METHODS OF ACCEPTABLE OPTIONS FORMATION OF ORGANIZATIONAL STRUCTURE AND THE STRUCTURE OF THE AUTOMATED INFORMATION SECURITY MANAGEMENT SYSTEM
To ensure comprehensive information protection, it is necessary to use various means of information protection, distributed by levels and segments of the information system. This creates a contradiction, which consists in the presence of a large number of different means of information protection and the inability to ensure their joint coordinated application in ensuring the protection of information due to the lack of an automated control system. One of the tasks that contribute to the solution of this problem is the task of generating a feasible organizational structure and the structure of such an automated control system, whose results would provide these options and choose the one that is optimal under given initial parameters and limitations.Тhe problem is solved by reducing the General problem to a particular problem of splitting into subgraphs of the original graph of the automated cyber defense control system. In this case, the subgraphs will correspond to the subsystems of the automated cyber defense management system at different levels and will provide a visual representation of the process of acceptable variants formation of the organizational composition and structure of such an automated control system. As a result of the operation of splitting into subtasks of the graph, a set of acceptable variants of the organizational composition and structures of the automated cyber defense management system are supposed to be obtained, based on which the optimal choice is made under the given initial parameters and restrictions. As a result, the technique of formation of admissible variants of organizational structure and structure by the automated control system of cyber defense is received.
Keywords: information security, cybersecurity, information protection, control, automated control systems.
METHOD OF AUDITING THE PROTECTION OF AUTOMATED SYSTEMS
V.L. Tokarev, A.A. Sychugov
The analysis of the currently existing regulatory framework and methods for analyzing the protection of information resources was carried out. It is noted that the basis of the methods is the use of technical methods of analysis, which involve the use of both active and passive testing of the information protection system. Another existing solution to this problem is the use of expert assessments. However, both approaches are laborious and often subjective. On the basis of the theory of fuzzy sets, a mathematical model is proposed for auditing the security of automated systems on the basis of which an appropriate method has been proposed. Fuzzy models are considered as a tool for auditing automated systems that process confidential information. As an example of the use of the proposed method, an assessment of one of the information security aspects is considered – the security of access to confidential information in an automated system. The proposed method will make it possible to effectively use the obtained estimates for solving the problem of ensuring the security of information in automated systems. The main advantage of the method is that it does not require complex testing procedures, calculating probabilities, attracting and selecting experts, etc., and can be used to evaluate most various aspects of information security.
Keywords: :information security, access security, evaluation.
INTELLIGENT NETWORK INTRUSION DETECTION SYSTEM BASED ON ARTIFICIAL IMMUNE SYSTEM MECHANISMS
The article is devoted to the problem of detecting network attacks, both known and previously unknown. The application of various methods of artificial intelligence in the scientific literature to solve this problem was analyzed. The advantages of the artificial immune system were revealed. Its main mechanisms including artificial lymphocytes generation, negative selection, clonal selection, data analysis, and periodic renewal of lymphocytes were analyzed. The article describes the developed intrusion detection system based on artificial immune system. Developed system includes a sniffing subsystem, so that allows it to analyze real data of host network connections. The article also describes network connections dataset KDD99, which used to efficiency evaluation of developed system. The methods of compressing the initial dataset proposed in the scientific literature were analyzed, and the drawbacks of these methods were identified. This article describes the experimental determination of the network connections significant parameters contained in the dataset. The authors identified 13 significant parameters from 41, and also they described the process of preliminary processing and preparation of the analyzed data, a series of experiments. The results of the experiments showed the high efficiency of the developed system in detecting unknown network attacks, detecting and classifying known attacks.
Keywords: : intrusion detection system, artificial immune system, KDD99, information security, network security, network attack.
DEVELOPMENT OF THE SOFTWARE CONCEPT OF THE TECHNIQUE OF ASSESSMENT OF QUALITY OF INFORMATION SYSTEMS “INSPECTOR”
O. M. Romanova (Knyazeva), K.N. Kurguzkin
The article considers the problem of assessing the quality of information systems (IS) of organizations. It was observed, that the most promising approaches in the field of IS quality assessment and management based on ISO 9000. The method “Inspector” which was developed by I.M. Azhmukhamedov and O.M. Romanova refers to such methods. The task of developing an algorithm and software that collects and processes expert data is actual. The article is devoted to the solution of this problem. The stages were identified in which experts data are collected for the “Inspector”: definition of IS functions; definition of IS subsystems; definition of elements of sets of concepts of fuzzy cognitive models of IS quality assessment; identification of links between the concepts of fuzzy cognitive models of IS quality assessment; formation of a knowledge base for assessing the current level of IS quality, consisting of fuzzy logic rules that determine the impact of each damage’s level of the damage hierarchy on information security services; condition assessment of concepts of fuzzy cognitive models of an estimation of quality of IS, which are input parameters of algorithms of a method “Inspector”. It is noted that at stage four-six it is necessary to use methods that excludes the influence of other experts on the opinion of one expert. As a result, the method of online questioning was chosen to solve the problem. It was suggested that the system is required in the form of a web portal. The algorithm of work was developed. The roles of portal users were identified. The structure of the portal form was defined.
Keywords: information security, quality assessment, infrastructure, software development, information system, decision maker, expert evaluation.
