Article

Article title A MATHEMATICAL MODEL FOR DETERMINING THE PROBABILITY OF CONSEQUENCES FROM THE IMPLEMENTATION OF THE ATTACKER THREATS TO INFORMATION SECURITY LIMITED DISTRIBUTION
Authors A.P. Rosenko, I.V. Bordak
Section SECTION I. INFORMATION SECURITY
Month, Year 07, 2015 @en
Index UDC 004.942, 51-74, 519.857.3
DOI
Abstract The Aim of this work is to develop a mathematical model for determining the likelihood and consequences from the implementation of the attacker threats to the security of restricted information on the basis of Markov random processes (SMEs) with continuous time. The objectives of the study are: to define SMEs in relation to automated information system (AIS); to produce a description of SMEs with a continuous parameter; identify the assumptions made when solving the goal; to describe the count state of the system when subjected to n independent streams of threats and corresponding the matrix of conditions; to justify application of the Kolmogorov differential equations for the determination of transition probabilities of AIS in each possible state, the solution of which is implemented using the direct Laplace transform; to develop particular cases to obtain the final probability, when the intensity of impact of a hazard is equal to the intensity of their parry and when the system operates a single stream of threats. On the basis of the research: the paper substantiates the applicability of SMEs to assess the impact of various threats on the security of confidential information, mathematical methods of investigation of the security KEY based on a random Markov process with a continuous parameter and mathematical methods taking into account the impact on AIS n independent streams of threats, and when the intensity parry flux and the threat of equal intensity flux and threats and one of the i-th threat (as special cases). Developed and informed practical recommendations for the implementation of the owners of restricted information would enhance the security of information, minimizing material damage due to the choice of optimal strategies, methods and remedies IOR. Proposed methods and techniques based on SMEs showed the possibility of quantitative assessment of security in the IOR, which will allow, using this data to develop evidence-based organizational and preventive measures on the improvement of the protection of restricted information, circulating in different structural entities of the Russian Federation. The developed mathematical model, software, and techniques presented in an understandable form for practical use other professionals engaged in developing and using similar theoretical apparatus in other areas of the economy.

Download PDF

Keywords Information security; threats; mathematical model; mathematical modeling; Markov random processes.
References 1. Rosenko A.P. Teoreticheskie osnovy analiza i otsenki vliyaniya vnutrennikh ugroz na bezopasnost' konfidentsial'noy informatsii: Monografiya [Theoretical framework for the analysis and evaluation of the influence of internal threats on the security of confidential information: a Monograph]. Moscow: Gelios ARV, 2008, 154 p.
2. Rosenko A.P. Vnutrennie ugrozy bezopasnosti konfidentsial'noy informatsii: metodologiya i teoreticheskoe issledovanie: Monografiya [Internal threats to the security of confidential information: methodology and theoretical research: Monograph]. Moscow: KRASAND, 2010, 160 p.
3. Tikhonov V.I., Mironov M.A. Markovskie protsessy [Markov processes]. Moscow: Sovetskoe radio, 1997, 488 p.
4. Rosenko A.P. Metodologicheskie osnovy problemy bezopasnosti konfidentsial'noy informatsii [Methodological basis of the problem of security of confidential information], Izvestiya TRTU [Izvestiya TSURe], 2006, No. 7 (62), pp. 27-33.
5. Rosenko A.P. Primenenie Markovskikh sluchaynykh protsessov s diskretnym parametrom dlya otsenki urovnya informatsionnoy bezopasnosti [Application of Markov random process with discrete parameters for assessing of information security level], Izvestiya YuFU. Tekhnicheskie
nauki [Izvestiya SFedU. Engineering Sciences], 2009, No. 11 (100), pp. 169-172.
