Математичні моделі та методи для вирішення деяких питань інформаційної безпеки
DOI:
https://doi.org/10.35681/1560-9189.2023.25.2.300525Ключові слова:
алгоритм, засоби, захист інформації, інформаційна безпека, мережі, методи, моделі, нейромережі, онтологіяАнотація
Наведено інструментарій моделювання щодо інформаційної безпеки, представлений такими трьома основними напрямками: розроблення методів і моделей контролю поточного стану системи та прийняття рішень з оперативного управління інформаційною безпекою; розроблення методів і моделей підтримки прийняття рішень щодо організаційного управління і проєктування систем інформаційної безпеки; розроблення методів і моделей самоорганізації системи.
Посилання
Sytnyk V.F., Krasnyuk M.T. Intelektual'nyy analiz danykh (deytamayninh): navch. posib. — Kyiv: KNEU, 2007. 376 s.
Introduction to Time Series Analysis and Forecasting, 2nd Edition, Wiley Series in Probability and Statistics, by Douglas C.Montgomery, Cheryl L.Jennings and MuratKulahci (eds). Published by John Wiley and Sons, Hoboken, NJ, USA, 2015. Total number of pag: INTRODUCTION TO TIME SERIES ANALYSIS AND FORECASTING, 2ND EDITION, WILEY SERIES IN PROBABILITY AND STATISTICS, by Douglas C. Montgomery, Cheryl L. Jen
Alice Brown. Kontseptualne proektuvannya: metody, zasoby, tsili ta zavdannya. URL: https://uk.cmcollections.com.ng/kontseptualnoe-proektirovanie-738
Hayna H.A. Osnovy proektuvannya baz danykh: navch. posib. — Kyiv: Kyivs'kyy natsional'nyy universytet budivnytstva i arkhitektury. 2005. 204 c. ISBN 966-627-117-6.
Petri Nets World. URL: http://www.informatik.uni-hamburg.de/TGI/PetriNets/
Sudachevski V.M., Ababiy V.V., Hutsulyak E.N., Podubnyy M. Proektuvannya system upravlinnya na osnovi merezh Petri. Visnyk Vinnyts'koho politekhnichnoho instytutu. 2011. No.3. C. 98–102. ISSN 1997- 9266.
Onyshchenko B.O., Suprunenko O.O. Upravlyayuchi merezhi Petri, yak zasib modelyuvannya ta avtomatyzovanoho analizu alhorytmichnykh konstruktsiy. Visnyk Zaporiz'koho natsional'noho universytetu. 2009. No.1. S. 163–169.
Sawaragi T., Iwai S., Katai O. An integration of qualitative causal knowledge for user-oriented decision support. Control Theory and Advanced Technology. 1986. Vol. 2. P. 451–482.
Baranovska L.V., Bukovskiy O.M. Mixed strategy Nash equilibrium in one game and rationality [Arkhivovano 27 lystopada 2020 u Wayback Machine]. International Scientific and Practical Conference «WORLD SCIENCE». Proceedings of the III International Scientific and Practical Conference «Scientific Issues of the Modernity» (April 27, 2017, Dubai, UAE). 2017. No. 5(21), Vol. 1, May. P. 4–8.
Bartish M.Ya., Roman L.L. Teoriya ihor. L'viv: Vydavnychyy tsentr LNU, 2005. 120 s.
Dantu R., Kolan P. Risk management using behavior based Bayesian networks. Intelligence and Security Informatics. 2005. P. 165–184.
Bielza C., Li G., Larranaga P. Multi-dimensional classification with Bayesian networks. Int. J. Approx. Reason. 2011.52. Р. 705–727.
GAO Jian-bo, ZHANG Bao-wen, CHEN Xiao-hua, LUO Zheng Ontology-Based Model of Network and Computer Attacks for Security Assessment. J. Shanghai Jiaotong Univ. (Sci.). 2013. 18(5): 554–562.
Kononjuk A.E. Obshhaja teorija raspoznavanija. Kniga 1. Nachala. Kyiv: Osvіta Ukraїni, 2012. 586 s.