A STUDY OF THE POSSIBILITIES OF USING STEGANOGRAPHIC METHODS OF INFORMATION PROTECTION
A.V. Pitolin, Y.P. Preobrazhensky, O.N. Choporov
Steganographic methods are used to hide the very fact of the existence of certain messages. The paper analyzes the key concepts that are used in steganographic methods of information transformation. Describes the features of the steganographic methods hide information in graphic files. Developed the threat model unauthorized transfer of information by steganographic methods of information transformation using the graphical containers. The article Presents a classification scheme of threats of unauthorized information transfer using the methods of its steganographic transformation. An experiment was conducted to identify the most effective ways to counteract unauthorized access to information. The author has established that almost all methods of counteraction to unauthorized access on time of influence do not exceed 2 seconds. Highlighted ways to counter at the time of exposure that do not exceed 0.7 seconds. The experiment was conducted among 10 people with the help of the S-tools program and the created AntiStego software. The paper presents the algorithm of the program “AntiStego” together with the description of the software modules implementing counteraction to unauthorized access. A generalized scheme of the experiment for combating the unauthorized covert transfer of information.
Keywords: information security, steganographic approach, unauthorized access.
IDENTIFICATION OF USERS BY KEYBOARD HANDWRITING USING THE ALGORITHM
OF FREQUENT BIGRAMS REGISTRATION
V.I. Vasilyev, M.F. Kaliamov, L.F. Kaliamova
In this article the developed algorithm for identification of users by keyboard handwriting with registration of frequent bigrams is considered. By means of this algorithm it is possible to carry out identification of users in a constant, continuous operation in computer system. The offered algorithm eliminates defects of existing user identification methods which are used only during login and by that do not protect system from invasion after authorization of the user. As temporal indices of keyboard handwriting the following characteristics are used: key press time, pauses between clicking of keys. Time response characteristics are gathered according to each bigram separately, it is necessary because keys are located at different distances from each other and it turns out that temporal time delays of clicking of the same key will differ in different bigrams. That will use more often bigrams during operation of the user in system, especially time response characteristics will be exact and respectively the efficiency of user identification will increase. After carrying out identification if data differ from reference, then the subsequent lock of execution of actions by the user is possible. For confirmation of overall performance of an algorithm results of check using a finding method Euclidean distances are provided.
Keywords: : information security, information protection, identification, authentication, biometry, keyboard handwriting, bigrams.
VULNERABILITY CLASSIFICATION OF CLOUD TOOLS IN THE PROBLEM OF QUANTITATIVE RISK ASSESSMENT
A.V. Tsaregorodtsev, A.N. Zelenina, V.A. Savelev
Almost all technologies that are now part of the cloud paradigm existed before, but so far there have been no offers on the market that would combine the promising technologies in a single commercially attractive solution. Only in the past decade publicly available cloud services emerged, which made these technologies, on the one hand, available to the developer, and on the other hand, understandable for the business community. But many of the features that make cloud computing attractive can conflict with traditional information security models. Based on a common vulnerability assessment system, which allows to determine the qualitative index of susceptibility to vulnerabilities of information systems taking into account environmental factors, a methodology for risk assessment for different types of deployment of cloud environments was proposed. Based on the widely used Common Vulnerability Accounting System, which helps to determine the qualitative indicator of susceptibility to information system vulnerabilities, the article proposes a classification of vulnerabilities typical for different types of cloud deployment.
Keywords: : information security, cloud computing, vulnerability, risk model, risk assessment.
TWO-STAGE PROCEDURE OF QUANTITATIVE ASSESSMENT OF INFORMATION SECURITY RISK OF CLOUD COMPUTING
A.V. Tsaregorodtsev, A.N. Zelenina, V.A. Savelev
When organizations use cloud services, special attention to ensuring the security of their computing resources and information assets should be paid. It is one of the most important factors in making decisions on outsourcing services. Adopting a new model of providing IT services using cloud technologies and managing information risks is impossible without understanding the possible types of threats that organizations may face. The authors propose a methodology for assessing information security risks that allows analyzing the cloud services security under the impact of the threat classes under consideration, as well as a set of effective measures and means to counteract these threats. The proposed method for assessing risks for different types of deployment of cloud environments is aimed at identifying the countermeasures to possible attacks and correlating the amount of damage with the total cost of ownership of the entire infrastructure of information resources of the organization.
Keywords: : information security, cloud computing, risk assessment, risk model, frequency of exploit use, damage during the implementation of the exploit.
MODEL OF INFLUENCE OF CYBERATTACKS TO FUNCTIONING OF CONTESTANT FIRMS
V.I. Novoseltsev, A.N. Noev, D.E. Orlova
The mathematical model allowing in quantitative expression to establish influence of mutual cyberattacks to economic efficiency of contestant firms is considered. The basis of model is worked out by Lotke-Voltaire’s made in the assumption the modified equations that change of economic efficiency of each firm in the absence of the competitor and, accordingly, cyberattacks, is described by the logistical equation. The qualitative method of differential calculus defines conditions at which observance, despite mutual attacks, competitors do not undergo economic bankruptcy, and continue to function in a normal mode. As the integrated indicator characterizing economic efficiency of contestant firms, the volume of the goods realized by them or the rendered services is applied. The model can be used for a substantiation of requirements to maintenance of information security of competing subjects of the modern market in the conditions of mutual cyberattacks.
Keywords: : cyberattack, mathematical model, economic efficiency, information security, stability.
THE ANALYSIS APPROACHES THAT GUARANTEE THE SECURITY OF MODERN COMPUTER SYSTEMS
T.V. Glotova, H.I.Besher
The paper discusses issues related to using different approaches to improve the efficiency of computer systems security. The importance of integration of different security technologies together to provide comprehensive protection of information resources of the enterprise is demonstrated. It is shown that firewalls are the main means of controlling access to resources on the corporate network from the outside. The classification of user groups that are subject to recognition in the analysis of network traffic is discussed. The importance of using user credentials stored in the directory service network is shown. The characteristics of the authentication based on certificates are given. The main properties of the means of intrusion detection are stated. The authors refer to the need of the hardware implementation of typical functions used in authentication.
Keywords: information security, computer system, information network, network traffic protection information.