=Paper=
{{Paper
|id=Vol-2893/short_6
|storemode=property
|title=Development of Algorithm for Improving Accuracy of Probability Coefficient of Threat Implementation in Personal Data Information Systems
|pdfUrl=https://ceur-ws.org/Vol-2893/short_6.pdf
|volume=Vol-2893
|authors=Sergey Verevkin,Ksenia Naumova,Tatiana Tatarnikova,Pavel Bogdanov,Ekaterina Kraeva
|dblpUrl=https://dblp.org/rec/conf/micsecs/VerevkinNTBK20
}}
==Development of Algorithm for Improving Accuracy of Probability Coefficient of Threat Implementation in Personal Data Information Systems==
https://ceur-ws.org/Vol-2893/short_6.pdf
Development of Algorithm for Improving Accuracy of Probability
Coefficient of Threat Implementation in Personal Data
Information
Sergey Verevkina, Ksenia Naumovaa, Tatiana Tatarnikovaa, Pavel Bogdanova and Ekaterina
Kraevaa
a
Russian State Hydrometeorological University, Voronezhskaya st. 79, St. Petersburg, 192007, Russia
Abstract
The continuing increase of the number of information systems inevitably entails the need to
ensure cyber security of the information contained in them, in view of the need to provide both
information containing commercial secrets and various types of information processed,
including by State information systems. Considering the process of ensuring cyber security of
the information, in the context of the need to comply with the requirements of legislative and
regulatory acts, we should take note of the inevitability of creating a model of an illegal intruder
and model of threats to the security of the protected information system, to determine the
relevance of the vulnerabilities indicated in them. This article review the process of creating
an algorithm that determines the existing methodology for determining actual threats to data
security during their processing in information data systems, which is used at the step of
building a model of security threats. The developed algorithm is relevant in view of its
application to the current methodology, which serves as the main document in determining the
requirements for the information security system. It is proposed to use a four-stage algorithm
for collecting reconnaissance information from public sources (OSINT) for assessing risks and
determining the state of security of an information system. The algorithm contains the steps of
collecting information from freely distributed databases of supervisory authorities, external
network resources of the organization, identifying potential an illegal intruderamong the
employees of the organization, as well as checking the organization's internal network
resources. The developed algorithm is recurrent and allows organizing a recursive update of
the input data collected as a result of its first execution, thereby providing data for a more
detailed analysis when performing subsequent cycles. The information obtained as a result of
OSINT analyze and provide to the managerial staff of the organization or the owner of the
information system for further use in determining the appropriate coefficients of the current
methodology.
Keywords 1
OSINT, corporate networks, security analysis, information security
1. Introduction
Today, a matter of necessity of the need to ensure the information security of the organization is
increasingly arose not only by large corporations and government entities, but also by small private
organizations. The main reason for it is the increase in the cost of processed information in the networks
of organizations that has become the most desirable resource of cybercriminals.
Proceedings of the 12th Majorov International Conference on Software Engineering and Computer Systems, December 10-11, 2020, Online
& Saint Petersburg, Russia
EMAIL: vrjovkin@rambler.ru (A. 1); ksenia.naumovaks@gmail.com (A. 2); tm-tatarn@yandex.ru (A. 3); 45bogdanov@gmail.com (A. 4);
kate.smitt.by@mail.ru (A. 5);
ORCID: 0000-0002-5255-940X (A. 1); 0000-0001-6972-5390 (A. 2); 0000-0002-6419-0072 (A. 3); 0000-0002-7533-7316 (A. 4); 0000-
0002-6938-1775 (A. 5)
©️ 2020 Copyright for this paper by its authors.
Use permitted under Creative Commons License Attribution 4.0 International (CC BY 4.0).
CEUR Workshop Proceedings (CEUR-WS.org)
� With the need to protect the information being processed, it is necessary to properly assess the
current state of security of the information system in accordance with the requirements of current federal
laws and other governing documents of supervisory bodies.
2. Justification of the existing problem
In carrying out the task of building an information protection system in organizations closely related
to the processing of client databases that include personal data, an important point is the need to
determine the current personal data threats when processing them in ISPD in accordance with the
current FSTEC methodology [1].
As a result of the actions described in this methodology, employees of the organization are faced
with the task of determining numerical coefficients 𝑌1 and 𝑌2 , which indicate the state of the initial
security and the probability of the threat implementation.
Unlike the first coefficient determined by the table in the methodology, the value of the 𝑌2 coefficient
should be determined by using the proposed verbal estimates corresponding to small, medium, high and
unlikely.
It is worth noting the difficulty of conducting such assessments in the absence of any actual data on
the current state of the organization's information systems and not to mention a further similar process
for assessing the feasibility of a threat, which requires an impartial assessment of the possibility of
implementing security incidents, including by the organization's staff.
3. Algorithm development
As a way to solve the problem of correctly determining the values of the 𝑌2 , coefficient, we will
build an algorithm that allows using open source software used for intelligence based on open
information sources (OSINT) to search for existing threats.
Among the methods for conducting OSINT, the four-stage cyclic method for conducting data
collection has gained the greatest popularity:
1. Definition of information search criteria
2. Retrieving searched data from open sources
3. Analysis of the received information
4. Structuring the obtained information in order to use it for further data search.
Therefore, the accuracy of the research conducted depends on the number of OSINT cycles, which
allows you to determine the depth of analysis of the collected information depending on its type, secrecy
and the wishes of the organization's management [2].
An important feature of OSINT is the full analysis of the organization's information and personnel
resources. For this reason, we highlight three main steps of the algorithm being developed and consider
the most successful methods of their implementation:
1) Analysis of public pages of the organization
It includes the collection and analysis of information about the organization posted in such sources
of information, advertisements, organization websites, resources, tax information and other sources of
information that allow you to obtain initial data on the activities of the organization: organizational
structure, position, etc.
