Development of an Information Security System Based on Modeling Distributed Computer Network Vulnerability Indicators of an Informatization Object

Authors

  • Valerii Lakhno National University of Life and Environmental Sciences of Ukraine
  • Zhuldyz Alimseitova Satbayev University
  • Yerbolat Kalaman Satbayev University
  • Olena Kryvoruchko Kyiv National University of Trade and Economics
  • Alona Desyatko Kyiv National University of Trade and Economics http://orcid.org/0000-0002-2284-3418
  • Serhii Kaminskyi Kyiv National University of Trade and Economics

Abstract

A methodology for development for distributed computer network (DCN) information security system (IS) for an informatization object (OBI) was proposed. It was proposed to use mathematical modeling at the first stage of the methodology. In particular, a mathematical model was presented based on the use of the apparatus of probability theory to calculate the vulnerability coefficient. This coefficient allows one to assess the level of information security of the OBI network. Criteria for assessing the acceptable and critical level of risks for information security were proposed as well. At the second stage of the methodology development of the IS DCN system, methods of simulation and virtualization of the components of the IS DCN were used. In the course of experimental studies, a model of a protected DCN has been built. In the experimental model, network devices and DCN IS components were emulated on virtual machines (VMs). The DCN resources were reproduced using the Proxmox VE virtualization system. IPS Suricata was deployed on RCS hosts running PVE. Splunk was used as SIEM. It has been shown that the proposed methodology for the formation of the IS system for DCN and the model of the vulnerability coefficient makes it possible to obtain a quantitative assessment of the levels of vulnerability of DCN OBI.

References

REFERENCES

Evans, M., He, Y., Maglaras, L., & Janicke, H. (2019). HEART-IS: A novel technique for evaluating human error-related information security incidents. Computers & Security, 80, 74-89.

Pérez-González, D., Preciado, S. T., & Solana-Gonzalez, P. (2019). Organizational practices as antecedents of the information security management performance: An empirical investigation. Information Technology & People, 32(5), 1262-1275.

Schlette, D., Caselli, M., & Pernul, G. (2021). A comparative study on cyber threat intelligence: the security incident response perspective. IEEE Communications Surveys & Tutorials, 23(4), 2525-2556.

Zegzhda, D. P., Lavrova, D. S., & Pavlenko, E. Y. (2020). Management of a dynamic infrastructure of complex systems under conditions of directed cyber attacks. Journal of Computer and Systems Sciences International, 59(3), 358-370.

Ahmetoglu, H., & Das, R. (2022). A comprehensive review on detection of cyber-attacks: Data sets, methods, challenges, and future research directions. Internet of Things, 100615.

An, P., Wang, Z., & Zhang, C. (2022). Ensemble unsupervised autoencoders and Gaussian mixture model for cyberattack detection. Information Processing & Management, 59(2), 102844.

Aribisala, A., Khan, M. S., & Husari, G. (2021, October). Machine Learning Algorithms and Their Applications in Classifying Cyber-Attacks On a Smart Grid Network. In 2021 IEEE 12th Annual Information Technology, Electronics and Mobile Communication Conference (IEMCON) (pp. 0063-0069). IEEE.

Angelini, M., Blasilli, G., Catarci, T., Lenti, S., & Santucci, G. (2018).

Vulnus: Visual vulnerability analysis for network security. IEEE transactions on visualization and computer graphics, 25(1), 183-192.

Yeboah-Ofori A, Islam S. Cyber Security Threat Modeling for Supply Chain Organizational Environments. Future Internet. 2019; 11(3):63. https://doi.org/10.3390/fi11030063

Tanwar, R., Choudhury, T., Zamani, M., & Gupta, S. (Eds.). (2020).

Information Security and Optimization. CRC Press.

Almohri, H. M., Watson, L. T., Yao, D., & Ou, X. (2015). Security optimization of dynamic networks with probabilistic graph modeling and linear programming. IEEE Transactions on Dependable and Secure Computing, 13(4), 474-487.

Bouyeddou, B., Harrou, F., Kadri, B., & Sun, Y. (2021). Detecting network cyber-attacks using an integrated statistical approach. Cluster Computing, 24(2), 1435-1453.

Utzerath, J., & Dennis, R. (2021). Numbers and statistics: data and cyber breaches under the General Data Protection Regulation. International Cybersecurity Law Review, 2(2), 339-348.

