<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE article PUBLIC "-//NLM//DTD JATS (Z39.96) Journal Publishing DTD v1.3 20210610//EN" "JATS-journalpublishing1-3.dtd">
<article article-type="research-article" dtd-version="1.3" xmlns:mml="http://www.w3.org/1998/Math/MathML" xmlns:xlink="http://www.w3.org/1999/xlink" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xml:lang="ru"><front><journal-meta><journal-id journal-id-type="publisher-id">mais</journal-id><journal-title-group><journal-title xml:lang="ru">Моделирование и анализ информационных систем</journal-title><trans-title-group xml:lang="en"><trans-title>Modeling and Analysis of Information Systems</trans-title></trans-title-group></journal-title-group><issn pub-type="ppub">1818-1015</issn><issn pub-type="epub">2313-5417</issn><publisher><publisher-name>Yaroslavl State University</publisher-name></publisher></journal-meta><article-meta><article-id pub-id-type="doi">10.18255/1818-1015-2017-4-445-458</article-id><article-id custom-type="elpub" pub-id-type="custom">mais-534</article-id><article-categories><subj-group subj-group-type="heading"><subject>Research Article</subject></subj-group><subj-group subj-group-type="section-heading" xml:lang="ru"><subject>Оригинальные статьи</subject></subj-group><subj-group subj-group-type="section-heading" xml:lang="en"><subject>Articles</subject></subj-group></article-categories><title-group><article-title>Исследование одной марковской модели угроз безопасности компьютерных систем</article-title><trans-title-group xml:lang="en"><trans-title>Investigation of a Markov Model for Computer System Security Threats</trans-title></trans-title-group></title-group><contrib-group><contrib contrib-type="author" corresp="yes"><contrib-id contrib-id-type="orcid">https://orcid.org/0000-0002-8725-9183</contrib-id><name-alternatives><name name-style="eastern" xml:lang="ru"><surname>Магазев</surname><given-names>Алексей Анатольевич</given-names></name><name name-style="western" xml:lang="en"><surname>Magazev</surname><given-names>Alexey A. A.</given-names></name></name-alternatives><bio xml:lang="ru"><p>канд. физ-мат. наук, доцент</p></bio><bio xml:lang="en"><p>PhD</p></bio><email xlink:type="simple">magazev@mail.ru</email><xref ref-type="aff" rid="aff-1"/></contrib><contrib contrib-type="author" corresp="yes"><contrib-id contrib-id-type="orcid">https://orcid.org/0000-0002-6875-7216</contrib-id><name-alternatives><name name-style="eastern" xml:lang="ru"><surname>Цырульник</surname><given-names>Валерия Федоровна</given-names></name><name name-style="western" xml:lang="en"><surname>Tsyrulnik</surname><given-names>Valeria F.</given-names></name></name-alternatives><bio xml:lang="ru"><p>студентка</p></bio><bio xml:lang="en"><p>student</p></bio><email xlink:type="simple">lera.tsyrulnik@mail.ru</email><xref ref-type="aff" rid="aff-1"/></contrib></contrib-group><aff-alternatives id="aff-1"><aff xml:lang="ru"><institution>Омский государственный технический университет</institution><country>Россия</country></aff><aff xml:lang="en"><institution>Omsk State Technical University</institution><country>Russian Federation</country></aff></aff-alternatives><pub-date pub-type="collection"><year>2017</year></pub-date><pub-date pub-type="epub"><day>31</day><month>08</month><year>2017</year></pub-date><volume>24</volume><issue>4</issue><fpage>445</fpage><lpage>458</lpage><permissions><copyright-statement>Copyright &amp;#x00A9; Магазев А.А., Цырульник В.Ф., 2017</copyright-statement><copyright-year>2017</copyright-year><copyright-holder xml:lang="ru">Магазев А.А., Цырульник В.Ф.</copyright-holder><copyright-holder xml:lang="en">Magazev A.A., Tsyrulnik V.F.</copyright-holder><license xml:lang="ru" license-type="creative-commons-attribution" xlink:href="https://creativecommons.org/licenses/by/4.0/" xlink:type="simple"><license-p>Данная работа распространяется под лицензией Creative Commons Attribution 4.0.</license-p></license><license xml:lang="en" license-type="creative-commons-attribution" xlink:href="https://creativecommons.org/licenses/by/4.0/" xlink:type="simple"><license-p>This work is licensed under a Creative Commons Attribution 4.0 License.