scholarly journals Prevention of Information Security Incidents in Automated Information System

2020 ◽  
pp. 45-51
Author(s):  
Igor Butusov ◽  
◽  
Aleksandr Romanov ◽  
Keyword(s):  
Information System ◽  
Information Security ◽  
Theoretical Computer Science ◽  
Structured Data ◽  
Fuzzy Information ◽  
Security Incident ◽  
Automated Information System ◽  
Computer Attacks ◽  
Stored Information ◽  
Security Incidents

The purpose of the article is to support the processes of preventing information security incidents in conditions of high uncertainty. Method: methods of mathematical (theoretical) computer science and fuzzy set theory. Result: an information security Incident, including a computer incident, is considered as a violation or termination of the functioning of an automated information system and (or) a violation of information stored and processed in this system, including those caused by a computer attack. Information descriptions are presented in the form of structured data about signs of computer attacks. Structured data is the final sequence of strings of symbols in a formal language. The Damerau-Levenstein editorial rule is proposed as a metric for measuring the distance between strings of characters from a particular alphabet. The possibility of presenting the semantics of information descriptions of attack features in the form of fuzzy sets is proved. Thresholds (degrees) of separation of fuzzy information descriptions are defined. The influence of semantic certainty of information descriptions of features (degrees of blurring of fuzzy information descriptions) on the decision-making about their identity (similarity) is evaluated. It is shown that the semantic component of information descriptions of signs of computer attacks presupposes the presence of some semantic metric (for its measurement and interpretation), which, as a rule, is formally poorly defined, ambiguously interpreted and characterized by uncertainty of the type of fuzziness, the presence of semantic information and the inability to directly apply a probabilistic measure to determine the degree of similarity of input and stored information descriptions of signs. An approach is proposed to identify fuzzy information descriptions of computer attacks and to apply methods for separating elements of reference sets on which these information descriptions are defined. It is shown that the results of the procedure for identifying fuzzy information descriptions of computer attacks depend on the degree of separation of the reference sets and on the indicators of semantic uncertainty of these descriptions

scholarly journals Formation of multilevel system to counteract computer attacks

2020 ◽  
Author(s):  
Vladimir Minaev ◽  
Vyacheslav Koryachko ◽  
Konstantin Bondar
Keyword(s):  
Information Security ◽  
Human Resources ◽  
Optimal Allocation ◽  
Human Resources Management ◽  
Target Function ◽  
Main Idea ◽  
Main Trend ◽  
Security Incident ◽  
Stationary Flows ◽  
Computer Attacks

The main trend relating to state structures and large corporations is to build Information Security Monitoring Centers the key elements of which being SIEM-systems and SOC-Centers. Speaking about SOC-Centers the task of human resources optimal allocation among information security incident reporting lines taking into consideration staff competency and line capacity seems to be urgent. This task is solved in the article given. In general, the formulation of the task presented means the functioning of SOC-Center as a new mathematical model making use of “input – resources – output” terms. The target function of SOC-Center is built in an assumption of stationarity and independency of service reporting lines as a sum of their target functions. The main idea of human resources management in this case is the aspiration to achieve maximum significance of SOC-Center system aim, i.e. its general target function when organizing the fight with computer attacks. The problem was solved by Lagrange multiplier method. The expressions for optimal allocation of human resources on SOC-center service lines leading to maximum processing of message flow related to computer attacks have been received. The conclusion about this model being useful for transferring from stationary flows to their dynamic changes in SOC-Center resource provision including new different critical situations in computer system has been made.

