SYNTEZ OF SECURITY FUNCTIONS AGAINST CYBER-ATTACKS
Alexey N. Nazarov,
LLC SmartTech, Moscow, Russia, [email protected]
Keywords: сyber attack, intellectual information security, artificial intelligence, graph, cloud computing, security functions, model, incidence matrix, path in the graph, branches, boundaries.
Intelligent or "smart" information security on the life cycle of a risk object means continuous provision and assessment of its security state under the impact of changing cyber-attacks on the basis of solving the problem of automated monitoring of the status of the risk object. And it consists in the continuous accumulation of the cloud knowledge base from the experience of different participants in the information confrontation, the results of assessing the risk of attack and modeling complex processes of preparation and execution of attacks. The aspect of modeling is very important, as it allows to save on field studies and can anticipate the behavior of the parties in the attack process.
In this regard, the formal formulation of the scientific problem of modeling scenarios of "trajectory" or "penetration" or "invasion" of cyber-attacks to a risk object with the subsequent automated synthesis of options for countering an attack is relevant. The highest rates of development of infocommunication technologies, covering various subject areas relevant to humanity, raise new requirements for ensuring information security of risk objects. Cyber-attacks, as complex processes, are based on the latest infocommunication technologies, which causes the development of intellectual approaches to counteract them. To apply methods of artificial intelligence to counter information attacks, an approach is used based on the security functions of the risk object, which allows developing methodological recommendations focused on the potential of cloud computing. The article develops a method for synthesizing the security functions of the risk object from a cyber- attack based on calculus of graphs.
Information about author:
Alexey N. Nazarov, Professor, Director for Science and Development, LLC SmartTech, Moscow, Russia
Для цитирования:
Назаров Алексей Николаевич. Синтез функций защиты от кибер-атак // T-Comm: Телекоммуникации и транспорт. 2017. Том 11. №9. С. 80-85.
For citation:
Nazarov A.N. (2017). Syntez of security functions against cyber-attacks. T-Comm, vol. 11, no.9, pp. 80-85.
1. Statement of the research task
Fur an arbitrary risk object of the information and te!ecominimications system undergoing a cyber-attack, in general, there exists [1-3] a complete (in the cause-elTect sense) system (list) of the security functions (see Table 1, Fig. I and Table 2).
Table 1. Security Functions
Designation oT security functions Appointment of security functions
X\ Preventing the occurrence of conditions conducive to the generation of (occurrence) destabilizing factors (DF)
x2 Warning immediate manifestations of destabilizing factors
Xj Detection manifested destabilizing 1 actors
X, Prevention of exposure to risk in the manifested and revealed destabilizing factors
<5 Prevention of exposure to risk on ilie manifest, but the undetected destabilizing factors
Detecting the impact of destabilizing factors on the subject of risk
A'7 Localization (restriction) found the impact of destabilizing factors on the subject of risk
Localization of undetected exposure to risk by destabilizing factors
A".; Dealing with the consequences of the localized impact of the detected object on the destabilizing factors risk
Dealing with the consequences of undetected localized exposure to risk by destabilizing factors
Table 2. Final events in Fig. I
ff i + Defence Provided
Hi-i'h Defence Broken
10 Defence Destroyed
Each security function in general is a condition for suppressing an attack. Tbe system of security functions allows, on a universal methodical basis, to unite and supplement the methods, means, technologies of information security from various subject areas that do nut intersect in their physical and natural essence, including normative legal acts.
The security functions depend on a large number of destabilizing factors [ 11 For specitic objects of risk, these functions are the basis of the security policy and are developed and investigated by the security service of the risk object. Attackers also analyze the known security functions of the object of risk in order to identily vulnerabilities and the formation of antipodes of security functions - intrusion functions. Each of the parties in relation to the object of' risk pursues opposite goals. Security functions and intrusion functions are respectively developed and implemented by each of the parties on the basis of their available measures, tools and knowledge to ensure information security of risk objects.
