=Paper=
{{Paper
|id=Vol-2386/paper17
|storemode=property
|title=Security Rating Metrics for Distributed Wireless Systems
|pdfUrl=https://ceur-ws.org/Vol-2386/paper17.pdf
|volume=Vol-2386
|authors=Volodymyr Buriachok,Volodymyr Sokolov,Pavlo Skladannyi
|dblpUrl=https://dblp.org/rec/conf/momlet/BuriachokSS19
}}
==Security Rating Metrics for Distributed Wireless Systems==
https://ceur-ws.org/Vol-2386/paper17.pdf
Security Rating Metrics for Distributed Wireless Systems
Volodymyr Buriachok[0000-0002-4055-1494], Volodymyr Sokolov[0000-0002-9349-7946],
and Pavlo Skladannyi[0000-0002-7775-6039]
Borys Grinchenko Kyiv University, Kyiv, Ukraine
{v.buriachok,v.sokolov,p.skladannyi}@kubg.edu.ua
Abstract. The paper examines quantitative assessment of wireless distribution
system security, as well as an assessment of risks from attacks and security vio-
lations. Furthermore, it describes typical security breach and formal attack mod-
els and five methods for assessing security. The proposed normalized method for
assessing the degree of security assurance operates with at least three character-
istics, which allows comparatively analyze heterogeneous information systems.
The improved calculating formulas have been proposed for two security assess-
ment methods, and the elements of functional-cost analysis have been applied to
calculate the degree of security. To check the results of the analysis, the coeffi-
cient of concordance was calculated, which gives opportunity to determine the
quality of expert assessment. The simultaneous use of several models to describe
attacks and the effectiveness of countering them allows us to create a compre-
hensive approach to countering modern security threats to information networks
at the commercial enterprises and critical infrastructure facilities.
Keywords: Immunity, Risk, Security, Threat, Function Cost Analysis.
1 Introduction
Several threats are presently affecting wireless systems: natural, man-made, human in-
tentional and human inadvertent. Natural (cosmic radiation, ionization of the iono-
sphere) and man-made (radiation of radio equipment) are very similar in action: they
cause interference in communication channels. Intentional threats become more wide-
spread and appear as a form of security breaches: the introduction of malicious code
into the system. Human inadvertent threats can be considered as force majeure [1, 2].
The reminder of the paper is organized as follows. Section 2 “Review of the Litera-
tureˮ contains the analysis of the latest scientific work in this area. Sections 3 “Problem
Statement,” 4 “Methods for Assessing the Threats,” and 5 “Approaches to the Threats
Assessmentˮ reveal problems, well-known approaches to solving the problem of eval-
uating the effectiveness of information systems protection. In sections 6 “Zombie”
Model of Security Breaches Considerationˮ and 7 “Formal Attack Model” are pre-
sented formal models of security breaches and attacks. In section 8 “Methods for
Threats Assessing” considered the existing and charming own method of threats. Sec-
tion 9 “Functional-Cost Analysis” is an example of an audit of the cost of a security
system implementing. The paper ends with section 10 “Conclusion and Future Work.ˮ
�2 Review of the Literature
At first glance, it seems that the problem of protection against security breaches can be
solved by protecting the information, transmitted by the network, itself. But such a
threat is due to the use of the computer facilities, directly involved into in data trans-
mission, in equipment, for instance, multiplexers and demultiplexers, switches, routers,
amplifiers, regenerators, control devices, etc. Thus, we are talking not only about the
integrity of information, but also about the capacity of the system as a whole [1].
The system consists of hardware, software, information resources and organizational
structure. Each of these elements can be considered separately as a subsystem of the
general system and apply the same principles as for the system as a whole [3].
Theoretical and practical studies indicate that the determination of exact quantitative
estimates of possible damage is very difficult or impossible at all. Due to this, the ap-
proximate estimates obtained during the operation of the wireless system, together with
expert assessments have become widespread [4].
