CC BY
85
RISK MODELS AND CRITERIA OF INFORMATION CONFRONTATION IN SOCIAL NETWORKS
Alexey N. Nazarov,
Doctor of Technical Science, Professor, Moscow Institute of Physics and Technology, Moscow, Russia, a.nazarov06@bk.ru
Alexander I. Galushkin,
Doctor of Technical Science, Professor, Deputy Head of the Department, Moscow Institute of Physics and Technology, Moscow, Russia, neurocomputer@yandex.ru
Artem K. Sychev,
Scientific researcher LLC "SmartTek", Moscow, Russia, sychev_a_k@mail.ru
Keywords: information warfare, polynomial, risk-models, risk-criteria, actor, social network, monitoring, security function, Hadoop cluster, daemon.
"The Information Warfare within the Internet" is the rivalry among political actors through the use of specialized IT (Information Technology) resources in order to influence the informational space of your opponent, to make an impact on its audience and different spheres of political and power relations in order to establish control over the sources of virtual and electronic policy, Resources actor-opponent and achieve information superiority. In other words, the actor aggressor for information superiority over-actor advocate making information attack against an object in the web-space, whose success is a victory, in the sense of achievement of information superiority.
In fact, citizens become an extensive network of ground-based social touch, reflecting the structure of society in real time in nearly every corner of the world, and the speed and volume of the sensor network, especially in terms of "Internet everywhere" is growing every day.
Hidden information and psychological impact on the population in social networks used to solve the following problems: informational influence on individuals, social and other groups, society as a whole; informational influence on the feasibility and efficiency of administrative decisions by the government and law enforcement agencies adopted on the basis of this information; manipulation of public opinion through the mass media and, in particular, through social networking services; discrediting the leaders of objectionable; automated information dissemination in the major social networks and the organization of information support activities for prepared exposure scenarios and given a mass audience of social networks. Based on logically probabilistic approach, we propose a Risk Model for successful attacks on social media on the Internet in terms of information warfare. We formulate and investigate risk-criteria for the decision-making framework aiming to achieve the goals of information warfare. We, finally, propose an algorithmic foundation based on the established criteria for the Hadoop cluster.
Для цитирования:
Назаров А.Н., Галушкин А.И., Сычев А.К. Риск-модели и критерии информационного противоборства в социальных сетях // T-Comm: Телекоммуникации и транспорт. - 2016. - Том 10. - №7. - С. 81-86.
For citation:
Nazarov A.N., Galushkin AI., Sychev A.K. Risk models and criteria of information confrontation in social networks. T-Comm. 2016. Vol. 10. No.7, рр. 81-86.
1. introduction
Risk models of information influence and destabilizing factors
The model makes it possible to influence the information to study the dependence of the behavior of the subject of his awareness and, consequently, on the impact of information. Having a model of informational influence can pose and solve the problem of synthesis of information management - what should be the impact of information (in terms of the control of the subject), managed to get on the subject of the desired behavior. Finally, unable to solve the problem of information management, information warfare can be modeled by simulating the interaction of several actors, who have common interests in certain information, and the effect on the managed object. If the model of informational influence (social impact in terms of sociology and social psychology) has been the subject of numerous studies for over half a century, the issues of mathematical modeling is info mi at i on management and information confrontation in social networks almost never investigated, due to the recent emergence of these.
Based on the above, it can be concluded about the relevance of studying the problem of social networks in terms of improved security oí its members by building risk models of information and psychological warfare for the users of social networking.
2. Risk-attack models
A. The applicability of logically probabilistic approach for the integrated risk assessment
Risk Y - an object social media are being attacked by the intruder, consists of two components [ 1,2]:
- probability of failure of a counter attack against him (the failure of the object 10 or the probability of a successful attack;
- evaluation (e.g., financial, material, time to repair the damage, etc.) scale consequences (damage) of a successful attack.
The object of risk is considered to be sufficiently protected if given the opportunity lo overcome potential barriers probability of a successful attack (the probability of the risk, the probability
of failure or vulnerability of the object of risk) p? J
than minimum value p' , i.e.,
'A-MOn
r3 ' A-flOn
At ihe same time, technology, one barrier can consistently perform multiple security functions. Obstruction may perform the security functions against different objects risk.
