METHOD FOR ASSESSING THE LEVEL OF SECURITY RISKS OF NETWORK NODES TO IMPROVE THE EFFICIENCY OF PLACEMENT OF IMMUNE DETECTORS
UDC 004.56
DOI:10.26102/2310-6018/2020.30.3.021
V.L. Tokarev, A.A. Sychugov
The relevance of the study is due to the need to improve the efficiency of the use of intrusion detection systems based on immune detectors. The rational placement of immune detectors on separate network nodes is of great importance for the effectiveness of the use of such systems. It is proposed to use the security risk level of individual network nodes as a criterion for selecting nodes for installing immune detectors. In this article, we propose a method for estimating this value, which makes it possible to single out the least protected nodes. Assessing the security risk of network nodes is complicated by the fact that the vulnerability is often not the only one. The main idea underlying the method is the use of a statistical formal model based on Markov chains in combination with a graph of possible trajectories and metrics for analyzing vulnerabilities. Scoring scores are used as metrics for analyzing vulnerabilities, which use three types of metrics: basic, temporal, and contextual. A design example is given. The resulting model can be used to identify critical nodes along the path of access to the target node, in which intruders can be most dangerous. Based on the information obtained using the model, the network administrator can install immune detectors on these nodes, which will significantly improve the protection system.
Keywords: information security, intrusion detection systems, immune detectors, Markov chains.
Full text:
TokarevSychugov_3_20_1.pdf