Method for assessing the level of security risks of network nodes to improve the efficiency of placement of immune detectors

The relevance of the study is due to the need to improve the efficiency of the use of intrusion detection systems based on immune detectors. The rational placement of immune detectors on separate network nodes is of great importance for the effectiveness of the use of such systems. It is proposed to use the security risk level of individual network nodes as a criterion for selecting nodes for installing immune detectors. In this article, we propose a method for estimating this value, which makes it possible to single out the least protected nodes. Assessing the security risk of network nodes is complicated by the fact that the vulnerability is often not the only one. The main idea underlying the method is the use of a statistical formal model based on Markov chains in combination with a graph of possible trajectories and metrics for analyzing vulnerabilities. Scoring scores are used as metrics for analyzing vulnerabilities, which use three types of metrics: basic, temporal, and contextual. A design example is given. The resulting model can be used to identify critical nodes along the path of access to the target node, in which intruders can be most dangerous. Based on the information obtained using the model, the network administrator can install immune detectors on these nodes, which will significantly improve the protection system.

1. Tokarev V.L., Sychugov A.A. Detection of malware using immune detectors. Bulletin of the Tula State University. Technical science. 2017;10:216-230.

2. Tokarev V.L., Sychugov A.A. Multi-agent system for network attack detection. International Journal of Civil Engineering and Technology (IJCIET). 2018;9(6):279-286.

3. Databank of information security threats. CVSS Calculator v2. Available at: https://bdu.fstec.ru/calc

4. Tokarev V.L. Recognition of the opposing side's strategy based on current observations. Reports of the Tomsk State University of Control Systems and Radioelectronics. 2014;(6):184-187.

5. Jha, S., Sheyner, O. and Wing, J. (2002) Two Formal Analyses of Attack Graphs. Proceedings of 15th IEEE Computer Security Foundations Workshop. 2002;6:49-63.

6. Mehta V., Bartzis C., Zhu H., Clarke E. and Wing J. Ranking Attack Graphs. International Workshop on Recent Advances in Intrusion Detection. 2006;1:127-124.

7. Dynkin E.B. Foundations of the theory of Markov processes. Fizmatlit. 2006.