(1)
- condition of the feasibility, where pj - the probability of a
successful counter attack (immunity, the success of the object of risk) subject to risk.
For any object risk Y of [ 1,3], in general case, there is a complete system of (list) security functions or attributes, each of which is in Table 1 denoted by the binary logic variable A" with the appropriate subscript.
The result of each security function, or the outcome is a random event and can lake two values. It is assumed that a binary
logical variable Xi / = 1*#:»=I0 is equal to 1 with probability
J *
p- if the execution of the/ - security function has led to the failure risk of the object Y, and this binary logical variable equals to 0 with a probability ¿j^ - ] - pj, otherwise. The barriers, that are
created to counteract the negative effects of destabilizing factors on the subject of risk, are to perform certain security functions that prevent the execution of the attacks on the subject of risk.
Table 1
Security Functions
Security Function Meaning of Security Function
Preventing the occurrence of conditions leading to the generation of (occurrence) destabilizing factors (DF)
Warning immediate manifestations of destabilizing factors
Detecting manifested destabilizing factors
X4 Prevention of exposure to risk in the manifested and revealed destabilizing factors
A'5 Prevention of exposure to risk on the manifest, hut the undetected destabilizing factors
Detecting the impact of destabilizing factors on the subject of risk
Localization (restriction) found the impact of destabilizing factors 011 the subject of risk
H Localization of undetected exposure to risk by destabilizing factors
Dealing with the consequences of the localized impact of the detected object 011 the destabilizing factors risk
Dealing with the consequences of undetected localized exposure to risk by destabilizing factors
In general, the logic function (L-function) is the success of the attack, realizing the impact of destabilizing factors as [1, 31
Y = Y{Xi.....Xn),
and the probability function (I1-function, P-polynomial) is the risk of failure of the object - p(y = \/X\.....X„) = ¥(/}.....Pn) = PY ■
According to the general case of |l,3j L-function (L-polynomial) of the success of an attack is a type of
y = X¡X2 j_
(x^x9 V X6X^X, 0 V X6X7 V X6X8) (2)
the probability of success of an attack can be calculated using the B-polynomial =
[(l-^xi-p/^ + ^a-^^o + ti-^,)/5^^] • o)
Destabilizing Factors (DF) for social networks, of course, have their own specifics. DFs appear in text messages, in the network structure of society, and other places. To assess the socio-economic system, DFs use markers of social stress - stress quantitative active Internet users.
B. Social markers
There are 6 types of markers [4]:
1. Markers activity. The values are calculated by direct marker of counting the number of messages and users per unit time. Higher values of these markers indicate an increased activity in a certain period of time; mass reaction to some event or "stuffing" of information.
2. Psycholinguistie markers. Display the emotional state of the author's text message. The massive increase ¡11 the indicators of emotional stress indicates the emotional contamination - the grouping process on the basis of common passion.
82
3. Lexical tokens. Analysis is earried out using tone text messages (words denoting negative emotional states; words with destructive semantics).
4. Semantic markers. Simple/easily distinguishable meanings, for example: destructive, directive, liquidators, results.
5. Network markers. In the process of dissemination of information among people there is a greater number of connections with like-minded people. Normally the graph model satisfies users "small world." Thus, the marker is an integral indicator of the following parameters of the graph: the diameter of the graph; the average coefficient of mediation, clustering; the density of the graph: connectivity, and others.
6. Markers consumption. Is an integral indicator that takes into account intra-regional studies of the following indicators: number of calls, average call duration, size, frequency, and the total amount of airtime purchases.
The causal completeness of [1| security functions is an important property of logically probabilistic approach. At the same lime, within the framework of refinement and specification information in the context of the attack on the object based on the risk characteristics of the social markers and information warfare practices for each of the security functions that are introduced graduation security functions.
