Modelling Artificial Immunization Processes to Counter Cyberthreats

This paper looks at the problem of cybersecurity in modern cyber-physical and information systems and proposes an immune-like approach to the information security of modern complex systems. This approach is based on the mathematical modeling in information security—in particular, the use of immune methods to protect several critical system nodes from a predetermined range of attacks, and to minimize the success of an attack on the system. The methodological approach is to systematize the tasks, means and modes of immunization to describe how modern systems can counter the spread of computer attacks. The main conclusions and recommendations are that using an immunization approach will not only improve the security of systems, but also define principles for building systems that are resistant to cyber attacks. The immunization approach enables a symmetrical response to an intruder in a protected system to be produced rapidly. This symmetry provides a step-by-step neutralization of all stages of a cyber attack, which, combined with the accumulation of knowledge of the attacker’s actions, allows a base of defensive responses to be generated for various cyber attack scenarios. The theoretical conclusions are supported by practical experiments describing real-world scenarios for the use of immunization tools to protect against cyber threats.

INFORMATION SYSTEMS PROACTIVE PROTECTION SUITE AGAINST NETWORK RECONNAISSANCE

The usage of known protection tools in information systems, including cryptographic ones, does not allow ensuring the confidentiality of information about its composition, structure and functioning algorithms, due to the fact that modern network technologies require addressable information in the service headers of the transmitted message packets. Strict dependence of information systems configurations on the quality requirements for the architecture, as well as established security policies set by regulators, causes them to have the properties of static, homogeneous and deterministic network parameters. This gives the adversary a number of indisputable advantages to non-compromising conduct network reconnaissance, high reliability of its results over a long period of time, as well as advance (planned) formation and application of the optimal set of tools to implement computer attacks. In this regard, there is a need to develop security technologies that replace static parameters of information systems with the dynamic ones. The analysis of existing technologies in the subject area under consideration showed a number of their inherent disadvantages, consisting in high resource intensity, insufficient performance and narrowness of the scope. In order to solve this problem, the author proposed a new technical solution that allows to level the disadvantages of known analogues and surpasses them by a number of criteria. The technical shape of the suite, consisting of three interconnected subsystems, that allows to mask information directions, the parameters of local area networks and manage the parameters of network connections with network reconnaissance tools, is presented and justified.

Monte Carlo method for predicting the stability of the functioning of the informatization object in the conditions of massive computer attacks

The application of the Monte Carlo method for solving the problem of predicting the functioning stability of the object of informatization in the conditions of massive computer attacks (MCA) is considered. The field of research represents practical and theoretical interests, since the methods developed by the theory of reliability are focused on simple, stationary, failure flows, which cannot be applied to the MCA conditions. In the conditions of the MCA, the period of normal functioning is commensurate with the recovery time, therefore, the application of the Poisson flow model leads to a significant error. To ensure the reliability of modeling, it is necessary to use an alternating process model, where the recovery time is commensurate with the period of operation and has a finite value, while analytical models of the real functioning processes are cumbersome, difficult to interpret and have no practical application.

Predicting of cyber attacks on critical information infrastructure

According to modern statistics and analytical reviews, targeted computer attacks (cyber attacks) are becoming more and more numerous. Attackers began to use non-standard schemes for implementing attacks, using employees of organizations as intermediaries, which reduces the efficiency of detecting violations. At the same time, the targets of attackers are increasingly critical information infrastructure (CII) objects. The number of cyberattacks on the critical infrastructure of the Russian Federation increased by 150%. Successful attacks on CII are associated with a lack of software updates for industrial equipment, personnel errors, incorrect configuration of protection tools and can potentially lead to disasters. Prediction of computer attacks on CII based on a comprehensive analysis of the characteristics of incidents and system users can significantly increase the efficiency of incident detection, since it is obvious that technical and anthropogenic characteristics in this case should be taken into account together. It is difficult to classify computer incidents due to the volume and heterogeneity of the data about them. The paper proposes approaches that provide for the initial systematization of system log data and user characteristics, an assessment of their informativeness. This will reduce the complexity of further data processing and increase the performance of the computer attack forecasting system by excluding some uninformative data from a single secure storage. The second important task is to create test systems based on available platforms for analyzing and detecting computer incidents in order to train future information security specialists in big data analysis technologies.

Cybercrime in the field of information technology as a modern threat

В данной статье рассматривается актуальная на сегодняшний день проблема киберпреступности, так как в современном обществе компьютеры, информационные технологии и телекоммуникационные системы проникли во все сферы деятельности человека и государства. Однако глобализация информационных технологий представляет огромную угрозу для человечества. За последнее столетие она приобрела особую актуальность. С годами информационные технологии становятся доступнее для пользователей. Безграничные возможности глобализации информационного поля позволяют злоумышленникам беспрепятственно оказывать воздействие на личность, группу и общество в целом. Киберпреступность в настоящее время достигла беспрецедентного размаха. Все это не осталось без внимания президента Российской Федерации Владимира Путина, который назвал эту проблему вопросом государственной безопасности и предложил сформировать систему автоматизированного обмена информацией об угрозах в цифровом пространстве. В данной статье рассматриваются проблемы расследования преступлений в сфере информационных технологий, которые осложняются анонимностью, наличием «безграничного» пространства, открытостью потенциальных жертв. В заключение показываются пути разрешения проблемы киберпреступности как в России, так и в других странах на современном этапе, которые заключаются: в усилении Государственной системы предупреждения и обнаружения компьютерных атак на информационные ресурсы России, а также устранении их последствий; в усилении надёжности сети конфиденциальной связи силовых структур и органов власти; в укреплении международного сотрудничества в сфере борьбы с киберпреступностью. This article examines the current problem of cybercrime, since in modern society computers, information technologies and telecommunication systems have penetrated into all spheres of human activity and the state. However, the globalization of information technology poses a huge threat to humanity. Over the last century, it has become particularly relevant. Over the years, information technology has become more accessible to users. The limitless possibilities of the globalization of the information field allow attackers to freely influence an individual, a group and society as a whole. Cybercrime has now reached an unprecedented scale. All this did not go unnoticed by the President of the Russian Federation Vladimir Putin, who called this problem a matter of state security and proposed to form a system of automated information exchange about threats in the digital space. This article discusses the problems of investigating crimes in the field of information technology, which are complicated by anonymity, the presence of "limitless" space, and the openness of potential victims. In conclusion, the ways of solving the problem of cybercrime both in Russia and in other countries at the present stage are shown, which consist in strengthening the State system for preventing and detecting computer attacks on Russian information resources, as well as eliminating their consequences; strengthening the reliability of the confidential communication network of law enforcement agencies and authorities; strengthening international cooperation in the fight against cybercrime.