There are many software solutions, but as an example, we will consider the Maltego, which provides
a convenient interface for visualizing data found and connections between it. Despite the fact that
Maltego has a free version, the most effective are paid versions of the program that allow expanding its
capabilities by connecting additional third-party libraries, the work of which is implemented by
�connecting using API keys. An example of analysis and construction of connections of collected data
of the Russian State Hydrometeorological University (RSHU) website (rshu.ru) is shown in Figure 1.
Figure 1: Result of data collection from RSHU website (rshu.ru)
As a result of the analysis, it becomes possible to obtain the following information: contact
information of the owners of network resources, hosting on the basis of which the organization's website
is located, personal data of employees whose numbers are indicated on the website, information about
the current and completed judicial proceedings of the organization and information about the dates of
important events, such as: company management's birthdays, dates of corporate events and many other
information that will further facilitate the receipt of additional information[3].
2) Analysis of employee information
In this step, you search for existing employees in your organization using the data you have received
in the previous step. The main goal is to collect information about the largest number of employees in
the organization using the previously obtained data. As a result of the analysis, it becomes possible to
determine most of the employees of the organization with high accuracy through the analysis of social
networks of these employees, their personal e-mails, phone numbers, home addresses and relationships
between the employees.
We will use the OSINT Framework, which combines a huge number of solutions in the field of
searching for information from open sources. The Maltego that was discussed earlier can also be used
for these purposes, but most of its functionality for analyzing social networks used in Russia requires
purchase of paid packages. The main advantage of the OSINT Framework is the ability to get the user
the access to the maximum number of information from free sources, with additional indication of paid
resources. Figure 2 shows the OSINT Framework options for Social Network and Mail Address
Analysis.
�Figure 2: OSINT Framework solutions for finding information on popular social networks and e-mail
services
An important task of this step is to identify dissatisfied employees who openly express
dissatisfaction with colleagues and the organization as a whole. Often, it is a dissatisfied employee who
is a potential victim of social engineers who provoke the employee to help achieve their own goals.
3) Analysis of the organization's network
The last but no least important step is to analyze the current state of security of corporate networks
of the organization. In this step, it is important to analyze the network infrastructure used by the system
and application software, the security tools used, protocols and other information that allows the abuser
to plan attacks for specific network components.
The task of analyzing data about an organization's network can be solved in many different ways,
the application of which depends on the type of network and the devices used in it. One of the most
famous tools is Nmap. Using Nmap to the address found using Maltego IP, we can get information
about the system software used, which is used on the hosting network resource. Figure 3 shows the
result of the website rshu.ru hosting operating system definition.
Figure 3: Definition of the website rshu.ru hosting operating system
The main criterion for choosing an implementation tool is to locate an attacker in relation to the
network of the organization. If located in a segment of the corporate network, the use of sniffers to
analyze network traffic for the use of vulnerable network protocols is needed. At the same time, for the
�purpose of further penetration, it is necessary to use vulnerability scanners and Nmap analogues to
search for vulnerabilities of border nodes of the network or to obtain information about the protection
used in case of remote scanning of devices at the border of the investigated network in case of
firewalls[4].
4. Conclusion
The result of the work is an algorithm, contributory factor to the process of determining the verbal
coefficients of the probability of the implementation of security threats for information systems, through
the use of the final report generated from the results of external OSINT and analysis of the organization's
network. It should be pointed out the possibility of obtaining new data on threats existing in the
information system, the identification of which in the case of multiple cyclical repetition of the
algorithm contributes to the addition of the model of security threats and information created at the
previous stages. Also should be pointed out that the developed algorithm can also be used when re-
evaluating the security of an information system to identify new sources of threats and determine their
relevance.
5. References
[1] "Methodology for determining current threats to personal data security during their processing in
personal data information systems" FSTEC of 14.02 2008
[2] Penetration Testing Execution Standard (PTES), URL: http://www.pentest-
standard.org/index.php/Main_Page
[3] «Maltego Desktop Application Guide»URL:
https://docs.maltego.com/support/solutions/articles/15000008703-client-requirements#network-
requirements-0-3
[4] Tatarnikova T.M., Volskiy A.V. Estimation of probabilistic-temporal characteristics of network
nodes with traffic differentiation//Informatsionno-Upravliaiushchie Sistemy. 2018. V. 94 No. 3. P.
54-60. DOI 10.15217/issn1684-8853.2018.3.5
[5] Tatarnikova T.M. Statistical methods for studying network traffic //Informatsionno-
Upravliaiushchie Sistemy. 2018. V.96. No.5. P. 35-43. DOI: 10.31799/1684-8853-2018-5-35-43
[6] Bogatyrev, V.A. Fault Tolerance of Clusters Configurations with Direct Connection of Storage
Devices // Automatic Control and Computer Sciences - 2011, Vol. 45, No. 6, pp. 330-337
[7] Bogatyrev A. V., Bogatyrev, V. A., Bogatyrev, S. V. Multipath Redundant Transmission with
Packet Segmentation. In: 2019 Wave Electronics and its Application in Information and
Telecommunication Systems (WECONF), (2019). 8840647 doi:
10.1109/WECONF.2019.8840643
[8] Bogatyrev, V.; Derkach, A. Evaluation of a Cyber-Physical Computing System with Migration of
Virtual Machines during Continuous Computing. Computers 2020, 9, 42
[9] Tatarnikova T.M., Dzubenko I.N. IoT system for detecting dangerous substances by smell//
Informatsionno-Upravliaiushchie Sistemy. 2018. V. 93, No 2. P. 84-90. DOI 10.15217/issn1684-
8853.2018.2.84