C, New graduation security functions bused on social markets
By analogy with the foregoing, we assume that the binary logical variable xj,j = \+n, «=10 corresponding to r-th gradation ofy'-th security function is 1 with probability p. , if because
performing /-th security function has led to a failure. And this X: equals to 0 with probabilityq^, =l~Pjr, otherwise. Each
f iW '
group of gradations for xj is a full group of events yCjy} so we can use Bayes' formula [1]
^P(Xjr)p{Xj/Xjr) r=l
Formula (4) can be used for iterative learning (configuration identification) L-B-polynomials (2), (3) on the statistical data to clarify the value of this risk. This algorithm can be organized in some rational way, for example as given in [1],
In order to develop constructive solutions, including architecture. circuit design and algorithmic solutions for the automation of the identification of information and counter attacks, it is advisable to extend the functionality, the introduction of new grades of these security functions, putting them in line with the newly indexed binary logic variables are shown in Table 2.
New L-polynomial for social-media must be taken into account new components according to the table. 2, namely:
*1 = *11*12*13 v *11*12*13 v *11*12*13 v
v *11*12*13 V *ll*12*]3 V XnX]2X]3, *3 = *31*32*33 V*31*32*33 V*31*32*33 V *31 *32*33 V *31 *32*33 V *31 *32 *33 V *31*32*33-*5 = *51*52 *53 v_*51 *52 *53 V *51 *52 *53 v *51*52*53 v *51 *52*53 v *51*52*53 v *51*52*53"
Table 2
New gradation, extending functionality security functions from information attacks oil social media
Security Function Meaning of Security functions
Preventing an environment leading to the generation (emergence) of DF exposure to the object itself on the basis of the risk of social markers
*i: Collect information about an attack against object risk Y in social media in some Enterprise Network on the basis of all the information about changes in the social markers
% Collect information about an attack in centralized organization, based oil all the information it received
*3, Detection of an attack based on information from a centralized organization
*32 Detection of an attack based on information from other Enterprise Networks in the domain
Detection of an attack based on information from other domains
*M Preventing, through social markers, the exposure to the risk of undetected object DF based on information from other Enterprise Networks in the domain
Preventing, through social markers, the exposure to the risk of undetected object DF based on information from a centralized organization in this domain
Preventing, through social markers, the exposure to the risk of undetected object DF based on information from other domains.
Substituting the obtained logical expressions in (2) we obtain the L-function of the success of an attack in social-media.
Similar to the previous theoretical results, it can be generated/generalized for each specific gradation of 6 social markers. Thus the analytical expressions for the L-funetion and B-polynomial information attack can be easily, methodically, refined with new knowledge, including intelligence on new DF, influencing the behavior of social markers for specific cases of information warfare. The power of the set of security functions is increasing,
3. Risk assesment criteria of protected object of information warfare. Price risk
Krom (2) logical condition for the failure of ail attack (L-criteria) can be written as follows: i'.j =0, is satisfied if at least one of the conditions below is satisfied: *1*2 = 0. *3*4v*3*5=0,
1*6*7*9 v *6*8*1 o v XèX7 v .V6.\'8 = 0 .
According to (3), the failure of information attack probability condition (P-criteria) can be written as follows: PY - 0, is satisfied if at least one of the conditions below is satisfied;
P\f*2= 0,
In general, the ratio of the calculated values of L-function and B-polynomial allows us to estimate the action actor aggressor, attacking an object in social-media on the basis of information from the intelligence, using protecting barriers, peculiarities
7T>
of the security functions, as well as the existing vulnerabilities in them. Technically, it would he written as actor aggressor known model (2) and (3) with security functionsX^ + and the
probability of failure /y1 . As the allowable probability of
failure, risk object (see (1)) can take the value calculated by (3), in the probabilities of failurepA + pA. p0r actor-aggressor assessment of security risk to the value of the object is I-/1
а-доп
. Then the value ofthe difference is defined as [1]
A=Pi
-K-
доп
(5)
where the value of />j calculated by the formula (3), characterized by the implementation of the objective conditions of the reachability (I) and the quality of "armor" barriers, implementing security functions objeet risk. We introduce a new measure
&y=Wa-
From (5) it follows that if at least one ofthe conditions (criterion of exhaustion of reserve risk the stability of the object) J A < 0 , [af = 1,
There is an evidence to urgently strengthen the security of the object of risk.
