PRACTICAL ASPECTS OF APPLICATION OF THEORY OF GAMES TO THE ASSESSMENT OF SYSTEM SECURITY
L.V. Stepanov, A.S. Koltsov, A.V. Parinov, D.V. Parinov, B.A. Soloviev
: The paper considers the practical application of the game-theoretic approach to the task of assessing the security of systems. One of the factors determining the life and activity of any system is its safety. The concept of security is applicable to organizational, economic, engineering, biological and any other types of systems. The security status of the system is determined by many external and internal factors. Among the internal factors include the vulnerabilities inherent in this system, and among the external ones there are many threats that could potentially affect this system. The circumstance of the confrontation between threats on the one hand, and vulnerabilities (measures to eliminate vulnerabilities) on the other, makes it reasonable to use game theory methods to assess the security of a system.The parameters of threats and vulnerabilities, along with quantitative ones, can have a qualitative description, which limits the possibility of using mathematical methods. For this reason, these parameters must be formalized in a numerical form. To solve this problem, it is proposed to use a pairwise comparison of linguistic constructions. The obtained formalized values can be used to construct the game matrix.A feature of the approach proposed in the work is the possibility of its implementation in the form of algorithmic and software that will automate the work of analysts responsible for the formation of tactics and strategies for ensuring the security of any institution or organization. This fact reflects the practical usefulness of the proposed methodology.
Keywords: security system, security threats, system vulnerabilities, measures to counter threats, linear programming, game theory.
MATHEMATICAL MODEL OF THE DISTRIBUTION OF THE GLOBAL CHAIN EPIDEMIC OF NETWORK VIRUSES ON THE FRACTURING GRAPH
Research objective is the solution of a relevant problem of development of optimum strategy of management of processes of distribution of computer epidemics, design of local area networks which as much as possible protect network from viral infection with the structure as extensive damage to ordinary users of computers and local area networks of the enterprises, organizations, banks, objects of power supply is caused by epidemics of various computer viruses.The leading method of a research of a problem is creation of a mathematical model of branched chain process of distribution of computer network viruses with playing of options of succession of events, studying on model of efficiency of actions in fight against spread of viruses, a possibility of modeling of “epidemic” on the selected configuration of network for exact assessment of security of network from viruses.The new device of mathematical modeling and forecasting of branched chain processes is presented in article, the model carries out analytical conversions and numerical calculations, builds geometrical images of the proceeding branched chain epidemics of network viruses in real time. Process modeling of spread of network viruses is implemented in two stages: identification of structure of communications of intermediat of chain reaction (computers) of network – “recognition of the prefractal graph” and spread of “infection” on network in the form of chain branched process – “a covering of the prefractal graph”.The theoretical and practical importance of this work consists in adaptation of the instrumental office of prefractal graphs to a solution of problems of a spatio-temporal course of branched chain processes in virologic applications. Materials of article are of practical value at a research of distribution of global chain epidemic the new model device – the vertex costal weighed prefractal columns.
Keywords: computer viruses, computer network, priming, fractal, prefractal and weighted graphs.
ABOUT FINDING ALL NONDOMINATED MAXIMIN STRATEGIES OF ONE OF THE PLAYERS IN A TWO-PERSON NONCOOPERATIVE GAME THAT MODELS A PROCESS OF PURCHASING PROTECTION MEANS FOR A COMPUTER SYSTEM
A two-person noncooperative game that models a process of purchasing protection means for a computer system is considered. One of the players in this game is a party responsible for the security of the system. Having a certain amount of money that can be spent on the purchase of the protection means this party determines which of these funds should be purchased. Actions of the other player (and it’s the external world in relation to the computer system) are attacks on the computer system implemented via the network. For each of the protection means that can be purchased as well as for each of the types of attacks that can be used in an assault on the computer system a probability with which the attack will be reflected by the protection mean is known. By choosing the protection means a party responsible for the security seeks to minimize overall losses which include first a cost of the purchased protection means and secondly a damage expected from use of the other party attacks on the computer system. A study of an optimality principle implementations of which are nondominated maximin strategies of a player, which is a party responsible for ensuring the security of the system, is carried out. A result of this study is statements that determine a method of finding all nondominated maximin strategies of the specified player.
Keywords: noncooperative game, maximin strategy, nondominated strategy, computer system, attack on a computer system, protection of a computer system.
