Article

Article title IMITATING MODELS OF TESTING THE CRITICALLY IMPORTANT INFORMATION OBJECTS IN THE CONDITIONS OF COMPUTER ATTACKS
Authors S.M. Klimov
Section SECTION I. INFORMATION TECHNOLOGIES AND PROTECTION OF INFORMATION
Month, Year 08, 2016 @en
Index UDC
DOI 10.18522/2311-3103-2016-8-2736
Abstract The article is dedicated to the problems of imitating modeling of the critically important in-formation objects, computer attacks and information security facilities with utilization of the special information security testbeds. Demonstrated is the topicality and importance of prior estimation for the real level of security and operation stability of critically important information objects in conditions of computer attacks in the form of injurious programs. The aim of the critically im-portant information objects imitating modeling is estimation for the real level of information secu-rity, critically important information objects operation stability in conditions of computer attacks and using of different variants of information security facilities. In this work we propose the defini-tions for conceptions of a computer attack and a critically important information object operation stability. Determined is the imitation models complex in the form of a set of critical important information object segments, computer attacks and elements of the system of warning, alert and liquidation the computer attacks consequences. Developed is the imitation model of critically im-portant information objects segments in the form of standard technological control cycles, per-formed in set time, and time delays as a result of computer attacks. Considered is the vulnerability passport for critically important information objects. The combined impacts of DDoS-attacks, information-load, fuzzing and injurious programs are proposed to be treated as the information security threats. Determined are the parameters of estimation for computer attacks and protection imitation facilities, criteria for estimation of critically important information objects immunity in conditions of computer attacks. Special attention is devoted to a modular structure of the testbed for estimation of critically important information objects immunity. We conclude that initial tests using the testbed allow providing the probability of critically important information objects security in conditions of combined computer attacks up to 0,85–0,95 value at the expense of timely removal of vulnerabilities and information security facilities tuning.