If at least one ofthe conditions is carried out (a criterion of the presence ofthe stability margin ofthe object of risk) |A>0, [af = 0,
it indicates the presence of the stability margin of the object to the risk of attacks by actor aggressor. Accordingly, it is necessary that an actor aggressor invests additional resources in improving the attack on the object of risk.
Cost of risk can be estimated by the following formula ÍCYjjon . when A > 0 or A F = 0 , ~[CYffon +C, when A<0or AF = 1, where cyjjoil ~ l'ie U05t acceptable risk, c - a term that
depends on many factors specific to information warfare, the choice of values which is an separate problem on its own.
4. Cluster information warfare among Hadoop
The authors, in a team, are doing research ttying to automate the information counter attacks in social media. Methodological approaches to the creation of algorithms and software solutions in the environment of web-programming, Hadoop, for a wide class of problems of monitoring sites in the web-space. Designed cluster topology Monitoring Hadoop, having common application [5]. The research and the algorithm measuring attributes of monitoring facilities in the web-space to meet the requirements of unity of measurements. On the basis of neuro-fuzzy approaches, we developed recommendations following the creation of technological procedures — Assessment of the object of monitoring and identification of its information model. We also formulated system requirements for the design of the monitoring cluster Hadoop [5].
According to the creators of such monitoring, cluster must have its functionality required for the functioning ofthe fullness ofthe control system (CS) Social Media (SM). In other words CS should receive from it all the necessary information to make decisions. Technologically, Hadoop cluster management system module (Fig. 1) can be represented as two daemons - DataN-ode_Social_Media responsible for the formation of information model of attacks on social media and Task-Traker_Soeial_Media daemon responsible for the control actions to restrain the attacks on social media. Then the proposed new cluster topology information warfare among Hadoop, is schematically illustrated in Fig. 1.
С
Seeon dan.' NameNode^monitoring
DataNode_Social Media Management S V St em
t
IaikTraker_Social Media Management System
I
3
NameNodemoni toting
I
JobT racker_moni toting
jE
D ataXode empha si г i n g "t
T asJcT rack«_«n ph a siii n g
rn
T
DataNode inform model
TaskT racket inform model
DataNode status
TaskTtacker status
TaskTracker_survey
DaiiLNöde_me aïurem eut
TaskTracker measurement
D alaNodefor eeast
TaskTracker forecast
Figure t. Cluster 'topology information warfare among Hadoop. Description daemons are given in [SJ
T-Comm Том IG. #7-2016
The ability to reliably predict, on the basis of SM, such events as upcoming social unrest, ranging from riots and protests and ending assassinations and coups, enables timely decisions to prevent such disasters, without waiting for the tragic conflict, eventually contributing to the stability, peace and order in individual countries, regions and globally.
It can be concluded that the forecast of the actual behavior of a certain scenario social networking in the future. This objective can be accomplished by the construction and study of high-quality models of complex social and economic systems, including social, political, economic, informational and other factors. The result is a set of modeling scenarios of the social network, depending on the state of its information infrastructure, and by environmental factors. In addition, the ultimate goal of simulation is to develop recommendations for the development of effective in terms of achieving a given set of objectives and performance criteria of control actions.
A. Synthesis of new daemons
On the basis of the above, the following guidelines designing software modules DataNode_Social_Media and TaskTrakerSocial Media daemons in the form of the following sequence of steps,
1. Define a monitoring object. Formation of its information models in a software module into a daemon DataNode_Social_ Media.
2. Create a complete set of security functions and their grades in a software module DutuNodeSocial Media daemon,
3. Develop software modules that implement the L-polynomial and B-polynomial into a daemon TaskTraker_ Soda/Media,
4. Develop software modules for risk assessment criteria of a protected object of information warfare in the daemon Task-Traker_SociaI_ Media.
