Communication system information resource security breach model
DOI:
https://doi.org/10.20535/2411-1031.2019.7.1.184217Keywords:
Communication systems, information resources, security breach, security evaluation system, security breach modelAbstract
The article presents a model of information resources security breach processed in communication systems. The basic functions of the security system as one of the elements of the communication system are described. It is shown that the vulnerabilities of its components lead to a violation of the security of information resources and contribute to the realization of threats to their security. The information resources security breach model is developed based on multiple vulnerabilities of communication systems. The list of security threats to information resources, attacks types at all levels of the basic reference model of open systems interaction, examples of attacks implementation and strategy of carrying out attacks by an attacker are considered: the impact of an attack option on a single object or multiple objects of the communication system, the impact of multiple attack options on a separate object or set of objects of a communication system. This allowed establishing the capabilities of the attacker when carrying out attacks on information resources of communication systems. The developed model is proposed to be used as a basis for building a subsystem of assessment of the security of information resources of the communication system. Also, methods of assessing the security of information resources against internal and external threats have been used. The security assessment subsystem of communication systems takes into account many possible threats and elements of communication systems. Based on the analysis of security threats to information resources and structural components of communication systems, analytical equations were obtained to assess the probability of realization of violations of the information resources security of communication systems at all levels of the basic reference model of open systems interaction. It has been found that the detection of attacks in communication systems depends on the speed at which the security system adapts to new threats. Using the obtained model of security breach will allow developing methods for assessing the level of protection against internal and external threats to determine the effectiveness of the information security system in real-time functioning. This will increase the overall security of the communication systems and information resources that they process
References
Y. Vasiliev, “Classification and analysis of threats to information security in key information infrastructure systems”, Legal, normative and metrological provision of the information security system in Ukraine, № 1 (29), pp. 56-61, 2015.
Y.A. Korpan, “Classification of information security threats to computer systems for remote data processing”, Data Recording, Storage & Processing ,vol. 17, no. 2, pp.39-46, 2015.
D. Mehed, Y. Tkach, V. Bazilevich, V. Guriev, and Y. Usov, “Analysis of corporate information systems vulnerability”, Ukrainian Information Security Research Journal, vol 20, no. 1, pp. 61-66, 2018. doi: 10.18372/2410-7840.20.12453
R. Grishchuk, V. Okhrimchuk, and V. Akhtyrtseva, “Sources of primary data for developing templates for potentially dangerous cyber attacks”, Ukrainian Information Security Research Journal, vol. 18, no. 1, pp. 21-29, 2016. doi: 10.18372/2410-7840.18.10109.
I. Yakoviv, “Information-telecommunication system, conceptual model of cyberspace and cybersecurity”, Information Technology and Security, vol 5, iss. 2, pp. 134-144, 2017.
S. V. Salnyk, O.Y. Sova, D.A. Minochkin, “Methods analysis of intrusion detection in manet class mobile radio networks”, Modern Information Technologies in the Sphere of Security and Defence, no. 1 (22) , pp. 103-112, 2015.
V. L. Buryachok, “Modern systems of intrusion detection in information and telecommunication systems and networks. The selection model of rational variant of responding to the occurrence of extraneous influence cybernetic”, Informational security, no.1, pp.33-40, 2013.
A. O. Antoniuk, Modeling of information security systems, Irpin, Ukraine: National University of State Tax Service of Ukraine, 2015.
Y. Alshboul, K. Streffб “Analyzing Information Security Model for Small-Medium Sized Businesses”, in Proc. 21st Americas Conference on Information Systems, Puerto Rico, 2015
N. S. Safa, R. V. Solms, S. Furnell, “Information security policy compliance model in organizations”, Computers & Security, vol. 56, pp. 70-82, 2016. doi:10.1016/j.cose.2015.10.006
D. L. Nazareth, J. Choi, “A system dynamics model for information security management”, Information & Management, vol. 52, issue 1, pp. 123-134, 2015. doi:10.1016/j.im.2014.10.009.
P. Aggarwal, and S.K. Sharma “Analysis of KDD dataset attributes-class wise for intrusion detection”, Procedia Computer Science. vol. 57, pp. 842–851, 2015. doi: 10.1016/ j.procs.2015.07.490.
Downloads
Published
How to Cite
Issue
Section
License
Copyright (c) 2020 Collection "Information technology and security"
This work is licensed under a Creative Commons Attribution 4.0 International License.
The authors that are published in this collection, agree to the following terms:
- The authors reserve the right to authorship of their work and pass the collection right of first publication this work is licensed under the Creative Commons Attribution License, which allows others to freely distribute the published work with the obligatory reference to the authors of the original work and the first publication of the work in this collection.
- The authors have the right to conclude an agreement on exclusive distribution of the work in the form in which it was published this anthology (for example, to place the work in a digital repository institution or to publish in the structure of the monograph), provided that references to the first publication of the work in this collection.
- Policy of the journal allows and encourages the placement of authors on the Internet (for example, in storage facilities or on personal web sites) the manuscript of the work, prior to the submission of the manuscript to the editor, and during its editorial processing, as it contributes to productive scientific discussion and positive effect on the efficiency and dynamics of citations of published work (see The Effect of Open Access).