Dharamkar B., Singh R. A review of cyber-attack classification technique based on data mining and neural network approach. Int. J. Comput. Trends Technol. (IJCTT). 2014. 7. Р. 100–105.
Hodo E., Bellekens X., Hamilton A., Tachtatzis C., Atkinson R. Shallow and Deep Networks Intrusion Detection System: A Taxonomy and Survey. Available online: https://www.researchgate.net/ publication/312170608_Shallow_and_Deep_Networks_Intrusion_Detection_System_A_Taxonomy_and_Survey.
Khristolyubova A.A., Konev A.A., Shelupanov A.A., Solovev M.L. Modeling threats to information security using IDEF0 methodology. In Proceedings of the IOP Conference Series Materials Science and Engineering. Tomsk, Russia. 23–26 April 2019. Р. 1–6.
Lakhno V.A., Husyev B.S., Smoliy V.V., Blozva A.I., Kasatkin D.Yu., Osypova T.Yu. Metody systemnoho analizu pry formuvanni polityky informatsiynoyi bezpeky na transporti. Kiberbezpeka: osvita, nauka, tekhnika. 2021. No. 4(12). S. 51–60. ISSN 2663-4023.
Khan R., McLaughlin K., Laverty D., Sezer S. STRIDE-based Threat Modeling for Cyber-Physical Systems. In Proceedings of the IEEE PES Innovative Smart Grid Technologies Conference Europe. Turin, Italy, 26–29 September 2017.
Scandariato R., Wuyts K., Joosen W. A descriptive study of Microsoft’s threat modeling technique. Requir. Eng. 2015. 20. Р. 163–180.
Sion L., Yskout K., van Landuyt D., Joosen W. Solution-aware data flow diagrams for security threat modeling. In Proceedings of the 33rd Annual ACM Symposium on Applied Computing. Pau, France, 9–13 April 2018. Р. 1425–1432.
Honkaranta, A.; Leppanen, T.; Costin, A. Towards Practical Cybersecurity Mapping of STRIDE and CWE — A Multi-Perspective Approach. In Proceedings of the 29th Conference of Open Innovations Association (FRUCT). Tampere, Finland. 12–14 May 2021.
Karahasanovic A., Kleberger P., Almgren M. Adapting Threat Modeling Methods for the Automotive Industry. In Proceedings of the 15th ESCAR Conference. Berlin, Germany. 7–8 November 2017.
Pell R., Moschoyiannis S., Panaousis E. Multi-Stage Threat Modelling and Security Monitoring in 5GCN. In Cybersecurity Issues in Emerging Technologies; CRC Press: Boca Raton. FL, USA. 2021. P. 59–76.
Lee C.C., Tan T.G., Sharma V., Zhou J. Quantum Computing Threat Modelling on a Generic CPS Setup. In International Conference on Applied Cryptography and Network Security. Springer: Cham, Switzerland, 2021. P. 171–190.
Van Landuyt D., Joosen W. A descriptive study of assumptions made in LINDDUN privacy threat elicitation. In Proceedings of the 35th Annual ACM Symposium on Applied Computing. Brno, Czech Republic. 30 March–3 April 2020. P. 1–8.
Deng M., Wuyts K., Scandariato R., Preneel B., Joosen W. A Privacy threat analysis frame-work: Supporting the elicitation and fulfillment of privacy requirements. Requir. Eng. 2011. 16. P. 3–32.
Li E., Kang C., Huang D., Hu M., Chang F., He L., Li X. Quantitative Model of Attacks on Distribution Automation Systems Based on CVSS and Attack Trees. Information. 2019. 10. 251.
Johnson P., Lagerstrom R., Ekstedt M., Franke U. Can the Common Vulnerability Scoring System Be Trusted? A Bayesian Analysis. IEEE Trans. Dependable Secur. Comput. 2016. 15, P. 1002–1015.