5. Develop software modules into a daemon TaskTraker_ Social^Media for calculating the price risk of the object of information warfare.
6. Develop software modules into a daemon TaskTraker Social Media to take decisions on further actions based on the results in steps 4 an 5.
7. Set-up Hadoop-cluster information warfare.
Decisions points 1-6 are specified in the operation of the cluster of information warfare as new knowledge of the security functions and algorithms underlying the above-mentioned soft-
ware modules and daemons Data\ode_Social_Media and Task-Traker_Social_Media. This is done continuously updated software modules other daemons that cluster.
5.Conclusion
As the scientific and methodological framework is proposed to use the formalism of logically probabilistic approach, allowing the model to information attacks social-media risk positions. This approach is flexible, based on the new knowledge to clarify the actions of the attacker, which makes it relatively easy to specify, develop models of risk of attack.
To evaluate the DF socio-economic systems used markers of social stress - stress quantitative active Internet users. Proposed a risk-based model of social stress markers.
Developed risk assessment criteria of a protected object of information warfare.
For the proposed cluster topology information warfare among Hadoop, we developed guidelines synthesis algorithmic bases, program modules and daemons DataNode Social Media and TaskTraker Soeial Media.
1. Nazarov A.N. Estimation of information safety level of modern infoeommunication networks on basis of logic-probability approach / Automation and Remote Control, July 2007, Vol. 68 Issue 7, 2007, pp. 1165-1176, doi: 10.1134/S0005117907070053.
2. Nazarov A.N. Logical-and-probabilistic model for estimating the level of information security of modern information and communication networks / Telecommunications and Radio Engineering, USA, 2010, Vol. 69, № 16. pp. 1453-1463. doi: 10.1615/TeleeomRadEng,v69.i 16.60.
3. Nazarov A. Botnet tracking and global threat intelligence - behavior approaches to identifying distributed botnets. Paper presented at the IEEE / Collection of proceedings of ihe Cybersecurity Summit (WCS), 2012 Third Worldwide. New Dehli, 30-31 Oct. 2012. http ://ieeexplore. i eee.org/xpt/art ic I eDetai ls.jsp?arnumber=6780878&neusearch=t rue&q uery Tejrt=Botnet%20traoking%20aii<l%20global%20tlireat%20mtel I igence %20-%20behavi nr%20appmael:ies%20ti)%20ident i Ty ing%20d istri bu led%20boln els,
4. Osipov G.S. Methods and software for assessments of social stress, based oil analysis of information online. Access: https://www.gkpromteeli,ru/material/view?id=27. Date of circulation: 02.10.2015.
S; Volkov D.. Nazarov A. & Nazarov M. A global threat - the dark web. Paper presented in the annual Collection of scientific works of International conference Managing the development of large-scale systems" (MLSD'2014), 2014. Institute of control Sciences RAS, p p .'452-459."
References
PUBLICATIONS IN ENGLISH
РИСК-МОДЕЛИ И КРИТЕРИИ ИНФОРМАЦИОННОГО ПРОТИВОБОРСТВА
В СОЦИАЛЬНЫХ СЕТЯХ
Назаров Алексей Николаевич, профессор, д.т.н., Московский физико-технический институт, Москва, Россия,
a.nazarov06@bk.ru
Галушкин Александр Иванович, д.т.н., профессор, заместитель заведующего кафедрой, Московский физико-технический институт, Москва, Россия, neurocomputer@yandex.ru
Сычев Артем Константинович, старший научный сотрудник, ООО "СмартТек", Москва, Россия,
sychev_a_k@mail.ru
Аннотация
В настоящее время социальные медиа (СМ) - социальные сети, блоги и микроблоги, геосоциальные сервисы, фотохостинги и видеохостинги - являются динамическими источниками разнородной информации, отражающей различные процессы, протекающие в реальном обществе. Актуальность социальных сетей растёт в связи с использованием их возможностей как средства привлечения информационных, интеллектуальных, финансовых ресурсов в экономике, политике, региональном и локальном развитии. Под "информационным противоборством в сети Интернет" следует понимать соперничество политических акторов посредством использования специальных информационно-технических ресурсов Интернета для воздействия на информационную среду противостоящей стороны, влияние на ее аудиторию и различные сферы политико-властных отношений с целью установления контроля над источниками виртуальных и электронных стратегических ресурсов актора-оппонента и достижения информационного превосходства. Другими словами актор-агрессор для целей информационного превосходства над актором-защитником предпринимает информационную атаку против объекта в web-пространстве, успех которой является победой, в смысле достижения целей информационного превосходства.