RESEARCH OF IRP SYSTEMS BASED ON THE ANALYSIS OF MECHANISMS OF RESPONSE TO INFORMATION SECURITY INCIDENTS

2021 ◽  
Vol 53 (1) ◽  
pp. 74-82
Author(s):  
ANDREY R. OCHEREDKO ◽  
◽  
DMITRIY A. BACHMANOV ◽  
MICHAEL M. PUTYATO ◽  
ALEXANDER S. MAKARYAN ◽  
...  
Keyword(s):  
Information Security ◽  
Software Implementation ◽  
Incident Response ◽  
Security Incident ◽  
Expert Opinions ◽  
Python Language ◽  
Phishing Attacks ◽  
Comparison Results ◽  
Response Systems ◽  
Security Incidents

The article discusses the features and functions of information security incident response systems. The analysis of modern IRP solutions is presented and the process of responding to typical incidents in systems of this class is described. Based on expert opinions, a list of criteria was formed, which were divided into groups by areas of functional responsibility for further comparison of the work of IRP systems. The assessment of the main and additional characteristics of IRP-systems was carried out using the formed criterion groups. The analysis of the comparison results showed that the most promising solutions are R-Vision IRP, IBM Resilient IRP and open-source solution - The Hive. The algorithm of the module for preventing phishing attacks was developed and presented, the software implementation of which was made using the Python language. As part of the integration capabilities of The Hive, a custom response function was implemented that not only potentially improved the system's performance in preventing phishing attacks, but also increased employee awareness of this threat. The result is an IRP system with personal flexible customization of individual elements and is the basis for the formation of the Security Center (SOC), which will bring the information security of organizations to a new level.

scholarly journals One of the main functions of an information security system is the identification of any access subject to be able to investigate information security incidents. During executing procedures of scanning and vulnerability exploitation, qualified adversaries

2018 ◽  
Vol 6 (61) ◽  
pp. 147-171 ◽  
Author(s):  
Andrey Iskhakov ◽  
Anastasia Iskhakova ◽  
Roman Meshcheryakov ◽  
Reda Bendraou ◽  
Olga Melekhova
Keyword(s):  
Information Security ◽  
Data Entry ◽  
Main Idea ◽  
Security System ◽  
Practical Implementation ◽  
Data Layout ◽  
Statistical Parameters ◽  
Security Incident ◽  
Universal Instrument ◽  
Security Incidents

One of the main functions of an information security system is the identification of any access subject to be able to investigate information security incidents. During executing procedures of scanning and vulnerability exploitation, qualified adversaries regularly change identifying features. Such operations can not only obfuscate logging the data in subsystems, thus, complicating the restoring of events chronology for an information security expert but also call into question the irrefutability of the evidence of participation of particular adversary to particular illegal operations. In the paper analyses of application of modern approaches of adversary identification in web resources, which does not require authentification of main part of users, is given (fingerprinting, analysis of behavioral features). Along with widely used in web analytics “thermal maps”, user adapted profile and computer model of dynamics of “user-mouse” system, authors offer to identify the subjects of information security incident in readily available informational resources of the Internet. The main idea of the prospective approach consists of the following: when a thermal map is built, not only the density of data layout should be considered but also statistical parameters should be defined by an expert (the distance of intensity gradient, distance overlap, etc.). The authors also offer to consider the dynamics of user operations (e.g. calculation of the average duration of data entry into interactive elements). A description of each step of an appropriate technique and also information on its practical implementation are given. Robustness of the given approach is confirmed by a practical experiment. The offered technique is not a universal instrument of adversary identification . Only manual targeted attacks are considered, the cURL tools etc. used by adversaries are not taken into account. Therefore, it is recommended to use this technique exclusively in addition to working protective systems (WAF, IPS, IDS).

scholarly journals A CLUSTERING METHOD FOR IDENTIFYING FILE IMPACTS BASED ON THE K-MEANS ALGORITHM USED IN INFORMATION SECURITY INCIDENTS INVESTIGATION

2020 ◽  
Vol 20 (1) ◽  
pp. 34-47
Author(s):  
R. V. Gibilinda ◽  
Keyword(s):  
Information Security ◽  
Clustering Method ◽  
Volume Changes ◽  
Cluster Number ◽  
Security Incident ◽  
Incident Investigation ◽  
Group Data ◽  
Speed Up ◽  
Security Incidents ◽  
Optimal Cluster

