Communication system information resource security breach model
The article presents a model of information resources security breach processed in communication systems. The basic functions of the security system as one of the elements of the communication system are described. It is shown that the vulnerabilities of its components lead to a violation of the security of information resources and contribute to the realization of threats to their security. The information resources security breach model is developed based on multiple vulnerabilities of communication systems. The list of security threats to information resources, attacks types at all levels of the basic reference model of open systems interaction, examples of attacks implementation and strategy of carrying out attacks by an attacker are considered: the impact of an attack option on a single object or multiple objects of the communication system, the impact of multiple attack options on a separate object or set of objects of a communication system. This allowed establishing the capabilities of the attacker when carrying out attacks on information resources of communication systems. The developed model is proposed to be used as a basis for building a subsystem of assessment of the security of information resources of the communication system. Also, methods of assessing the security of information resources against internal and external threats have been used. The security assessment subsystem of communication systems takes into account many possible threats and elements of communication systems. Based on the analysis of security threats to information resources and structural components of communication systems, analytical equations were obtained to assess the probability of realization of violations of the information resources security of communication systems at all levels of the basic reference model of open systems interaction. It has been found that the detection of attacks in communication systems depends on the speed at which the security system adapts to new threats. Using the obtained model of security breach will allow developing methods for assessing the level of protection against internal and external threats to determine the effectiveness of the information security system in real-time functioning. This will increase the overall security of the communication systems and information resources that they process
Full Text:PDF (Українська)
Y. Vasiliev, “Classification and analysis of threats to information security in key information infrastructure systems”, Legal, normative and metrological provision of the information security system in Ukraine, № 1 (29), pp. 56-61, 2015.
Y.A. Korpan, “Classification of information security threats to computer systems for remote data processing”, Data Recording, Storage & Processing ,vol. 17, no. 2, pp.39-46, 2015.
D. Mehed, Y. Tkach, V. Bazilevich, V. Guriev, and Y. Usov, “Analysis of corporate information systems vulnerability”, Ukrainian Information Security Research Journal, vol 20, no. 1, pp. 61-66, 2018. doi: 10.18372/2410-7840.20.12453
R. Grishchuk, V. Okhrimchuk, and V. Akhtyrtseva, “Sources of primary data for developing templates for potentially dangerous cyber attacks”, Ukrainian Information Security Research Journal, vol. 18, no. 1, pp. 21-29, 2016. doi: 10.18372/2410-7840.18.10109.
I. Yakoviv, “Information-telecommunication system, conceptual model of cyberspace and cybersecurity”, Information Technology and Security, vol 5, iss. 2, pp. 134-144, 2017.
S. V. Salnyk, O.Y. Sova, D.A. Minochkin, “Methods analysis of intrusion detection in manet class mobile radio networks”, Modern Information Technologies in the Sphere of Security and Defence, no. 1 (22) , pp. 103-112, 2015.
V. L. Buryachok, “Modern systems of intrusion detection in information and telecommunication systems and networks. The selection model of rational variant of responding to the occurrence of extraneous influence cybernetic”, Informational security, no.1, pp.33-40, 2013.
A. O. Antoniuk, Modeling of information security systems, Irpin, Ukraine: National University of State Tax Service of Ukraine, 2015.
Y. Alshboul, K. Streffб “Analyzing Information Security Model for Small-Medium Sized Businesses”, in Proc. 21st Americas Conference on Information Systems, Puerto Rico, 2015
N. S. Safa, R. V. Solms, S. Furnell, “Information security policy compliance model in organizations”, Computers & Security, vol. 56, pp. 70-82, 2016. doi:10.1016/j.cose.2015.10.006
D. L. Nazareth, J. Choi, “A system dynamics model for information security management”, Information & Management, vol. 52, issue 1, pp. 123-134, 2015. doi:10.1016/j.im.2014.10.009.
P. Aggarwal, and S.K. Sharma “Analysis of KDD dataset attributes-class wise for intrusion detection”, Procedia Computer Science. vol. 57, pp. 842–851, 2015. doi: 10.1016/ j.procs.2015.07.490.
This work is licensed under a Creative Commons Attribution 4.0 International License.
ISSN 2411-1031 (Print), ISSN 2518-1033 (Online)