×

You are using an outdated browser Internet Explorer. It does not support some functions of the site.

Recommend that you install one of the following browsers: Firefox, Opera or Chrome.

Contacts:

+7 961 270-60-01
ivdon3@bk.ru

Graphoanalytic model of the process of eliminating the consequences of computer attacks and responding to computer incidents

Abstract

Graphoanalytic model of the process of eliminating the consequences of computer attacks and responding to computer incidents

Kryukov D.M.

Incoming article date: 15.03.2022

The most important task of the theory and practice of information security is to analyze the process of functioning of the subsystem for responding to computer incidents and eliminating the consequences of computer attacks of the information protection system of automated special-purpose systems under the influence of computer attacks by an attacker on the protected information resource, service or network, which involves modeling the response process. A generalized model of the process of eliminating the consequences of computer attacks and responding to computer incidents is presented in the form of a directed graph, where the vertices correspond to the states of the subsystem, and the arcs correspond to transitions from state to state. The description of the subsystem functioning in the state space allows you to simulate the process of responding to computer incidents and eliminating the consequences of computer attacks, evaluating generalized indicators of the time spent by the subsystem in various states and promptly manage the response process by changing the controlled parameters of the model. The model takes into account many types of computer attacks and many strategies for managing information security tools in the process of eliminating the consequences of computer attacks, is the theoretical basis for the development of a methodological apparatus for analyzing, evaluating and prioritizing the processing of computer incidents, as well as the study of issues of dynamic management of the subsystem of responding to computer incidents in order to increase the efficiency of its functioning. The use of the proposed model makes it possible to apply both empirical values of the implementation time of the response and counteraction subprocesses obtained as a result of measurements or modeling, and the theoretical basis for modeling the counteraction of information security tools to computer attacks of various types.

Keywords: automated special purpose system, simulation, information security system, information security tools, computer incident, computer attack, system status