350 rub
Journal Information-measuring and Control Systems №9 for 2013 г.
Article in number:
User-s vulnerabilities profile modeling for socio-engineering attacks protection evaluation
Keywords: information system user socio-engineering attack vulnerabilities profile
Authors:
A.A. Azarov - Post-graduate Student, SPIIRAS, Saint Petersburg State University
Abstract:
Intensive introduction of information technologies in modern business processes leads to the need to ensure the security used in this information resources. In this connection the significant efforts of specialists in information security aimed at development and introduction of various models and methods of the information systems protection from program-technical attacks, that is currently the main sphere of the protection of confidential information is the program-technical section. Accordingly, there is sufficient not developed science-based framework for the preventive measures development and implementation, as well as a priori and a posteriori assessment of their effectiveness. The purpose of this article is an introduction to the consideration of the user-s vulnerabilities profile as the analog of the program-technical vulnerabilities, used in the analysis of the security of the program-technical component of the information system, as well as the consideration of the four approaches to the analysis of the information systems - users - security from socio-engineering attacks (SI-attacks), which in combination with certain models profile vulnerabilities, provide an opportunity to automate the assessment of the degree of protection of the personnel of information systems and mission-critical documents from SEA attacks. In the present work in the first place considered by the profile of the vulnerabilities of the user, which, on the one hand, it is the analogue of software vulnerabilities in software and hardware systems, and on the other hand, the content is a set of vulnerabilities user, built on the psychological characteristics of the person. Stated that the application of the model user vulnerabilities profile opens up the possibility of use in the modelling of social-engineering attacks, as well as analysis of their consequences (i.e. obtain an estimate for the degree of security of critical documents, stored in the information system) approaches such as probabilistic relational, analysis of attack trees, Bayesian networks, Markov random field. The development of the proposed approaches and mathematical models to automate the analysis of the security of the complex «information system - personnel - critical documents» on the socio-engineering attacks the attacker.
Pages: 49-52
References

  1. Azarov A.A., Tulup'eva T.V., Fil'chenkov A.A., Tulup'ev A.L. Veroyatnostno-relyaczionny'j podxod k predstavleniyu modeli kompleksa «Informaczionnaya sistema - personal ? kritichny'e dokumenty'» // Trudy' SPIIRAN. 2012. Vy'p. 20. S. 57 - 71.
  2. Azarov A.A., Tulup'eva T.V., Tulup'ev A.L. Prototip kompleksa programm dlya analiza zashhishhennosti personala informaczionny'x sistem postroenny'j na osnove fragmenta profilya uyazvimostej pol'zovatelya. // Trudy' SPIIRAN. 2012. Vy'p. 21. S. 21 - 40.
  3. Azarov A.A., Tulup'ev A.L., Tulup'eva T.V. SQL-predstavlenie relyaczionno-veroyatnostny'x modelej soczio-inzhenerny'x atak v zadachax rascheta agregirovanny'x oczenok zashhishhennosti personala informaczionnoj sistemy' // Trudy' SPIIRAN. 2012. Vy'p. 22. S. 31 - 44.
  4. Azarov A.A. Osnovy' monitoringa zashhishhennosti personala informaczionny'x sistem ot socziotexnicheskix atak // Trudy' SPIIRAN. 2012. Vy'p. 4(23). S. 30 - 49.
  5. Kotenko I.V., Saenko I.B. Postroenie sistemy' intellektual'ny'x servisov dlya zashhity' informaczii v usloviyax kiberneticheskogo protivoborstva // Trudy' SPIIRAN. 2012. Vy'p. 22. S. 84 - 100.
  6. Stepashkin M.V. Modeli i metodika analiza zashhishhennosti komp'yuterny'x setej na osnove postroeniya derev'ev atak: Dis. kand. texn. nauk: SPb.: SPIIRAN, 2002. 196 c.
  7. Jusupov R., Pal'chun B.P. Bezopasnost' komp'yuternoj infosfery' sistem kriticheskix prilozhenij. Vooruzhenie. Politika. Konversiya. 2003. № 2. S. 52.