Schatz D., Bashroush R. Economic valuation for information security investment: a systematic literature review //Information Systems Frontiers. – 2017. – Т. 19. – №. 5. – С. 1205-1228. (2017) DOI https://doi.org/10.1007/s10796-016-9648-8

Gordon L. A. et al. The impact of the Sarbanes-Oxley Act on the corporate disclosures of information security activities //Journal of Accounting and PREPARATION OF PAPERS FOR IJET

Public Policy. – 2006. – Т. 25. – №. 5. – С. 503-530. (2006) DOI https://doi.org/10.1016/j.jaccpubpol.2006.07.005

Gordon L. A., Loeb M. P., Lucyshyn W. Sharing information on computer systems security: An economic analysis //Journal of Accounting and Public Policy. – 2003. – Т. 22. – №. 6. – С. 461-485. (2003) DOI https://doi.org/10.1016/j.jaccpubpol.2003.09.001

Qin W., Jianming Z. H. U. Research on the game of information security investment based on the Gordon-Loeb model //Journal on Communications. – 2018. – Т. 39. – №. 2. – С. 174. (2018) DOI: 10.11959 / j.issn.1000-436x.2018027

David, D. P., Mermoud, A., & Gillard, S. (2021). Cyber-Security Investment in the Context of Disruptive Technologies: Extension of the Gordon-Loeb Model. arXiv preprint arXiv:2112.04310.

Averyanova, Y., Sushchenko, O., Ostroumov, I., Kuzmenko, N., Zaliskyi, M., Solomentsev, O., ... & Tserne, E. (2021). UAS cyber security hazards analysis and approach to qualitative assessment. In Data Science and Security (pp. 258-265). Springer, Singapore.

19. Gunes, B., Kayisoglu, G., & Bolat, P. (2021). Cyber security risk assessment for seaports: A case study of a container port. Computers & Security, 103, 102196.

Deb, R., & Roy, S. (2021). A Software Defined Network information security risk assessment based on Pythagorean fuzzy sets. Expert Systems with Applications, 183, 115383.

Xiong, W., Legrand, E., Åberg, O., & Lagerström, R. (2022). Cyber security threat modeling based on the MITRE Enterprise ATT&CK Matrix. Software and Systems Modeling, 21(1), 157-177.

Zografopoulos, I., Ospina, J., Liu, X., & Konstantinou, C. (2021). Cyberphysical energy systems security: Threat modeling, risk assessment, resources, metrics, and case studies. IEEE Access, 9, 29775-29818.

George, P. G., & Renjith, V. R. (2021). Evolution of safety and security risk assessment methodologies towards the use of bayesian networks in process industries. Process Safety and Environmental Protection, 149, 758-775.

Koz'minyh, S. I. (2018). Matematicheskoe modelirovanie obespecheniya kompleksnoj bezopasnosti ob"ektov informatizacii kreditno-finansovoj sfery. Voprosy kiberbezopasnosti, (1 (25)), 54-63.

Lakhno, V., Akhmetov, B., Smirnov, O., Chubaievskyi, V., Khorolska, K., Bebeshko, B. Selection of a Rational Composition of İnformation Protection Means Using a Genetic Algorithm (2023) Lecture Notes on Data Engineering and Communications Technologies, 131, pp. 21-34.

Lakhno, V., Akhmetov, B., Mohylnyi, H., Blozva, A., Chubaievskyi, V., Kryvoruchko, O., Desiatko, A. Multi-criterial optimization composition of cyber security circuits based on genetic algorithm (2022) Journal of Theoretical and Applied Information Technology, 100 (7), pp. 1996-2006.

Olad'ko V.S. Model' vybora racional'nogo sostava sredstv zashchity v sisteme elektronnoj kommercii // Voprosy kiberbezopasnosti. 2016. № 1.

S. 17–23.

Prokushev, YA. E., Ponomarenko, S. V., & Ponomarenko, S. A. (2021). Modelirovanie processov proektirovaniya sistem zashchity informacii v gosudarstvennyh informacionnyh sistemah. Computational nanotechnology, (1), 26-37.

Lakhno, V., Mazaraki, A., Kasatkin, D., Kryvoruchko, O., Khorolska, K., Chubaievskyi, V. (2023). Models and Algorithms for Optimization of the Backup Equipment for the Intelligent Automated Control System Smart City. In: Ranganathan, G., Fernando, X., Rocha, Á. (eds) Inventive Communication and Computational Technologies. Lecture Notes in Networks and Systems, vol 383. Springer, Singapore. https://doi.org/10.1007/978-981-19-4960-9_57

Downloads

Published

2024-04-19

Issue

Section

Security, Safety, Military