Journal Highly available systems №4 for 2018 г.
Article in number:
Approach to the assessment of information system security, based on the analysis of incidents
Type of article: scientific article
DOI: 10.18127/j20729472-201804-08
UDC: 004.9
Keywords: analysis of incidents assessment of security level predictive model approximating functions network attack web threats
Authors:

A.Yu. Ermakova – Senior Lecturer, RTU MIREA (Moscow) E-mail: a.alla1105@mail.ru

Abstract:

The paper considers an approach to assessing the level of security of the information system (IS) based on the analysis of the incidents, the construction of a predictive model of their further behavior and the subsequent evaluation of the time of safe operation of the information system. Previously, the author proposed a method for constructing a predictive model of changing the States of a dynamic system, the States of which are set in the form of table values – node points. The method is based on constructing a continuous «approximation» of the function that is most distant from the nodal points and the subsequent calculation on the basis of the forecast values of the system state. In this paper, this method is used to build a predictive model of the occurrence of incidents from, leading to a violation of its security. The following shows how based on the constructed predictive function can be calculated safe operation time IS. Examples of this approach are given on the basis of data on Kaspersky Lab's incidents. The directions of further development of this approach are noted.

Pages: 32-35
References
  1. GOST R ISO/MEK 27000-2012 Informacionnaya tekhnologiya (IT). Metodi i sredstva obespecheniya bezopasnosti. Sistemi menedgmenta informacionnoy bezopasnosti.
  2. Federal’niy zakon ot 26 iulya 2017 g. № 187 – FZ «O bezopasnosti kriticheskoy informacionnoy infrastruktyri Rossiyskoy Federacii».
  3. Ekspertiza i audit informacionnoy bezopasnosti. [Elektronniy resurs]. URL = sudexpa.ru/expertises/ekspertiza-i-audit-informatcionnoibezopasnosti/ (Data obrasheniya 17.02.2018).
  4. Audit informacionnikh sistem. Regola-monitoring. [Elektronniy resurs]. URL = spb.systematic.ru/about/news/regola-monitoring.htm (Data obrasheniya 20.02.2018).
  5. Obzor rinka SIEM-sistem. [Elektronniy resurs]. URL = www.antimal ware.ru/node/11 637 (Data obrasheniya 15.03.2018).
  6. Shelukhin O.I., Sakalema D.G., Filinova A.S. Obnarugenie vtorgeniy v komp’uternie seti. M.: Goryachaya liniya – Telekom. 2013. 220 s.
  7. Lukackiy A.V. Obnarugenie atak. SPb.: BKhV-Peterburg. 2003. 596 s.
  8. Vaidya J., Clifton C. Privacy-preserving outlier detection // Proc. of the 4th IEEE International Conference on Data Mining. 2004. P. 233−240.
  9. Zimmermann J., Mohay G. Distributed intrusion detection in clusters based on non-interference // Proc. of the Australasian Workshops on Grid Computing and E-Research (ACSW Frontiers). Australian Computer Society, Inc. 2006. P. 89−95.
  10. Kabanov A.S., Los A.B., Trunev V.I. Vremennaya model ocenki riska narusheniya informacionnoy bezopasnosti // Dokladi TUSUR. Tomsk. 2012. № 1. Ch. 2. S. −91.
  11. Ermakova A.Y. Razrabotka metodov prognozirovaniya na primere analiza sredstv vichislitelnoy tekhniki // Promishlennie ASU i kontrolleri. 2017. № 1. S. 28−34.
  12. Sait Laboratorii Kasperskogo. [Elektronniy resurs]. URL = https://securelist.ru/ statistics/ (Data obrasheniya 27.03.2018).
Date of receipt: 3 августа 2018 г.