Mantha B.. Jung Y.. Garcia B. Implementation of the Common Vulnerability Scoring System to Assess the Cyber Vulnerability in Construction Projects. In Proceedings of the Creative Construction Conference. Opatija, Croatia. 28 June – 1 July 2020. P. 117–124.
Czekster R.M., Morisset C. BDMPathfinder: A tool for exploring attack paths in models defined by Boolean Logic Driven Markov Processes. In Proceedings of the European Dependable Computing Conference. Munich, Germany, 13–16 September 2021. P. 83–86.
Falco G., Viswanathan A., Santangelo A. CubeSat Security Attack Tree Analysis. In Proceedings of the 8th IEEE International Conference on Space Mission Challenges for Information Technology. Pasadena, CA, USA. 26–30 July 2021. P. 1–9.
Mead N., Shull F., Spears J., Heibl S., Weber S., Cleland-Huang J. Crowd Sourcing the Creation of Personae Non Gratae for Requirements-Phase Threat Modeling. In Proceedings of the IEEE 25th International Requirements Engineering Conference. Lisbon, Portugal, 4–8 September, 2017. P. 404–409.
Omotunde H.. Ibrahim R. A Hybrid Threat Model for Software Security Requirement Specifi-cation. In Proceedings of the International Conference on Information Science and Security. Pattaya, Thailand. 19–22 December 2016. P. 1–4.
Luna J., Suri N., Krontiris I. Privacy-by-design based on quantitative threat modeling. In Pro-ceedings of the Risk and Security of Internet and Systems. Cork, Ireland. 10–12 October 2012. P. 1–8.
Alberts C., Dorofee A., Stevens J., Woody C. Introduction to the OCTAVE Approach. In Introduction to the OCTAVE Approach; Software Engineering Institute, Carnegie Mellon University: Pittsburgh, PA, USA. 2003.
Saitta P., Larcom B., Eddingto M. Trike v.1 Methodology Document. 2005. Available online: https://www.octotrike.org/papers/ Trike_v1_Methodology_Document-draft.pdf (Last accessed 4 January 2022).
Nhlabatsi A., Hussein A., Fetais N., Khan K.M. Design and Implementation of a Threat-Specific Security Risk Assessment Tool. In Proceedings of the IEEE International Conference on Informatics, IoT, and Enabling Technologies (ICIoT). Doha, Qatar. 2–5 February 2020.
Shevchenko N., Chick T.A., O’Riordan P., Scanlon T.P., Woody C. Threat modelling: A summary of available methods. Carnegie Mellon University Software Engineering Institute. 2018. P. 1–24.
Yue Li, Teng Zhang, Xue Li, Ting Li. A Model of APT attack Defense Based On Cyber Threat Detection // Communications in Computer and Information Science, Cyber Security,15th International Annual Conference, CNCERT 2018. P. 122–134.
Veres Yu.O. Rozpodil obmezhenykh resursiv v upravlinni proektamy. URL: https://science.lpnu.ua/ sites/default/files/journal-paper/2018/aug/14107/05.pdf.
Ferraiolo D., Kuhn D. Introduced formal model for role based access control. 15th national computer security conference. Oct 13–16, 1992. P. 554–563. URL: http://csrc.nist.gov/groups/ sns/rbac/documents/role_based_access_control-1992.html
LaPadula L., Elliott J. Secure Computer Systems: A Mathematical Model. URL: http://www.albany.edu/acc/courses/ia/classics/bellla-padula1.pdf
McLean John. Security models. Encyclopedia of software engineering. URL: http://citeseerx.ist.psu.edu/viewdoc/summary?doi=10.1.1.34.8561.
Kutkovets'kyy V. Ya. Rozpiznavannya obraziv: navch. posib. — Mykolayiv: Vyd-vo ChNU im. Petra Mohyly, 2017. 420 s. ISBN 978-966-336-384-4.
Silahin O.V., Denysyuk V.O. Ontolohichne modelyuvannya bazy znan' z orhanizatsiyi podorozhey Ukrayins'kyy zhurnal informatsiynykh tekhnolohiy. 2022. T. 4, No. 1. S. 44–52.