DISPERSION OF THE NUMBER OF FAILURES IN MODELS OF PROCESSES OF RESTORATION OF TECHNICAL AND INFORMATION SYSTEMS. OPTIMIZATION PROBLEMS
UDC 519.873, 004.056
I.I. Vainshtein, V.I. Vainshtein
In this work, for several models of recovery processes, dispersion formulas for the number of failures are obtained, depending both on the recovery functions of the considered model of the recovery process and on the recovery functions (average number of failures) of other models. Considering the formulas for the average and variance of the number of failures, the problem statements are given on the organization of the recovery process in which the minimum variance is achieved with a given limit on the average number of failures, or so that there is the smallest average number of failures with a given dispersion limit. The formulation tasks resemble Markowitz’s well-known task of forming a portfolio of securities, where the average makes sense of income, risk variance. The solution of the formulated problems is obtained for a simple recovery process with an exponential distribution of operating time, and for this case the Chebyshev inequality and the formula for the coefficient of variation are written. The developed mathematical apparatus is intended for use in the formulation and solution of various optimization problems of information and computer security, as well as in the operation of technical and information systems, software and hardware-software information protection when failures, threats of attacks, and security threats of a random nature occur.
Keywords: distribution function, recovery process, recovery function, failure rate dispersion, coefficient of variation
FORMALIZATION OF THE ACCESS CONTROL AUDIT PROCEDURE IN THE INFORMATION SYSTEM
The article discusses current problems and tools for ensuring information security in information systems. The author analyzes the current trends in information security breaches in 2018-2019, concludes about the relevance of countering threats related to unauthorized access. The basic tools for protecting an information system from unauthorized access are many rights and rules for access control between objects and subjects. Therefore, to ensure the necessary level of security, the adequacy and consistency of the distribution of access rights is important. The methodology and conceptual scheme for conducting an audit of the access control subsystem based on ACL lists, consisting of procedures for initiating audits, collecting and analyzing audit data has been developed. The mathematically model of audit procedure is automation in the form of an audit software tool for the access control subsystem using the Windows operating system as an example. The main advantage of the proposed audit procedure is that it does not require complex testing procedures, calculation of probabilities, involvement and selection of experts. The main purpose of the program is to assess the compliance of the existing settings of the access control policy in the system with the security policy of the system under investigation.
Keywords: access rights, information protection, operating system, access control model, mathematical model, cybersecurity.
PREDICTION OF THE CONSEQUENCES OF THE PROPAGATION OF THE VIRUS IN A COMPUTER NETWORK USING A BASIC REPRODUCTION NUMBER
Today, Internet is considered to be one of the most useful tools for people to communicate, find information and to buy goods and services. Most computers are connected to each other in some way. The Internet is the primary medium used by attackers to commit computer crimes. They share the same operating system software and communicate with all other computers using the standard set of protocols. This has spawned a new generation of criminals. The similarity between the spread of a biological virus and worm propagation encourages researchers to adopt an epidemic model to the network environment. This approach is most effective for describing the computer viruses propagation on the network. The article uses the results of the theory of mathematical epidemiology to analyze the SIRS model. The dynamics of the virus propagation to the computer network is described using a system of differential equations. The stability of the network to the spread of malware is investigated. An equilibrium position is found. The basic reproduction number is determined. The dependence of the virus attack evolution on the basic reproduction number is analyzed. Numerical simulations are provided to support our theoretical conclusions.
Keywords: mathematical model, computer virus, virus dynamics, basic reproduction number, nonlinear system of differential equations, stability of the system.
GENERALIZED COMPUTATIONAL METHOD TO COMPARE THE ACCURACY OF QUANTITATIVE ESTIMATES OF SECURITY OF WIRELESS SECURITY SYSTEMS
In this paper, the author for the purposes of comparative analysis of the accuracy of quantitative methods for assessing the security of wireless security systems, developed a generalized computational method for comparing the accuracy of quantitative assessments of the security of wireless security systems on the example of fire alarm systems. For this purpose, the known security assessments of wireless security systems are described. The numerical indicators of security assessments of the known technologies of protection of the radio channel of fire alarm systems from unauthorized by two security assessments are presented. The known approaches of the comparative analysis of the accuracy of quantitative estimates of protection are shown, their shortcomings are specified. As a perspective approach of the comparative analysis of the accuracy of quantitative estimates of security, free from the shortcomings of known approaches, the apparatus of mathematical statistics is indicated. The application of mathematical statistics to the comparative analysis of the accuracy of quantitative estimates of security of wireless security systems is shown. The developed generalized computational method of comparison of the accuracy of quantitative estimates of security of wireless security systems is described. Its advantages over known methods, as well as its limitations are indicated. Recommendations on its application to the comparative analysis of the accuracy of quantitative security assessments are given. It is also indicated that the developed computational method is generalized – its potential can be used for comparative evaluation of the same type of quantitative security assessments of a wide class of wireless security systems for the purposes of determining which of the security assessments has greater accuracy of security.
