Radiotekhnika
Publishing house Radiotekhnika

"Publishing house Radiotekhnika":
scientific and technical literature.
Books and journals of publishing houses: IPRZHR, RS-PRESS, SCIENCE-PRESS


Тел.: +7 (495) 625-9241

 

Methodology of simulation of cyber-attack as a basis of designing of information security diagnosis system

DOI 10.18127/j20700814-201809-08

Keywords:

P.V. Repp - Post-graduate Student, Department of Information Technologies and Automated Systems, Leading Engineer,
Distance Education Technologies Centre, Perm National Research Polytechnic University
E-mail: polina.repp@gmail.com


The problem of the information networks of industrial enterprises security is one of the highest priorities now. The modern IT-market offers a large selection of ready-made software and hardware solutions to ensure information security of companies of any level and scale. A preliminary assessment of the safety of industrial networks is carried out using special tools – security scanners, whose task is to detect various types of vulnerabilities.
This study is devoted to the problem of cyber-attacks simulation, as the main threat to the information network security. The necessity to build an adaptive network protection system against cyber-attacks has led to the urgency of creating an integrated diagnostic, detection and response system that dynamically evolves when conditions change. Such a diagnostic system should include a cyber-attack generation block, which requires a clear understanding of the structure of the cyber-attack itself.
To build a cyber-attack mathematical model, the actual tasks are to descript the timeline of a cyber-attack, to detect the signatures of cyber-attacks, to define methods used to provide a cyber-attack, and the designation and observance of the main stages of modeling.
When constructing a content model, it should be identified the main properties of the modeling object: structure; properties of components; functional properties; interaction of components.
The content model of cyber-attack is based on its definition as a process/action, the purpose of which is to capture control of the computer network and/or destabilization.
The cyber-attack structure defines a life cycle called the Kill Chain and consists of 7 stages: reconnaissance, weaponization, delivery, infection, exploitation, installation, command and control, actions on objectives. When modeling threats, all stages of the «chain» are filled with certain actions. That is, it is about systematization of available information of all methods of attacks used by intruders. To do this ATT&CK (Adversarial Tactics, Techniques & Common Knowledge) matrix can be used, that was developed by the American corporation MITRE. In the latest version of the document, published in April 2018, the last three stages of the cyber-attack are divided into 11 separate tactics, used by intruders. In turn, these 11 tactics are divided in 219 technical methods the attack.
The properties of cyber-attack components define so-called signatures – the characteristic features of a cyber-attack, for example, unreasonable aggressive appeal to any network port.
The functional properties of cyber-attacks are described using the vulnerability of the main OSI model LAN protocols. Data on the main protocols of the application layer are summarized in the table.
The interaction between the components of cyber-attacks is carried out sequentially-forward (there is no reverse propagation and cycles).
It is shown the advantage of using the Monte Carlo method in front of the Markov chains in the development of the cyber-attacks generation block. In this case, sets (combinations) of cyber-attacks are formed using a random number generator, built on the basis of LPT-sequences of pseudo-random numbers.
The proposed solutions will serve as a basis for building an algorithm for the security of industrial information networks diagnosing, which allows building universal scanners. The developed structure of cyber-attacks at all levels of the OSI model will serve as the basis for the development of a cyber-attack generator based on a neural network.