Kyrylyuk Ye.M., Dub B.S. Matrychni metody otsinyuvannya ekonomichnoyi bezpeky pidpryyemstva. V: Aktual'ni problemy ekonomiky ta upravlinnya v epokhu hlobal'nykh vyklykiv i zahroz. Vseukr. nauk.-prakt. konf., Dnipro, 26–27 kvit. V 2-kh tomakh. T. 1. Nats. metal. akademiya Ukrayiny. 2018. S. 270–272.
Cichocki A., Zdunek R., Phan A.-H., and Amari S. Nonnegative Matrix and Tensor Factorizations: Applications to Exploratory Multi-way Data Analysis and Blind Source Separation. Chichester. U.K.: John Wiley&Sons Ltd, 2009. 407 p.
Tensor Toolbox version 2.6 by Brett W. Bader, Tamara G. Kolda, Jimeng Sun, Evrim Acar, Daniel M. Dunlavy, Eric C. Chi, Jackson Mayo, et al. Copyright 2015, Sandia National Laboratories. Released February 6, 2015.
Nykyforov O.V. Putyatin V.H. Neyromerezhevi modeli upravlinnya protsesom funktsionuvannya system zakhystu informatsiyi. Matematychni mashyny i systemy. 2023.No. 2. C. 34–43. ISSN 1028-9763.
Brain Maker Professional, Neural Network Simulation Software. User Guide and Reference Manual. California Scientific Software, 1993. 496 p.
Kononyuk A.Yu. Neyronni merezhi i henetychni alhorytmy. Kyiv: «Korniychuk», 2008. 446 s.
Rostyslav Kryvyy, Serhii Tkachenko, Volodymyr Karkuljovskyy. Analysis of Frameworks for Developing Genetic Algorithms. Proc.of the VII-th International Conference MEMSTECH’2011. Lviv – Polyana, 2011. Р. 209–210.
Dubrovin V.I., Subbotin S.O. Metody optymizatsiyi ta yikh zastosuvannya v zadachakh navchannya neyronnykh merezh: navch. posibn. — Zaporizhzhya: ZNTU, 2003. 136 s.
Rudenko O.H., Bodyans'kyy Ye.V. Shtuchni neyronni merezhi: navch. posibn. Kharkiv: TOV «Kompaniya SMIT», 2006. 404 s.
Plett G.L. Adaptive inverse control of linear/nonlinear systems usingdynamic neural networks. IEEE Trans. Neural Networks. 2003. Vol. 5, N 2. P. 360–376.
Subbotin S.O. Podannya y obrobka znan' u systemakh shtuchnoho intelektu ta pidtrymky pryynyattya rishen'. Zaporizhzhya: ZNTU, 2008. 341 s.
Hlybovets' M.M., Olets'kyy O.V. Systemy shtuchnoho intelektu. Kyiv: KM Akademiya, 2002. 366 s.
Axelrod, R., The Structure of Decision: Cognitive Maps of Political Elites. Princeton University Press, 1976
Roberts F.S. Discrete Mathematical Models, with Applications to Social, Biological and Environmental Problems. Prentice-Hall, Englewood Cliffs, NJ, 1976. 559 p. ISBN-13: 978-0132141710.
Kosko B., Fuzzy Cognitive Maps. International Journal of Man-Machine Studies 1986. 24. Р. 65-75
Kosko B. Fuzzy Thinking. Hyperion, 1993.
Carvalho J.P. and Tom J.A.B., Rule Based Fuzzy Cognitive Maps - Fuzzy Causal Relations // Computational Intelligence for Modelling, Control and Automation: Evolutionary Computation & Fuzzy Logic for Intelligent Control, Knowledge Acquisition & Information Retrieval, edited by M. Mohammadian, IOS Press, 1999
Bourke M.M., Fisher D.G.. Solution algorithms for fuzzy relation equations with max-product composition. // Fuzzy Sets and Systems 1998, v.94, 61-69
Glushkov V.M. Teorija algoritmov. Kyiv: Izd-vo KVIRTU, 1961. 167 s.