</license-p></license></permissions><self-uri xlink:href="https://www.mais-journal.ru/jour/article/view/534">https://www.mais-journal.ru/jour/article/view/534</self-uri><abstract><p>В настоящей работе исследуется модель угроз безопасности компьютерных систем, формулируемая на языке марковских процессов. В рамках данной модели функционирование компьютерной системы рассматривается как последовательность отказов и восстановлений, возникающих вследствие воздействия на систему угроз информационной безопасности. Приведено подробное описание модели: получены явные аналитические формулы для вероятностей состояний компьютерной системы в произвольный момент времени, обсуждаются некоторые предельные случаи и анализируется динамика системы на больших временах. Отдельно исследуется зависимость вероятности безопасного состояния (т.е. состояния, в котором угрозы отсутствуют) от вероятностей угроз. В частности, показано, что указанная зависимость качественно различается для четных и нечетных моментов времени. Например, в случае одной угрозы вероятность безопасного состояния в четные моменты времени зависит от вероятности угрозы не монотонно, имея, по крайней мере, один локальный минимум в своей области определения. Эта особенность представляется нам важной, так как ее учет позволяет выявить наиболее «опасные» области угроз, при которых вероятность обнаружения системы в безопасном состоянии может оказаться ниже допустимого уровня. В заключение вводится важная характеристика модели — время релаксации, и с ее помощью конструируется допустимая область значений параметров защиты системы. </p></abstract><trans-abstract xml:lang="en"><p>In this work, a model for computer system security threats formulated in terms of Markov processes is investigated. In the framework of this model the functioning of the computer system is considered as a sequence of failures and recovery actions which appear as results of information security threats acting on the system. We provide a detailed description of the model: the explicit analytical formulas for the probabilities of computer system states at any arbitrary moment of time are derived, some limiting cases are discussed, and the long-run dynamics of the system is analysed. The dependence of the security state probability (i.e. the state for which threats are absent) on the probabilities of threats is separately investigated. In particular, it is shown that this dependence is qualitatively different for odd and even moments of time. For instance, in the case of one threat the security state probability demonstrates non-monotonic dependence on the probability of threat at even moments of time; this function admits at least one local minimum in its domain of definition. It is believed that the mentioned feature is important because it allows to locate the most dangerous areas of threats where the security state probability can be lower then the permissible level. Finally, we introduce an important characteristic of the model, called the relaxation time, by means of which we construct the permitting domain of the security parameters. Also the prospects of the received results application to the problem of finding the optimal values of the security parameters is discussed.</p></trans-abstract><kwd-group xml:lang="ru"><kwd>компьютерная система</kwd><kwd>угроза безопасности</kwd><kwd>марковский процесс</kwd></kwd-group><kwd-group xml:lang="en"><kwd>computer system</kwd><kwd>security threat</kwd><kwd>Markov process</kwd></kwd-group></article-meta></front><back><ref-list><title>References</title><ref id="cit1"><label>1</label><citation-alternatives><mixed-citation xml:lang="ru">Ye N. et al., “Robustness of the Markov-Chain Model for Cyber-Attack Detection”, IEEE Transactions on Reliability, 53:1 (2004), 116–123.</mixed-citation><mixed-citation xml:lang="en">Ye N. et al., “Robustness of the Markov-Chain Model for Cyber-Attack Detection”, IEEE Transactions on Reliability, 53:1 (2004), 116–123.</mixed-citation></citation-alternatives></ref><ref id="cit2"><label>2</label><citation-alternatives><mixed-citation xml:lang="ru">Fava D. et al., “Projecting Cyberattacks through Variable-Length Markov Models”, IEEE Transactions on Information Forensics and Security, 3:3 (2008), 359–369.</mixed-citation><mixed-citation xml:lang="en">Fava D. et al., “Projecting Cyberattacks through Variable-Length Markov Models”, IEEE Transactions on Information Forensics and Security, 3:3 (2008), 359–369.</mixed-citation></citation-alternatives></ref><ref id="cit3"><label>3</label><citation-alternatives><mixed-citation xml:lang="ru">Pi´etre-Cambac´ed`es L., Bouissou M., “Beyond Attack Trees: Dynamic Security Modeling with Boolean Logic Driven Markov Processes (BDMP)”, Proceedings of the 2010 European Dependable Computing Conference, IEEE Computer Society, 2010, 199–208.