METHODOLOGY FOR INVESTIGATING THE PROBABILITY-TIME CHARACTERISTICS OF NETWORK ATTACKS IN THE SIMULATION MODELLING SOFTWARE ENVIRONMENT

Abstract. Objectives An analysis of open access literature sources and normative documents on the problem of information protection in automated systems was carried out. This showed the absence in these documents of quantitative parameters of the probability-time characteristics of network attacks carried out on information resource of automated systems. To such parameters one can attribute the average time of a network attack in one of its states, realising destructive impacts, in order to develop an effective model for countering threats implemented in systems and information security products. Methods One of the methods for solving this problem is a full-scale experiment; however, in practice many difficulties arise during its implementation, namely the determination of the probabilitytime characteristics of network attacks (if the time is much less than a second). To solve this complex problem, it is necessary to use new information technologies, which include the CPNTools simulation modelling software environment. Results The methodology for determining the probability-time characteristics of network attacks carried out on the information resource of automated systems (the quantitative values of the times of the network attack at all states of the formal model of their operation) is developed. A classification of network threats comprising unauthorised access in automated systems based on the data bank of the Federal Service for Technical and Export Control of Russian Federation is proposed. Conclusion  The output data of the methodology developed in the article are the probability-time characteristics of network attacks carried out on the information resource of automated systems. This data was obtained during the simulation using CPNTools software environment in the form of the residence time (realisation) in one of the realisation states of these destructive effects in automated systems. The main aspects of the obtained results are analysed and prospects for their future use, connected with the increase of real security of existing, as well as developed, automated systems, are outlined.

automated system, unauthorised access, probability-time characteristics, system of information protection from unauthorised access, threat, network attack

1. FSTEK RF. Rukovodyashchii dokument. Zashchita ot nesanktsionirovannogo dostupa k informatsii. Terminy i opredeleniya. [Elektronnyiresurs]. URL1: http://fstec.ru/tekhnicheskaya-zashchita-informatsii/dokumenty/114-spetsialnyenormativnye-dokumenty/386-rukovodyashchij-dokument-reshenie-predsedatelya-gostekhkomissii-rossii-ot-30-marta1992-g3. [FSTEC of the Russian Federation. Guidance document. Protection against unauthorized access to information. Terms and Definitions. [Electronic resource] URL1: http://fstec.ru/tekhnicheskaya-zashchitainformatsii/dokumenty/114-spetsialnye-normativnye-dokumenty/386-rukovodyashchij-dokument-resheniepredsedatelya-gostekhkomissii-rossii-ot-30-marta-1992-g3. (In Russ.)]

2. GOST R 51583-2014. Poryadok sozdaniya avtomatizirovannykh sistem v zashchishchennom ispolnenii [Elektronnyiresurs]. URL: http://docs.cntd.ru/document/1200108858. [GOST R 51583-2014. The order of creation of the automated systems in the protected execution [Electronic resource]. URL: http://docs.cntd.ru/document/1200108858. (In Russ.)]

3. FSTEK RF. Rukovodyashchii dokument. Sredstva vychislitel'noi tekhniki. Zashchita ot nesanktsionirovannogo dostupa k informatsii. Pokazateli zashchishchennosti ot nesanktsionirovannogo dostupa k informatsii [Elektronnyiresurs]. URL: http://fstec.ru/tekhnicheskaya-zashchita-informatsii/dokumenty/114-spetsialnye-normativnyedokumenty/383-rukovodyashchij-dokument-reshenie-predsedatelya-gostekhkomissii-rossii-ot-25-iyulya-1997-g. [FSTEC of the Russian Federation. Guidance document. Means of computer facilities. Protection against unauthorized access to information. Indicators of security against unauthorized access to information [Electronic resource]. URL: http://fstec.ru/tekhnicheskaya-zashchita-informatsii/dokumenty/114-spetsialnye-normativnye-dokumenty/383rukovodyashchij-dokument-reshenie-predsedatelya-gostekhkomissii-rossii-ot-25-iyulya-1997-g. (In Russ.)]

4. GOST 34.601-90. Avtomatizirovannye sistemy. Stadii sozdaniya. [Elektronnyiresurs]. URL:http://www.insapov.ru/gost-34-601-90.html. [GOST 34.601-90. Automated systems. Stages of creation. [Electronic resource]. URL:http://www.insapov.ru/gost-34-601-90.html. (In Russ.)]

5. FSTEK RF. Rukovodyashchii dokument. Avtomatizirovannye sistemy. Zashchita ot nesanktsionirovannogo dostupa k informatsii. Klassifikatsiya avtomatizirovannykh sistem i trebovaniya po zashchite informatsii. M.: Voenizdat, 1992. [FSTEC of the Russian Federation. Guidance document. Automated systems. Protection against unauthorized access to information. Classification of automated systems and requirements for information security. Moscow: Voenizdat, 1992. (in Russ.)]

6. FSTEK RF. Rukovodyashchii dokument. Kontseptsiya zashchity sredstv vychislitel'noi tekhniki i avtomatizirovannykh sistem ot nesanktsionirovannogo dostupa k informatsii [Elektronnyiresurs]. URL: http: //fstec.ru/component/attachments/download/299. [FSTEC of the Russian Federation. Guidance document. The concept of protecting computer facilities and automated systems from unauthorized access to information [Electronic resource]. URL: http: //fstec.ru/component/attachments/download/299. (In Russ.)]

