The verification of generalized differential-game model of potentially dangerous pattern of cyber-attack

Abstract

Today, cyberspace has integrated information and telecommunications systems and their components, which differ in structure and operation, into a single global data network. An integral feature of the safe use of cyberspace to meet the vital interests of man and citizen, society and the state is the state of cybersecurity. It is achieved by using such systems. The world experience and the experience of Ukraine show that the existing cyber threats not only increase in number, but also manifest themselves in more sophisticated cyber-attacks. This creates cyber incidents, the consequences of which can be unpredictable. The practice of cybersecurity shows that especially high requirements for its provision are currently being put forward at critical infrastructure facilities in the country. That`s why the implementation of such requirements requires the search for new and effective mechanisms to ensure it. Existing technologies, which are responsible for cybersecurity, together constitute the information security system of the critical infrastructure. Despite the sufficiently effective operation of information security systems of information and telecommunication systems of critical infrastructure, most of them are unable to detect potentially dangerous cyber-attacks, for which there are no patterns. This is due to the shortcomings of the principles underlying their operation. Other alternative approaches that focus on detecting potentially dangerous cyber-attacks are not able to detect such cyber-attacks with a given degree of reliability. Therefore, the question of creating and verifying new models of patterns of potentially dangerous cyber-attacks is important from both a scientific and practical point of view. The article proposes an approach to the verification of generalized differential-game model of potentially dangerous pattern of cyber-attack. As a result of the study substantiated the adequacy of the model, its convergence with the known results and advantages compared to the closest analogues used in modern information security systems of information and telecommunications systems of critical infrastructure of the state.

Keywords: verification, generalized differential-game model, pattern of potentially dangerous cyber-attack, information security system, information and telecommunication system, object of critical infrastructure.