3 Problem Statement
Through the results of security breaches (cyber attacks and viruses) lead to a deteriora-
tion of the wireless system infrastructure, they can be considered similar to obstacles.
Conversely, obstacles can be considered as the effects of viruses.
Simultaneously with the definition of security indicators, risk assessment should be
considered. Only a combination of these two indicators provides a complete picture of
the state of wireless system being studied.
The purpose of this study is to develop the methods for determining the level of
security, refining them to obtain a methodology of comparing several systems among
themselves, as well as improving the methods for verifying the reliability of expert
assessments. Let’s suppose that the attacker uses a known security breach model—a
zombie model—to gain access to an object of information activity. Defining the sys-
tem's security level can be used in conjunction with the tree method attack for timely
response to changes in the system configuration, the emergence of new types of attacks
and changes in organization security policy.
4 Methods for Assessing the Threats
“Zombie” model of security breaches consideration and formal attack model allow us
to simulate a system and an attack on it. The most appropriate methods for assessing
the threats from internal and external threats may be the following:
Denial of service probability.
Expected vulnerability damage from the ith threat.
Set of values for defining security requirements.
Assessing the threats and losses.
Degree of security procuring.
�Through empirical analysis of the above methods for assessing the threats, it has been
found that none of its meets the requirements for security of information objects. In our
view, this problem can be solved by means of the normalization of quantitative and
qualitative indices of threats to information objects and, if necessary, used for “weakly
structured” indicators of expert evaluation data. To this end, we have proposed a com-
prehensive method of the information objects security.
5 Approaches to the Threats Assessment
The subjective process of obtaining the probability of the threat can be divided into
three stages:
Preparatory (the object of research is formed: the set of events and the initial analysis
of the properties of this set; one is selected for methods of obtaining subjective prob-
ability; the preparation of an expert or a group of experts is conducted).
Derivation of the assessments (using the chosen method; obtaining results in a nu-
merical form, possibly controversial).
Analysis of the obtained assessments (researching the results of the survey; clarifi-
cation of the experts’ answers).
Sometimes the third stage is not carried out if the method itself uses the axioms of
probable distribution, which is close to expert estimates itself. Conversely, the stage
becomes especially important if results are obtained from expert groups [5].
It is also possible to separate two approaches to multicriteria assessment of the effi-
ciency of distributed wireless systems:
Associated with bringing the set of individual performance indicators to a single
integral indicator.
Methods of the theory of multiple choice and decision-making with a significant
number of individual performance indicators, approximately equally important [4].
6 “Zombie” Model of Security Breaches Consideration
Security breaches, based on this model, have a clearly separated stage, as it’s shown in
Fig. 1. The attack model, used by the attacker, can be presented as follows: shallow
study (reconnaissance), in-depth study (scanning of communication channels), com-
plete study (mapping), access to the operating system (OS), extension of authority,
“Zombie” OS, manipulation of information, removal of traces of a crime, as well as the
installation of spyware software, if it’s needed.
The system “zombification” passes through malicious code, which is entered into
the OS for remote access. After that, a “zombie” OS runs the next attack and adds new
workstations to the “zombie” network (the so-called botnet). At the end of the attack,
traces of an attacker’s presence in the system are deleted.
�Fig. 1. Stages of the “zombie” model.
The “zombie” model efficiency [с–1∙USD–1] can be calculated by the formula:
𝑛∙𝑠
𝐸= (1)
∆𝑡∙𝐶
where n is the number of potential servers on which the attack is implemented; s is the
number of computers that work directly with one server; Δt is the time of the system in
the “zombie” state; C is the cost of the attack: the cost of writing a botnet, additional
costs for the input and distribution of lost code, additional costs [6].