7. Prikaz MVD Rossiiot 14.03.2012 №169. Ob utverzhdenii Kontseptsii obespecheniya informatsionnoi bezopasnosti organov vnutrennikh del Rossiiskoi Federatsii do 2020 goda. [Elektronnyiresurs]. URL: http://policemagazine.ru/forum/showthread.php?t=3663. [Order of the Ministry of Internal Affairs of Russia from 14.03.2012 №169. About the statement of the Concept of maintenance of information security of law-enforcement bodies of the Russian Federation till 2020. [Electronic resource]. URL: http://policemagazine.ru/forum/showthread.php?t=3663. (in Russ.)]

8. Zmeev A.A., Machtakov S.G., Meshcheryakova T.V, NikulinaE.Yu., Rogozin E.A., Stukalov V.V., Khvostov V.A. Metody i sredstva evolyutsionnogo modelirovaniya pri obosnovanii trebovanii k programmnym sistem zashchity informatsii. Monografiya (pod red. E.A. Rogozina). Voronezh: Voronezhskii institut MVD Rossii; 2014. 74 s. [Zmeev A.A., Machtakov S.G., Meshcheryakova T.V, NikulinaE. Yu., Rogozin E.A., Stukalov V.V., Khvostov V.A. Methods and means of evolutionary modeling in substantiating the requirements for software information security systems. Monograph (edited by E.A. Rogozin). Voronezh: Voronezh Institute of the Ministry of Internal Affairs of Russian Federation; 2014. 74 p. (in Russ.)]

9. Rogozin E.A., Popov A.D., Shagirov T.V. Proektirovanie sistem zashchity informatsii ot nesanktsionirovannogo dostupa v avtomatizirovannykh sistemakh organov vnutrennikh del. VestnikVoronezhskogo instituta MVD Rossii. 2016; 2:174-183. [Rogozin E.A., Popov A.D., Shagirov T.V. Designing of information security systems against unauthorized access in automated systems of internal affairs bodies. Vestnik of Voronezh Institute of the Ministry of the Interior of Russia. 2016; 2:174-183. (In Russ.)]

10. Drovnikova I.G., Meshcheryakova T.V., Popov A.D, Rogozin E.A., Sitnik S.M. Matematicheskaya model' otsenki effektivnosti sistem zashchity informatsii s ispol'zovaniem preobrazovaniya Laplasa i chislennogo metoda Givensa. Trudy SPIIRAN. 2017; 3(52):234-258. DOI 10.15622/sp.52. [Drovnikova I.G., Meshcheryakova T.V., Popov A.D, Rogozin E.A., Sitnik S.M. A mathematical model for evaluating the effectiveness of information security systems using the Laplace transform and the Givens numerical method. Proceedingsof SPIIRAN. 2017; 3(52):234-258. DOI 10.15622/sp.52. (In Russ.)]

11. Bank dannykhugroz FSTEK RF. [Elektronnyiresurs]. URL: http://bdu.fstec.ru/threat. [FSTEC RF Database of Threats [Electronic resource]. URL: http://bdu.fstec.ru/threat. (In Russ.)]

12. Zaitsev D.A., Shmeleva T.R. Simulating Telecommunication Systems with CPN Tools: Students'book. Odessa: ONAT; 2006. 60 p.

13. Jensen K., Kristensen L.M. Coloured Petri Nets. Modelling and Validation of Concurrent Systems. Springer-Verlag Berlin Heidelberg; 2009. 384 p.

14. Van der Aalst W., Stahl C. Modeling Business Processes - A Petri Net-Oriented Approach. MassachusettsInstituteofTechnology; 2011. 400 p.

15. Rad'ko N.M., YazovYu.K., Korneeva N.N. Proniknoveniya v operatsionnuyu sredu komp'yutera: model i zloumyshlennogo udalennogo dostupa: ucheb.posobie. Voronezh: FGBOU VPO «Voronezhskii gosudarstvennyi tekhnicheskii universitet»; 2013. 263 s. [Rad'ko N.M., YazovYu.K., Korneeva N.N. Penetrations into the operating environment of the computer: malicious remote access models: tutorial. Voronezh: Voronezh State Technical University; 2013. 263 p. (In Russ.)]

16. Ding S., Xia N., Wang P., Li S., Ou Y. Optimization Algorithm Based on SPSA in Multi-channel Multi-radio Wireless Monitoring Network. Cyber-Enabled Distributed Computing and Knowledge Discovery (CyberC) International Conference. 2015. P. 517-524.

17. Hasanifard M., Ladani B.T. DoS and port scan attack detection in high speed networks. Information Security and Cryptology (ISCISC) 11th International ISC Conference. 2014. P. 61-66.

18. Muniyandi A.P. et al. Network Anomaly Detection by Cascading KMeans Clustering and C4.5 Decision Tree algorithm. Procedia Engineering. 2012;30:174-182.

19. Zhang P., Nagarajan S.G., Nevat I. Secure Location of Things (SLOT): Mitigating Localization Spoofing Attacks in the Internet of Things. IEEE Internet of Things Journal. 2017;4(6):2199-2206.