MODELING, ANALYSIS AND COUNTERING THE SCENARIOS OF PREPARING COMPUTER ATTACKS IN DISTRIBUTED COMPUTER SYSTEMS

Цель проведённых исследований заключалась в формализации действий нарушителя, совершаемых в ходе подготовки компьютерной атаки как основного этапа, на котором можно оказать противодействие нарушителю до того, как защищаемой системе будет нанесён ущерб. В настоящей статье представлены результаты разработки модели сети Петри для этапа подготовки к компьютерной атаке в распределенных компьютерных системах. Модель учитывает причинно-следственные связи между действиями нарушителя, а также условиями и последствиями реализации таких действий. Наличие таких связей позволяет определять сценарии подготовки компьютерных атак в зависимости от структурных и функциональных особенностей объекта защиты и модели нарушителя. Разработанная модель может быть использована в качестве исходных данных при моделировании угроз безопасности информации в части определения способов, используемых нарушителем при выборе объекта атаки, а также в ходе получения необходимых ресурсов для её совершения. Также в настоящей статье продемонстрирована возможность моделирования мер защиты, затрудняющих реализацию сценария к атаке. The purpose of the research was to formalize the actions of the violator committed during the preparation of a computer attack as the main stage at which it is possible to counteract the violator before the protected system is damaged. This article presents the results of the development of a Petri net model for the preparation stage for a computer attack in distributed computer systems. The model takes into account the causal relationships between the actions of the violator, as well as the conditions and consequences of the implementation of such actions. The presence of such links allows you to determine the scenarios for preparing computer attacks, depending on the structural and functional features of the object of protection and the model of the intruder. The developed model can be used as a source data for modeling information security threats in terms of determining the methods used by the violator when choosing the object of the attack, as well as in the course of obtaining the necessary resources for its commission. This article also demonstrates the possibility of modeling security measures that make it difficult to implement a scenario for an attack.

RANFO: An Intelligent Anomaly Detection in IoT Edge Devices

As devices, applications, and communication networks become more connected and integrated, computer attacks on the Internet of Things (IoT) become more sophisticated. When attacks on IoT networks cause long-term outages, it affects the availability of critical end-user programmers, increases the number of data breaches and fraud, raises prices, and reduces revenue. In this paper we present the RANFO (IDS), prepared to protect inherently linked Iot systems. The proposed entry-level system can successfully enter real-world entrance, according to our experimental results. We'll illustrate how RANFO can identify a variety of harmful assaults, including DOS, R2L, Probe, and U2L.

MODELING, ANALYSIS, AND COUNTERACTION MEASURES FOR IMPLEMENTATION SCENARIOS OF INFORMATION SECURITY THREATS ON MOBILE DEVICES

В настоящей статье представлены результаты моделирования способов реализации компьютерных атак на мобильные устройства. Актуальность данной статьи обусловлена отсутствием наработок по формированию методического обеспечения, касающегося моделирования способов реализации компьютерных атак на мобильные устройства, учитывающего их специфику. Предложенные модели способов предназначены для формирования методического обеспечения расчета рисков и выявления оценки защищенности таких систем от актуальных сценариев реализации угроз безопасности информации, которое даёт возможность обоснованного выбора мер защиты. Построение моделей способов реализации компьютерных атак осуществлялось с использованием аппарата сетей Петри на основании сведений, содержащихся в базе данных MITRE ATT&CK. Разработанные модели взаимосвязаны по условиям и последствиям реализации основных технических приёмов, определённых в базе данных ATT&CK и актуальных для мобильных устройств (условия и последствия моделируются позициями сети Петри, а сами технические приёмы - переходами сети Петри). Также в статье затрагиваются вопросы автоматизации и совместной разработки подобных моделей. Проводится сравнительный анализ различных форм представления участков моделируемой сети Петри в контексте удобства процесса её разработки This article presents the results of modeling methods for implementing computer attacks on mobile devices. The relevance of this article is due to the lack of developments in the formation of methodological support for modeling methods for implementing computer attacks on mobile devices, taking into account their specifics. These models are intended for the formation of methodological support for calculating risks and identifying the assessment of the security of such systems from current scenarios of information security threats, which makes it possible to make an informed choice of security measures. The construction of models of ways to implement computer attacks was carried out using the device of Petri nets based on the information contained in the MITRE ATT&CK database. These models are interconnected by the conditions and consequences of the implementation of the main techniques defined in the ATT&CK database and relevant for mobile devices (conditions and consequences are modeled by the positions of the Petri net, and the techniques themselves are modeled by the transitions of the Petri net). In article also addresses the issues of automation and joint development of such models. A comparative analysis of various forms of representation of the sections of the simulated Petri net in the context of the convenience of its development process is carried out.