Fig. I. The causal diagram of the security functions -s- .V, and results of attack //, # //,
The essence of each of the security functions listed m \ 11 is unique. And technologies and technical solutions for the implementation of security functions can and should be modified when new knowledge is received ahout the possibilities of cyber-attack.
Approaches to the practical creation of security functions on the basis of meeting the condition of attainability of an acceptable, sufficient level of safety are given in [4], In general, in order to protect the risk object, an infobase safety policy is developed, which is guided by the creation of barriers or lines of defense that impede the possibility of an attack. The boundaries of protection can be: protected area, access system to objects and buildings, user authentication, organization of password access to information of a certain category, etc. [3, 5]. Meanwhile, in view of the huge number of destabilizing factors, the influence of which must be taken into account in I he technical implementation of the safety policy of the risk object, theoretical investigations are needed that have common application and allow the machine to develop solutions for the synthesis of security functions.
As shown in [1-3], in die case of cyber-attack, the security functions are linked by cause-effect transitions (see Fig. I). Therefore, llie natural interpretation of such transitions in the form of a Oriented graph, which, in turn, can be represented as an incidence matrix [5].
In this connection, we formulate file research problem as follows:
- to develop an approach for constructing a graph model of cyber-attack and based on the calculation of graphs to create a method for modeling the paths to the success of a cyber-ailaek, and then to develop a machine-oriented method for synthesizing security functions that prevent graph ways to the success of cy be r-atlacks,
11, Formalism of events of security functions
We will denote by the corresponding binary logical variables
l-l{m.Mim.....IIm-10 the final events . that can occur
when the currently known security functions3ft 4-object of risk. These events and known security functions completely correspond to l lie scheme of cause-effect relations, shown in Fig. 1.
From [4|, the logical condition for llie success of a risk object against an attack A (L-criterion) can be w ritten as follows
j,if3fl = j
which is executed when at least one of the following conditions is fulfilled:
X "m = |
x>t3h{m=\,
Y ma y urn y mis _ | XH3BxmB xm v4xtmxmn),
> yinBYimyiuB __ j
XHUxmE fiuwxim v xmnx<rm).
vfB8 7PM1B ~\rH3B _ i ■ Ag Jl |o -1,
yinu yirjil y U3H j^Ul/i _ |
Analyzing the system of relations (1) and Fig. I, we note that with perfect security, the first relation is satisfied, and with weak security, the sixth one is e\ecuted. In Ihis case, Ihe object of risk still reflects the attack. With an ideal protection, the security function X"1" i* so good that its execution copes wiili the attack
and other security functions are not even involved,
I lowever. the fact that the sixth ratio is fulfilled means thai the previous five are no! met. That is. the performance of the security functions included in these five ratios did not reflect the attack.
Similarly, the fulfillment of relations 2-5 from (1) illustrates a certain "weakness" of the security functions that appear in the relations preceding them from (I).
Each of the security functions fulfills its mission (see Fig. 0, depending on the event that occurred during the attack. Causal-effect transitions between security functions in Fig. I are actually implemented based on the results of the reaction of security functions to specific actions or attack processes, which art-accompanied by the appearance of real, observable, lixed events.
As in 11 j, suppose that the binary logical variable xjl>j=\-i-n, n-10, i^l+k, is I (see "I" in Fig. I), if the
(1)
performance of the j - security function is unsuccessful when the event ji occurs, and is equal to 0 (see "0" in Fig. I) otherwise.
Therefore, any security function can be represented as a disjunction of components - Boolean variables
X
HIB
=XuW, jV-Vi^ (2)
And then the transition X"3B X"]B between the security functions in Fig. I in the attack process when a particular event ,v occurs {manifestation) actually occurs due to the transition
between their concrete (2) Boolean components.
