Project of Automated System's Information Security System Selection

2019 International Science and Technology Conference "EastСonf" Pub Date : 2019-03-01 DOI:10.1109/EASTСONF.2019.8725345

E. Vitenburg, A. Nikishova

{"title":"Project of Automated System's Information Security System Selection","authors":"E. Vitenburg, A. Nikishova","doi":"10.1109/EASTСONF.2019.8725345","DOIUrl":null,"url":null,"abstract":"Automation of production processes of enterprise today has enormous scales. The spread of automated control systems of technological processes (ACSTP) and their integration with corporate information systems have led to increase in proportion of successfully implemented malicious impacts on ACSTP. Occurrence of new types of attacks and increase in number of successfully implemented attacks cause the need to form protection systems of industrial systems. Designing protection system of ACSTP is multi-stage process, starting with collection of data on object of protection, its main components, information assets, links with other systems, and identification of relevant information security threats to the system. In this article analysis of structure of typical automated control system of technological process is carried out. The most important components of ACSTP from the point of view of information security are identified. The article defines the need to form project of protection system of ACSTP on the basis of monitoring data of events that occur in ACSTP. Main classes of system events from the point of view of information security are defined. The most typical information security threats for this type of automated systems are considered. Neutralization of groups of threats relevant to ACSTP is carried out by means of forming effective protection system. The typical composition of data protection system of ACSTP is defined. According to results of analysis, the correspondence between security events of ACSTP, current threat groups and typical means of information protection is determined. Choosing the composition of information security tools is complex task that requires a lot of time. To achieve greater efficiency in its solving, it is proposed to use decision support system and system of artificial intelligence. Authors developed functional model of selection of protection system's project using intelligent method of decision support with neural network in it.","PeriodicalId":261560,"journal":{"name":"2019 International Science and Technology Conference \"EastСonf\"","volume":"2013 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2019-03-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"2019 International Science and Technology Conference \"EastСonf\"","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/EASTСONF.2019.8725345","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 0

Abstract

Automation of production processes of enterprise today has enormous scales. The spread of automated control systems of technological processes (ACSTP) and their integration with corporate information systems have led to increase in proportion of successfully implemented malicious impacts on ACSTP. Occurrence of new types of attacks and increase in number of successfully implemented attacks cause the need to form protection systems of industrial systems. Designing protection system of ACSTP is multi-stage process, starting with collection of data on object of protection, its main components, information assets, links with other systems, and identification of relevant information security threats to the system. In this article analysis of structure of typical automated control system of technological process is carried out. The most important components of ACSTP from the point of view of information security are identified. The article defines the need to form project of protection system of ACSTP on the basis of monitoring data of events that occur in ACSTP. Main classes of system events from the point of view of information security are defined. The most typical information security threats for this type of automated systems are considered. Neutralization of groups of threats relevant to ACSTP is carried out by means of forming effective protection system. The typical composition of data protection system of ACSTP is defined. According to results of analysis, the correspondence between security events of ACSTP, current threat groups and typical means of information protection is determined. Choosing the composition of information security tools is complex task that requires a lot of time. To achieve greater efficiency in its solving, it is proposed to use decision support system and system of artificial intelligence. Authors developed functional model of selection of protection system's project using intelligent method of decision support with neural network in it.

查看原文本刊更多论文

自动化系统信息安全系统选型项目

当今企业生产过程的自动化已具有巨大的规模。技术过程自动化控制系统(ACSTP)的普及及其与企业信息系统的集成导致对ACSTP成功实施的恶意影响的比例增加。新型攻击的出现和成功实施的攻击数量的增加，使得工业系统需要形成保护体系。ACSTP保护系统的设计是一个多阶段的过程，从收集保护对象的数据、主要组成部分的数据、信息资产的数据、与其他系统的链路的数据，到识别系统的相关信息安全威胁。本文对典型的工艺过程自动控制系统的结构进行了分析。从信息安全的角度确定了ACSTP最重要的组件。本文根据ACSTP发生的事件的监测数据，明确了ACSTP防护系统方案形成的必要性。从信息安全的角度定义了系统事件的主要类别。本文考虑了这类自动化系统最典型的信息安全威胁。通过形成有效的保护体系来中和与ACSTP相关的威胁群。定义了ACSTP数据保护系统的典型组成。根据分析结果，确定了ACSTP安全事件与当前威胁组和典型信息保护手段之间的对应关系。选择信息安全工具的组合是一项复杂的任务，需要花费大量的时间。为了提高求解效率，提出了使用决策支持系统和人工智能系统。利用神经网络的智能决策支持方法，建立了保护系统方案选择的功能模型。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文求助全文

来源期刊

2019 International Science and Technology Conference "EastСonf"

自引率

0.00%

发文量