Approaches to building an adaptive protection system based on a correlation analysis of statistical characteristics of information security incidents

The complication of information technology and the proliferation of heterogeneous security devices that produce increased volumes of data coupled with the ever-changing threat landscape challenges have an adverse impact on the efficiency of information security controls and digital forensics, as well as incident response approaches. Cyber Threat Intelligence (CTI)and forensic preparedness are the two parts of the so-called managed security services that defendants can employ to repel, mitigate or investigate security incidents. Despite their success, there is no known effort that has combined these two approaches to enhance Digital Forensic Readiness (DFR) and thus decrease the time and cost of incident response and investigation. This paper builds upon and extends a DFR model that utilises actionable CTI to improve the maturity levels of DFR. The effectiveness and applicability of this model are evaluated through a series of experiments that employ malware-related network data simulating real-world attack scenarios. To this extent, the model manages to identify the root causes of information security incidents with high accuracy (90.73%), precision (96.17%) and recall (93.61%), while managing to decrease significantly the volume of data digital forensic investigators need to examine. The contribution of this paper is twofold. First, it indicates that CTI can be employed by digital forensics processes. Second, it demonstrates and evaluates an efficient mechanism that enhances operational DFR.

Download Full-text

Adaptive protection system for distribution networks with distributed energy resources

10th IET International Conference on Developments in Power System Protection (DPSP 2010). Managing the Change ◽

10.1049/cp.2010.0344 ◽

2010 ◽

Cited By ~ 21

Author(s):

N. Schaefer ◽

T. Degner ◽

A. Shustov ◽

T. Keil ◽

J. Jaeger

Keyword(s):

Distribution Networks ◽

Energy Resources ◽

Protection System ◽

Distributed Energy Resources ◽

Distributed Energy ◽

Adaptive Protection

Download Full-text

Adaptive Protection System for Microgrids: Protection practices of a functional microgrid system.

IEEE Electrification Magazine ◽

10.1109/mele.2013.2297031 ◽

2014 ◽

Vol 2 (1) ◽

pp. 66-80 ◽

Cited By ~ 97

Author(s):

Liang Che ◽

Mohammad E. Khodayar ◽

Mohammad Shahidehpour

Keyword(s):

Protection System ◽

Adaptive Protection

Download Full-text

Statistical Characteristics and Correlation Analysis for Control Index of Soil-Aggregate Mixture

Advanced Materials Research ◽

10.4028/www.scientific.net/amr.718-720.1872 ◽

2013 ◽

Vol 718-720 ◽

pp. 1872-1877 ◽

Cited By ~ 1

Author(s):

Xu Xi Chang ◽

Xie Jian Ming ◽

Jiang Ling Fa ◽

Chen Shan Xiong

Keyword(s):

Grain Size ◽

Correlation Analysis ◽

Normal Distribution ◽

Large Scale ◽

Soil Aggregate ◽

Site Preparation ◽

Statistical Characteristics ◽

Coarse Grain ◽

Systematic Research ◽

Large Variability

Currently, the soil-aggregate mixture has been widely used in some large-scale site preparation projects, compaction characteristics has been pay more attention by many engineers and researchers. However, systematic research is insufficient on how to choose the filler. Moreover, some industry regulations are different on the requirements about filler. This paper relies on a certain big site preparation projects, discussing statistical characteristics and correlation on the maximal grain size, contents of the coarse grain, gradation and other parameters of soil-aggregate mixture. The results show that the maximal and the median grain size have small discreteness and normal distribution, indicating site filler is easy to reach the requirement; The coefficient of curvature, coefficient of nonuniformity and the coarse grain content have large discreteness, and dont obey normal distribution, indicating the filler has large variability. The median grain size is highly relevant to the coarse grain content; the maximal grain size isnt relevant to the coefficient of nonuniformity, the coefficient of curvature and the coarse grain content. According to the results of correlation analysis, we suggest that the importance order follow by coarse grain content, the maximum grain size and gradation for the control parameters of filler. This research may be significant to other similar projects.

Download Full-text

OVERVIEW OF BASIC RECOMMENDATIONS FOR PREVENTING INFORMATION SECURITY INCIDENTS UNDER REMOTE WORK AND SELF-ISOLATION MODE

Information Technology and Mathematical Modeling in the Management of Complex Systems ◽

10.26731/2658-3704.2020.2(7).39-45 ◽

2020 ◽

pp. 39-45

Author(s):

Aleksander Alekseevich Butin ◽

Anastasiia Nikolaevna Vasilevskaia

Keyword(s):

Information Security ◽

Remote Work ◽

Security Incidents

Download Full-text

Network Information Security Privacy Protection System in Big Data Era

Lecture Notes of the Institute for Computer Sciences, Social Informatics and Telecommunications Engineering - Advanced Hybrid Information Processing ◽

10.1007/978-3-030-36402-1_7 ◽

2019 ◽

pp. 65-73

Author(s):

Lei Ma ◽

Ying-jian Kang ◽

Jian-ping Liu

Keyword(s):

Big Data ◽

Information Security ◽

Privacy Protection ◽

Protection System ◽

Network Information

Download Full-text

SELECTING SAFETY PACKAGE COMPONENTS OF ENTERPRISE INFORMATION SYSTEM FOLLOWING REQUIREMENTS OF STANDARD LEGAL DOCUMENTS

Vestnik of Don State Technical University ◽

10.23947/1992-5980-2018-18-3-333-338 ◽

2018 ◽

Vol 18 (3) ◽

pp. 333-338

Author(s):

