<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE article PUBLIC "-//NLM//DTD JATS (Z39.96) Journal Publishing DTD v1.3 20210610//EN" "JATS-journalpublishing1-3.dtd">
<article article-type="research-article" dtd-version="1.3" xmlns:mml="http://www.w3.org/1998/Math/MathML" xmlns:xlink="http://www.w3.org/1999/xlink" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xml:lang="ru"><front><journal-meta><journal-id journal-id-type="publisher-id">mais</journal-id><journal-title-group><journal-title xml:lang="ru">Моделирование и анализ информационных систем</journal-title><trans-title-group xml:lang="en"><trans-title>Modeling and Analysis of Information Systems</trans-title></trans-title-group></journal-title-group><issn pub-type="ppub">1818-1015</issn><issn pub-type="epub">2313-5417</issn><publisher><publisher-name>Yaroslavl State University</publisher-name></publisher></journal-meta><article-meta><article-id pub-id-type="doi">10.18255/1818-1015-2020-1-108-123</article-id><article-id custom-type="elpub" pub-id-type="custom">mais-1292</article-id><article-categories><subj-group subj-group-type="heading"><subject>Research Article</subject></subj-group><subj-group subj-group-type="section-heading" xml:lang="ru"><subject>Discrete Mathematics in Relation to Computer Science</subject></subj-group></article-categories><title-group><article-title>Марковская модель совместных киберугроз и ее применение для выбора оптимального набора средств защиты информации</article-title><trans-title-group xml:lang="en"><trans-title>A Markov Model of Non-Mutually Exclusive Cyber Threats and its Applications for Selecting an Optimal Set of Information Security Remedies</trans-title></trans-title-group></title-group><contrib-group><contrib contrib-type="author" corresp="yes"><contrib-id contrib-id-type="orcid">https://orcid.org/0000-0002-2770-1144</contrib-id><name-alternatives><name name-style="eastern" xml:lang="ru"><surname>Касенов</surname><given-names>Адиль Аскарович</given-names></name><name name-style="western" xml:lang="en"><surname>Kassenov</surname><given-names>Adil A.</given-names></name></name-alternatives><bio xml:lang="ru"><p>магистрант</p></bio><bio xml:lang="en"><p>graduate student</p></bio><email xlink:type="simple">kassenov_adil@mail.ru</email><xref ref-type="aff" rid="aff-1"/></contrib><contrib contrib-type="author" corresp="yes"><contrib-id contrib-id-type="orcid">https://orcid.org/0000-0002-8725-9183</contrib-id><name-alternatives><name name-style="eastern" xml:lang="ru"><surname>Магазев</surname><given-names>Алексей Анатольевич</given-names></name><name name-style="western" xml:lang="en"><surname>Magazev</surname><given-names>Alexey A.</given-names></name></name-alternatives><bio xml:lang="ru"><p>доктор физ.-мат. наук, профессор</p></bio><bio xml:lang="en"><p>doctor of sc., professor</p></bio><email xlink:type="simple">magazev@omgtu.ru</email><xref ref-type="aff" rid="aff-1"/></contrib><contrib contrib-type="author" corresp="yes"><contrib-id contrib-id-type="orcid">https://orcid.org/0000-0002-6875-7216</contrib-id><name-alternatives><name name-style="eastern" xml:lang="ru"><surname>Цырульник</surname><given-names>Валерия Федоровна</given-names></name><name name-style="western" xml:lang="en"><surname>Tsyrulnik</surname><given-names>Valeriya F.