References
1. Hryshchuk R.V., Danik Yu. H. (2016) Basics of cybernetic security. Monograph. Zhytomyr: ZNAEU. 636 p.
2. Hrabar І. H., Hryshchuk R.V., Molodetska К. V. (2019) Security synergetics: cybernetic and information aspects: monograph. Zhytomyr: ZNAEU. 280 p.
3. Hryshchuk R.V. (2011) Attacks on information in the information and communication systems. Suchasna spetsialna tekhnika. № 1 (24). Pp. 61–66.
4. Hryshchuk R., Halushchenko А., Baranovskyi А. (2017) Cybercall: recognize the lion by the claw. NTTs Psykheia: Terminal. http://oilreview.kiev.ua/2017/12/18/kibervyzov-po-kogtyu-uznat-lva/ (date of the application 02.03.2020).
5. Korchenko А. О. (2019) Methods of identification of anomalous states for intrusion detection systems: monograph. Kiev: TsP “Komprynt”. 361 p.
6. Lakhno V. А. (2016) Cybersecurity of computer transport systems. Electrical and computer systems. № 21 (97). P. 76–80.
7. Uroburos: Highly Complex Espionage Software With Russian Roots. G Data Discovers Alleged Intelligence Agency Software https://public.gdatasoftware.com/Web/Content/INT/Blog /2014/02_2014/documents/GData_Uroburos_RedPaper_EN_v1.pdf (date of the application 02.03.2020).
8. Hacker attacks on Ukraine (2017). Wikipedia: [site]. Kiev. URL: https://is.gd/6lkWHY (date of the application: 02.03.2020).
9. Law of Ukraine of July 5, 1994 № 80/94-VR “On information protection in information and telecommunication systems”. (with changes). https://zakon.rada.gov.ua/laws/ show/80/94-%D0%B2%D1%80. (date of the application: 02.03.2020).
10. Resolution of the Cabinet of Ministers of Ukraine of March 29, 2006 № 373 “On Approval of the Rules for Ensuring Information Protection in Information, Telecommunication and Information-Telecommunication Systems”. https://zakon.rada.gov.ua/cgi-bin/laws/main.cgi?nreg=373-2006-%EF. (date of the application: 02.03.2020).
11. ND of TPI 1.1-002-99. “General provisions for the protection of information in computer systems from unauthorized access”. https://tzi.com.ua/downloads/1.1-002-99.pdf. (date of the application: 02.03.2020).
12. Law of Ukraine of October 5, 2017 № 2163-VIII “On Basic Principles of Ensuring Cyber Security of Ukraine”. https://zakon.rada.gov.ua/laws/show/2163-19. (date of the application: 02.03.2020).
13. Decree of the President of Ukraine of March 15, 2016 № 96/2016 “Cyber security strategy of Ukraine”. https://zakon.rada.gov.ua/laws/show/96/2016. (date of the application: 02.03.2020).
14. Resolution of the Cabinet of Ministers of Ukraine of June 19, 2019 № 518 “On approval of the General requirements for cyber protection of critical infrastructure facilities”.https://zakon.rada.gov.ua/laws/show/518-2019-%D0%BF. (date of the application: 02.03.2020).
15. Hryshchuk R.V., Okhrimchuk V. V. (2015) Setting a scientific task to develop templates for potentially dangerous cyber attacks. Information security, 21(3), p. 276–282.
16. Cherednychenko О., Protsiuk Yu., Shemendiuk О. , Maltseva І. (2019) The ways to improve protection schemes against cyber attacks in information and telecommunication systems. Collection of scientific works VITI. № 3. p. 103–109.
17. Lukatskyi А. (2019) Is it possible to protect against 90% of cyber attacks with one solution. https://www.cnews.ru/special_project/2019/cisco/. (date of the application: 02.03.2020).
18. Song J., Lee Y., Kim K., Kim S., Kim SK., Choi SS. Automated Verification Methodology of Security Events Based on Heuristic Analysis. International Journal of Distributed Sensor Networks. https://journals.sagepub.com/doi/full/10.1155/2015/817918. (date of the application: 02.03.2020).
19. Tosh D., Sengupta S., Kamhoua C., Kwiat K., Martin A. An evolutionary game-theoretic framework for cyber-threat information sharing. IEEE International Conference on Communications (ICC). 2015. P. 7341–7346.
20. Palaeva L.V., Khafizov A.M., Gilyazetdinova A.M., Vakhitova A.R., Davydova K.N., Sirotina E.R. (2017) The main types of cyberattacks on automated process control systems and means of protection against them. Basic research. № 10-3. P. 507–511.
21. Zubok V. Yu., Zakharchenko O. I, Bielanov Yu.O. (2017) The recognition of anomalous stations in informational-telecommunication systems with an unclear description. Materials of the XVII International scientific and practical conference ITS-2017. Kiev. P. 92–96.
22. Vorobiev S. A., Petrenko I. V., Kovaleva I. K., Abrosimov (2017) Analysis of computer security incidents using fuzzy logic. In Proceedings of the 20th IEEE International Conference on Soft Computing and Measurements (24-26 May 2017, St. Petersburg, Russia). SCM 2017. 2017. P. 369–371.
23. Detecting script-based malware using emulation and heuristics. Patent No.: US 9, 858, 414 B2: US009858414B2. Filed: 10.03.2015; Prior Publication Data: 29.10.2015, US 2015 / 0310212 A1 Oct. 29, 2015.
24. Nguyen T., Wright M., Wellman M., Singh S. (2018) Multistage Attack Graph Security Games: Heuristic Strategies,with Empirical Game-Theoretic Analysis. Security and Communication Networks. P. 1–28.
25. Sakhnini J, Karimipour H, Dehghantanha A (2019) Smart Grid Cyber Attacks Detection using Supervised Learning and Heuristic Feature Selection. arXiv preprint arXiv:190703313.
26. Hryshchuk R.V., Okhrimchuk V. V. (2015) Setting a scientific task to develop templates for potentially dangerous cyber attacks. Information security, 21(3). P. 276–282.
27. Hryshchuk R.V., Okhrimchuk V. V. (2016) The sources of primary data for the development potentially dangerous patterns of cyber-attacks. Information protection, 1(18). P. 21–29.
28. Okhrimchuk V. V. (2018) Model of potentially dangerous pattern of cyber-attack. Legal, regulatory and metrological support of the information protection system in Ukraine. Scientific and Technical Collection. № 1 (35). P. 30–37.
29. International Dictionary of Metrology: Basic and General Concepts and Related Terms. SPb: NPO “Professional”, (2010). 82 p.
30. Cybersecurity standards. https://en.wikipedia.org/wiki/Cybersecurity_standards. (date of the application 03.03.2020).
31. Goodin D. Anti-virus protection gets worse. 2007. https://web.archive.org/web/ 20110511081703/ http://www.channelregister.co.uk/2007/12/21/dwindling_antivirus_protection/ (date of the application 03.03.2020).
32. Verify if your desktop security software Detects Potentially Unwanted Applications (PUAs). https://www.amtso.org/feature-settings-check-potentially-unwanted-applications/. (date of the application 03.03.2020).
33. Korchenko O. H., Tereikovskyi I. A., Kazmirchuk S. V. (2014) Verification of neural network methods for cyber attack recognition.. Management of complex systems development. № 17. P. 168–172.
34. Polubelova O. V., Kotenko, I. V. (2012) Verification of filtering rules with time characteristics using the “model validation” method. Works of SPIIRAN. №. 3 (22). P.113–138.
35. Britov G. S. (2013) Verification, validation and testing of computer models of linear dynamic systems. Information measuring systems. № 2. P. 75–82.
36. Stetsenko I. V. (2012) Petri object model simulation algorithm. Mathematical Machines and Systems. № 2. №1. P. 154–165.
37. Pogosov A. Yu., Derevyanko O. V. (2017) Applied informatics models of accounting for the kinetics of cyber threats in the physical protection system of nuclear power plants. Radio electronics, informatics, control. № 2. P. 53–60.
38. Hryshchuk R.V. (2009)Verification and study of spectral P- and hybrid P-L-models of the information attack process. Herald of ZhSTU. № 2 (49). P. 69–77.
39. Mathematics-based software & services for education, engineering, and research. https://www.maplesoft.com/. (date of the application 03.03.2020).
40. Hryshchuk R.V., Korchenko А. О. (2012) Methodology of synthesis and analysis of differential game models and methods of modeling cyber attack processes. Information protection. Volume 14, № 3 (56). P. 115–122.
41. Ajzeks R. Differential games: monograph. М.: Mir. 1967. 479 p.
42. Fedevych O. Yu. (2018) Information technology for forecasting traffic in computer networks. Abstract of the dissertation Ph.D. in the special. 05.13.06 – Information Technology. Lviv. Lviv Polytechnic National University. 20 p.