The use of probabilistic relational models of complex "critical documents - information system - the user - the attacker" for the analysis of security of information systems users from social engineering attacks

A. A. Azarov; M. V. Abramov; T. V. Tulupyeva; A. A. Filchenkov

Geodesic

Parcourir par

The use of probabilistic relational models of complex "critical documents - information system - the user - the attacker" for the analysis of security of information systems users from social engineering attacks

A. A. Azarov ; M. V. Abramov ; T. V. Tulupyeva ; A. A. Filchenkov

Nečetkie sistemy i mâgkie vyčisleniâ, Tome 10 (2015) no. 2, pp. 209-221.

Voir la notice de l'article provenant de la source Math-Net.Ru

Résumé

The article describes a model user profiles and vulnerability, the attacker model and sotsiinzhenernyh attack model of information systems and software and hardware devices. Trends in the development of modern business often require confidentiality of corporate information leakage which may result in significant financial losses. Leakage of confidential information may be associated with problems of insecurity and the software and hardware components of the information system of the organization and with the users of the system. Leaks of confidential information from the users of information systems can be carried out for several reasons: because of social engineering attacks influences attacker when a user misled and the attacker receives the required confidential information, as well as due to insider attacks the users of information systems. Insider attack users of information systems can be implemented with the involvement of social engineering attacks influences, but in this case the source of social engineering attacks impact will be located within the organization.

Keywords: probabilistic relational model, information security, social engineering attacks, protecting the user.

@article{FSSC_2015_10_2_a4,
     author = {A. A. Azarov and M. V. Abramov and T. V. Tulupyeva and A. A. Filchenkov},
     title = {The use of probabilistic relational models of complex "critical documents - information system - the user - the attacker" for the analysis of security of information systems users from social engineering attacks},
     journal = {Ne\v{c}etkie sistemy i m\^agkie vy\v{c}isleni\^a},
     pages = {209--221},
     publisher = {mathdoc},
     volume = {10},
     number = {2},
     year = {2015},
     language = {ru},
     url = {http://geodesic.mathdoc.fr/item/FSSC_2015_10_2_a4/}
}

TY  - JOUR
AU  - A. A. Azarov
AU  - M. V. Abramov
AU  - T. V. Tulupyeva
AU  - A. A. Filchenkov
TI  - The use of probabilistic relational models of complex "critical documents - information system - the user - the attacker" for the analysis of security of information systems users from social engineering attacks
JO  - Nečetkie sistemy i mâgkie vyčisleniâ
PY  - 2015
SP  - 209
EP  - 221
VL  - 10
IS  - 2
PB  - mathdoc
UR  - http://geodesic.mathdoc.fr/item/FSSC_2015_10_2_a4/
LA  - ru
ID  - FSSC_2015_10_2_a4
ER  -

%0 Journal Article
%A A. A. Azarov
%A M. V. Abramov
%A T. V. Tulupyeva
%A A. A. Filchenkov
%T The use of probabilistic relational models of complex "critical documents - information system - the user - the attacker" for the analysis of security of information systems users from social engineering attacks
%J Nečetkie sistemy i mâgkie vyčisleniâ
%D 2015
%P 209-221
%V 10
%N 2
%I mathdoc
%U http://geodesic.mathdoc.fr/item/FSSC_2015_10_2_a4/
%G ru
%F FSSC_2015_10_2_a4

A. A. Azarov; M. V. Abramov; T. V. Tulupyeva; A. A. Filchenkov. The use of probabilistic relational models of complex "critical documents - information system - the user - the attacker" for the analysis of security of information systems users from social engineering attacks. Nečetkie sistemy i mâgkie vyčisleniâ, Tome 10 (2015) no. 2, pp. 209-221. http://geodesic.mathdoc.fr/item/FSSC_2015_10_2_a4/

Bibliographie
Cité par

[1] Kotenko I. V., Yusupov R. M., “Perspektivnye napravleniya issledovanii v oblasti kompyuternoi bezopasnosti”, Zaschita informatsii. Insaid, 2006, no. 2(8), 46–57

[2] Petrenko S. A., Vozmozhnaya metodika postroeniya sistemy informatsionnoi bezopasnosti predpriyatiya, http://bre.ru/security/13985.html

[3] Yusupov R., Palchun B. P., “Bezopasnost kompyuternoi infosfery sistem kriticheskikh prilozhenii”, Vooruzhenie. Politika. Konversiya, 2003, no. 2, 52

[4] Dorothy D. E., “A lattice model of secure information flow”, Communications of the ACM, 19:5 (2008), 236–243

[5] Balepin I., Maltsev S., Rowe J., Levitt K., “Using specification-based intrusion detection for automated response”, Proceedings of the 6th International Symposium on Recent Advances in Intrusion Detection, 2003, 135–154

[6] Dahnke M., Thul C., Martini P., “Graph based metrics for intrusion response measures in computer networks”, Proceedings of the 32nd IEEE Conferenceon Local Computer Networks, LCN 2007 (Los Alamitos, Washington DC, USA, 2007), IEEE Computer Society, 1035–1042

[7] National Institute of Standards and Technology http://www.nist.gov/index.html

[8] The total information security toolkit, , Siemens http://www.cramm.com

[9] Software Engineering Institute ttp://www.cert.org/octave/

[10] Toth T., Krugel C., “Evaluating the impact of automated intrusion response mechanisms”, Proceedings of the 18th Annual Computer Security Applications Conference, ACSAC 2002 (Los Alamitos, Washington DC, USA, 2007), IEEE Computer Society, 301

[11] Avto novosti http://auto.mail.ru/news?id=22216

[12] Filchenkov A. A., Tulupev A. L., Sirotkin A. V., “Strukturnyi analiz klik maksimalnykh grafov smezhnosti algebraicheskikh baiesovskikh setei”, Vestnik Tverskogo gosudarstvennogo universiteta. Seriya: Prikladnaya matematika, 2011, no. 20, 139–151

[13] Filchenkov A. A., Tulupev A. L., “Analiz tsiklov v minimalnykh grafakh smezhnosti algebraicheskikh baiesovskikh setei”, Trudy SPIIRAN, 17 (2011), 151–173

[14] Azarov A. A., Tulupeva T. V., Filchenkov A. A., Tulupev A. L., “Veroyatnostno-relyatsionnyi podkhod k predstavleniyu modeli kompleksa “Informatsionnaya sistema – personal – kritichnye dokumenty””, Trudy SPIIRAN, 20 (2012), 57–71

[15] Azarov A. A., Tulupeva T. V., Tulupev A. L., “Prototip kompleksa programm dlya analiza zaschischennosti personala informatsionnykh sistem postroennyi na osnove fragmenta profilya uyazvimostei polzovatelya”, Trudy SPIIRAN, 21 (2012), 21–40

[16] Vanyushicheva O. Yu., Prototip kompleksa programm dlya postroeniya profilya psikhologicheski obuslovlennykh uyazvimostei polzovatelya, Diplomnaya rabota, SPbGU, SPb., 2012

[17] Novosti Moskvy http://www.newsmsk.com

[18] Rose-Ackerman S., “The economics of corruption”, Journal of Political Economy, 4:2 (1975), 187–203