References:
  1. Repp P.V. Razrabotka e’kspertnoj sistemy’ oczenki bezopasnosti promy’shlennoj informaczionnoj seti // Sb. statej Mezhdunar. nauchno-prakticheskoj konf. «Innovaczionny’e texnologii novogo ty’syacheletiya» (25 sentyabrya 2016 g., Perm’). V 2-x chastyax. Ch. 1. Ufa: AE’TERNA. 2016. S. 107−113.
  2. Repp P.V. Problemy’ modelirovaniya sistemy’ diagnostiki bezopasnosti promy’shlenny’x setej // Sb. tezisov dokladov Tret’ej Mezhdunar. konf. «Inzhiniring i telekommunikaczii – En&T 2016». 29−30 noyabrya 2016 g. M.: MFTI. S. 173−176.
  3. Repp P.V. System of industrial safety information network technical diagnostics // Journal of Physics: Conference Series (JPCS). London: IOP Publishing. 2017. V. 803. № 1.
  4. Repp P.V. Diagnostic and Assessment of Industrial Network Security Expert System // Proc. of International Conference «Industrial Engineering, Applications and Manufacturing (ICIEAM)». IEEE Xplore. May 2017.
  5. Tolkovy’j bagtrak: obzor uyazvimostej za vtoroe polugodie 2008 goda // Xaker. 2009. T. 2. № 4. S. 47037.
  6. Kotenko I.V., Ulanov A.V. Modelirovanie adaptivnoj kooperativnoj zashhity’ ot komp’yuterny’x atak v seti Internet // Trudy’ ISA RAN. 2007. T. 31. S. 103−125.
  7. Stepashkin M.V., Kotenko I.V., Bogdanov V.S. Modelirovanie atak dlya aktivnogo analiza uyazvimostej komp’yuterny’x setej. SPb.: Trudy’ IMMOD-2005. 2005. Sekcziya 2. S. 269−273.
  8. Barabanov A.V., Grishin M.I., Kubarev A.V. Modelirovanie ugroz bezopasnosti informaczii, svyazanny’x s funkczionirovaniem skry’ty’x vo vredonosny’x komp’yuterny’x programmax // Voprosy’ kiberbezopasnosti. 2014. № 4(7). S. 41−48.
  9. Serdyuk V.A. Organizacziya i texnologii zashhity’ informaczii: obnaruzhenie i predotvrashhenie informaczionny’x atak v avtomatizirovanny’x sistemax predpriyatij. M.: NIU VShE’. 2011.
  10. Kotenko D.I., Kotenko I.V. Saenko I.B. Metody’ i sredstva modelirovaniya atak v bol’shix komp’yuterny’x setyax: sostoyanie problemy’ // Trudy’ SPIIRAN. 2012. № 3(22). S. 5−30.
  11. My’shkis A.D. E’lementy’ teorii matematicheskix modelej. Izd. 3-e, ispr. M.: KomKniga. 2007. 192 s.
  12. Lukaczkij A.V. Metody’ sovremenny’x kiberprestupnikov. Materialy’ «Blog Cisco v Rossii i SNG». URL = https:// gblogs.cisco.com/ru/anatomyofhack/.
  13. Lukaczkij A.V. Ubijstvennaya czepochka i chto takoe Kill Chain. Materialy’ «Blog: Biznes bez opasnosti». URL = http://lukatsky.blogspot.ru/2016/10/kill-chain.html.
  14. ATT&CK Matrix for Enterprise. Materialy’ Adversarial Tactics, Techniques & Common Knowledge. URL = https://attack.mitre.org/wiki/Main_Page.
  15. Linch F.U. i dr. Zashhita ot xakerov korporativny’x setej. M.: Kompaniya AjTi. DMK Press. 2005. 864 s.
  16. Shan’gin V.F. Informaczionnaya bezopasnost’ i zashhita informaczii. M.: DMK Press. 2017. 702 s.
  17. Le’mml T., Porter D., Chellis Dzh. CCNA: Cisco Certified Network Associate: Ucheb. rukovodstvo. M.: «Lori». 2001.
  18. Programma setevoj akademii Cisco CCNA 3 i 4. Vspomogatel’noe rukovodstvo. M.: OOO «I.D. Vil’yams». 2007. 994 s.
  19. Ponyatie otkry’toj sistemy’. Model’ OSI. Steki protokolov // Uchebno-metodicheskie materialy’ dlya studentov kafedry’ ASOIU OmGTU. URL = http:// www.4stud.info/networking/lecture2.html.
  20. SecurityLab.ru by Positive Technologies. URL = https://www.securitylab.ru/news/483279.php.
  21. Alizar A. Uyazvimost’ v FTP-klientax // Xaker. 2009. T. 12. № 15. S. 17126.
  22. DNS (Domain Name System) // Materialy’ Naczional’noj biblioteki im. N.E’. Baumana. URL = https://ru.bmstu.wiki/ DNS_(Domain_Name_System).
  23. Zachem majneram nuzhen vash komp’yuter // Materialy’ Kaspersky Lab Daily. September 2017. URL = https://www.kaspersky.ru/blog/hidden-miners-botnet-threat/18707/.
June 24, 2020
May 29, 2020

© Издательство «РАДИОТЕХНИКА», 2004-2017            Тел.: (495) 625-9241                   Designed by [SWAP]Studio