</mixed-citation><mixed-citation xml:lang="en">Pi´etre-Cambac´ed`es L., Bouissou M., “Beyond Attack Trees: Dynamic Security Modeling with Boolean Logic Driven Markov Processes (BDMP)”, Proceedings of the 2010 European Dependable Computing Conference, IEEE Computer Society, 2010, 199–208.</mixed-citation></citation-alternatives></ref><ref id="cit4"><label>4</label><citation-alternatives><mixed-citation xml:lang="ru">Далингер Я. М. и др., “Математические модели распространения вирусов в компьютерных сетях различной структуры”, Информатика и системы управления, 2011, № 4, 3–11</mixed-citation><mixed-citation xml:lang="en">Dalinger Ya. M. et al., “The mathematical models of the spreading of viruses in computer networks with the diferent structures”, Information Science and Control Systems, 2011, № 4, 3–11, (in Russian)</mixed-citation></citation-alternatives></ref><ref id="cit5"><label>5</label><citation-alternatives><mixed-citation xml:lang="ru">Ye N., “A Markov Chain Model of Temporal Behavior for Anomaly Detection”, Proceeding on the 2000 IEEE Systems, Man, and Cybern. Information Assurance and Security Workshop, IEEE Computer Society, 2000, 171–174.</mixed-citation><mixed-citation xml:lang="en">Ye N., “A Markov Chain Model of Temporal Behavior for Anomaly Detection”, Proceeding on the 2000 IEEE Systems, Man, and Cybern. Information Assurance and Security Workshop, IEEE Computer Society, 2000, 171–174.</mixed-citation></citation-alternatives></ref><ref id="cit6"><label>6</label><citation-alternatives><mixed-citation xml:lang="ru">Kovalev S. M., Sukhanov A. V., “Anomaly detection based on Markov chain model with production rules”, Software and Systems, 107:3 (2014), 40–43.</mixed-citation><mixed-citation xml:lang="en">Kovalev S. M., Sukhanov A. V., “Anomaly detection based on Markov chain model with production rules”, Software and Systems, 107:3 (2014), 40–43.</mixed-citation></citation-alternatives></ref><ref id="cit7"><label>7</label><citation-alternatives><mixed-citation xml:lang="ru">Богатырев В. А. и др., “Оптимизация интервалов проверки информационной безопасности систем”, Научно-технический вестник информационных технологий, механики и оптики, 2014, № 5 (93), 119–125</mixed-citation><mixed-citation xml:lang="en">Bogatyrev V. A. et al., “Intervals optimization of systems information security inspection”, Scientific and Technical Journal of Information Technologies, Mechanics and Optics, 2014, № 5 (93), 119–125, (in Russian)</mixed-citation></citation-alternatives></ref><ref id="cit8"><label>8</label><citation-alternatives><mixed-citation xml:lang="ru">Щеглов К. А. и др., “Математические модели эксплуатационной информационной безопасности”, Вопросы защиты информации, 2014, № 3, 52–65</mixed-citation><mixed-citation xml:lang="en">Shcheglov K. A. et al., “Mathematical models of operational information security”, Information security questions, 2014, № 3, 52–65, (in Russian)</mixed-citation></citation-alternatives></ref><ref id="cit9"><label>9</label><citation-alternatives><mixed-citation xml:lang="ru">Vobbilisetty R. et al., “Classic Cryptanalysis Using Hidden Markov Models”, Cryptologia, 41:1, 1–28.</mixed-citation><mixed-citation xml:lang="en">Vobbilisetty R. et al., “Classic Cryptanalysis Using Hidden Markov Models”, Cryptologia, 41:1, 1–28.</mixed-citation></citation-alternatives></ref><ref id="cit10"><label>10</label><citation-alternatives><mixed-citation xml:lang="ru">Austin T. H. et al., “Exploring Hidden Markov Models for Virus Analysis: a Semantic Approach”, Proceedings of the 2013 46th Hawaii International Conference on System Sciences, IEEE Computer Society, 2013, 5039–5048.</mixed-citation><mixed-citation xml:lang="en">Austin T. H. et al., “Exploring Hidden Markov Models for Virus Analysis: a Semantic Approach”, Proceedings of the 2013 46th Hawaii International Conference on System Sciences, IEEE Computer Society, 2013, 5039–5048.