Basic model of information processes and behavior of a cyber defense system

Authors

  • Ihor Yakoviv Institute of special communication and information protection of National technical university of Ukraine “Igor Sikorsky Kyiv polytechnic institute”, Kyiv, http://orcid.org/0000-0001-7432-898X

DOI:

https://doi.org/10.20535/2411-1031.2019.7.2.190568

Keywords:

Proactive cyber defense, automation problems, the nature of information, information management processes, cycles and behavior of a cyber defense system.

Abstract

Increasing the complexity and intensity of cyberattacks makes the actual task of implementing a proactive strategy for protecting information technology systems (ITS). Such a strategy is associated with tight time limits on making decisions on assessing the current situation and making appropriate decisions even before the interruption of a cyber attack. These limitations significantly narrow the scope of the use of expert assessment methods. There is a growing need for the widespread use of automation tools that will significantly reduce the time for determining security events, and for formulating and implementing a decision on countering the invasion of ITS cyberspace. A feature of such tools is a significant level of intellectualization, which is adequate to the level of competence of cybersecurity operators. The basic component of the procedure for developing automation tools is the formation of a process model of the object of research. Based on this modem, using the well-known technological platforms, the corresponding software code is generated. Known means of a formalized description of business processes make it possible to form models of information processes. The term “information” is widely used, but its essence is not disclosed. This, in turn, leads to a number of uncertainties regarding the properties of these processes (composition, structure, functions, organization, etc.).
The lack of a constructive definition of the term “information” greatly complicates the analysis of cyber defense processes. In cyberspace, security events and security information are procedures for processing, storing and transmitting data (bit sets). Under these conditions, it is difficult to unambiguously express the semantic connection between the dangerous event in ITS, the information objects reflecting this event, and cyber defense processes using existing modeling tools. The problem of "information uncertainties" in modeling a cyber defense system significantly narrows the range of processes that can be algorithmized with the aim of creating means for their automation. The solution to this problem is relevant for the sphere of automation of proactive cyber defense system processes. In order to increase the efficiency of the process of developing automation tools for modern cyber defense systems, a new model of such a system has been developed based on an attribute-transfer approach to the essence of information and a basic model of information processes for managing a cyber system. Within the framework of this model, the IT system is a management object, the security of which is controlled by a set of coordinated cyber protection information processes. This set of processes is connected by a control cycle. The sequence of cycles is the trajectory of the cyber defense system. Corresponding graphic and mathematical models of behavior are developed. Using them, a decomposition of one of the cyber threat intelligence processes was carried out and an appropriate automation tool was developed.

Author Biography

Ihor Yakoviv, Institute of special communication and information protection of National technical university of Ukraine “Igor Sikorsky Kyiv polytechnic institute”, Kyiv,

candidate of technical sciences, associate professor, associate professor at the cybersecurity and application of information systems and technology academic department

References

E. Şeker, “Use of Artificial Intelligence Techniques”, Applications in Cyber Defense. NATO CCD COE Tallinn, Estonia. [Online]. Available: https://www.researchgate.net/ publication/333674372_Use_of_Artificial_Intelligence_Techniques_Applications_in_Cyber_Defense. Accessed on: July 17, 2019.

P. Poputa-Clean. “Automated Defense”. Using Threat Intelligence to Augment Security. [Online]. Available: https://www.sans.org/reading-room/whitepapers/threats/automated-defense- threat-intelligence-augment-35692. Accessed on: July 17, 2019.

“Being Smart About Cyber Threat Intelligence”. [Online]. Available: http://www.fusionppt.com/ blog-post/smart-cyber-threat-intelligence/. Accessed on: July 17, 2019.

D. Bianco, “The Defense Chain”. [Online]. Available: http://detect-respond.blogspot.com/ 2014/10/the-defense-chain.html. Accessed on: July 17, 2019.

D. Bianco, “The Pyramid of Pain”. [Online]. Available: http://detect-respond.blogspot.com/ 2013/03/the-pyramid-of-pain.html. Accessed on: July 17, 2019.

C. Zimmerman, “Ten Strategies of a World-Class Cybersecurity Operations Center”. [Online]. Available: https://www.mitre.org/sites/default/files/publications/pr-13-1028-mitre-10-strategies-cyber-ops-center.pdf. Accessed on: July 17, 2019.

N. MacDonald, and P. Firstbrook, “Designing an Adaptive Security Architecture for Protection From Advanced Attacks”. [Online]. Available: https://www.gartner.com/en/ documents/2665515/designing-an-adaptive-security-architecture-for-protecti. Accessed on: July 17, 2019.

I. Yakoviv, “Communication channel from positions of the attributive-transfer entity of information”, Information Technology and Security, vol. 1, iss. 2 (2), pp. 84-96, 2012.

I. Yakoviv, “The base model of informational processes of management and safety criteria for cybernetic systems”, Information Technology and Security, vol. 3, iss. 1 (3), pp. 68-74, 2015.

How to Cite

Yakoviv, I. (2019). Basic model of information processes and behavior of a cyber defense system. Information Technology and Security, 7(2), 183–196. https://doi.org/10.20535/2411-1031.2019.7.2.190568

Issue

Section

MATHEMATICAL AND COMPUTER MODELING