III. Modeling information attack scenarios
As cyber-altacks are continuously improved, modified, and the hacker community is in constant development of new attacks and in tegular communication on the exchange of experience in this matter, the numher of events of the attack process is constantly increasing. New signatures of malicious code are created, weaknesses are searched for in legal documents related to information security of risk objects, etc. A lot of useful information on the attacks can be found in various forums of the Internet community.
Therefore, in the general ease, k{ ~ k: (f ) - is a nondecreasing integer-valued function in (2).
The response of the security function to an event is the decision taken on the transition from the security function to either the final event or to another security function. The decision itself is made based on the processing of information thai accompanies the event or, in other words, the results of processing the Boolean component of ihe security function. As a result, a know ledge base is formed on the characteristics of cyber-altacks, including the events of attack processes and reactions to them.
Analysis of the content side, the nature of the events and the reactions of the security functions to them, will be postponed to another study.
The attacker develops an attack scenario. The implementation of die attack process is accompanied by events (manifestations) of this attack. Events can be expected (predictable) or unexpected (unpredictable).
11 can be stated that the success of any cyber-attack is accompanied by a sequence of scenarios of llie attack process, illustrating the failure of known security linictioiis. This conclusion corresponds lo [4| the final events //7 + tfw in Fig.l.
The absence of an upper index M3B indicates that a new vulnerability has been discovered lhat is not taken into account by known security functions.
We model the scenarios of the attack process and the transitions between them in the following way. Two edges emerge from ihe vertex x ¡¡\ one for x-- ] and the second for
Xjj - 0. The first edge connects the vertices x /V and x ¡+n . and
llie second connects the vertices v, and jc ihe Oriented
graphSuch a construction of an oriented graph allows it to be formalized in the form oT a corresponding incidence matrix in which lines from top to bottom and columns from left to right are
an ordered sequence of all vertices x/7 of the oriented graph. The
82
above-mentioned edges of the oriented graph correspond to the numerical value of the element (1 or 0) of the incidence matrix located at the intersection of the corresponding line and column of Table 3.
Tahle 3. Incidence matrix ofevents the attack process
The events of Scenario of the attack process XI1 x ¡2 Xii
xll
X12
t • i
0
1
___
My
The scenario of the success of an attack in a graph model is a path, described by a sequence xNi —>...—> Hk, ¿ = 7+"10>
Multiple scenarios of attack sueecsscs can he interpreted by calculating graph paths lor various events in the attack process. To such a set of paths, by analogy with |6|, there will correspond, according to Fig. I, a finite set of Boolean polynomials of the components of the security functions as follows
BPYxa Graf = (v , (a- j(), x2h „.., xlnii J = 1} . where the indicesir e lr g (t>, r = 1*10, and
.....*J0fJ =
(3)
(4)
■ X7, XVi, v -Tft
IV. The suppression of graph ways to the Success of cyber attack
The actual scientific and practical task - to disrupt all possible scenarios for the successful implementation of an cyber-attaek. within the framework of the graph approach, is reduced to the necessity (see (3-8)) to interrupt ail graphical ways to the success of the eyber-attack. We transform the solution of the covering problem ¡5] to our ease.
According to (3), the criterion for the success of the /-th scenario of the success of an attack in the formalism of graph paths is
bpA{xtitixih,.,.,xIOlJ~l or. which is the same tiling (4),
A {x6i„x7i-x% v %d V x6i,.x7,- v X6t/,X<% )= 1 '
(9)
where the indices s lr g O . r = 1 + 10 , 1 = 1, xlj x ■■•/,. e i>.
It follows from (7) - (9) that NSYt - the number of scenarios for the success of an attack can he estimated
0, there are no successful attacks, > I), there are successful attacks.