7 Formal Attack Model
A formal attack model (AM), within the described above processes, taking into account
the proposals [7, 8] can be represented as follows:
𝑜𝑏𝑗𝑒𝑐𝑡 𝑠𝑐𝑒𝑛𝑎𝑟𝑖𝑜 𝑜𝑝𝑡𝑖𝑜𝑛
𝐹𝐴𝑀 = 〈𝑀𝐴𝑀 , 𝑀𝐴𝑀 , 𝑀𝐴𝑀 〉 (2)
𝑜𝑏𝑗𝑒𝑐𝑡
where 𝑀𝐴𝑀 is a component that describes the level of parametrization of the security
analysis (SA) process and serves for the establishing the set of analyzed objects, the
purposes of the performing attacking actions and the parameters, characterizing the of-
fender. As a rule, it is a pair: object of attack—the purpose of the attack, for example,
port scan.
𝑠𝑐𝑒𝑛𝑎𝑟𝑖𝑜
𝑀𝐴𝑀 is a component that describes the script level and serves to create a plu-
rality of different scenarios (sequence of attacking actions), taking into account the pur-
pose formed at the level of parameterization of the SA process, which should be
achieved by the offender. At the same time, scripting is carried out by the method of a
complete overview of all sub-targets of attacking the purpose action, for example, the
target “intelligence,” sub-targets—“scan of ports,” “definition of the OS type,” etc.
𝑜𝑝𝑡𝑖𝑜𝑛
𝑀𝐴𝑀 is a component that describes all possible variants of the attacker’s actions
on the basis of its characteristics, also includes an algorithm for the formation of the
attack tree.
�It, in turn, can be represented as follows:
𝑜𝑝𝑡𝑖𝑜𝑛
𝑀𝐴𝑀 = 𝐹(𝐴, 𝐸, 𝐹 𝑜𝑝𝑡𝑖𝑜𝑛 ) (3)
where A is set of all attacking actions; E is set of all exploits; Foption is set of the functions
of this component.
At the same time, the filling of the sets A and E is based on open vulnerability data-
bases, for example, the Open Source Vulnerability Database or the National Vulnera-
bility Database (NVD, attacking actions of the implementation stages, enhancing priv-
ileges, and implementing the threat), as well as expert knowledge (attacking actions of
the stages of intelligence, concealment traces, creation of secret moves).
8 Methods for Threats Assessing
8.1 Denial of Service Probability
The probability of denial of service data (natural disaster, force majeure, total or partial
loss of data, unauthorized access, etc.) allows you to obtain results in the form of a scale
of assessments of potential threats and their consequences. The method operates with a
set of indicators and for each individual case will be different. The values of the indi-
cators are approximate, based on available statistics or expert estimates, which makes
it impossible to analyze it with a small amount of accumulated statistical data [4].
8.2 Expected Vulnerability Damage from Threats
Expected vulnerability damage from the ith threat—an empirical method of evaluation,
was first proposed by the specialists of IBM [9]:
𝑅𝑖 = 10𝑆𝑖 +𝑉𝑖−4 (4)
where Si and Vi is coefficients that characterize the possible frequency of occurrence of
the threat and the value of the possible damage when it occurs (the value of both coef-
ficients—integers in the interval [0, 7], for Si “0”—almost never, “7”—more than 1,000
times per year; Vi from 1 to 10 million dollars) [4, 6, 9, 10].
This methodology can be described by a system of equations, resulting in parameters
at intervals:
𝑅𝑖 = 10𝑆𝑖 +𝑉𝑖−4
𝑆𝑖 = 7 ∙ 10−3 ∙ 𝑠𝑖 , 0 ≤ 𝑠𝑖 ≤ 103
𝑆𝑖 = 7, 𝑠𝑖 > 103 (5)
𝑉𝑖 = 7 ∙ 10−7 ∙ (𝑣𝑖 − 1), 1 ≤ 𝑣𝑖 ≤ 107
{ 𝑉𝑖 = 7, 𝑣𝑖 > 107
where si is predictable or actual number of attacks per year, vi is amount of predictable
or real damage in monetary units.