The article presents a clustering method for identifying file impacts used in information se-curity incidents investigation. The proposed method is based on application of k-means cluster-ization algorithm with adapted automatic optimal cluster number determination algorithm. Precisely defined clusters amount allows to group data to describe file impacts. The article dis-cusses preparation process of input data obtained from $UsnJrnl volume changes log records, as well as the algorithm for identifying complex file impacts based on the search for relation-ships between clusters. The proposed clustering method has a pronounced automated charac-ter, which allows a specialist that carries out an information security incident investigation to speed up the process of identifying and eliminating the consequences of an incide

General Concepts for the Creation of a National Automated Information System for Policlinical Services

1975 ◽  
Vol 14 (01) ◽  
pp. 25-28
Author(s):  
N. G. Tutuenkov ◽  
L. N. Kotchev ◽  
K. R. Rashkova ◽  
V. P. Kelbetcheva
Keyword(s):  
Information System ◽  
Automated Information System ◽  
The Creation

The authors present a system which is designed to cover statistically the roughly 50 million policlinical services rendered annually in Bulgaria, for the purpose of planning and as proof of the activities in this field. The principle underlying the system was tested in the region of Plovdiv.

MANAGEMENT OF THE SUCCESS OF STUDENT’S LEARNING BASED ON THE MARKOV MODEL

2018 ◽  
pp. 4-11
Author(s):  
M. V. Noskov ◽  
M. V. Somova ◽  
I. M. Fedotova
Keyword(s):  
Information System ◽  
Markov Process ◽  
Continuous Time ◽  
Information Technologies ◽  
Educational Process ◽  
Automated Information System ◽  
The Subject ◽  
The University ◽  
Independent Work ◽  
Near Future

The article proposes a model for forecasting the success of student’s learning. The model is a Markov process with continuous time, such as the process of “death and reproduction”. As the parameters of the process, the intensities of the processes of obtaining and assimilating information are offered, and the intensity of the process of assimilating information takes into account the attitude of the student to the subject being studied. As a result of applying the model, it is possible for each student to determine the probability of a given formation of ownership of the material being studied in the near future. Thus, in the presence of an automated information system of the university, the implementation of the model is an element of the decision support system by all participants in the educational process. The examples given in the article are the results of an experiment conducted at the Institute of Space and Information Technologies of Siberian Federal University under conditions of blended learning, that is, under conditions when classroom work is accompanied by independent work with electronic resources.

AUTOMATED INFORMATION SYSTEM SCIENTIFIC RATING

2018 ◽  
Vol 29 (105) ◽  
pp. 87-94
Author(s):  
N. Astakhova ◽  
◽  
O. Paramonova ◽  
A. Paramonov
Keyword(s):  
Information System ◽  
Automated Information System

Ensuring the security of critical information infrastructure: the powers of the federal government bodies of the Russian Federation

2019 ◽  
Author(s):  
Ilia Pavlovich Mikhnev ◽  
Svetlana Vladimirovna Mikhneva
Keyword(s):  
Information Security ◽  
Federal Government ◽  
Russian Federation ◽  
Legal Status ◽  
Information Infrastructure ◽  
Critical Information ◽  
Security Service ◽  
Presidential Decree ◽  
Computer Attacks ◽  
The Russian Federation

The article discusses the competences and powers of the state authorities of the Russian Federation within their legal status in the field of ensuring the security of critical information infrastructure. Some functions and authorities in the field of information security have changed in a number of federal executive bodies. In particular, the Federal Security Service, on the basis of a presidential decree, is authorized to create a state system for detecting, preventing and eliminating the consequences of computer attacks on information resources of the Russian Federation. However, not all rights and obligations are enshrined; a number of powers cause the duality of the legal status of certain federal bodies of state power. The clarity and unambiguity of securing the rights and obligations of state bodies authorized in the field of information security are guarantees for effectively ensuring the security of important information infrastructure facilities.

Sign in / Sign up

Export Citation Format

Share Document