To prevent the attack from suceecding, that is, (9) is not satisfied, it is sufficient that at least one of the following conditions is ful 111 led
№t=|/| =
(10)
Xlt.Xj
ih
X6LX711X9L v x6,n xXißlt)\
V X
Xlt,X
xii, =0 -
(It)
where the indices e Ir <£ <t ,
It follows from (4) that the condition (Criterion-1 ) of the absence ofsuccessful attack scenarios can be written as follows
BPYxAGraf = (T> - empty set, (5)
or, differently (Criterion-2), using a set of indexes (/, = (&y/2 =tt>)v((/, = cl> v / 4 =$)a(/3 = ct> )) *
*((/6 =cpv/7 = cJ>v/9 =(U)a(/6 =<fiv/8 = (pv/|0 =tp)A a(/6 = <X>v/7 =0)A(/6 = 4>V/!! })=(>. (6)
A lot ofscenarios for the succcss of an attack can be obtained by a total search of possible transitions in the incidence matrix from Table 2. Wherein
/ = /,x/, , (71
where /, g , where x - is the symbol of Cartesian (direct) product of sets.
If the condition (Çriterion-3) |/| = 0, (8)
is satisfied, then this means the absence of scenarios for the success of the attack, where |*| — is the power (the number of elements) of the set * .
where the indices ir e /, . g <t>, r = I * 10 , t=-tj xf? X*-■/,. g.
This is the problem of finding the minimum section on the graph, which is solved by determining the minimal covering on the incidence matrix. Such a minimal covering is formed by cov ering at least one edge of the oriented graph corresponding to a single transition value (see Table 2) between Vertices of the oriented graph that correspond to successful attack events modeled by the corresponding Boolean components of the conjunctive components of the system of equations (II) with positive Condition (10).
Note. To fulfill at least one of the equalities (11) it is sufficient that the disjunctive terms of this equality are equal to zero.
This note implies the possibility of reducing the system of equalities (11) by 3 successively solved problems of finding the solution of the corresponding Boolean equation from (11).
Since the practical implementation and modernization of security functions can be difficult, requiring a signilicant financial cost, it is advisable to consider options for automated synthesis of security functions in the direction of options for their technical implementation from simple (cheap) to complex (expensive).
V. Graph method of synthesizing security functions
On the basis of Table 2, we will form a new oriented graph of scenarios for attacking the risk object and its corresponding incidence matrix
A =
Nil'
(12)
where i =llT NSY, - number of scenarios for the success of'the attack; / e J - the number of xx .■ -edge of the new graph that is obtained by any bijective transformation
Xr. <-) XX
I 'm. »
for example, according to the following rule:
(13)
üij =
with s0 =0,
1, if the j - edge enters to the i - scenario path of attack success (can cover it),
0, otherwise.
Note. The transition to single-index numbering of the edges of the oriented graph means appropriate reordering with re-designation of the events of the cyber-altack (see (2)). Other bijective transformations are possible, other than (13), conditioned by concrete circumstances, requirements to counteract cyber-attacks.
Statement of the problem of coverage - all scenarios for the success of cyber-attack (penetration) to cover (interrupt) with a minimum number of edges :
moreover (see (12). (13)) the redundancy of the unrealized possibilities of the covering edges of the graph lends to a minimum;
niin , i=l+№YM, (1?)
i^j
with restriction: each edge covers at least one path:
X ll»xx<> -1-
(16)
This problem (14-16) is solved by the method of branches and boundaries [5]. To estimate the boundaries of the solution, according to the recommendations of [5], it is necessary to determine the power of each edge: W{j)>=E'{j)-S{j),
where £"{./) - is the j -edge potential, S(j) - the redundancy or unused capabilities of the j —ill edge, which can be estimated as follows:
E'Uh (17)
where NoNSYj — a set of the first route indices in the incidence matrix (12) that arc not included in the coverage schedule; in this case, it is possible to determine a plurality of second indices j = j,m e Jllu cz J , which satisfy < 17).
