@article{Yakoviv_2019, title={Basic model of information processes and behavior of a cyber defense system}, volume={7}, url={https://its.iszzi.kpi.ua/article/view/190568}, DOI={10.20535/2411-1031.2019.7.2.190568}, abstractNote={<p>Increasing the complexity and intensity of cyberattacks makes the actual task of implementing a proactive strategy for protecting information technology systems (ITS). Such a strategy is associated with tight time limits on making decisions on assessing the current situation and making appropriate decisions even before the interruption of a cyber attack. These limitations significantly narrow the scope of the use of expert assessment methods. There is a growing need for the widespread use of automation tools that will significantly reduce the time for determining security events, and for formulating and implementing a decision on countering the invasion of ITS cyberspace. A feature of such tools is a significant level of intellectualization, which is adequate to the level of competence of cybersecurity operators. The basic component of the procedure for developing automation tools is the formation of a process model of the object of research. Based on this modem, using the well-known technological platforms, the corresponding software code is generated. Known means of a formalized description of business processes make it possible to form models of information processes. The term “information” is widely used, but its essence is not disclosed. This, in turn, leads to a number of uncertainties regarding the properties of these processes (composition, structure, functions, organization, etc.).<br />The lack of a constructive definition of the term “information” greatly complicates the analysis of cyber defense processes. In cyberspace, security events and security information are procedures for processing, storing and transmitting data (bit sets). Under these conditions, it is difficult to unambiguously express the semantic connection between the dangerous event in ITS, the information objects reflecting this event, and cyber defense processes using existing modeling tools. The problem of "information uncertainties" in modeling a cyber defense system significantly narrows the range of processes that can be algorithmized with the aim of creating means for their automation. The solution to this problem is relevant for the sphere of automation of proactive cyber defense system processes. In order to increase the efficiency of the process of developing automation tools for modern cyber defense systems, a new model of such a system has been developed based on an attribute-transfer approach to the essence of information and a basic model of information processes for managing a cyber system. Within the framework of this model, the IT system is a management object, the security of which is controlled by a set of coordinated cyber protection information processes. This set of processes is connected by a control cycle. The sequence of cycles is the trajectory of the cyber defense system. Corresponding graphic and mathematical models of behavior are developed. Using them, a decomposition of one of the cyber threat intelligence processes was carried out and an appropriate automation tool was developed.</p>}, number={2}, journal={Collection "Information Technology and Security"}, author={Yakoviv, Ihor}, year={2019}, month={Dec.}, pages={183–196} }