�In this case, the increase in the second interval is not taken into account; we propose to
correct the formula, taking into account the growth in the whole area of determination
of characteristics. It is proposed to use a hyperbolic tangent (more precisely, only its
positive part in the first quadrant) in the new formula. Based on the characteristics of
the hyperbolic tangent function, additional coefficients are introduced:
2𝑥
𝑓(𝑥) = 𝑘𝑚𝑎𝑥 ∙ 𝑡𝑎𝑛ℎ (6)
𝑏𝑚𝑎𝑥
where kmax corresponds to the maximum of the scale that is 7, and bmax is maximum
value of the predictable or real value, the coefficient 2 is introduced for a better scaling
by abscissa.
Then the system can be written as follows:
𝑅𝑖 = 10𝑆𝑖+𝑉𝑖−4
𝑠𝑖
{ 𝑆𝑖 = 7 ∙ 𝑡𝑎𝑛ℎ , 0 ≤ 𝑠𝑖
500 (7)
𝑣𝑖 −1
𝑉𝑖 = 7 ∙ 𝑡𝑎𝑛ℎ , 1 ≤ 𝑣𝑖
5∙105
The formula of expected damage from ith threat can be written in general terms:
𝑠 𝑣 −1
7∙𝑡𝑎𝑛ℎ 𝑖 +7∙𝑡𝑎𝑛ℎ 𝑖 5 −4
𝑅𝑖 = 10 500 5∙10 , 0 ≤ 𝑠𝑖 , 1 ≤ 𝑣𝑖 (8)
This method, as can be seen from the graph (Fig. 2), does not allow to compare different
information systems (due to the significant variation in the cost of systems, their scale
and workload), since the estimated damage is relative. The method shows the most
adequate results in the case of comparing the security of the same system at different
points in time or when the state changes its quality.
20
v=500
15 v=5000
v=50000
10 v=100000
5
0
200 250 300 350 400 450 500
Fig. 2. Expected damage quantification.
8.3 Set of Values for Defining Security Requirements
The set of values for defining security requirements is another proposed method in [10],
which operates with a normalized level of security in the continuum of values [0, 1],
and reliability indicators are a function of belonging 𝜇 𝐴 (𝑥𝑖 ), where xi is an element of
�the X set (security requirements), and A is a plural of values, defining the fulfillment of
security requirements:
𝜇 𝐴 (𝑥𝑖 )
𝐴 = ∑𝑁
𝑖=1 (9)
𝑥𝑖
𝜇 𝐴 (𝑥𝑖 )
where is normalized pair “function of accessory/element.” Then it is possible to
𝑥𝑖
evaluate the effectiveness of clearly defined safety criteria.
This method has the main drawback: the system may be evaluated only with a pre-
determined set of criteria.
8.4 Assessing the Threats and Losses
The analytical method for assessing the threats and losses, associated with them, oper-
ates with the average indicator of the appearance of the threat L and the magnitude of
the probability distribution f(L). To estimate the losses, the value m with mean deviation
v is used.
For analysis, it is imperative to have statistics of security breaches and measured
values of losses for these attacks.
The issue with the method is the inability to calculate the impact of information se-
curity (IS) on L and, accordingly, on m, and therefore to assess the effectiveness of the
measures of IS [4].
8.5 Degree of Security
The degree of security provides a rough estimate of the effectiveness of the IS system.
The method operates with the subjective coefficients of weight ith characteristic Wi and
the ball values of each characteristic Gi, which is determined by expert’s estimates.
The formula for the degree of security is as follows:
1
𝑆 = ∑𝑁
𝑖=1 𝑊𝑖 ∙ 𝐺𝑖 (10)
𝑁
where N is amount of the characteristics.
The method has two drawbacks: it is impossible to compare systems with different
sets of characteristics and it does not take into account the dependence of the weighting
factor and the value of the characteristic of the characteristic itself [4, 10].