Keywords: security assessment, radio channel, security systems, computational method, mathematical statistics.
MODELING AND ESTIMATION OF EFFICIENCY OF THE
UNINTERRUPTIBLE POWER SUPPLY SYSTEMS
OF OBJECTS OF THE INTERNAL AFFAIRS
A. A. Rogozhin, M. A. Ledovskaya, D. L. Kuropyatnik
Currently, the problem of power outages in the power supply systems of objects of the internal Affairs bodies remains relevant. The article analyzes the statistics of emergency shutdowns of electrical equipment caused by accidents or unplanned shutdowns of power grid facilities. The classification of categories of consumers whose interruption of power supply may entail a danger to people’s lives, a threat to the security of the state, significant material damage, disruption of complex technological process, disruption of the functioning of particularly important elements of public utilities, communication and television facilities. For ensuring appropriate level of reliability of power supply of the most important consumers, the block diagram of uninterrupted power supply of technical means of objects of law-enforcement bodies, on the basis of the combined use of sources of uninterrupted power supply and the device of multistage automatic input of a reserve, allowing to provide the constant mode of power supply of the most responsible receivers of electric energy is developed. Modeling and calculation of the integrated indicator of the effectiveness of the system of uninterrupted power supply of technical means of the objects of the police Department. Assess the effectiveness of the systems of uninterruptible power supply ATS a structural-parametric model that allows to quantify the efficiency of the uninterrupted power supply of objects of the internal Affairs bodies. The General logic-probabilistic method and the technology of automated structural-logical modeling are used for the computational experiment.
Keywords: uninterrupted power supply, electric receiver, the general logiko-probabilistic method, technology of the automated structural and logical modeling, the scheme of functional integrity, estimation of efficiency
METHOD OF AUDITING THE PROTECTION OF AUTOMATED SYSTEMS
V.L. Tokarev, A.A. Sychugov
The analysis of the currently existing regulatory framework and methods for analyzing the protection of information resources was carried out. It is noted that the basis of the methods is the use of technical methods of analysis, which involve the use of both active and passive testing of the information protection system. Another existing solution to this problem is the use of expert assessments. However, both approaches are laborious and often subjective. On the basis of the theory of fuzzy sets, a mathematical model is proposed for auditing the security of automated systems on the basis of which an appropriate method has been proposed. Fuzzy models are considered as a tool for auditing automated systems that process confidential information. As an example of the use of the proposed method, an assessment of one of the information security aspects is considered – the security of access to confidential information in an automated system. The proposed method will make it possible to effectively use the obtained estimates for solving the problem of ensuring the security of information in automated systems. The main advantage of the method is that it does not require complex testing procedures, calculating probabilities, attracting and selecting experts, etc., and can be used to evaluate most various aspects of information security.
Keywords: :information security, access security, evaluation.
ИНТЕЛЛЕКТУАЛЬНАЯ СИСТЕМА АНАЛИЗА ИНЦИДЕНТОВ ИНФОРМАЦИОННОЙ БЕЗОПАСНОСТИ (НА ОСНОВЕ МЕТОДОЛОГИИ SIEM-СИСТЕМ С ПРИМЕНЕНИЕМ МЕХАНИЗМОВ ИММУНОКОМПЬЮТИНГА)
В.И. Васильев, Р.Р. Шамсутдинов
Статья посвящена проблеме интеллектуального анализа инцидентов информационной безопасности с применением методологии, используемой в системах управления информационной безопасностью и событиями безопасности. Проанализирована сущность таких систем, состав основных модулей и порядок их взаимодействия, возможность интеграции с методами искусственного интеллекта. Описана разработанная распределенная система анализа инцидентов информационной безопасности, синтезирующая механизмы искусственной иммунной системы и корреляционного анализа данных для выявления известных и неизвестных аномалий, анализа их критичности и определения приоритетов в реагировании. Представлена схема взаимодействия модулей разработанной системы, математическая составляющая применяемого метода корреляционного анализа данных. Подробно описана серия проведенных вычислительных экспериментов, показавших высокий уровень эффективности системы в обнаружении аномалий и возможности дополнительного обучения друг друга клиентскими модулями, а также успешное выполнение серверной компонентой агрегации и корреляционного анализа данных, поступающих от клиентов, в заданном интервале времени, выделении наиболее существенных инцидентов за последний проанализированный интервал, а также за все время, как в комплексе, так и для каждой группы инцидентов. Графическое отображение сервером статистических данных позволяет наглядно оценить критичность тех или иных инцидентов и определить приоритеты в реагировании на них.
Ключевые слова: SIEM-система, иммунокомпьютинг, корреляционный анализ, информационная безопасность, безопасность сети.
Полный текст статьи: