approach enables the formation of behavioral context of process activity on workstations and can be used as an additional data source for security monitoring and analysis systems, including SIEM and SOC, improving the detection of new and atypical user activity scenarios.
Keywords
process monitoring, information security, behavioral analysis, agent-based system, application classification, user activity, anomalous processes
Reference for citation
Novikova D., Podvigin V. Agent-Based System for Process Monitoring, Behavioral Analysis, and Anomalous Activity Detection on Workstations // Telecom IT. 2026. Vol. 14. Iss. 1. PP. 22‒34. (in Russian). DOI: 10.31854/2307-1303-2026-14-1-22-34. EDN: DIUDHK
|
|
References
1. Nikolaenko V., Vasenyova V., Zubareva E., Rudikova M. Monitoring System of the OS's Events // National Association of Scientists. PP. 63--65. (in Russian) EDN: YFTQFP
2. Al-Tameemi M., Hassan M. B., Paznikov A. A., Al-Khaykanee M. N., Albadrawi E. B. Review of Intrusion Detection Systems // LETI Transactions on Electrical Engineering & Computer Science. 2024. Vol. 17. Iss. 4. PP. 30--41. DOI: 10.32603/2071-8985-2024-17-4-30-41
3. Denysiuk D., Sochor T., Kapustian M., Kashtalian A., Savenko O. Methods for Detecting Software Implants in Corporate Networks // Proceedings of the 5th International Workshop on Intelligent Information Technologies and Systems of Information Security (IntelITSIS'2024, March 28, 2024, Khmelnytskyi, Ukraine). CEUR Workshop Proceedings. 2024. Vol. 3675. PP. 270-284.
4. Kostikov E. V. Sysmon Log Analysis Methods for Cyber Threat Detection // International Journal of Open Information Technologies. 2024. Vol. 12. Iss. 11. PP. 25-34. (in Russian) EDN: BPEPSL
5. Portase R. M., Muntea A. M., Mermeze A., Colesa A., Sebestyen G. Detection Strategies for COM, WMI, and ALPC-Based Multi-Process Malware // Sensors. 2024. Vol. 24. Iss. 16. P. 5118. DOI: 10.3390/s24165118
|
|
|
Anton Tishkov, Grigoriy Fokin
The Bonch-Bruevich Saint Petersburg State University of Telecommunications,
St. Petersburg, 193232, Russian Federation
DOI 10.31854/2307-1303-2026-14-1-1-21
EDN DQPSAM
|
|
Full text
XML JATS
Abstract
Purpose. To analyze the simulation tools available in the Satellite Communication Toolbox expansion package for modeling the physical principles of the construction and operation of satellite communication systems in general and the link budget assessment in particular. The aim of the work is to prepare the groundwork for a training and methodological complex for studying the satellite segment of hybrid orbital-terrestrial communication networks. Methods: an overview of the simulation tools of the Satellite Communication Toolbox and their capabilities for studying the link budget of the satellite segment of hybrid orbital-terrestrial communication networks. Novelty. Unlike the works devoted to the study of the channel budget, the author’s approach consists in the formalization of proposals for the use of the simulation tools of the Satellite Communication Toolbox in solving typical practical problems of estimating the satellite communication channel budget in order to consolidate the studied physical principles in laboratory and practical classes. Results of this work is the preparation of materials for studying the satellite communication channel budget for educational and methodological purposes. Theoretical / Practical relevance: the significance of the presented material lies in the improvement of the training and methodological complex for studying the principles of construction and functional features of modern and promising satellite communication systems.
**Keywords**
Satellite Communications Toolbox, MATLAB, satellite communications, satellite link budget analysis
Reference for citation
Tishkov A., Fokin G. Modeling of Satellite Communication Systems in Satellite Communications Toolbox: Link Budget Analysis // Telecom IT. 2026. Vol. 14. Iss. 1. PP. 1‒21 (in Russian). DOI: 10.31854/2307-1303-2026-14-1-1-21. EDN: DQPSAM
|
|
References
1. Al-Hraishawi H., Chougrani H., Kisseleff S., Lagunas E., Chatzinotas S. A Survey on Nongeostationary Satellite Systems: The Communication Perspective. IEEE Communications Surveys & Tutorials, 2023, vol. 25, iss. 1, pp. 101-132. DOI: 10.1109/comst.2022.3197695. EDN: UUFWUD
2. Heo J., Sung S., Lee H., Hwang I., Hong D. MIMO Satellite Communication Systems: A Survey from the PHY Layer Perspective. IEEE Communications Surveys & Tutorials, 2023, vol. 25, iss. 3, pp. 1543-1570. DOI: 10.1109/comst.2023.3294873. EDN: XDPGZP
3. Hwang Y., Oh S.-M. Survey on Protocol Architectures for Cellular-based Low Earth Orbit Satellite Communications. In: Proceedings of the 14th International Conference on Information and Communication Technology Convergence (ICTC), 2023, pp. 1601-1603. DOI: 10.1109/ICTC58733.2023.10393800
4. Wang M., Nardin A., Ma R., Wang R., Dovis F., et al. Integrated Communication and Navigation Based on LEO Satellite Networks: A Survey. IEEE Internet of Things Journal, 2025, vol. 12, iss. 22, pp. 46244-46268. DOI: 10.1109/JIOT.2025.3601137
5. Bakhsh Z.M., Omid Y., Chen G., Kayhan F., Ma Y., et al. Multi-Satellite MIMO Systems for Direct Satellite-to-Device Communications: A Survey. IEEE Communications Surveys & Tutorials, 2025, vol. 27, iss. 3, pp. 1536-1564. DOI: 10.1109/COMST.2024.3449430
6. Kruk S., Garcia-Martin P., Popescu M., Aussel B., Dillmann S., et al. The Impact of Satellite Trails on Hubble Space Telescope Observations. Nature Astronomy, 2023, vol. 7, iss. 3, pp. 262-268. DOI: 10.1038/s41550-023-01903-3. EDN: QWVZNJ
7. Sklar B. Digital Communication. Fundamentals and Application. Moscow: "Williams" Publ., 2007. 1104 p. (in Russian)
|
|
|
Статья
Метаданные статьи распространяются по лицензии