8.6 Comprehensive Method of the Information Objects Security
The author of the paper proposes to use normalized characteristic S* to assess the de-
gree of the system security, and at the same time, to consider the subjective factors of
the importance of the ith characteristic and the ball value of each characteristic, as a
function of the characteristics:
� 𝑊 = 𝑓𝑊 (𝑥𝑖 )
{ 𝑖 (11)
𝐺𝑖 = 𝑓𝐺 (𝑥𝑖 )
where fW and fG are functions of the characteristic xi.
The general formula for monotonous fW and uncertain function fG is as follow:
1
𝑆 ∗ = ∑𝑁 ∗ ∗
𝑖=1 𝑊 (𝑥𝑖 ) ∙ 𝐺 (𝑥𝑖 ) (12)
𝑁
where 𝑊 ∗ (𝑥𝑖 ) is normalized weighting factor of subjective estimation from xi:
𝑓𝑊 (𝑥𝑖 )
𝑊 ∗ (𝑥𝑖 ) = | | (13)
max[𝑓𝑊 (𝑥𝑖 )]
and 𝐺 ∗ (𝑥𝑖 ) is normalized score value of a function:
𝐺Σ
𝐺 ∗ (𝑥𝑖 ) = | Σ 𝑖 | (14)
𝐺𝑖 𝑚𝑎𝑥
Intermediate values of which are defined as integral characteristics:
𝑥 𝑒𝑛𝑑
𝐺𝑖Σ = ∫ 𝑏𝑒𝑔𝑖𝑛
𝑖
𝑓𝐺 (𝑥)𝑑𝑥
𝑥𝑖
{ (15)
𝑥 𝑚𝑎𝑥
𝐺𝑖Σ𝑚𝑎𝑥 = ∫𝑥 𝑚𝑖𝑛
𝑖
𝑓𝐺 (𝑥)𝑑𝑥
𝑖
𝑏𝑒𝑔𝑖𝑛
where 𝑥𝑖 and 𝑥𝑖𝑒𝑛𝑑 are the beginning and the end of the range of values for a given
characteristic that exists and is continuous in the range from 𝑥𝑖𝑚𝑖𝑛 to 𝑥𝑖𝑚𝑎𝑥 .
In the given case the normalized level of safety of the system will always be S* ≤ 1.
S* is “absolutely” protected system, when all the existing characteristics xi are consid-
ered. In the general case, the proposed modification of the method allows to obtain a
normalized level of security for any system with a number of characteristics (but not
less than 3), and to conduct a comparative analysis of IS in systems with a different set
of characteristics.
Because the method operates with the results, obtained through expert evaluation,
before the data processing begins, it is necessary to assess the adequacy of the expert
group. To assess the adequacy it’s needed to determine the coefficient of concordance,
which involves the elements of functional-cost analysis.
9 Functional-Cost Analysis
Let’s suppose we have N essential characteristics that are included in the X set of all
characteristics of the system [𝑥1 , 𝑥2 … 𝑥𝑁 ] ∈ 𝑋.
We determine experimentally or analytically the intervals of values for all charac-
teristics (minimum and maximum values), as well as the average value (which does not
necessarily coincide with the arithmetic mean and maximum values). In the found in-
tervals, experts determine the point values of each characteristic Gi:
� 𝐺1 = 𝑓𝐺 (𝑥), 𝑥 = 𝑥1𝑚𝑖𝑛 , 𝑥1𝑎𝑣 , 𝑥1𝑚𝑎𝑥
𝐺2 = 𝑓𝐺 (𝑥), 𝑥 = 𝑥2𝑚𝑖𝑛 , 𝑥2𝑎𝑣 , 𝑥2𝑚𝑎𝑥 (16)
…
[𝐺𝑁 = 𝑓𝐺 (𝑥), 𝑥 = 𝑥𝑁𝑚𝑖𝑛 , 𝑥𝑁𝑎𝑣 , 𝑥𝑁𝑚𝑎𝑥
Based on the obtained data, for the sake of clarity, the charts (11), used by experts to
determine the following characteristics, are constructed.
