Марковская модель кибератак и ее применение к анализу защищенности информации в автоматизированных системах
Работая с нашим сайтом, вы даете свое согласие на использование файлов cookie. Это необходимо для нормального функционирования сайта, показа целевой рекламы и анализа трафика. Статистика использования сайта отправляется в «Яндекс» и «Google»
Научный журнал Моделирование, оптимизация и информационные технологииThe scientific journal Modeling, Optimization and Information Technology
Online media
issn 2310-6018

The Markov model of cyber attacks and its application to the analysis of information security in automated systems

idTrapeznikov E.V. idMagazev A.A. idKasenov A.A.

UDC 004.056
DOI: 10.26102/2310-6018/2024.45.2.011

  • Abstract
  • List of references
  • About authors

The paper presents a description of the Markov model of cyber attacks as a method for analyzing information security in automated systems. Based on the presented model, the work provides a description of two safety metrics - the average time to safety failure (the average number of transitions between states in the corresponding Markov chain before it first enters one of the absorbing states) and the average risk in case of safety failure (the sum of the products of damages during the implementation of each from cyber attacks to the corresponding probabilities of these cyber attacks). An algorithm for estimating input parameters is given based on the relationship between the threat and vulnerability databases CVE, CWE and CAPEC. The relationships described in the work allow us to calculate the vector of probabilities of the occurrence of cyber attacks and the vector of damage from cyber attacks, which are formed as input data for the security assessment model. The paper also addresses the problem of numerical estimation of parameters through CVSS metrics. The study demonstrates that the vector of probabilities of repelling cyber attacks and the vector of probabilities of “delays” of cyber attacks can only be obtained using the method of expert assessments or statistics. The work also provides a description of the developed software product, which allows one to assess the security of an automated system over a given period of time.

1. Bokova O.I., Drovnikova I.G., Etepnev A.S., Rogozin E.A., Khvostov V.A. Methods of estimating reliability of information security systems which protect from unauthorized access in automated systems. Trudy SPIIRAN = SPIIRAS Proceedings. 2019;18(6):1301–1332. (In Russ.). https://doi.org/10.15622/sp.2019.18.6.1301-1332.

2. Devyanin P.N. Modeli bezopasnosti komp'yuternykh sistem. Moscow: Publishing House Academia; 2005. 144 p. (In Russ.).

3. Abraham S., Nair S. Cyber Security Analytics: A Stochastic Model for Security Quantification Using Absorbing Markov Chains. Journal of Communications. 2014;9(12):899–907. https://doi.org/10.12720/jcm.9.12.899-907.

4. Almasizadeh J., Mohammad A.A. A stochastic model of attack process for the evaluation of security metrics. Computer Networks. 2013;57(10):2159–2180. https://doi.org/10.1016/j.comnet.2013.03.011.

5. Zhang Y., Malacaria P. Optimization-Time Analysis for Cybersecurity. IEEE Transactions on Dependable and Secure Computing. 2021;19(4):2365–2383. https://doi.org/10.1109/TDSC.2021.3055981.

6. Rosenko A.P. Mathematical modelling of internal threats on safety of the confidential information circulating in automated information system availability. Izvestiya YuFU. Tekhnicheskie nauki = Izvestiya SFedU. Engineering Sciences. 2008;(8):71–81. (In Russ.).

7. Drovnikova I.G., Meshcheryakova T.V., Popov A.D., Rogozin E.A., Sitnik S.M. Mathematical model for estimating the efficiency of information security systems by means of Laplace transformation and Givens method. Trudy SPIIRAN = SPIIRAS Proceedings. 2017;(3):234–258. (In Russ.). https://doi.org/10.15622/sp.52.11.

8. Magazev A.A., Tsyrulnik V.F. Investigation of a Markov model for computer system security threats. Modelirovanie i analiz informatsionnykh sistem = Automatic Control and Computer Sciences. 2018;52(7):615–624. https://doi.org/10.3103/S0146411618070180.

9. Magazev A.A., Tsyrulnik V.F. Optimizing the selection of information security remedies in terms of a Markov security model. Journal of Physics: Conference Series. 2018;1096. https://doi.org/10.1088/1742-6596/1096/1/012160.

10. Kassenov A.A., Magazev A.A., Tsyrulnik V.F. A Markov Model of Non-Mutually Exclusive Cyber Threats and its Applications for Selecting an Optimal Set of Information Security Remedies. Modelirovanie i analiz informatsionnykh sistem = Automatic Control and Computer Sciences. 2020;27(1):108–123. (In Russ.). https://doi.org/10.18255/1818-1015-2020-1-108-123.

11. Kassenov A.A., Magazev A.A., Trapeznikov E.V. Using a Markov cyberattack model for evaluation of security metrics. Matematicheskie struktury i modelirovanie = Mathematical Structures and Modeling. 2020;(2):129–144. (In Russ.). https://doi.org/10.24147/2222-8772.2020.2.129-144.

Trapeznikov Evgeny Valerievich

Scopus | ORCID | eLibrary |

Omsk State Technical University

Omsk, Russia

Magazev Alexey Anatolyevich
Doctor of Physical and Mathematical Sciences, Professor

Scopus | ORCID | eLibrary |

Omsk State Technical University

Omsk, Russia

Kasenov Adil Askarovich

ORCID | eLibrary |

Omsk State Technical University

Omsk, Russia

Keywords: security metrics, CVSS metric, CVE, CWE, CAPEC, cyberattack model, data collection algorithm, automated system, markov chain, expert assessment method

For citation: Trapeznikov E.V. Magazev A.A. Kasenov A.A. The Markov model of cyber attacks and its application to the analysis of information security in automated systems. Modeling, Optimization and Information Technology. 2024;12(2). Available from: https://moitvivt.ru/ru/journal/pdf?id=1554 DOI: 10.26102/2310-6018/2024.45.2.011 (In Russ).

43

Full text in PDF

Received 15.04.2024

Revised 22.04.2024

Accepted 28.04.2024

Published 02.05.2024