Peterson James Lyle. (1981). Petri Net Theory and the Modeling of Systems. February 1981. Prentice Hall, Englewood Cliffs. 302 p. ISBN-10: ? 1080591176.
Dyfuchyn A.Yu. Veb-servis modelyuvannya dyskretno-podiynykh system // Mahisters'ka dysertatsiya z dodatkamy. Kyiv: NTUU «KPI im. Ihorya Sykors'koho», 2018. 95 s.
Herbert G. Markov models of social dynamics: Theory and applications. ACMTrans. Intell. Syst. Technol. 2013. Vol. 4, Nо. 3. Article 53. Р. 1–19.
Vand Ju., Stori V.S., Veber R. Ontologicheskij analiz postroenija otnoshenij v konceptual'nom modelirovanii. Tranzakcii ACM v sistemah baz dannyh (TODS). 1999. T. 24. Vyp. 4.S. 494–528.
Gruber T.R. Podhod k perevodu specifikacij perenosimyh ontologij. Priobretenie znanij. 1993. T. 5.Vyp. 2, S. 199–220.
Mezhuev V.I. Osobennosti komp'juternogo modelirovanija predmetnyh oblastej i sistem. Shtuchnij іntelekt. 2010. No. 3. S. 665–663.
Gougen J.A., Thatcher J.W., Wagner E. An initial algebra approach to the specification, correctness and implementation of abstract data types. Current Trends in Programming Methodology (R. Yen ed.). Englewood Cliffs, NJ: Prentice Hall, 1978. P. 80–149.
Ganter B., Wille R. Formal Concept Analysis. Mathematical foundations. Berlin-Heidelberg: Springer-Verlag, 1999.
Mukhacheva N.N., Popov D.V. (2011). Ontologicheskie modeli i metody dlya upravleniya informatsionnointellektualnymi resursami organizatsii [Ontological models and methods for managing information and intellectual resources of an organizatio]. Vestnik UGATU – Bulletin of USATU, 14, 1(36), 123–135. URL: https://cyberleninka.ru/article/n/ontologicheskie-modeli-i-metody-dlya-upravleniya-informatsionno-intellektualnymi-resursami-organizatsii.pd
Burov Ye.V., Pasichnyk V.V. Prohramni systemy na bazi ontolohichnykh modeley zadach. Visnyk Natsional'noho universytetu «L'vivs'ka politekhnika». Seriya: Informatsiyni systemy ta merezhi: zb. nauk.prats'. 2015. No.829. S. 36–57.
Nikanorov S.P., Vybornov S.V., Ivanov A.Yu., Korshikov S.E., Kostyuk A.V., Kuchkarov Z.A., Mikheev V.V., Shalyapina S.K. Safety research. Ed. S.P. Nikanorova. Concept, 2006. 624 р. https://vestnik. socio.msu.ru › issue › download
Ivanov A.Yu., Nikanorov S.P., Garayeva Yu.R. Handbook of system-theoretic constructs. Series «Conceptual Analysis and Design». Methodology and technology. Concept, 2008. 314 p.
Koo B., Simmons W. Algebra of systems: a metalanguage for model synthesis and evaluation. IEEE Transactions on systems, man and cybernetics. 2009. Vol. 39, Nо. 3. P. 501–513.
Burov Ye. V. Kontseptual'ne modelyuvannya intelektual'nykh prohramnykh system/monohrafiya. L'viv: Vyd-vo L'vivs'koyi politekhniky, 2012. 432 s.
Nikitina N.K., Postnikov V.V. Development of a language for gender-structural explication of subject areas. Development and conceptual design of intelligent systems: Sat. abstracts of reports and messages. 1990. Part 1. Р. 70–73.
Nesterenko O.V., Netesin I.Ye., Polishchuk V.B. Metod obchyslen' u zadachakh pidtrymky pryynyattya rishen' shchodo zabezpechennya bezpeky. Matematychni mashyny i systemy. 2021, No. 3. S. 47–59.
