<div>
	Criterion of the network infrastructure security</div>

Shilova Anastasia D.

2023 , VOLUME 23, NUMBER 3 ( March-April )

ISSN 2226-1494 (print), ISSN 2500-0373 (online)

Publications

Editor-in-Chief

Nikiforov
Vladimir O.
D.Sc., Prof.

Partners

doi: 10.17586/2226-1494-2023-23-3-530-537

Criterion of the network infrastructure security

A. D. Shilova

Read the full article

Article in Russian

For citation:

Shilova A.D. Criterion of the network infrastructure security. Scientific and Technical Journal of Information Technologies, Mechanics and Optics, 2023, vol. 23, no. 3, pp. 530–537 (in Russian). doi: 10.17586/2226-1494-2023-23-3-530-537

Abstract

The problem of assessing the security of a network infrastructure is considered. The aim of the work is to formalize a fast computable network security metric intended for use in optimization problems aimed at rebuilding the network according to security requirements. Three metrics with varying degrees of detail are proposed to achieve this goal. To do this, a set of essential features of the network infrastructure has been formed. The level of detail of the metric allows taking into account the terminal access as well as the actual structure of the network path from the subject to the accessobject. The proposed base metric was compared with previously published metrics by other authors. It is shown that the metric is sensitive to changes in essential network parameters, and the results of its calculation are consistent with the results of calculation of other metrics. Using the metric, the network segmentation method based on the grouping of subjects and objects was evaluated. It is shown that this method can significantly increase the security of the network by combining similar subjects and objects into groups even in the absence of firewall rules. The proposed metrics can be used as a basis for methods of segmenting the network infrastructure and rebuilding the existing network according to security requirements. They do not depend on a subjective assessment, and also do not take into account the presence of known vulnerabilities the closing of which affect security in general, but does not reflect the security of the network interaction. The most significant advantage can be considered as much faster calculation in comparison with analogues.

Keywords: information security, network infrastructure, security criterion, access subject, access object, network segmentation

References

Li G., Fu Y., Hao W. Quantifiable network security measurement: A study based on an index system. Lecture Notes in Computer Science, 2019, vol. 11806, pp. 47–62. https://doi.org/10.1007/978-3-030-30619-9_5
KotenkoI V., Stepashkin M.V., Bogdanov V.S. Evaluating security of computer networks based on attack graphs and qualitative security metrics. SPIIRAS Proceedings, 2006, vol. 2, no. 3, pp. 30–49. (in Russian). https://doi.org/10.15622/sp.3.2
Doynikova E.V., Chechulin A.A., Kotenko I.V. Computer network security evaluation based on CVSS metrics. Information and Control Systems, 2017, no. 6(91), pp. 76–87. (in Russian). https://doi.org/10.15217/issn1684-8853.2017.6.76
Shinkarenko A.F. The method of estimation of the security of information and telecommunication. Intellectual Technologies on Transport, 2016, no. 1(5), pp. 16–20.Available at: http://itt-pgups.ru/index.php/itt_pgups/article/view/332 2 (accessed: 12.06.2022).(in Russian)
Doynikova E.V., KotenkoI V. Techniques and software tool for risk assessment on the base of attack graphs in information and security event management systems. Information and Control Systems, 2016, no. 5(84), pp. 54–65. (in Russian). https://doi.org/10.15217/issn1684-8853.2016.5.54
Poolsappasit N., Dewri R., Ray I. Dynamic security risk management using bayesian attack graphs. IEEE Transactions on Dependable and Secure Computing, 2012,vol. 9, no. 1,pp. 61–74. https://doi.org/10.1109/TDSC.2011.34
Dantu R., Kolan P. Risk management using behavior based bayesian networks. Lecture Notes in Computer Science, 2005, vol. 3495, pp. 115–126. https://doi.org/10.1007/11427995_10
Kotenko I.V., Doynikova E.V. Countermeasure selection in security management systems. Information and Control Systems, 2015, № 3(76), pp. 60–69. (in Russian). https://doi.org/10.15217/issn1684-8853.2015.3.60
Wing J.M. Scenario graphs applied to network security. Information Assurance. Elsevier, 2008, pp. 247–277. https://doi.org/10.1016/B978-012373566-9.50011-2
Mihai I., Prună S., Barbu I.-D. Cyber kill chain analysis. International Journal of Information Security and Cybercrime, 2014, vol. 3, no. 2, pp. 37–42. https://doi.org/10.19107/IJISC.2014.02.04
Lin W., Yang C., Zhang Z., Xue X., Haga R. A quantitative assessment method of network information security vulnerability detection risk based on the meta feature system of network security data. KSII Transactions on Internet and Information Systems, 2021, vol. 15, no. 12, pp. 4531–4544. https://doi.org/10.3837/tiis.2021.12.015
Krylova Iu.V. Assessment of information security risks and threats in the organization. IRFS in the modern Russian economy: models, schemes and methods of practical implementation. Proceedings of the International Scientific and Practical Conference of Students. Moscow, 2019, pp. 142–146.(in Russian)
Zhao X., Pei M., Wu M., Liang Y., Peng H. A method of network security risk measurement based on improved D-S evidence theory. Journal of Physics: Conference Series, 2020, vol. 1626, pp. 012035. https://doi.org/10.1088/1742-6596/1626/1/012035
Zhao X., Zhang Y., Xue J., Shan C., Liu Z. Research on network risk evaluation method based on a differential manifold. IEEE Access, 2020, vol. 8, pp. 66315–66326. https://doi.org/10.1109/ACCESS.2020.2985547
Bondareva A., Shilov I. Method of grouping subjects and objects in information systems. Proc. of the 30^th Conference of Open Innovations Association FRUCT, 2021, pp. 10–15. https://doi.org/10.23919/FRUCT53335.2021.9599989

This work is licensed under a Creative Commons Attribution-NonCommercial 4.0 International License