</given-names></name></name-alternatives><bio xml:lang="ru"><p>аспирантка</p></bio><bio xml:lang="en"><p>postgraduate student</p></bio><email xlink:type="simple">lera.tsyrulnik@mail.ru</email><xref ref-type="aff" rid="aff-1"/></contrib></contrib-group><aff-alternatives id="aff-1"><aff xml:lang="ru"><institution>Омский государственный технический университет</institution><country>Россия</country></aff><aff xml:lang="en"><institution>Omsk State Technical University</institution><country>Russian Federation</country></aff></aff-alternatives><pub-date pub-type="collection"><year>2020</year></pub-date><pub-date pub-type="epub"><day>19</day><month>03</month><year>2020</year></pub-date><volume>27</volume><issue>1</issue><fpage>108</fpage><lpage>123</lpage><permissions><copyright-statement>Copyright &amp;#x00A9; Касенов А.А., Магазев А.А., Цырульник В.Ф., 2020</copyright-statement><copyright-year>2020</copyright-year><copyright-holder xml:lang="ru">Касенов А.А., Магазев А.А., Цырульник В.Ф.</copyright-holder><copyright-holder xml:lang="en">Kassenov A.A., Magazev A.A., Tsyrulnik V.F.</copyright-holder><license xml:lang="ru" license-type="creative-commons-attribution" xlink:href="https://creativecommons.org/licenses/by/4.0/" xlink:type="simple"><license-p>Данная работа распространяется под лицензией Creative Commons Attribution 4.0.</license-p></license><license xml:lang="en" license-type="creative-commons-attribution" xlink:href="https://creativecommons.org/licenses/by/4.0/" xlink:type="simple"><license-p>This work is licensed under a Creative Commons Attribution 4.0 License.</license-p></license></permissions><self-uri xlink:href="https://www.mais-journal.ru/jour/article/view/1292">https://www.mais-journal.ru/jour/article/view/1292</self-uri><abstract><p>В данной работе исследуется марковская модель киберугроз, действующих на компьютерную систему. В рамках данной модели компьютерная система рассматривается как система с отказами и восстанавлениями по аналогии с моделями теории надежности. Для оценки функционально-временных свойств системы мы вводим ее параметр, называемый временем жизни и определяемый как число переходов в соответствующей марковской цепи до первого попадания в финальное состояние. В силу того, что данная случайная величина играет важную роль при оценке уровня защищенности компьютерной системы, мы подробно исследуем ее распределение вероятностей в случае несовместных киберугроз; в частности, мы получаем явные аналитические формулы для ее числовых характеристик: математического ожидания и дисперсии. Затем мы существенно обобщаем рассматриваемую марковскую модель, исключив допущение о несовместности действующих на систему киберугроз. Соответствующая марковская цепь при такой модификации расширяется за счет дополнительных состояний, не меняя своей качественной структуры. Указанный факт позволил обобщить полученные ранее аналитические результаты для математического ожидания и дисперсии времени жизни на случай совместных киберугроз. В заключении работы марковская модель совместных кибеугроз используется для постановки задачи о поиске оптимальной конфигурации средств защиты информации в заданном пространстве киберугроз. Существенно, что сформулированные оптимизационные задачи принадлежат к классу задач нелинейного дискретного (булева) программирования. В заключении работы рассматривается пример, иллюстрирующий решение задачи о выборе оптимального набора средств защиты для компьютерной системы.