Investigation of a Markov model for computer system security threats

A. A. Magazev; V. F. Tsyrulnik

Geodesic

Parcourir par

Investigation of a Markov model for computer system security threats

A. A. Magazev ; V. F. Tsyrulnik

Modelirovanie i analiz informacionnyh sistem, Tome 24 (2017) no. 4, pp. 445-458.

Voir la notice de l'article provenant de la source Math-Net.Ru

Résumé

In this work, a model for computer system security threats formulated in terms of Markov processes is investigated. In the framework of this model the functioning of the computer system is considered as a sequence of failures and recovery actions which appear as results of information security threats acting on the system. We provide a detailed description of the model: the explicit analytical formulas for the probabilities of computer system states at any arbitrary moment of time are derived, some limiting cases are discussed, and the long-run dynamics of the system is analysed. The dependence of the security state probability (i.e. the state for which threats are absent) on the probabilities of threats is separately investigated. In particular, it is shown that this dependence is qualitatively different for odd and even moments of time. For instance, in the case of one threat the security state probability demonstrates non-monotonic dependence on the probability of threat at even moments of time; this function admits at least one local minimum in its domain of definition. It is believed that the mentioned feature is important because it allows to locate the most dangerous areas of threats where the security state probability can be lower then the permissible level. Finally, we introduce an important characteristic of the model, called the relaxation time, by means of which we construct the permitting domain of the security parameters. Also the prospects of the received results application to the problem of finding the optimal values of the security parameters is discussed.

Keywords: computer system, security threat, Markov process.

@article{MAIS_2017_24_4_a4,
     author = {A. A. Magazev and V. F. Tsyrulnik},
     title = {Investigation of a {Markov} model for computer system security threats},
     journal = {Modelirovanie i analiz informacionnyh sistem},
     pages = {445--458},
     publisher = {mathdoc},
     volume = {24},
     number = {4},
     year = {2017},
     language = {ru},
     url = {http://geodesic.mathdoc.fr/item/MAIS_2017_24_4_a4/}
}

TY  - JOUR
AU  - A. A. Magazev
AU  - V. F. Tsyrulnik
TI  - Investigation of a Markov model for computer system security threats
JO  - Modelirovanie i analiz informacionnyh sistem
PY  - 2017
SP  - 445
EP  - 458
VL  - 24
IS  - 4
PB  - mathdoc
UR  - http://geodesic.mathdoc.fr/item/MAIS_2017_24_4_a4/
LA  - ru
ID  - MAIS_2017_24_4_a4
ER  -

%0 Journal Article
%A A. A. Magazev
%A V. F. Tsyrulnik
%T Investigation of a Markov model for computer system security threats
%J Modelirovanie i analiz informacionnyh sistem
%D 2017
%P 445-458
%V 24
%N 4
%I mathdoc
%U http://geodesic.mathdoc.fr/item/MAIS_2017_24_4_a4/
%G ru
%F MAIS_2017_24_4_a4

A. A. Magazev; V. F. Tsyrulnik. Investigation of a Markov model for computer system security threats. Modelirovanie i analiz informacionnyh sistem, Tome 24 (2017) no. 4, pp. 445-458. http://geodesic.mathdoc.fr/item/MAIS_2017_24_4_a4/

Bibliographie
Cité par

[1] Ye N. et al., “Robustness of the Markov-Chain Model for Cyber-Attack Detection”, IEEE Transactions on Reliability, 53:1 (2004), 116–123 | DOI | Zbl

[2] Fava D. et al., “Projecting Cyberattacks through Variable-Length Markov Models”, IEEE Transactions on Information Forensics and Security, 3:3 (2008), 359–369 | DOI

[3] Piétre-Cambacédès L., Bouissou M., “Beyond Attack Trees: Dynamic Security Modeling with Boolean Logic Driven Markov Processes (BDMP)”, Proceedings of the 2010 European Dependable Computing Conference, IEEE Computer Society, 2010, 199–208 | DOI

[4] Dalinger Ya. M. et al., “The mathematical models of the spreading of viruses in computer networks with the diferent structures”, Information Science and Control Systems, 2011, no. 4, 3–11 (in Russian)

[5] Ye N., “A Markov Chain Model of Temporal Behavior for Anomaly Detection”, Proceeding on the 2000 IEEE Systems, Man, and Cybern. Information Assurance and Security Workshop, IEEE Computer Society, 2000, 171–174

[6] Kovalev S. M., Sukhanov A. V., “Anomaly detection based on Markov chain model with production rules”, Software and Systems, 107:3 (2014), 40–43 | DOI

[7] Bogatyrev V. A. et al., “Intervals optimization of systems information security inspection”, Scientific and Technical Journal of Information Technologies, Mechanics and Optics, 2014, no. 5 (93), 119–125 (in Russian)

[8] Shcheglov K. A. et al., “Mathematical models of operational information security”, Information security questions, 2014, no. 3, 52–65 (in Russian)

[9] Vobbilisetty R. et al., “Classic Cryptanalysis Using Hidden Markov Models”, Cryptologia, 41:1, 1–28 | DOI

[10] Austin T. H. et al., “Exploring Hidden Markov Models for Virus Analysis: a Semantic Approach”, Proceedings of the 2013 46th Hawaii International Conference on System Sciences, IEEE Computer Society, 2013, 5039–5048 | DOI

[11] Klimenko E. S., Rosenko A. P., “Markovskaya model otsenki vliyaniya vnutrennikh ugroz na bezopasnost konfidentsialnoy informatsii”, Izvestiya SFedU. Engineering Sciences, 2007, no. 4(76), 123–126 (in Russian)

[12] Rosenko A. P., “Mathematical Modelling of Internal Threats on Safety of the Confidential Information Circulating in Automated Information System Availability”, Izvestiya SFedU. Engineering Sciences, 2008, no. 8(85), 71–81 (in Russian)

[13] Shcheglov K. A., Shcheglov A. Yu., “Markov models for informational system security threat”, Izvestiya Vysshikh Uchebnykh Zavedeniy. Priborostroenie, 58:12 (2015), 957–965 (in Russian)

[14] Shcheglov K. A., Shcheglov A. Yu., “Modeling of information system security threat using approximating functions”, Izvestiya Vysshikh Uchebnykh Zavedeniy. Priborostroenie, 59:1 (2016), 50–59 (in Russian)

[15] Gnedenko B. V. et al., Mathematical Methods of Reliability Theory, Academic Press, 1969, 503 pp. | MR | Zbl

[16] Rausand M, Hoyland A., System Reliability Theory: Models, Statistical Methods, and Applications, John Wiley Sons, 2004, 664 pp. | MR | Zbl

[17] Ovchinnikov A. I. et al., “Mathematical Model of Optimal Selection of Aids of Protection Against Threats for Safety of Enterprise Computer Network”, Herald of the Bauman Moscow State Technical University. Series Instrument Engineering, 2007, no. 3, 115–121 (in Russian)

[18] Zavgorodniy V. I., “System management of information risks: choice of mechanisms for protection against information risks”, Problemy Upravleniya, 2009, no. 1, 53–58 (in Russian)

[19] Yudin D. B., Gol'shteyn E. G., Lineynoe programmirovanie. Teoriya, metody i prilozheniya, Nauka, 1969, 424 pp. (in Russian) | MR