9.1 Parameters Weighting
The weighting of the parameters is determined by the method of prioritization, accord-
ing to which the priorities of the characteristics are determined by the expert group (M
is the number of experts), and as a the result, the comparison table is compiled (see
Table 1), in which the average score is reduced to a numerical form according to the
principle: “>” corresponds to 1.5, “=”—to 1.0, and “<”—to 0.5.
Table 1. Expert evaluation of the parameters importance
Experts Average Numeric
Parameter pairs
1 2 3 … M rating value
x1 and x2 = = > … > > 1.5
x1 and xi > > > … > > 1.5
… … … … … … … …
x1 and xN > > > … > > 1.5
x2 and xi > > < … = < 0.5
… … … … … … … …
xi–1 and xi > < > … > > 1.5
… … … … … … … …
xN–1 and xN > > > … > > 1.5
Due to the received data, a table of the characteristics of the priorities is filled out (see
Table 2), in which the coefficient 1.0 is taken for pairs xi/xi.
Table 2. Determination of the characteristics of the priorities
Characteristics Importance Validity
x1 x2 … xi … xN bi φi b´i Wi=φ´i
x1 1.0 1.5 … 1.5 … 1.5 7.0 0.28 34.0 0.292
x2 0.5 1.0 … 1.5 … 1.5 5.0 0.20 22.5 0.193
… … … … … … … … … … …
xi 0.5 0.5 … 1.0 … 1.5 4.5 0.18 20.5 0.176
… … … … … … … … … … …
xN 0.5 0.5 … 0.5 … 1.0 3.0 0.12 14.0 0.120
∑ 1.0 1.0
�Degree of importance φi of each parameter:
𝑏
𝜑𝑖 = ∑𝑁 𝑖 , (17)
𝑖=1 𝑏𝑖
𝑏𝑖 = ∑𝑁
𝑗=1 𝑎𝑖𝑗 (18)
where bi is the weight of the ith parameter on the basis of expert assessments; aij is the
numerical value of the priority.
The coefficient Wi of the importance of the ith parameter is determined in the second
step:
𝑏̇
𝑊𝑖 = 𝜑̇ 𝑖 = ∑𝑁 𝑖 ̇ , (19)
𝑖=1 𝑏𝑖
𝑏𝑖̇ = ∑𝑁
𝑗=1 𝑎𝑖𝑗 ∙ 𝑏𝑗 (20)
9.2 Assessment of the Expert Group Adequacy
Assessment of the adequacy of the expert group is carried out after determining the
dependence of the ball values of each characteristic of the characteristic itself; the dis-
crete function is reduced to a continuous one from (11).
The sum of the ranks of each parameter:
𝑅𝑖 = ∑𝑀
𝑗=1 𝑟𝑖𝑗 (21)
where rij is the rank of the ith characteristics, determined by the jth expert.
Checking the total amount of the ranks, this must be equal:
1
𝑅𝑖𝑗 = ∙ 𝑀 ∙ 𝑁 ∙ (𝑁 + 1) (22)
2
The average amount of ranks:
1
𝑅𝑎𝑣 = ∙ 𝑅𝑖𝑗 (23)
𝑁
Rejection of the sum of the ranks for each ith characteristic from the average amount
(the sum of deviations for all characteristics should be zero):
Δ𝑖 = 𝑅𝑖 − 𝑅𝑎𝑣 (24)
Total amount of squares of deviations:
𝑆 = ∑𝑁 2
𝑖=1 Δ𝑖 (25)
The coefficient of concordance:
12∙𝑆
𝑊= (26)
𝑀2 ∙(𝑁3 −𝑁)
�The coefficient of concordance can take the value 0 ≤ W ≤ 1. In the case of complete
consistency of expert opinions, the coefficient is W = 1. If W ≥ Wnom, the certain data
are trustworthy and are usable. For the means of computer technology adopted
Wnom = 0.67, the same value can be used for distributed wireless systems [11, 12]. Since
in this case not only wireless systems can be used, the tolerance of the deviation of the
values of the concordance coefficient will be taken at the level of ⅕ from its normal
value:
Wdistribution of communication systems = 0.67±20% (27)
The results of field experiments (Fig. 3) suggest that the recommended number of esti-
mated safety parameters and the number of experts evaluating these parameters are in-
terdependent. This is confirmed by the family of curves constructed on the basis of
formula (26).