Dodonov A.G., Lande D.V., Prishhepa V.V., Putjatin V.G. Komp'juternaja konkurentnaja razvedka. Kyiv: TOV «Іnzhinіring», 2021. 357 s.
Buul Achim, Zofel Peter. SPSS: Die Kunst der Informationsverarbeitung. Analyse statistischer Daten und Wiederherstellung verborgener Muster. Munchen 2005. - 608 p.
ISO/IEC 13335-1: 2004 «Information technology — Security techniques — Management of information and communications technology security — Part 1: Concepts and models for information and communications technology security management».
ISO/IEC TR 13335-3:1998»Information technology — Guidelines for the management of information technology security — Part 3: Techniques for the management of information technology security».
ISO/IEC 15408-1-99 «Methods and means of ensuring security. Criteria for assessing information technology security. — Part 1. Introduction and general model».
ISO/IEC TR 13335-4:2000 «Information technology Guidelines for the management of information technology security — Part 3: Selection of safeguards».
Konev, A.; Shelupanov, A.; Kataev, M.; Ageeva, V.; Nabieva, A. A Survey on Threat-Modeling Techniques: Protected Objects and Classification of Threats. Symmetry. 2022. 14, 549. https://doi.org/ 10.3390/ sym14030549.
STRIDE Treat Modeling: What You Need to Know. Available online: https://www.softwaresecued.com/stridemodeling (stanom na 4 chervnya 2022).
Real World Threat Modeling Using the PASTA Methodology. Available online: https://owasp.org/www-pdf-archive/AppSecEU2012_PASTA.pdf (stanom na 4 chervnya 2022).
LINDDUN Privacy Engineering. Available online: https://linddun.org (stanom na 4 chervnya 2022).
Johnson P., Lagerstrom R., Ekstedt M., Franke U. Can the Common Vulnerability Scoring System Be Thrusted? A Bayesian Analysis. IEEE Trans. Dependable Secur. Comput. 2016. 15. Р. 1002–1015.
Czekster R.M., Morisset C. BDMPathfinder: A tool for exploring attack path in models defined by Boolean Logic Driven Markov Processes, In Proceedings of the European Dependable Computing Conference. Munich, Germany 13–16 September 2021. Р. 83–86.
Mead N., Shull F., Spears J., Heibl S., Weber S., Cleland-Huang J. Crowd Sourcing the Creation of Personae Non Grate for Requirements-Phase Threat Modeling. In Proceeding of the IEEE 25th International Requirements Engineering Conference. Lisbon, Portugal. 4–8 September 2017. Р. 404–409.
Omotunde H., Ibrahim R. A Hybrid Threat Model for Software Security Requirement Speci-fication. In Proceedings of the International Conference on Information Science and Security. Pattaya, Thailand, 19–22 December 2016. Р. 1–4.
Luna J., Suri N., Krontiris I. Privacy-by-design based on quantitative threat modeling. In Proceedings of the Risk and Security of Internet and System. Cork, Ireland. 10–12 October 2012. Р. 1–8.
Saitta P., Larcom B., Eddington M. Trike v.1 Methodology Document. 2005. Available online: https://www.octotrike.org/papers/Trike_v1_Methodology_Document-draft.pdf (stanom na 4 chervnya 2022).
Alberts C., Dorofee A., Stevens J., Woody C. Introduction to the OCTAVE Approach. Software Engineering Institute, Carnegie Mellon University: Pittsburgy, PA, USA, 2003. 27 p.
Nhlabatsi A., Hussein A., Fetais N., Khan K.M. Design and Implementation of a Threat-Specific Security Risk Assessment Tool. In Proceedings of the IEEE International Conference on Informatics, IoT, and Enabling Thechnologies (ICIoT). Doha, Qatar. 2–5 February 2020.
Bourbaki Nicolas. Elements de Mathematique. XX. Premiere partie. Les structures fondamen-tales de l'Analyse. Livre I Theorie des Ensembles. Hermann et Cie, Paris, 1956. Premiere edition. 118 p.