</p></abstract><trans-abstract xml:lang="en"><p>In this work, we study a Markov model of cyber threats that act on a computer system. Within the framework of the model the computer system is considered as a system with failures and recoveries by analogy with models of reliability theory. To estimate functionally-temporal properties of the system we introduce a parameter called the lifetime of the system and defined as the number of transitions of the corresponding Markov chain until the first hit to the final state. Since this random variable plays an important role at evaluating a security level of the computer system, we investigate in detail its random distribution for the case of mutually exclusive cyber threats; in particular, we derive explicit analytical formulae for numerical characteristics of its distribution: expected value and dispersion. Then we generalize substantially the Markov model dropping the assumption that cyber threats acting on the system are mutually exclusive. This modification leads to an extended Markov chain that has (at least qualitatively) the same structure as the original chain. This fact allowed to generalize the above analytical results for the expected value and dispersion of the lifetime to the case of non-mutually exclusive cyber threats. At the end of the work the Markov model for non-mutually exclusive cyber threats is used to state a problem of finding an optimal configuration of security remedies in a given cyber threat space. It is essential that the formulated optimization problems belong to the class of non-linear discrete (Boolean) programming problems. Finally, we consider an example that illustrate the solution of the problem on selecting the optimal set of security remedies for a computer system.</p></trans-abstract><kwd-group xml:lang="ru"><kwd>киберугроза</kwd><kwd>марковская цепь</kwd><kwd>средство защиты информации</kwd><kwd>оптимизация</kwd></kwd-group><kwd-group xml:lang="en"><kwd>cyber threat</kwd><kwd>Markov chain</kwd><kwd>security remedy</kwd><kwd>optimization</kwd></kwd-group><funding-group><funding-statement xml:lang="ru">Исследование выполнено при финансовой поддержке РФФИ в рамках научного проекта № 19-37-90122.</funding-statement><funding-statement xml:lang="en">The reported study was funded by RFBR, project number 19-37-90122.</funding-statement></funding-group></article-meta></front><back><ref-list><title>References</title><ref id="cit1"><label>1</label><citation-alternatives><mixed-citation xml:lang="ru">N. Ye, Y. Zhang, and B. C.M., “Robustness of the Markov-chain model for cyber-attack detection”, IEEE Transactions on Reliability, vol. 53, no. 1, pp. 116–123, 2004.</mixed-citation><mixed-citation xml:lang="en">N. Ye, Y. Zhang, and B. C.M., “Robustness of the Markov-chain model for cyber-attack detection”, IEEE Transactions on Reliability, vol. 53, no. 1, pp. 116–123, 2004.</mixed-citation></citation-alternatives></ref><ref id="cit2"><label>2</label><citation-alternatives><mixed-citation xml:lang="ru">S. Jha, K. Tan, and R. Maxion, “Markov Chains, Classifiers, and Intrusion Detection.”, in Proc. IEEE Computer Security Foundations Workshops, vol. 1, 2001, pp. 206–219.</mixed-citation><mixed-citation xml:lang="en">S. Jha, K. Tan, and R. Maxion, “Markov Chains, Classifiers, and Intrusion Detection.”, in Proc. IEEE Computer Security Foundations Workshops, vol. 1, 2001, pp. 206–219.</mixed-citation></citation-alternatives></ref><ref id="cit3"><label>3</label><citation-alternatives><mixed-citation xml:lang="ru">A. Ahmadian Ramaki, A. Rasoolzadegan, and A. Javan Jafari, “A systematic review on intrusion detection based on the Hidden Markov Model”, Statistical Analysis and Data Mining: The ASA Data Science Journal, vol. 11, no. 3, pp. 111–134, 2018.</mixed-citation><mixed-citation xml:lang="en">A. Ahmadian Ramaki, A. Rasoolzadegan, and A. Javan Jafari, “A systematic review on intrusion detection based on the Hidden Markov Model”, Statistical Analysis and Data Mining: The ASA Data Science Journal, vol. 11, no. 3, pp. 111–134, 2018.