A Markov model of non-mutually exclusive cyber threats and its applications for selecting an optimal set of information security remedies

A. A. Kassenov; A. A. Magazev; V. F. Tsyrulnik

Geodesic

Parcourir par

A Markov model of non-mutually exclusive cyber threats and its applications for selecting an optimal set of information security remedies

A. A. Kassenov ; A. A. Magazev ; V. F. Tsyrulnik

Modelirovanie i analiz informacionnyh sistem, Tome 27 (2020) no. 1, pp. 108-123.

Voir la notice de l'article provenant de la source Math-Net.Ru

Résumé

In this work, we study a Markov model of cyber threats that act on a computer system. Within the framework of the model the computer system is considered as a system with failures and recoveries by analogy with models of reliability theory. To estimate functionally-temporal properties of the system we introduce a parameter called the lifetime of the system and defined as the number of transitions of the corresponding Markov chain until the first hit to the final state. Since this random variable plays an important role at evaluating a security level of the computer system, we investigate in detail its random distribution for the case of mutually exclusive cyber threats; in particular, we derive explicit analytical formulae for numerical characteristics of its distribution: expected value and dispersion. Then we generalize substantially the Markov model dropping the assumption that cyber threats acting on the system are mutually exclusive. This modification leads to an extended Markov chain that has (at least qualitatively) the same structure as the original chain. This fact allowed to generalize the above analytical results for the expected value and dispersion of the lifetime to the case of non-mutually exclusive cyber threats. At the end of the work the Markov model for non-mutually exclusive cyber threats is used to state a problem of finding an optimal configuration of security remedies in a given cyber threat space. It is essential that the formulated optimization problems belong to the class of non-linear discrete (Boolean) programming problems. Finally, we consider an example that illustrate the solution of the problem on selecting the optimal set of security remedies for a computer system.

Keywords: cyber threat, security remedy, optimization.
Mots-clés : Markov chain

@article{MAIS_2020_27_1_a8,
     author = {A. A. Kassenov and A. A. Magazev and V. F. Tsyrulnik},
     title = {A {Markov} model of non-mutually exclusive cyber threats and its applications for selecting an optimal set of information security remedies},
     journal = {Modelirovanie i analiz informacionnyh sistem},
     pages = {108--123},
     publisher = {mathdoc},
     volume = {27},
     number = {1},
     year = {2020},
     language = {ru},
     url = {http://geodesic.mathdoc.fr/item/MAIS_2020_27_1_a8/}
}

TY  - JOUR
AU  - A. A. Kassenov
AU  - A. A. Magazev
AU  - V. F. Tsyrulnik
TI  - A Markov model of non-mutually exclusive cyber threats and its applications for selecting an optimal set of information security remedies
JO  - Modelirovanie i analiz informacionnyh sistem
PY  - 2020
SP  - 108
EP  - 123
VL  - 27
IS  - 1
PB  - mathdoc
UR  - http://geodesic.mathdoc.fr/item/MAIS_2020_27_1_a8/
LA  - ru
ID  - MAIS_2020_27_1_a8
ER  -

%0 Journal Article
%A A. A. Kassenov
%A A. A. Magazev
%A V. F. Tsyrulnik
%T A Markov model of non-mutually exclusive cyber threats and its applications for selecting an optimal set of information security remedies
%J Modelirovanie i analiz informacionnyh sistem
%D 2020
%P 108-123
%V 27
%N 1
%I mathdoc
%U http://geodesic.mathdoc.fr/item/MAIS_2020_27_1_a8/
%G ru
%F MAIS_2020_27_1_a8

A. A. Kassenov; A. A. Magazev; V. F. Tsyrulnik. A Markov model of non-mutually exclusive cyber threats and its applications for selecting an optimal set of information security remedies. Modelirovanie i analiz informacionnyh sistem, Tome 27 (2020) no. 1, pp. 108-123. http://geodesic.mathdoc.fr/item/MAIS_2020_27_1_a8/

Bibliographie
Cité par

[1] N. Ye, Y. Zhang, C. M. Borrow, “Robustness of the Markov-chain model for cyber-attack detection”, IEEE Transactions on Reliability, 53:1 (2004), 116–123

[2] S. Jha, K. Tan, R. Maxion, “Markov chains, classifiers, and intrusion detection”, Proc. IEEE computer security foundations workshops, v. 1, 2001, 206–219

