Network attack route analysis approach

The article discusses current problems and tools for ensuring information security in network infrastructure. The author analyzes the current trends in information security breaches in 2018-2019, concludes about the relevance of countering threats related to unauthorized access to network resources and objects. A typical network infrastructure was analyzed, the main elements were identified: subjects, objects and access resources. The most important security elements are network and server hardware. The main sources of threats to network security violations are identified, a chain of threats to network security is compiled and described, the significance of threats is shown by sources of which are external and internal violators. An example of a network attack implementation scheme during exploitation of the BDU vulnerability: 2017-02494 is given. An approach to building network attack routes for an internal and external security intruder is proposed. It is shown that the network attack route represents the procedure for overcoming technical as well as logical devices containing security measures when implementing an attack on a network infrastructure object. An algorithm for constructing a network attack has been developed. The conclusion is drawn about the possibility of applying the approach to building a network attack route in the tasks of security monitoring, security assessment and planning of protective measures.

1. Analiticheskiy otchet kompanii «Positive technologies»: Uyazvimosti korporativnykh informatsionnykh sistem, 2019. Available at: https://www.ptsecurity.com/ruru/research/analytics/corporate-vulnerabilities-2019/ (accessed: 05.02.2020).

2. Sbornik issledovaniy po prakticheskoy bezopasnosti «Positive Research 2018». Available at: https://www.ptsecurity.com/upload/corporate/ru-ru/analytics/Positive-Research-2018- rus.pdf (accessed: 02.02.2020).

3. Analiticheskiy otchet GK «Infowatch»: Aktual'nyye kiberugrozy — 2018. Trendy i prognozy. Available at: https://www.ptsecurity.com/ru-ru/research/analytics/cybersecuritythreatscape-2018/ (accessed: 17.02.2020).

4. GOST R 57580.2-2018 Bezopasnost finansovykh (bankovskikh) operatsiy. Zashchita informatsii finansovykh organizatsiy. Metodika otsenki sootvetstviya. Available at: http://docs.cntd.ru/document/1200158801 (accessed: 02.02.2020). (In Russ)

5. Gavrishev A.A. Generalized computational method to compare the accuracy of quantitative estimates of security f wireless security systems. Modeling, Optimization and Information Technology. 2019;7(3). Available at: http://moit.vivt.ru/ DOI:10.26102/2310- 6018/2019.26.3. (In Russ)

6. Markov A.V. Model ugroz bezopasnosti informatsii v lokalnykh korporativnykh setyakh. REDS: Telecommunication devices and systems. 2016;4:580-583. (In Russ)

7. Sheluhin O.I., Filinova A.S. Detection of network anomaly bursts of traffic by the method of the disorder of Brodsky- Darkhovsky. T-Comm - Telecommunications and Transport. 2013;7(10):116-118. (In Russ)

8. Sokolov S.S., Glebov N.B. Modern methods of social engineering - ways of implementing threats to the security of corporate data transmission networks. Regional informatics and information security. - SPb.: St. Petersburg Society of Informatics, Computer Engineering, Communication and Control Systems. 2016:130-132. (In Russ).

9. Konarev I.I., Nikishova A.V. Analiz metodov obnaruzheniya atak na WI-FI. Aktual'nyye voprosy informatsionnoy bezopasnosti regionov v usloviyakh perekhoda Rossii k tsifrovoy ekonomike materialy VII Vserossiyskoy nauchno-prakticheskoy konferentsii. Volgogradskiy gosudarstvennyy universitet. 2018. (In Russ)

10. Babenko A.A., Mikova S.Yu., Oladko V.S. Development of information security abnormal events control system. Informatsionnyye sistemy i tekhnologii. 2017;5(103):108-116. (In Russ).

11. Natsional'nyy standart Rossiyskoy Federatsii GOST R 56546-2015 Zashchita informatsii. Uyazvimosti informatsionnykh sistem. Klassifikatsiya uyazvimostey informatsionnykh sistem. Available at: http://docs.cntd.ru/document/1200123702 (accessed: 12.02.2020) (In Russ).

12. Oladko V.S. Network security incidents in the digital economy system. Research result. 2019; 4(4): 19-30. DOI: 10.18413/2518-1092-2019-4-4-0-3. (In Russ).

13. Vitenburg Y.A., Nikishova A.V., Oladko V.S., Umnitsyn M.Yu., Omelchenko T.A., Sadovnikova N.P. Prinyatiye resheniy na osnove dannykh monitoringa informatsionnykh sistem predpriyatiy. Upravleniye razvitiyem krupnomasshtabnykh sistem MLSD’2019 Materialy dvenadtsatoy mezhdunarodnoy konferentsii Nauchnoye elektronnoye izdaniye. Pod obshchey red. S.N. Vasil'yeva, A.D. Tsvirkuna. 2019:1031-1033. DOI: 10.25728/mlsd.2019.1.1031/ (In Russ).