</mixed-citation></citation-alternatives></ref><ref id="cit4"><label>4</label><citation-alternatives><mixed-citation xml:lang="ru">P. Garcia-Teodoro, J. Diaz-Verdejo, G. Macia-Fern ´ andez, and E. V ´ azquez, “Anomaly-based network ´ intrusion detection: Techniques, systems and challenges”, Computers and Security, vol. 28, no. 1-2, pp. 18–28, 2009.</mixed-citation><mixed-citation xml:lang="en">P. Garcia-Teodoro, J. Diaz-Verdejo, G. Macia-Fern ´ andez, and E. V ´ azquez, “Anomaly-based network ´ intrusion detection: Techniques, systems and challenges”, Computers and Security, vol. 28, no. 1-2, pp. 18–28, 2009.</mixed-citation></citation-alternatives></ref><ref id="cit5"><label>5</label><citation-alternatives><mixed-citation xml:lang="ru">L. Billings, W. Spears, and I. Schwartz, “A unified prediction of computer virus spread in connected networks”, Physics Letters A, vol. 297, no. 3-4, pp. 261–266, 2002.</mixed-citation><mixed-citation xml:lang="en">L. Billings, W. Spears, and I. Schwartz, “A unified prediction of computer virus spread in connected networks”, Physics Letters A, vol. 297, no. 3-4, pp. 261–266, 2002.</mixed-citation></citation-alternatives></ref><ref id="cit6"><label>6</label><citation-alternatives><mixed-citation xml:lang="ru">A. Boyko, “Sposob analiticheskogo modelirovaniya protsessa rasprostraneniya virusov v komp’yuternykh setyakh razlichnoy struktury”, Trudy SPIIRAN, vol. 5, no. 42, pp. 196–211, 2015.</mixed-citation><mixed-citation xml:lang="en">A. Boyko, “Sposob analiticheskogo modelirovaniya protsessa rasprostraneniya virusov v komp’yuternykh setyakh razlichnoy struktury”, Trudy SPIIRAN, vol. 5, no. 42, pp. 196–211, 2015.</mixed-citation></citation-alternatives></ref><ref id="cit7"><label>7</label><citation-alternatives><mixed-citation xml:lang="ru">Y. Dalinger, D. Babanin, and B. S.M., “Matematicheskie modeli rasprostraneniya virusov v komp’yuternykh setyakh razlichnoy struktury”, Informatika i sistemy upravleniya, no. 4, pp. 25–33, 2012.</mixed-citation><mixed-citation xml:lang="en">Y. Dalinger, D. Babanin, and B. S.M., “Matematicheskie modeli rasprostraneniya virusov v komp’yuternykh setyakh razlichnoy struktury”, Informatika i sistemy upravleniya, no. 4, pp. 25–33, 2012.</mixed-citation></citation-alternatives></ref><ref id="cit8"><label>8</label><citation-alternatives><mixed-citation xml:lang="ru">A. Del Rey, “Mathematical modeling of the propagation of malware: a review”, Security and Communication Networks, vol. 8, no. 15, pp. 2561–2579, 2015.</mixed-citation><mixed-citation xml:lang="en">A. Del Rey, “Mathematical modeling of the propagation of malware: a review”, Security and Communication Networks, vol. 8, no. 15, pp. 2561–2579, 2015.</mixed-citation></citation-alternatives></ref><ref id="cit9"><label>9</label><citation-alternatives><mixed-citation xml:lang="ru">M. Yang, R. Jiang, T. Gao, W. Xie, and J. Wang, “Research on Cloud Computing Security Risk Assessment Based on Information Entropy and Markov Chain.”, I. J. Network Security, vol. 20, no. 4, p. 664–673, 2018.</mixed-citation><mixed-citation xml:lang="en">M. Yang, R. Jiang, T. Gao, W. Xie, and J. Wang, “Research on Cloud Computing Security Risk Assessment Based on Information Entropy and Markov Chain.”, I. J. Network Security, vol. 20, no. 4, p. 664–673, 2018.</mixed-citation></citation-alternatives></ref><ref id="cit10"><label>10</label><citation-alternatives><mixed-citation xml:lang="ru">C. Xiaolin, T. Xiaobin, Z. Yong, and X. Hongsheng, “A Markov game theory-based risk assessment model for network information system”, in International Conference on Computer Science and Software Engineering, China, IEEE, vol. 3, 2008, pp. 1057–1061.