The Markov model of cyber attacks and its application to the analysis of information security in automated systems

The paper presents a description of the Markov model of cyber attacks as a method for analyzing information security in automated systems. Based on the presented model, the work provides a description of two safety metrics - the average time to safety failure (the average number of transitions between states in the corresponding Markov chain before it first enters one of the absorbing states) and the average risk in case of safety failure (the sum of the products of damages during the implementation of each from cyber attacks to the corresponding probabilities of these cyber attacks). An algorithm for estimating input parameters is given based on the relationship between the threat and vulnerability databases CVE, CWE and CAPEC. The relationships described in the work allow us to calculate the vector of probabilities of the occurrence of cyber attacks and the vector of damage from cyber attacks, which are formed as input data for the security assessment model. The paper also addresses the problem of numerical estimation of parameters through CVSS metrics. The study demonstrates that the vector of probabilities of repelling cyber attacks and the vector of probabilities of “delays” of cyber attacks can only be obtained using the method of expert assessments or statistics. The work also provides a description of the developed software product, which allows one to assess the security of an automated system over a given period of time.

1. Bokova O.I., Drovnikova I.G., Etepnev A.S., Rogozin E.A., Khvostov V.A. Methods of estimating reliability of information security systems which protect from unauthorized access in automated systems. Trudy SPIIRAN = SPIIRAS Proceedings. 2019;18(6):1301–1332. (In Russ.). https://doi.org/10.15622/sp.2019.18.6.1301-1332.

2. Devyanin P.N. Modeli bezopasnosti komp'yuternykh sistem. Moscow: Publishing House Academia; 2005. 144 p. (In Russ.).

3. Abraham S., Nair S. Cyber Security Analytics: A Stochastic Model for Security Quantification Using Absorbing Markov Chains. Journal of Communications. 2014;9(12):899–907. https://doi.org/10.12720/jcm.9.12.899-907.

4. Almasizadeh J., Mohammad A.A. A stochastic model of attack process for the evaluation of security metrics. Computer Networks. 2013;57(10):2159–2180. https://doi.org/10.1016/j.comnet.2013.03.011.

5. Zhang Y., Malacaria P. Optimization-Time Analysis for Cybersecurity. IEEE Transactions on Dependable and Secure Computing. 2021;19(4):2365–2383. https://doi.org/10.1109/TDSC.2021.3055981.

6. Rosenko A.P. Mathematical modelling of internal threats on safety of the confidential information circulating in automated information system availability. Izvestiya YuFU. Tekhnicheskie nauki = Izvestiya SFedU. Engineering Sciences. 2008;(8):71–81. (In Russ.).

7. Drovnikova I.G., Meshcheryakova T.V., Popov A.D., Rogozin E.A., Sitnik S.M. Mathematical model for estimating the efficiency of information security systems by means of Laplace transformation and Givens method. Trudy SPIIRAN = SPIIRAS Proceedings. 2017;(3):234–258. (In Russ.). https://doi.org/10.15622/sp.52.11.

8. Magazev A.A., Tsyrulnik V.F. Investigation of a Markov model for computer system security threats. Modelirovanie i analiz informatsionnykh sistem = Automatic Control and Computer Sciences. 2018;52(7):615–624. https://doi.org/10.3103/S0146411618070180.

9. Magazev A.A., Tsyrulnik V.F. Optimizing the selection of information security remedies in terms of a Markov security model. Journal of Physics: Conference Series. 2018;1096. https://doi.org/10.1088/1742-6596/1096/1/012160.

10. Kassenov A.A., Magazev A.A., Tsyrulnik V.F. A Markov Model of Non-Mutually Exclusive Cyber Threats and its Applications for Selecting an Optimal Set of Information Security Remedies. Modelirovanie i analiz informatsionnykh sistem = Automatic Control and Computer Sciences. 2020;27(1):108–123. (In Russ.). https://doi.org/10.18255/1818-1015-2020-1-108-123.

11. Kassenov A.A., Magazev A.A., Trapeznikov E.V. Using a Markov cyberattack model for evaluation of security metrics. Matematicheskie struktury i modelirovanie = Mathematical Structures and Modeling. 2020;(2):129–144. (In Russ.). https://doi.org/10.24147/2222-8772.2020.2.129-144.