doi: 10.17586/2226-1494-2021-21-5-694-701


An experimental methodology for assessing the probability and danger of network attacks in automated systems

I. G. Drovnikova, E. S. Ovchinnikova, A. D. Popov, I. I. Livshitz, O. O. Basov, E. A. Rogozin


Read the full article  ';
Article in Russian

For citation:
Drovnikova I.G., Ovchinnikova E.S., Popov A.D., Livshitz I.I., Basov O.O., Rogozin E.A. An experimental methodology for assessing the probability and danger of network attacks in automated systems. Scientific and Technical Journal of Information Technologies, Mechanics and Optics, 2021, vol. 21, no. 5, pp. 694–701 (in Russian). doi: 10.17586/2226-1494-2021-21-5-694-701


Abstract
The paper proposes a new method of conducting an experiment to assess the dynamics of the information conflict “Network attack – Protection system” in automated systems. As a result of the application of the methodology, quantitative values of the initial data necessary for assessing the probability and danger of network attacks in automated systems were obtained. The research method implied an experiment that displayed the dynamics of the information conflict “Network attack – Protection system” in automated systems. The authors developed a methodology to determine the quantitative values of the characteristics, as well as the amount of damage from standard network attacks that affect the elements of automated systems. The use of the results makes it possible to observe the course of the information conflict “Network attack – Protection System” in dynamics, to calculate the probabilistic and temporal characteristics of network attacks and to carry out an accurate quantitative assessment of the danger of their implementation in automated systems in the “CPN Tools” and MathCad software environments. The prospects for using the obtained results deal with the construction of particular models of actual attacks and increase of stability of automated systems.

Keywords: experiment, automated system, network attack, information protection system, information conflict, probability of a network attack, danger of a network attack, quantitative assessment

References
1. Melnikov D.A., Durakovsky A.P., Dvoryankin S.V., Gorbatov V.S. Concept for increasing security of national information technology infrastructure and private clouds. Proc. 5th International Conference on Future Internet of Things and Cloud (FiCloud 2017), 2017, pp. 155–160. https://doi.org/10.1109/FiCloud.2017.11
2. Butusov I.V., Romanov A.A. Methodology of security assessment automated systems as objects critical information infrastructure. Voprosy kiberbezopasnosti, 2018, no. 1(25), pp. 2–10. https://doi.org/10.21681/2311-3456-2018-1-2-10
3. Kalashnikov A., Sakrutina E. Towards risk potential of significant plants of critical information infrastructure. Proc. of the International Russian Automation Conference (RusAutoCon), 2018, pp. 8501644. https://doi.org/10.1109/RUSAUTOCON.2018.8501644
4. Drovnikova I.G., Ovchinnikova E.S., Rogozin E.A. Analysis of existing methods and procedures for assessing the risk of network attacks in automated systems of internal affairs bodies and aspects of their improvement. The bulletin of Voronezh Institute of the Ministry of Internal Affairs of Russia, 2019, no. 4, pp. 51–63. (in Russian)
5. Sher A. Simulation of Attacks in a Wireless Sensor Network using NS2. Graduate Project Report. The School of Engineering & Computing Sciences. Texas A&M University-Corpus Christi. Spring 2015, 49 p.
6. Yao Y., Viswanath B., Cruan J., Zheng H., Zhao B.Y. Automated crowdturfing attacks and defenses in online review systems. Proc. 24th ACM SIGSAC Conference on Computer and Communications Security (CCS 2017), 2017, pp. 1143–1158. https://doi.org/10.1145/3133956.3133990
7. Solic K., Ocevcic H., Golub M. The information systems' security level assessment model based on an ontology and evidential reasoning approach. Computers & Security, 2015, vol. 55, pp. 100–112. https://doi.org/10.1016/j.cose.2015.08.004
8. Lan Y., Liu S.-P., Lin L., Ma Y.-Y. Effectiveness evaluation on cyberspace security defense system. Proc. of the International Conference on Network and Information Systems for Computers (ICNISC), 2015, pp. 576–579. https://doi.org/10.1109/ICNISC.2015.120
9. Radko N.M., Skobelev I.O. Risk-Models of Information and Telecommunication Systems at the Threat of Remote and Direct Access. Moscow, RadioSoft Publ., 2010, 232 p. (in Russian)
10. Radko N.M., Iazov Iu.K., Korneeva N.N. Penetration Into the Computer Operating System: Models of Malicious Remote Access. Voronezh, Voronezh State Technical University Publ., 2013, 265 p. (in Russian)
11. Bokova O.I., Drovnikova I.G., Ovchinnikova E.S., Rodin S.V. Innovative technology in the research of implementation dynamics of network attacks on the digital educational resources. Journal of Physics: Conference Series, 2020, vol. 1691, pp. 12063. https://doi.org/10.1088/1742-6596/1691/1/012063
12. Drovnikova I.G., Ovchinnikova E.S., Rogozin E.A., Kalach A.V. Modeling the dynamics of information conflict in secure automated systems of internal affairs bodies based on the Petri-Markov network. Vestnik of Voronezh Institute of the Russian Federal Penitentiary Service, 2020, no. 4, pp. 37–44. (in Russian)
13. Drovnikova I.G., Ovchinnikova E.S., Konobeevsky V.V. Analysis of typical network attacks on automated systems of internal affairs departments. Herald of Daghestan State Technical University. Technical Sciences, 2020, vol. 47, no. 1, pp. 72–85. (in Russian). https://doi.org/10.21822/2073-6185-2020-47-1-72-85
14. Ovchinnikova E.S. Graph models of the dynamics of network attacks in automated systems of internal affairs bodies. Herald of Daghestan State Technical University. Technical Sciences, 2021, vol. 48, no. 1, pp. 116–129. (in Russian). https://doi.org/10.21822/2073-6185-2021-48-1-119-129


Creative Commons License

This work is licensed under a Creative Commons Attribution-NonCommercial 4.0 International License
Copyright 2001-2024 ©
Scientific and Technical Journal
of Information Technologies, Mechanics and Optics.
All rights reserved.

Яндекс.Метрика