E. A. Vitenburg ◽

A. A. Levtsova

Keyword(s):

Information System ◽

Information Security ◽

International Standards ◽

Protection System ◽

Enterprise Information System ◽

Enterprise Information ◽

Research Results ◽

Legal Documents ◽

The Russian Federation ◽

Selection Of

Introduction. Production processes quality depends largely on the management infrastructure, in particular, on the information system (IS) effectiveness. Company management pays increasingly greater attention to the safety protection of this sphere. Financial, material and other resources are regularly channeled to its support. In the presented paper, some issues on the development of a safety enterprise information system are considered.Materials and Methods. Protection of the enterprise IS considers some specific aspects of the object, and immediate threats to IT security. Within the framework of this study, it is accepted that IS are a complex of data resources. A special analysis is resulted in determining categories of threats to the enterprise information security: hacking; leakage; distortion; loss; blocking; abuse. The connection of these threats, IS components and elements of the protection system is identified. The requirements of normative legal acts of the Russian Federation and international standards regulating this sphere are considered. It is shown how the analysis results enable to validate the selection of the elements of the IS protection system.Research Results. A comparative analysis of the regulatory literature pertinent to this issue highlights the following. Different documents offer a different set of elements (subsystems) of the enterprise IS protection system. To develop an IS protection program, you should be guided by the FSTEC Order No. 239 and 800-82 Revision 2 Guide to ICS Security.Discussion and Conclusions. The presented research results are the basis for the formation of the software package of intellectual support for decision-making under designing an enterprise information security system. In particular, it is possible to develop flexible systems that allow expanding the composition of the components (subsystems).

Download Full-text

Prevention of Information Security Incidents in Automated Information System

Voprosy kiberbezopasnosti ◽

10.21681/2311-3456-2020-05-45-51 ◽

2020 ◽

pp. 45-51

Author(s):

Igor Butusov ◽

◽

Aleksandr Romanov ◽

Keyword(s):

Information System ◽

Information Security ◽

Theoretical Computer Science ◽

Structured Data ◽

Fuzzy Information ◽

Security Incident ◽

Automated Information System ◽

Computer Attacks ◽

Stored Information ◽

Security Incidents

The purpose of the article is to support the processes of preventing information security incidents in conditions of high uncertainty. Method: methods of mathematical (theoretical) computer science and fuzzy set theory. Result: an information security Incident, including a computer incident, is considered as a violation or termination of the functioning of an automated information system and (or) a violation of information stored and processed in this system, including those caused by a computer attack. Information descriptions are presented in the form of structured data about signs of computer attacks. Structured data is the final sequence of strings of symbols in a formal language. The Damerau-Levenstein editorial rule is proposed as a metric for measuring the distance between strings of characters from a particular alphabet. The possibility of presenting the semantics of information descriptions of attack features in the form of fuzzy sets is proved. Thresholds (degrees) of separation of fuzzy information descriptions are defined. The influence of semantic certainty of information descriptions of features (degrees of blurring of fuzzy information descriptions) on the decision-making about their identity (similarity) is evaluated. It is shown that the semantic component of information descriptions of signs of computer attacks presupposes the presence of some semantic metric (for its measurement and interpretation), which, as a rule, is formally poorly defined, ambiguously interpreted and characterized by uncertainty of the type of fuzziness, the presence of semantic information and the inability to directly apply a probabilistic measure to determine the degree of similarity of input and stored information descriptions of signs. An approach is proposed to identify fuzzy information descriptions of computer attacks and to apply methods for separating elements of reference sets on which these information descriptions are defined. It is shown that the results of the procedure for identifying fuzzy information descriptions of computer attacks depend on the degree of separation of the reference sets and on the indicators of semantic uncertainty of these descriptions

Download Full-text

Parameters formalization of adaptive protection system for automated communication control system

Trudy MAI ◽

10.34759/trd-2020-112-17 ◽

2020 ◽

pp. 17-17

Author(s):

Vladimir Filatov ◽

Andrey Bonch-Bruevich ◽

Evgeny Khokhlachev ◽

Alexandra Borukaeva ◽

Pavel Berdikov

Keyword(s):

Control System ◽

Protection System ◽

Adaptive Protection ◽

Communication Control

Download Full-text

Application of harmonized fighting system against pomegranate orchard

Indonesian Journal of Innovation Studies ◽

10.21070/ijins2019229 ◽

2019 ◽

Vol 8 ◽

Author(s):

Mirzaeva S.A ◽

M.X Kambarova ◽

M.U Irgashev ◽

M.B Rasulova

Keyword(s):

Protection System ◽

Adaptive Protection ◽

Pomegranate Fruit

Pomegranate fruit is a monophage, and at the same time is also a typical carpophage, that is, the fruit is a moth. During the season, the pomegranate fruit develops from the 5th generation in full and in part from the 6th generation. In order to protect the pomegranate from pomegranate fruit, it is desirable to support all methods of the adaptive protection system (in particular: organizational-economic, agrotechnical, physico-mechanical, biological and chemical), bringing the number of pests to IZMM and below.

Download Full-text