</mixed-citation><mixed-citation xml:lang="en">C. Xiaolin, T. Xiaobin, Z. Yong, and X. Hongsheng, “A Markov game theory-based risk assessment model for network information system”, in International Conference on Computer Science and Software Engineering, China, IEEE, vol. 3, 2008, pp. 1057–1061.</mixed-citation></citation-alternatives></ref><ref id="cit11"><label>11</label><citation-alternatives><mixed-citation xml:lang="ru">H. Orojloo and M. Azgomi, “A method for modeling and evaluation of the security of cyber-physical systems”, in 11th International ISC Conference on Information Security and Cryptology, Iran, IEEE, 2014, pp. 131–136.</mixed-citation><mixed-citation xml:lang="en">H. Orojloo and M. Azgomi, “A method for modeling and evaluation of the security of cyber-physical systems”, in 11th International ISC Conference on Information Security and Cryptology, Iran, IEEE, 2014, pp. 131–136.</mixed-citation></citation-alternatives></ref><ref id="cit12"><label>12</label><citation-alternatives><mixed-citation xml:lang="ru">J. Almasizadeh and M. Azgomi, “A stochastic model of attack process for the evaluation of security metrics”, Computer Networks, vol. 57, no. 10, pp. 2159–2180, 2013.</mixed-citation><mixed-citation xml:lang="en">J. Almasizadeh and M. Azgomi, “A stochastic model of attack process for the evaluation of security metrics”, Computer Networks, vol. 57, no. 10, pp. 2159–2180, 2013.</mixed-citation></citation-alternatives></ref><ref id="cit13"><label>13</label><citation-alternatives><mixed-citation xml:lang="ru">K. Shcheglov and A. Shcheglov, “Markovskie modeli ugrozy bezopasnosti informatsionnoy sistemy”, Izvestiya vysshikh uchebnykh zavedeniy. Priborostroenie, vol. 58, no. 12, pp. 957–965, 2015.</mixed-citation><mixed-citation xml:lang="en">K. Shcheglov and A. Shcheglov, “Markovskie modeli ugrozy bezopasnosti informatsionnoy sistemy”, Izvestiya vysshikh uchebnykh zavedeniy. Priborostroenie, vol. 58, no. 12, pp. 957–965, 2015.</mixed-citation></citation-alternatives></ref><ref id="cit14"><label>14</label><citation-alternatives><mixed-citation xml:lang="ru">A. Rosenko, “Matematicheskoe modelirovanie vliyaniya vnutrennikh ugroz na bezopasnost’ konfidentsial’noy informatsii, tsirkuliruyushchey v avtomatizirovannoy informatsionnoy sisteme”, Izvestiya Yuzhnogo federal’nogo universiteta. Tekhnicheskie nauki, vol. 85, no. 8, pp. 71–81, 2008.</mixed-citation><mixed-citation xml:lang="en">A. Rosenko, “Matematicheskoe modelirovanie vliyaniya vnutrennikh ugroz na bezopasnost’ konfidentsial’noy informatsii, tsirkuliruyushchey v avtomatizirovannoy informatsionnoy sisteme”, Izvestiya Yuzhnogo federal’nogo universiteta. Tekhnicheskie nauki, vol. 85, no. 8, pp. 71–81, 2008.</mixed-citation></citation-alternatives></ref><ref id="cit15"><label>15</label><citation-alternatives><mixed-citation xml:lang="ru">A. Magazev and V. Tsyrulnik, “Investigation of a Markov Model for Computer System Security reats”, Automatic Control and Computer Sciences, vol. 52, no. 7, pp. 615–624, 2018.</mixed-citation><mixed-citation xml:lang="en">A. Magazev and V. Tsyrulnik, “Investigation of a Markov Model for Computer System Security reats”, Automatic Control and Computer Sciences, vol. 52, no. 7, pp. 615–624, 2018.