6. Rosenko A.P. Matematicheskoe modelirovanie vliyaniya vnutrennikh ugroz na bezopasnost' konfidentsial'noy informatsii, tsirkuliruyushchey v avtomatizirovannoy informatsionnoy sisteme [Mathematical modeling of internal threats on safety of the confidential information circulating in automated information system availability], Izvestiya YuFU. Tekhnicheskie nauki [Izvestiya SFedU. Engineering Sciences], 2008, No. 8 (85), pp. 71-81.
7. Rosenko A.P. Ob odnom podkhode k opredeleniyu veroyatnostey posledstviy ot vozdeystviya na AIS ugroz bezopasnosti konfidentsial'noy informatsii [One approach to determining consequences probabilities of exposure to AIS information security threats], Izvestiya YuFU. Tekhnicheskie
nauki [Izvestiya SFedU. Engineering Sciences], 2009, No. 11 (100), pp. 164-168.
8. Rosenko A.P., Klimenko E.S. Matematicheskoe modelirovanie bezopasnosti konfiden-tsial'noy informatsii s uchetom vozdeystviya na avtomatizirovannuyu informatsionnuyu sistemu zavisimykh vnutrennikh ugroz [Mathematical modeling the security of confidential information taking into
account the impact on automated information system of dependent internal threats], Nauchno-tekhnicheskie vedomosti SPb GPU. Informatika. Telekommunikatsii. Upravlenie [Scientific and technical Gazette of St. Petersburg GPU. Informatics. Telecommunications. Management].
St. Petersburg State Polytechnical University Journal. Computer Science. Telecommunications and Control Systems, 2009, Vol. 6, No. 91, pp. 93-99.
9. Rosenko A.P. O kriterii normirovaniya urovnya bezopasnosti konfidentsial'noy informatsii [About criteria of rating of level of security of confidential information], Obozrenie prikladnoy i promyshlennoy matematiki [Review of applied and industrial mathematics]. Moscow: Izd-vo «OP i PM», 2010. Vol. 17 (2). Nauchnye doklady. Part 1, pp. 297-298.
10. Rosenko A.P., Loba I.S. K voprosu primeneniya Markovskikh sluchaynykh protsessov s nepreryvnym parametrom dlya otsenki vliyaniya vnutrennikh ugroz na bezopasnost' konfidentsial'noy informatsii [To the use of Markov processes with continuous parameter to assess the impact of internal threats to the security of confidential information], Materialy 9-y
Mezhdunarodnoy nauchno-prakticheskoy konferentsii «Informatsionnaya bezopasnost'» [Proceedings of 9-th International scientific-practical conference "Information security"]. Part 1. Taganrog: Izd-vo TTI YuFU, 2007, pp. 60-64.
11. Rosenko A.P. Metody opredeleniya veroyatnosti nesanktsionirovannogo dostupa k kon-fidentsial'noy informatsii [Metody opredeleniya veroyatnosti nesanktsionirovannogo dostupa k konfidentsial'noy informatsii], Doklady Tomskogo gos. un-ta sistem upravleniya i radioelektroniki [Reports of Tomsk
state University of control systems and Radioelectronics], 2012, No. 1–2, pp. 25-28.
12. Rosenko A.P. Metodika obrabotki massiva iskhodnykh dannykh, poluchennykh ekspertnym putem [The method of processing the source data obtained by the expert], Doklady Tomskogo gos. un-ta sistem upravleniya i radioelektroniki [Reports of Tomsk state University of control systems and Radioelectronics], 2012, No. 1–2, pp. 192-197.
13. Rosenko A.P., Klimenko E.S. Matematicheskoe modelirovanie vliyaniya vnutrennikh ugroz na bezopasnost' konfidentsial'noy informatsii, tsirkuliruyushchey v avtomatizirovannoy informatsionnoy sisteme [Mathematical modeling of internal threats on safety of the confidential information circulating in automated information system availability], Izvestiya YuFU. Tekhnicheskie nauki [Izvestiya SFedU. Engineering Sciences], 2008, No. 8 (85), pp. 71-81.