[3] A. Ahmadian Ramaki, A. Rasoolzadegan, A. Javan Jafari, “A systematic review on intrusion detection based on the hidden Markov model”, Statistical Analysis and Data Mining: The ASA Data Science Journal, 11:3 (2018), 111–134 | MR

[4] P. Garcia-Teodoro, J. Diaz-Verdejo, G. Maciá-Fernández, E. Vázquez, “Anomaly-based network intrusion detection: techniques, systems and challenges”, Computers and Security, 28:1-2 (2009), 18–28

[5] L. Billings, W. Spears, I. Schwartz, “A unified prediction of computer virus spread in connected networks”, Physics Letters A, 297:3-4 (2002), 261–266 | MR | Zbl

[6] A. Boyko, “Sposob analiticheskogo modelirovaniya protsessa rasprostraneniya virusov v komp'yuternykh setyakh razlichnoy struktury”, Trudy SPIIRAN, 5:42 (2015), 196–211

[7] Y. Dalinger, D. Babanin, S. M. Burkov, “Matematicheskie modeli rasprostraneniya virusov v komp'yuternykh setyakh razlichnoy struktury”, Informatika i sistemy upravleniya, 2012, no. 4, 25–33

[8] A. Del Rey, “Mathematical modeling of the propagation of malware: a review”, Security and Communication Networks, 8:15 (2015), 2561–2579

[9] C. Xiaolin, T. Xiaobin, Z. Yong, X. Hongsheng, “A Markov game theory-based risk assessment model for network information system”, IEEE (China, 2008), v. 3, 1057–1061

[10] M. Yang, R. Jiang, T. Gao, W. Xie, J. Wang, “Research on cloud computing security risk assessment based on information entropy and Markov chain”, I. J. Network Security, 20:4 (2018), 664–673

[11] H. Orojloo, M. Azgomi, “A method for modeling and evaluation of the security of cyber-physical systems”, 11th International ISC conference on information security and cryptology (Iran, 2014), IEEE, 131–136

[12] J. Almasizadeh, M. Azgomi, “A stochastic model of attack process for the evaluation of security metrics”, Computer Networks, 57:10 (2013), 2159–2180

[13] K. Shcheglov, A. Shcheglov, “Markovskie modeli ugrozy bezopasnosti informatsionnoy sistemy”, Izvestiya vysshikh uchebnykh zavedeniy. Priborostroenie, 58:12 (2015), 957–965

[14] A. Rosenko, “Matematicheskoe modelirovanie vliyaniya vnutrennikh ugroz na bezopasnost' konfidentsial'noy informatsii, tsirkuliruyushchey v avtomatizirovannoy informatsionnoy sisteme”, Izvestiya Yuzhnogo federal'nogo universiteta. Tekhnicheskie nauki, 85:8 (2008), 71–81

[15] A. Magazev, V. Tsyrulnik, “Investigation of a Markov model for computer system security threats”, Automatic Control and Computer Sciences, 52:7 (2018), 615–624 | MR

[16] A. Magazev, V. Tsyrulnik, “Optimizing the selection of information security remedies in terms of a Markov security model”, Journal of physics: conference series, 1096:1 (2018), 012160

[17] D. Shirtz, Y. Elovici, “Optimizing investment decisions in selecting information security remedies”, Information Management and Computer Security, 19:2 (2011), 95–112

[18] A. P. Prudnikov, Y. A. Brychkov, O. I. Marichev, Integrals and series: elementary functions, v. 1, Gordon Breach Sci. Publ., New York, 1986 | MR

[19] W. Feller, An introduction to probability theory and its applications, v. 1, John Wiley Sons Inc, 1968, 528 pp. | MR | Zbl

[20] A. Ovchinnikov e. a., “Matematicheskaya model' optimal'nogo vybora sredstv zashchity ot ugroz bezopasnosti vychislitel'noy seti predpriyatiya”, Vestnik Moskovskogo gosudarstvennogo tekhnicheskogo universiteta im. N. E. Baumana. Ser. “Priborostroenie”, 2007, no. 3, 115–121

[21] M. Kovalev, Diskretnaya optimizatsiya (tselochislennoe programmirovanie), 2-e izd., stereotipnoe, Editorial URSS, 2003, 192 pp.

[22] S. D. Beshelev, F. Gurvich, Matematiko-statisticheskie metody ekspertnykh otsenok, Statistika, 1980, 263 pp.