Download PDF

Keywords Critically important information objects; computer attacks; real level of information security and operation stability.
References 1. Levtsov V., Demidov N. Anatomiya targetirovannoy ataki [Anatomy of a targeted attack], In-formatsionnaya bezopasnost' [Information security], 2016, No. 2, pp. 36-39.
2. Vasil'ev V.I. Intellektual'nye sistemy zashchity informatsii: ucheb. posobie [Intellectual systems of information security: a training manual]. 2nd ed. Moscow: Mashinostroenie, 2013, 172 p.
3. GOST R 51583-2000. Zashchita informatsii. Poryadok sozdaniya avtomatizirovannykh sistem v zashchishchennom ispolnenii. Obshchie polozheniya [State Standard RF 51583-2000. The order of creation of the automated systems in the protected execution. General provisions].
4. GOST R 56546-2015. Zashchita informatsii. Uyazvimosti informatsionnykh sistem. Klassi-fikatsiya uyazvimostey informatsionnykh system [State Standard RF 56546-2015. Vulnerability of information systems. Classification of vulnerabilities of information systems].
5. Davydov A.E., Maksimov R.V., Savitskiy O.K. Zashchita i bezopasnost' vedomstvennykh integrirovannykh infokommunikatsionnykh system [The protection and security of departmental integrated information and communication systems]. Moscow: OAO «Voentelekom», 2015, 520 p.
6. Zapechnikov S.V., Miloslavskaya N.G., Tolstoy A.I., Ushakov D.V. Informatsionnaya bezopas-nost' otkrytykh sistem: uchebnik dlya vuzov [Information security of open systems: textbook for universities]. In 2 vol. Vol. 2. Sredstva zashchity v setyakh [Protection in networks]. Moscow: Goryachaya liniya-Telekom, 2008, 558 p.
7. Klimov S.M. Metody i modeli protivodeystviya komp'yuternym atakam [Methods and models of counteracting computer attacks]. Lyubertsy. Izd-vo: Katalit, 2008, 316 p.
8. Klimov S.M., Astrakhov A.V., Sychev M.P. Tekhnologicheskie osnovy protivodeystviya komp'yuternym atakam. Elektronnoe uchebnoe izdanie [Technological bases of counteraction against computer attacks. Electronic educational edition]. Moscow: MGTU im. N.E. Baumana, 2013, 71 p.
9. Klimov S.M., Astrakhov A.V., Sychev M.P. Metodicheskie osnovy protivodeystviya kom-p'yuternym atakam. Elektronnoe uchebnoe izdanie [Methodological bases of counteraction against computer attacks. Electronic educational edition]. Moscow: MGTU im. N.E. Baumana, 2013, 110 p.
10. Klimov S.M., Astrakhov A.V., Sychev M.P. Eksperimental'naya otsenka protivodeystviya komp'yuternym atakam. Elektronnoe uchebnoe izdanie [Experimental evaluation of counteraction to computer attacks. Electronic educational edition]. Moscow: MGTU im. N.E. Baumana, 2013, 116 p.
11. Lukatskiy A.V. Obnaruzhenie atak [The attack detection]. St. Petersburg: BKhV-Peterburg, 2001, 624 p.
12. Lukatskiy A.V. Mir atak mnogoobrazen [The world of the attacks are diverse]. Available at: http://www.infosec.ru//press/pub_luka.html.
13. Mel'nikov D.A. Organizatsiya i obespechenie bezopasnosti informatsionno-tekhnologicheskikh setey i sistem: uchebnik [Organization and security of information technology networks and systems: textbook]. Moscow: ID KDU, 2015, 598 p.
14. Serdyuk V.A. Organizatsiya i tekhnologii zashchity informatsii. Obnaruzhenie i predot-vrashchenie informatsionnykh atak v avtomatizirovannykh sistemakh predpriyatiy: uchebnoe posobie [Organization and technology of information protection. The detection and prevention of informational attacks of automated systems of enterprises: textbook]. Moscow: Izd. dom Gos. un-ta – Vysshey shkoly ekonomiki, 2011, 572 p.
15. Skudis Ed. Protivostoyanie khakeram. Poshagovoe rukovodstvo po komp'yuternym atakam i effektivnoy zashchite [Opposition to hackers. Step-by-step guide to computer attacks and ef-fective protection]: translation from English. Moscow: DMK Press, 2003, 512 p.
16. Ugrozy informatsionnoy bezopasnosti v krizisakh i konfliktakh XXI veka [Threats to infor-mation security in crises and conflicts of the XXI century], ed. by A.V. Zagorskogo,
N.P. Romashkinoy. Moscow: IMEMO RAN, 2015, 151 p.
17. Ustinov G.N. Osnovy informatsionnoy bezopasnosti sistem i setey peredachi dannykh. uchebnoe posobie. Seriya «Bezopasnost'» [Foundations of information security systems and data networks. textbook. A Series Of "Security"]. Moscow: SINTEG, 2000, 248 p.
18. Khogland, Greg, Mak-Grou, Gari. Vzlom programmnogo obespecheniya: analiz i ispol'zovanie koda [Hacking software: analysis and use code]: translation from English. Moscow: Izdatel'skiy dom «Vil'yams», 2005, 400 p.
19. Shubinskiy I.B. Funktsional'naya nadezhnost' informatsionnykh sistem. Metody analiza [Func-tional reliability of information systems. Methods of analysis]. Ul'yanovsk: Oblastnaya tipo-grafiya «Pechatnyy dvor», 2012, 296 p.
20. Yazov Yu.K. Osnovy metodologii kolichestvennoy otsenki effektivnosti zashchity informatsii v komp'yuternykh sistemakh [The basics of methodology of quantitative assessment of the effec-tiveness of the protection of information in computer systems]. Rostov-on-Don: Izd-vo SKNTs VSh, 2006, 274 p.

Comments are closed.