</mixed-citation></citation-alternatives></ref><ref id="cit11"><label>11</label><citation-alternatives><mixed-citation xml:lang="ru">Клименко Е. С., Росенко А. П., “Марковская модель оценки влияния внутренних угроз на безопасность конфиденциальной информации”, Известия ЮФУ. Технические науки, 2007, № 4(76), 123–126</mixed-citation><mixed-citation xml:lang="en">Klimenko E. S., Rosenko A. P., “Markovskaya model otsenki vliyaniya vnutrennikh ugroz na bezopasnost konfidentsialnoy informatsii”, Izvestiya SFedU. Engineering Sciences, 2007, № 4(76), 123–126, (in Russian)</mixed-citation></citation-alternatives></ref><ref id="cit12"><label>12</label><citation-alternatives><mixed-citation xml:lang="ru">Росенко А. П., “Математическое моделирование влияния внутренних угроз на безопасность конфиденциальной информации, циркулирующей в автоматизированной информационной системе”, Известия ЮФУ. Технические науки, 2008, № 8(85), 71–81</mixed-citation><mixed-citation xml:lang="en">Rosenko A. P., “Mathematical Modelling of Internal Threats on Safety of the Confidential Information Circulating in Automated Information System Availability”, Izvestiya SFedU. Engineering Sciences, 2008, № 8(85), 71–81, (in Russian)</mixed-citation></citation-alternatives></ref><ref id="cit13"><label>13</label><citation-alternatives><mixed-citation xml:lang="ru">Щеглов К. А., Щеглов А.Ю., “Марковские модели угрозы безопасности информационной системы”, Известия высших учебных заведений. Приборостроение, 58:12 (2015), 957–965</mixed-citation><mixed-citation xml:lang="en">Shcheglov K. A., Shcheglov A. Yu., “Markov models for informational system security threat”, Izvestiya Vysshikh Uchebnykh Zavedeniy. Priborostroenie, 58:12 (2015), 957–965, (in Russian)</mixed-citation></citation-alternatives></ref><ref id="cit14"><label>14</label><citation-alternatives><mixed-citation xml:lang="ru">Щеглов К. А., Щеглов А.Ю., “Моделирование угрозы безопасности информационной системы с использованием аппроксимирующих функций”, Известия высших учебных заведений. Приборостроение, 59:1 (2016), 50–59;</mixed-citation><mixed-citation xml:lang="en">Shcheglov K. A., Shcheglov A. Yu., “Modeling of information system security threat using approximating functions”, Izvestiya Vysshikh Uchebnykh Zavedeniy. Priborostroenie, 59:1 (2016), 50–59, (in Russian).</mixed-citation></citation-alternatives></ref><ref id="cit15"><label>15</label><citation-alternatives><mixed-citation xml:lang="ru">Беляев Ю. К. и др., Математические методы в теории надежности, Наука, 1963, 524 с.</mixed-citation><mixed-citation xml:lang="en">Gnedenko B. V. et al., Mathematical Methods of Reliability Theory, Academic Press, 1969, 503 pp.</mixed-citation></citation-alternatives></ref><ref id="cit16"><label>16</label><citation-alternatives><mixed-citation xml:lang="ru">Rausand M, Hoyland A., System Reliability Theory: Models, Statistical Methods, and Applications, John Wiley &amp; Sons, 2004, 664 pp.</mixed-citation><mixed-citation xml:lang="en">Rausand M, Hoyland A., System Reliability Theory: Models, Statistical Methods, and Applications, John Wiley &amp; Sons, 2004, 664 pp.</mixed-citation></citation-alternatives></ref><ref id="cit17"><label>17</label><citation-alternatives><mixed-citation xml:lang="ru">Овчинников А. И. и др., “Математическая модель оптимального выбора средств защиты от угроз безопасности вычислительной сети предприятия”, Вестник Московского государственного технического университета им. Н.Э. Баумана. Серия «Приборостроение», 2007, № 3, 115–121</mixed-citation><mixed-citation xml:lang="en">Ovchinnikov A. I. et al., “Mathematical Model of Optimal Selection of Aids of Protection Against Threats for Safety of Enterprise Computer Network”, Herald of the Bauman Moscow State Technical University. Series Instrument Engineering, 2007, № 3, 115–121, (in Russian)</mixed-citation></citation-alternatives></ref><ref id="cit18"><label>18</label><citation-alternatives><mixed-citation xml:lang="ru">Завгородний В. И., “Системное управление информационными рисками. Выбор механизмов защиты”, Проблемы управления, 2009, № 1, 53–58</mixed-citation><mixed-citation xml:lang="en">Zavgorodniy V. I., “System management of information risks: choice of mechanisms for protection against information risks”, Problemy Upravleniya, 2009, № 1, 53–58, (in Russian)</mixed-citation></citation-alternatives></ref><ref id="cit19"><label>19</label><citation-alternatives><mixed-citation xml:lang="ru">Юдин Д. Б., Гольштейн Е. Г., Линейное программирование. Теория, методы и приложения, Наука, 1969, 424 с.</mixed-citation><mixed-citation xml:lang="en">Yudin D. B., Gol’shteyn E. G., Lineynoe programmirovanie. Teoriya, metody i prilozheniya, Nauka, 1969, 424 pp., (in Russian)</mixed-citation></citation-alternatives></ref></ref-list><fn-group><fn fn-type="conflict"><p>The authors declare that there are no conflicts of interest present.</p></fn></fn-group></back></article>