The redundancy or unused capabilities of the j - ill edge can he estimated as
VieYeMSY,
w here YesNSYA - is the set of the first route indices in the incidence matrix (12) that arc included in the coverage schedule.
in order that the covering problem converges rapidly to the final result, an estimate of the perspective power of the j-th edge is introduced (¡5]:
W{j) = W(i) - S(y), where IV(i) is the cardinality of the /-Hi edge from which the branch is made; S(j) - is the redundancy of the j -tii edge that claims to be included in the coverage schedule.
We solve the problem of covering for each edge a graph (column of the matrix <12)). Each cover, consisting of the edges of the graph, allows you to control all graphical paths of penetration. Therefore, methodically, according to these edges of coatings, tile options for placing real protective equipment will be designed, that is, the cover can be associated with some variant of protecting the risk object, which will be characterized by llic probability of protection and cost.
VM. Selection of the technical implementation
of security functions
From the point of view of system analysis jjS], the process of obtaining all the paths of penetration and forming many variants oftheir coverages is the task of decomposing a complex problem into simple subtasks. After this task, according to the theory of system analysis, the problem of synthesis of the optimal variant ofthe technical implementation of security functions is solved.
The risk object is considered to be sufficiently protected [ 1,2] if, given the potential for overcoming of obstacles, the probability of a successful attack (risk probability, probability of failure or insecurity of the risk object) P\ - (l - f\) is less than
the permissible value P\_ ,j()n . i.e.
p] > 1 - P]_jqh - achievability condition,
where Pj - the probability of successful opposition to the attack (security, the probability of failure ofthe attack, the probability of success ofthe risk object) the object of risk.
In [4| a new form ofthe achievability condition was obtained, oriented to the cloud intellectual realization -
PJ - P~t-iau'
Y
where P~ UiB - is the probability of success ofthe risk object
on the basis of the scheme from fig, I calculated according to the methodical recommendations |4| similarly to 11 \ with the
help ofthe B-polynomial for X11111 + X((}W known security
functions.
There are two possible ways of synthesizing the Optimal variant ofthe technical implementation of security functions:
- f - minimize the cost ofthe technical implementation of the security functions for a given probability of failure of the attack (conditions of attainability);
- 2 - maximize the probability of success ofthe risk object (the attainability condition) against the cybcr-attack at a given value of the cost spent on providing protection.
The methodical basis for solving the problem of synthesizing the optimal variant of the technical implementation of security functions in the first and second statements is the results obtained in [4|. In this work, new logical-probabilistic models for assessing the security of a risk object from a cyber-attack of an attacker have been developed. There arc also formulated risk
criteria lor assessing the security of the ohjecl of risk of cyber-attack and suggested methodological recommendations for assessing the price of attack risk. The given results allow to carry-out estimations of cost of expenses for technical realization of functions of security and to estimate probability of failure of attack.
VIH, Conclusion
Theoretical investigations have been carried out, which have common application, and enable the machine to develop solutions for the synthesis of the functions of security the risk object on the basis of the following new results.
It is shown that since cyher-attack security functions involve causal transitions, it is natural to interpret such transitions in the form of oriented graph, which, lit turn, can be represented as an incidence matrix.
Formalized representation of security functions in the form of a Boolean polynomial of the events of the cybcr-attack process.
A procedure for simulating paths to the success of a cyher-attack based on scenarios of the cyber-attack process and the transitions between these processes has been developed.
Three criteria were obtained for the lack of scenarios for the success of cyber-attacks.
A machine-oriented graph method for the synthesis of security functions was developed, based on a graphical representation of attack scenarios and a new application of the branch and boundary method. As a result of applying this method, graph ways to the success of cybcr-attack arc suppressed.
Two statements of the problem of the optimal variant for the synthesis of the technical implementation of security functions are formulated and approaches to their solution are analyzed, depending on the cost of their implementation and the probability of success of the risk object.
1. Nazarov, A. (2007). Estimation of information safely level of modern iiittocommuniCation networks on basis of logic-probability approach. Automation and Remote Control, July 2007, Vol. 68. Issue 7, pp. 1165-1176, USA, doi: 10.1134/500051 17907070053.
