Modeling advanced persistent threats using risk matrix methods
Tóm tắt
The aim of the study is to assess the security of information systems during an influence of advanced persistent threats. The article shows the need to build a threat model during an analyzing the security of information systems. Various approaches to modeling threats in information systems are considered, their advantages and disadvantages are noted, requirements for the developed methodology are formed. As a result of the study, a method for modeling computer attack scenarios and assessing the security of information systems under the influence of advanced persistent threats is formed, based on the use of risk matrix models. A method for determining categorical variables characterizing the probability and damage as a result of the implementation of information threats using clustering methods is also proposed. The example demonstrates the use of a graph of threat matrices for modeling scenarios of targeted computer attacks on information system assets. The scientific novelty of the work consists in the proposal of a method for analyzing the security of information systems, which takes into account the possibility of changing the probability of the implementation of information threats during the life cycle of an advanced persistent threat, the dependence of information threats and the value of information assets for the intruder and their owner, which makes it possible to predict various scenarios of computer attacks.
Tài liệu tham khảo
Shostack, A.: Threat Modeling: Designing for Security. Wiley, New York (2014)
Bodeau, D.J.: Cyber Threat Modeling: Survey, Assessment, and Representative Framework. HSSEDI (2018)
Chen, P.: A Study on Advanced Persistent Threats. LNCS (2014). https://doi.org/10.1007/978-3-662-44885-4_5
Jeun, I.: A practical study on advanced persistent threats. In: Computer Applications for Security, Control and System Engineering (2012). https://doi.org/10.1007/978-3-642-35264-5_21
Quintero-Bonilla, S., Rey, T.J., Park, A.M.: A new proposal on the advanced persistent threat: a survey. Appl. Sci (2020). https://doi.org/10.3390/app10113874
Brandao, P.R., Limonova, V.: Defense methodologies against advanced persistent threats. Am. J. Appl. Sci. (2021). https://doi.org/10.3844/ajassp.2021.207.212
Mauw, S., Oostdijk, M.: Foundations of Attack Trees. ICISC (2005). https://doi.org/10.1007/11734727_17
Saini, V.K., Duan, Q., Paruchuri, V.: Threat modeling using attack trees. JCSC 23(4), 124–131 (2008)
Milko, D.S.: Threat modeling expert system: reasons for development, method and implementation troubles. Modern technologies. System analysis. Modeling (2021). https://doi.org/10.26731/1813-9108.2021.2(70).182-189
Batskih, A.V., Drovnikova I.G., Ovchinnikova E.S., Rogozin E.A.: Analysis and classification of the main threats to information security of automated systems at the objects of informatization of internal affairs bodies. Bezopasnost Informatsionnykh Tekhnologiy (2020). https://doi.org/10.26583/bit.2020.1.04
Peace, C.: The risk matrix: uncertain results? Policy Pract. Health Saf. (2017). https://doi.org/10.1080/14773996.2017.1348571
Harchenko, V.S.: Security of Critical Infrastructures: Mathematical and Engineering Methods of Analysis and Support. HAI, Harkov (2011)
Novozhilov, E.O.: Guidelines for construction of a risk matrix. Dependability 3, 73–86 (2015). https://doi.org/10.21683/1729-2646-2015-0-3-73-86
Li, M., Huang, W., Wang, Y., Fan, W.: The study of APT attack stage model. ICIS (2016). https://doi.org/10.1109/ICIS.2016.7550947
Evseev, V.L., Burakov A.S., Ivanenko V.G.: Using cluster analysis techniques to optimize the qualitative assessment of information security risk. Bezopasnost’ Informatsionnykh Tekhnologiy (2021). https://doi.org/10.26583/bit.2021.2.07
Zaytsev, A.S., Malyuk, A.A.: Development of information security insider threat classification using incident clustering. Bezopasnost Informatsionnykh Tekhnologiy 3, 20–29 (2016)
Promyslov, V.G., Semenkov, K.B., Shumov, A.S.: A Clustering Method of Asset Cybersecurity Classification. IFAC-PapersOnLine (2019). https://doi.org/10.1016/j.ifacol.2019.11.313