14. Rosenko A.P., Klimenko E.S. Markovskaya model' otsenki vliyaniya vnutrennikh ugroz na bezopasnost' konfidentsial'noy informatsii [A Markov model for assessing the impact of external threats on the security of confidential information], Izvestiya TRTU [Izvestiya TSURe], 2007, No. 1 (76), pp. 123-126.
15. Rosenko A. P., Okulov N.S. Programma rascheta kolichestvennoy otsenki bezopasnosti informatsii ogranichennogo rasprostraneniya [The program of calculation of the quantitative safety assessment of restricted information], Svidetel'stvo o gosudarstvennoy registratsii programm dlya EVM № 2015619521, zaregistrirovannoe v Reestre programm dlya EVM ot 04 sentyabrya 2015 g [The certificate of state registration of computer programs No. 2015619521 registered in the Registry of the computer programs from 04 September 2015].
16. Rosenko A.P. Bordak I.V., Zdanovich S.V. Matematicheskaya model' otsenki bezopasnosti konfidentsial'noy informatsii, tsirkuliruyushchey v avtomatizirovannoy informatsionnoy sisteme [A mathematical model to assess the security of confidential information circulating in the automated information system], Proizvodstvennye, innovatsionnye i informatsionnye problemy razvitiya regiona: sbornik materialov Mezhdunarodnoy nauchno-prakticheskoy konferentsii [Production, innovation and information problems of development of the region: collection of materials of International scientific-practical conference]. Stavropol': AGRUS Stavropol'skogo gos. Agrarnogo un-ta, 2014, pp. 213-216.
17. K voprosu kolichestvennoy otsenki bezopasnosti informatsii ogranichennogo rasprostraneniya, tsirkuliruyushchey v avtomatizirovannoy informatsionnoy sisteme voennogo naznacheniya [To the question of quantitative evaluation of security of information limited the spread of circulating in the automated information system for military use], Informatsionnaya bezopasnost' – aktual'naya problema sovremennosti. Sovershenstvovanie obrazovatel'nykh tekhnologiy podgotovki spetsialistov v oblasti informatsionnoy bezopasnosti: sb. trudov VIII–IX Vseros. NTK. g. Gelendzhik 2014 g. [Information security is a current problem. Improvement of educational technologies of training specialists in the field of information security: collection of works the VIII–IX All-Russian the scientific and technical conferencing. Gelendzhik 2014]. Krasnodar: FVAS, 2014, 480 p.
18. Rosenko A.P., Bordak I.V. Metod opredeleniya veroyatnosti nesanktsionirovannogo dostupa zloumyshlennika k konfidentsial'noy informatsii // Informatsionnaya bezopasnost' – aktual'naya problema sovremennosti. Sovershenstvovanie obrazovatel'nykh tekhnologiy podgotovki
spetsialistov v oblasti informatsionnoy bezopasnosti: sb. trudov VIII–IX Vseros. NTK. g. Gelendzhik 2014 g. [Informatsionnaya bezopasnost' – aktual'naya problema sovremennosti. Sovershenstvovanie obrazovatel'nykh tekhnologiy podgotovki spetsialistov v oblasti informatsionnoy bezopasnosti: sb. trudov VIII–IX Vseros. NTK. g. Gelendzhik 2014 g. [Information security is a
current problem. Improvement of educational technologies of training specialists in the field of information security: collection of works the VIII–IX All-Russian the scientific and technical conferencing. Gelendzhik 2014]. Krasnodar: FVAS, 2014, 480 p.
19. Rosenko A.P. Analiz i obobshchenie sushchestvuyushchikh podkhodov k klassifikatsii ugroz bezopasnosti konfidentsial'noy informatsii [Analysis and synthesis of existing approaches to the classification of threats to the security of confidential information] Vestnik Severo-Kavkazskogo
federal'nogo universiteta [Vestnik of North-Caucasus Federal University], 2013, No. 3 (36), pp. 30-34.

Comments are closed.