</mixed-citation></citation-alternatives></ref><ref id="cit16"><label>16</label><citation-alternatives><mixed-citation xml:lang="ru">A. Magazev and V. Tsyrulnik, “Optimizing the selection of information security remedies in terms of a Markov security model”, in Journal of Physics: Conference Series, vol. 1096, 2018, p. 012 160.</mixed-citation><mixed-citation xml:lang="en">A. Magazev and V. Tsyrulnik, “Optimizing the selection of information security remedies in terms of a Markov security model”, in Journal of Physics: Conference Series, vol. 1096, 2018, p. 012 160.</mixed-citation></citation-alternatives></ref><ref id="cit17"><label>17</label><citation-alternatives><mixed-citation xml:lang="ru">D. Shirtz and Y. Elovici, “Optimizing investment decisions in selecting information security remedies”, Information Management and Computer Security, vol. 19, no. 2, pp. 95–112, 2011.</mixed-citation><mixed-citation xml:lang="en">D. Shirtz and Y. Elovici, “Optimizing investment decisions in selecting information security remedies”, Information Management and Computer Security, vol. 19, no. 2, pp. 95–112, 2011.</mixed-citation></citation-alternatives></ref><ref id="cit18"><label>18</label><citation-alternatives><mixed-citation xml:lang="ru">P. A.P., Y. Brychkov, and M. O.I., Integrals and series: Elementary functions. Gordon&amp;Breach Sci. Publ., New York, 1986, vol. 1.</mixed-citation><mixed-citation xml:lang="en">P. A.P., Y. Brychkov, and M. O.I., Integrals and series: Elementary functions. Gordon&amp;Breach Sci. Publ., New York, 1986, vol. 1.</mixed-citation></citation-alternatives></ref><ref id="cit19"><label>19</label><citation-alternatives><mixed-citation xml:lang="ru">W. Feller, An introduction to probability theory and its applications. John Wiley &amp; Sons Inc, 1968, vol. 1, 528 pp.</mixed-citation><mixed-citation xml:lang="en">W. Feller, An introduction to probability theory and its applications. John Wiley &amp; Sons Inc, 1968, vol. 1, 528 pp.</mixed-citation></citation-alternatives></ref><ref id="cit20"><label>20</label><citation-alternatives><mixed-citation xml:lang="ru">A. e. a. Ovchinnikov, “Matematicheskaya model’ optimal’nogo vybora sredstv zashchity ot ugroz bezopasnosti vychislitel’noy seti predpriyatiya”, Vestnik Moskovskogo gosudarstvennogo tekhnicheskogo universiteta im. N. E. Baumana. Ser. “Priborostroenie”, no. 3, pp. 115–121, 2007.</mixed-citation><mixed-citation xml:lang="en">A. e. a. Ovchinnikov, “Matematicheskaya model’ optimal’nogo vybora sredstv zashchity ot ugroz bezopasnosti vychislitel’noy seti predpriyatiya”, Vestnik Moskovskogo gosudarstvennogo tekhnicheskogo universiteta im. N. E. Baumana. Ser. “Priborostroenie”, no. 3, pp. 115–121, 2007.</mixed-citation></citation-alternatives></ref><ref id="cit21"><label>21</label><citation-alternatives><mixed-citation xml:lang="ru">M. Kovalev, Diskretnaya optimizatsiya (tselochislennoe programmirovanie), 2-e izd., stereotipnoe. Editorial URSS, 2003, 192 pp.</mixed-citation><mixed-citation xml:lang="en">M. Kovalev, Diskretnaya optimizatsiya (tselochislennoe programmirovanie), 2-e izd., stereotipnoe. Editorial URSS, 2003, 192 pp.</mixed-citation></citation-alternatives></ref><ref id="cit22"><label>22</label><citation-alternatives><mixed-citation xml:lang="ru">Beshelev, S.D., and F. Gurvich, Matematiko-statisticheskie metody ekspertnykh otsenok. 1980, 263 pp.</mixed-citation><mixed-citation xml:lang="en">Beshelev, S.D., and F. Gurvich, Matematiko-statisticheskie metody ekspertnykh otsenok. 1980, 263 pp.</mixed-citation></citation-alternatives></ref></ref-list><fn-group><fn fn-type="conflict"><p>The authors declare that there are no conflicts of interest present.</p></fn></fn-group></back></article>