1
0.9
0.8
0.7
0.6
0.5
M=2
0.4
M=3
0.3 M=4
0.2 M=5
0.1 M=6
0
2 3 4 5 6 7 8 9 10 11
Fig. 3. Relationship of security parameters and experts.
10 Conclusions and Future Work
The existing models and methods for assessing security and risks, with their drawbacks
were considered in the paper. The proposed modifications are intended to improve ex-
isting methods and include more precise approximation (for expected damage to the
vulnerability) and generalization of the function (for the degree of security). In addition,
it is proposed to use elements of functional-cost analysis to verify the reliability of ex-
pert evaluation.
From the above, we can say that our method of evaluation is not yet sufficiently
thorough and requires more detailed consideration and the introduction of step-by-step
instructions in the comprehensive assessment of the security and risks for distributed
wireless systems.
The paper describes the sequence of defining the system’s security. In the future, we
plan to compare the calculation of efficiency and risk.
�References
1. Shvartsman, V.O.: Quantitative assessment of information security and communication net-
works from unauthorized actions. Telecommun 5, 5–8 (2008). [Publication in Russian]
2. Nechunaev, V.M.: Risk assessment of information security of a corporate information sys-
tem. TUSURs Rep 1(19), 51–53 (2009). [Publication in Russian]
3. Nechunaev, V.M.: A method for describing a corporate information system for an infor-
mation security risk management procedure. TUSURs Rep 2(18), 116–117 (2008). [Publi-
cation in Russian]
4. Domarev, V.V.: Security information technology. Methodology for creating security sys-
tems. Kyiv, p. 688 (2001). [Publication in Russian]
5. Simonov, S.V.: Technologies and tools for risk management. Jet Inf Newsl 2(117), 9–13
(2003). [Publication in Russian]
6. Davydov, I.V., Shelupanov, A.A.: Formalization of the model of cybercrime committed us-
ing malicious codes. News of Tomsk Polytech Univ 8, 126–129 (2006). [Publication in Rus-
sian]
7. Buriachok, V.L.: Option of the mechanism of breaking information and telecommunication
systems and their protection from extraneous cybernetic effects. Sci and Tech J “Mod Def
of Inf,” SUT 4, 76–84 (2011). [Publication in Ukrainian]
8. Kotenko, I.V., Stepashkin, M.V.: Assessment of the security level of computer networks
based on the construction of an attack graph. In: News of International Scientific School
“Modeling and Analysis of Safety and Risk in Complex Systems,” St. Petersburg, pp. 150–
154 (2006). [Publication in Russian]
9. Meshcheryakov, R.V., Shelupanov, A.A., Belov, E.B., Los. V.P.: Basics of information se-
curity. Moscow, Hot Line Telecommun, p. 350 (2006). [Publication in Russian]
10. Chipiga, A.F., Peleshenko, V.S.: Evaluation of the effectiveness of the protection of auto-
mated systems from unauthorized access. Bull of North Cauc State Tech Univ, Ser “Phys-
Chem” 1(8), 40 (2004). [Publication in Russian]
11. Chernyavskii, A.T. (eds): Methodical instructions for the implementation of the organiza-
tional and economic section of diploma projects. Kyiv, NTUU “KPI,” p. 66 (1999). [Publi-
cation in Ukrainian]
12. Chernyavskii, A.T., Shvets, L.V., Shudra, V.F., Maevskaya, L.S.: Guidelines for the use of
FCA in the development of a software product. Kyiv, NTUU “KPI,” p. 69 (1990). [Publica-
tion in Russian]