2. Nazarov. A. {2010). Logieal-and-probabilistic model for estimating the level of information security of modern information and Communication networks. Télécommunications and Radio Ei jgineering. Vol. 69. No. 16, pp. 1453-1463, USA, doi: 10.1615/Tetecom Radii ng,v6!M16.60.
3. Nazarov, A, Sychev, K 12011 ). Models and methods for calculating the indicators of quality of functioning of the equip men I units and structural parameters of the network the next generation networks. 2th edn, LLC Pol ¡com, Russia, Krasnoyarsk.
4. Nazarov, A. (2016). Assessment of security from information attacks. Telecommunications. No. 5, pp. 23-33.
5. Kostin V, (2017). Synthesis of the optimal placement of hardware for physical protection systems I or critical facilities. Information Technology. Vol. 23. No 1, pp. 41-4'),
6. Nazarov. A. (2013). Objects affile possibility of classification of information security PSTN logic-based probabilistic approach. Network journal. Theory and Practice» BC/NW, no 2(23): 11.1 h tip://net work-journal.mpei.ac.ru/cgi-bin/main.pi?¡=ru&n=23&pa= I l&ar= !.
References
СИНТЕЗ ФУНКЦИЙ ЗАЩИТЫ ОТ КИБЕР-АТАК
Назаров Алексей Николаевич, ООО "СмартТек", Москва, Россия, [email protected]
Дннотация. Высочайшие темпы развития инфокоммуникационных технологий, охватывающих различные значимые для человечества предметные области, предъявляют новые требования по обеспечению информационной безопасности объектов риска. Кибер-атаки, как сложные процессы, основываются на новейших инфокоммуникационных технологиях, что обуславливает развитие интеллектуальных подходов противодействия им. Для применения методов искусственного интеллекта противодействия кибер-атакам используется подход на основе функций защиты объекта риска, позволяющий разработать методические рекомендации, ориентированные на потенциал облачных вычислений. Разрабатывается метод синтеза функций защиты объекта риска от кибер-атаки основе исчисления графов.
Ключевые слова: кибер-атака, интеллектуальная информационная безопасность, искусственный интеллект, граф, облачные вычисления, функции защиты, модель, матрица инциденций, путь в графе, ветви, границы.
Литература
1. Nazarov A.N. Estimation of information safety level of modern infocommunication networks on basis of logic-probability approach.// Automation and Remote Control, Volume 68 Issue 7, 2007, pp. 1165-1176.
2. Nazarov A.N. Logical-and-probabilistic model for estimating the level of information security of modern information and communication networks // Telecommunications and Radio Engineering, USA, 2010, Vol. 69, № 16, pp. 1453-1463.
3. Назаров А.Н., Сычев К.И. Модели и методы расчёта показателей качества функционирования узлового оборудования и структурно-сетевых параметров сетей связи следующего поколения. 2-е изд., перераб. и доп. Красноярск: Изд-во ООО "Поликом", 2011. 491 с.
4. Назаров А.Н. Оценка защищенности от информационных атак // Телекоммуникации. 2016. № 5. C. 23-33.
5. Костин В.Н. Синтез оптимального размещения технических средств систем физической защиты критически важных объектов // Информационные технологии, № 1, т. 23, 2017. С. 41-49.
6. Назаров А.Н. О возможности классификации объектов информационной безопасности сети общего пользования на основе логико-вероятностного подхода // Электронный журнал "Вычислительные сети. Теория и практика" ("Network journal. Theory and Practice") BC/NW, 2013, № 2 (23):11.1 http://network- journal.mpei.ac.ru/cgi- bin/main.pl?l=ru&n=23&pa=ll&ar=l.
Информация об авторе:
Назаров Алексей Николаевич, профессор, д.т.н., директор по науке и развитию ООО "СмартТек", Москва, Россия