Basic model of information processes and behavior of a cyber defense system
Keywords:Proactive cyber defense, automation problems, the nature of information, information management processes, cycles and behavior of a cyber defense system.
Increasing the complexity and intensity of cyberattacks makes the actual task of implementing a proactive strategy for protecting information technology systems (ITS). Such a strategy is associated with tight time limits on making decisions on assessing the current situation and making appropriate decisions even before the interruption of a cyber attack. These limitations significantly narrow the scope of the use of expert assessment methods. There is a growing need for the widespread use of automation tools that will significantly reduce the time for determining security events, and for formulating and implementing a decision on countering the invasion of ITS cyberspace. A feature of such tools is a significant level of intellectualization, which is adequate to the level of competence of cybersecurity operators. The basic component of the procedure for developing automation tools is the formation of a process model of the object of research. Based on this modem, using the well-known technological platforms, the corresponding software code is generated. Known means of a formalized description of business processes make it possible to form models of information processes. The term “information” is widely used, but its essence is not disclosed. This, in turn, leads to a number of uncertainties regarding the properties of these processes (composition, structure, functions, organization, etc.).
The lack of a constructive definition of the term “information” greatly complicates the analysis of cyber defense processes. In cyberspace, security events and security information are procedures for processing, storing and transmitting data (bit sets). Under these conditions, it is difficult to unambiguously express the semantic connection between the dangerous event in ITS, the information objects reflecting this event, and cyber defense processes using existing modeling tools. The problem of "information uncertainties" in modeling a cyber defense system significantly narrows the range of processes that can be algorithmized with the aim of creating means for their automation. The solution to this problem is relevant for the sphere of automation of proactive cyber defense system processes. In order to increase the efficiency of the process of developing automation tools for modern cyber defense systems, a new model of such a system has been developed based on an attribute-transfer approach to the essence of information and a basic model of information processes for managing a cyber system. Within the framework of this model, the IT system is a management object, the security of which is controlled by a set of coordinated cyber protection information processes. This set of processes is connected by a control cycle. The sequence of cycles is the trajectory of the cyber defense system. Corresponding graphic and mathematical models of behavior are developed. Using them, a decomposition of one of the cyber threat intelligence processes was carried out and an appropriate automation tool was developed.
E. Şeker, “Use of Artificial Intelligence Techniques”, Applications in Cyber Defense. NATO CCD COE Tallinn, Estonia. [Online]. Available: https://www.researchgate.net/ publication/333674372_Use_of_Artificial_Intelligence_Techniques_Applications_in_Cyber_Defense. Accessed on: July 17, 2019.
P. Poputa-Clean. “Automated Defense”. Using Threat Intelligence to Augment Security. [Online]. Available: https://www.sans.org/reading-room/whitepapers/threats/automated-defense- threat-intelligence-augment-35692. Accessed on: July 17, 2019.
“Being Smart About Cyber Threat Intelligence”. [Online]. Available: http://www.fusionppt.com/ blog-post/smart-cyber-threat-intelligence/. Accessed on: July 17, 2019.
D. Bianco, “The Defense Chain”. [Online]. Available: http://detect-respond.blogspot.com/ 2014/10/the-defense-chain.html. Accessed on: July 17, 2019.
D. Bianco, “The Pyramid of Pain”. [Online]. Available: http://detect-respond.blogspot.com/ 2013/03/the-pyramid-of-pain.html. Accessed on: July 17, 2019.
C. Zimmerman, “Ten Strategies of a World-Class Cybersecurity Operations Center”. [Online]. Available: https://www.mitre.org/sites/default/files/publications/pr-13-1028-mitre-10-strategies-cyber-ops-center.pdf. Accessed on: July 17, 2019.
N. MacDonald, and P. Firstbrook, “Designing an Adaptive Security Architecture for Protection From Advanced Attacks”. [Online]. Available: https://www.gartner.com/en/ documents/2665515/designing-an-adaptive-security-architecture-for-protecti. Accessed on: July 17, 2019.
I. Yakoviv, “Communication channel from positions of the attributive-transfer entity of information”, Information Technology and Security, vol. 1, iss. 2 (2), pp. 84-96, 2012.
I. Yakoviv, “The base model of informational processes of management and safety criteria for cybernetic systems”, Information Technology and Security, vol. 3, iss. 1 (3), pp. 68-74, 2015.
How to Cite
Copyright (c) 2020 Collection "Information technology and security"
This work is licensed under a Creative Commons Attribution 4.0 International License.
The authors that are published in this collection, agree to the following terms:
- The authors reserve the right to authorship of their work and pass the collection right of first publication this work is licensed under the Creative Commons Attribution License, which allows others to freely distribute the published work with the obligatory reference to the authors of the original work and the first publication of the work in this collection.
- The authors have the right to conclude an agreement on exclusive distribution of the work in the form in which it was published this anthology (for example, to place the work in a digital repository institution or to publish in the structure of the monograph), provided that references to the first publication of the work in this collection.
- Policy of the journal allows and encourages the placement of authors on the Internet (for example, in storage facilities or on personal web sites) the manuscript of the work, prior to the submission of the manuscript to the editor, and during its editorial processing, as it contributes to productive scientific discussion and positive effect on the efficiency and dynamics of citations of published work (see The Effect of Open Access).