Automated Detection of Assets and Calculation of their Criticality for the Analysis of Information System Security

Q3 Mathematics

SPIIRAS Proceedings Pub Date : 2019-09-19 DOI:10.15622/sp.2019.18.5.1182-1211

E. Doynikova, A. Fedorchenko, Igor Kotenko

{"title":"Automated Detection of Assets and Calculation of their Criticality for the Analysis of Information System Security","authors":"E. Doynikova, A. Fedorchenko, Igor Kotenko","doi":"10.15622/sp.2019.18.5.1182-1211","DOIUrl":null,"url":null,"abstract":"The research aims to develop the technique for an automated detection of information system assets and comparative assessment of their criticality for farther security analysis of the target infrastructure. The assets are all information and technology objects of the target infrastructure. The size, heterogeneity, complexity of interconnections, distribution and constant modification of the modern information systems complicate this task. An automated and adaptive determination of information and technology assets and connections between them based on the determination of the static and dynamic objects of the initially uncertain infrastructure is rather challenging problem. The paper proposes dynamic model of connections between objects of the target infrastructure and the technique for its building based on the event correlation approach. The developed technique is based on the statistical analysis of the empirical data on the system events. The technique allows determining main types of analysed infrastructure, their characteristics and hierarchy. The hierarchy is constructed considering the frequency of objects use, and as the result represents their relative criticality for the system operation. For the listed goals the indexes are introduced that determine belonging of properties to the same type, joint use of the properties, as well as dynamic indexes that characterize the variability of properties relative to each other. The resulting model is used for the initial comparative assessment of criticality for the system objects. The paper describes the input data, the developed models and proposed technique for the assets detection and comparison of their criticality. The experiments that demonstrate an application of the developed technique on the example of analyzing security logs of Windows operating system are provided.","PeriodicalId":53447,"journal":{"name":"SPIIRAS Proceedings","volume":"1 1","pages":""},"PeriodicalIF":0.0000,"publicationDate":"2019-09-19","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"2","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"SPIIRAS Proceedings","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.15622/sp.2019.18.5.1182-1211","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q3","JCRName":"Mathematics","Score":null,"Total":0}

引用次数: 2

Abstract

The research aims to develop the technique for an automated detection of information system assets and comparative assessment of their criticality for farther security analysis of the target infrastructure. The assets are all information and technology objects of the target infrastructure. The size, heterogeneity, complexity of interconnections, distribution and constant modification of the modern information systems complicate this task. An automated and adaptive determination of information and technology assets and connections between them based on the determination of the static and dynamic objects of the initially uncertain infrastructure is rather challenging problem. The paper proposes dynamic model of connections between objects of the target infrastructure and the technique for its building based on the event correlation approach. The developed technique is based on the statistical analysis of the empirical data on the system events. The technique allows determining main types of analysed infrastructure, their characteristics and hierarchy. The hierarchy is constructed considering the frequency of objects use, and as the result represents their relative criticality for the system operation. For the listed goals the indexes are introduced that determine belonging of properties to the same type, joint use of the properties, as well as dynamic indexes that characterize the variability of properties relative to each other. The resulting model is used for the initial comparative assessment of criticality for the system objects. The paper describes the input data, the developed models and proposed technique for the assets detection and comparison of their criticality. The experiments that demonstrate an application of the developed technique on the example of analyzing security logs of Windows operating system are provided.

查看原文本刊更多论文

面向信息系统安全分析的资产自动检测及其临界性计算

该研究旨在开发一种自动检测信息系统资产的技术，并对其重要性进行比较评估，以进一步对目标基础设施进行安全分析。资产是目标基础设施的所有信息和技术对象。现代信息系统的规模、异质性、相互联系的复杂性、分布和不断修改使这项任务复杂化。在确定最初不确定的基础设施的静态和动态对象的基础上，对信息和技术资产及其之间的连接进行自动化和自适应的确定是一个相当具有挑战性的问题。提出了基于事件关联方法的目标基础设施对象间连接的动态模型及其构建技术。所开发的技术是基于对系统事件经验数据的统计分析。该技术允许确定所分析的基础设施的主要类型、特征和层次结构。层次结构是考虑对象使用的频率而构建的，其结果表示它们对系统运行的相对临界性。对于列出的目标，引入了确定属性属于同一类型的指标、属性的联合使用以及表征属性相对于其他属性的可变性的动态指标。所得到的模型用于对系统对象的临界性进行初步比较评估。本文介绍了资产检测的输入数据、开发的模型和提出的技术，并对资产的临界性进行了比较。最后以Windows操作系统的安全日志分析为例，进行了实验验证。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文求助全文

来源期刊

SPIIRAS Proceedings Mathematics-Applied Mathematics

CiteScore

1.90

自引率

0.00%

发文量

审稿时长

14 weeks

期刊介绍： The SPIIRAS Proceedings journal publishes scientific, scientific-educational, scientific-popular papers relating to computer science, automation, applied mathematics, interdisciplinary research, as well as information technology, the theoretical foundations of computer science (such as mathematical and related to other scientific disciplines), information security and information protection, decision making and artificial intelligence, mathematical modeling, informatization.