При использовании информационного воздействия основную роль играет личность как элемент общения, как участник коллективной деятельности, как член многочисленных малых и больших групп и аудиторий. Однако не менее важную роль играют методы информационного управления малыми коллективами, большими социальными общностями и массовыми процессами. По сути, граждане становятся обширной наземной социальной сенсорной сетью, отражая структуру общества в режиме реального времени почти в каждом уголке мира, а скорость и объем этой сенсорной сети, особенно в условиях "Интернета везде" растет с каждым днем. Скрытое информационное-психологическое воздействие на население в социальных сетях используют с целью решения следующих задач: информационное влияние на отдельные личности, социальные и другие группы, общество в целом; информационное влияние на целесообразность и оперативность управленческих решений руководством страны и силовых ведомств, принимаемых на основе этой информации; манипулирование общественным мнением при помощи средств массовой информации и, в особенности, посредством сервисов социальных сетей; дискредитация неугодных лидеров; автоматизированного распространения информации в крупных социальных сетях и организации информационной поддержки мероприятий по подготовленным сценариям воздействия а заданную массовую аудиторию социальных сетей. Анализируя активность интернет-сообществ, посредством проблемно-ориентированных систем мониторинга, можно, например, выявить наличие социального стресса (напряженности), определить его степень и направленность, предсказать социальные волнения, способные вылиться в неконтролируемые массовые протестные акции. На основе логического вероятностного подхода, предлагается модель риска для успешных атак на социальные медиа в Интернете с точки зрения информационной войны. Сформулированы и исследованы возможные риск-критерии для принятия решений, направленных на достижение целей информационного противоборства. Для разработанных критериев предлагаются структура и алгоритмической основы системы мониторинга социальных сетей для кластера Hadoop.
Ключевые слова: информационное противоборство, полином, риск-модель, риск-критерий, актор, социальная сеть, мониторинг, функция защиты, кластер Hadoop, демон.
Литература
1. Nazarov A.N. Estimation of information safety level of modern infocommunication networks on basis of logic-probability approach // Automation and Remote Control, July 2007, Vol. 68 Issue 7, 2007, pp. 1165-1176, doi: I0.II34/S0005II7907070053.
2. Nazarov A.N. Logical-and-probabilistic model for estimating the level of information security of modern information and communication networks // Telecommunications and Radio Engineering, USA, 2010, Vol. 69, № I6, pp. 1453-1463, doi: I0.I6I5/TelecomRadEng.v69.iI6.60.
3. Nazarov A. Botnet tracking and global threat intelligence - behavior approaches to identifying distributed botnets / paper presented at the IEEE // Collection of proceedings of the Cybersecurity Summit (WCS), 20I2 Third Worldwide, New Dehli, 30-3I Oct. 20I2. http://ieeexplore.ieee.org/xpl/articleDetails.jsp?arnumber=6780878&newsearch=true&queryText=Botnet%20tracking%20and%20glob-al%20threat%20intelligence%20-%20behavior%20approaches%20to%20identifying%20distributed%20botnets.
4. Осипов Г.С. Методы и программные средства для получения оценок уровня социального стресса на основе анализа информации Интернет. Режим доступа: https://www.gkpromtech.ru/material/view?id=27. Дата обращения: I0.02.20I5.
5. Волков Д.А., Назаров А.Н., Назаров М.А. Глобальная угроза - Теневой Интернет // Сборник ежегодных научных трудов Международной конференции "Управление развитием крупномасштабных систем" (MLSD'20I4). - М.: ИПУ РАН, 20I4. - С. 452-459.
7Т>
