=Paper=
{{Paper
|id=Vol-3094/paper_14
|storemode=property
|title=Mathematical Support for the Assessment and Regulation of the Successful Implementation of Virus Attacks on Information Networks
|pdfUrl=https://ceur-ws.org/Vol-3094/paper_14.pdf
|volume=Vol-3094
|authors=Alexander Ostapenko,Evgeniya Shvartskopf,Vladimir Pitolin,Oleg Makarov,Nikolay Tikhomirov,Yuri Pasternak
}}
==Mathematical Support for the Assessment and Regulation of the Successful Implementation of Virus Attacks on Information Networks ==
Mathematical Support for the Assessment and Regulation of The Successful Implementation of Virus Attacks on Information Networks Alexander Ostapenko 1, Evgeniya Shvartskopf 1, Vladimir Pitolin 1, Oleg Makarov 1, Nikolay Tikhomirov 1 and Yuri Pasternak 1 1 Voronezh State Technical University, 20 letiya Oktyabrya St., 84, Voronezh, 394000, Russian Federation Abstract In this paper, we propose mathematical support for assessing and regulating the risks of successful implementation of virus attacks on network information structures. In this regard, binomial and hypergeometric distributions of discrete random variables are used. As a result, analytical expressions have been obtained that contribute to both parametric and structural risk regulation in the context of a networked viral confrontation. The proposed software can be used to increase the epidemic resistance of network information structures. Keywords 1 Risk regulation, information networks, virus attacks 1. Introduction In the context of modern digital transformation, the problem of ensuring the security of information systems and networks for various purposes [1-7] is of particular importance. For the most adequate mathematical tool for assessing security should consider risk analysis [1-7], which is successfully applied both in direct analytical calculations of the probabilities of expected damage [1-3, 5], and in their expert measurements [6] for corporate [1-4] and social networks [5, 7]. However, from a practical point of view, it is extremely important not only to assess the risk, but also to try to manage its magnitude in the context of information confrontation. This is what this work is about in relation to network virus attacks. From the works [1-7], the authors gleaned a conceptual basis, which is so necessary for an adequate formulation of research objectives. This concept allowed the authors to consider the security of information networks as their state, in which the risks of a virus invasion do not exceed the permissible value. In this case, the risk is understood as the possibility of damage as a result of the virus affecting the elements of the analyzed network. Risk analysis in this case is considered as a process of assessing and regulating the risk of a successful virus attack. In homogeneous networks [1], the damage is determined by the number of elements affected by the virus. To calculate the probability of damage, various approximating distributions of a random variable are used [1, 2, 6], which in this case is the power of the set of affected components. From works [1, 2, 5-7], the authors drew a measure of risk in the form of the product of the amount of damage and the probability of its occurrence, which is quite convenient for the corresponding analytical calculations. This measure is quite effectively used [6] and in the space of fuzzy logic and expert assessments, used in case of difficulties in the analytical expression of the above parameters. AISMA-2021: International Workshop on Advanced in Information Security Management and Applications, October 1, 2021, Stavropol, Krasnoyarsk, Russia EMAIL: alexostap123@gmail.com (Alexander Ostapenko), ogeina@gmail.com (Evgeniya Shvartskopf), v.pitolin@mail.ru (Vladimir Pitolin), o.y.makarov@bk.ru (Oleg Makarov), ni.tikhomirov@mail.ru (Nikolay Tikhomirov), yuripasternak@mail.ru (Yuri Pasternak) ORCID: 0000-0002-9610-0852 (Alexander Ostapenko); 0000-0002-2295-6738 (Evgeniya Shvartskopf); 0000-0002-5225-8981 (Vladimir Pitolin); 0000-0003-2795-419X (Oleg Makarov); 0000-0002-0261-7325 (Nikolay Tikhomirov); 0000-0002-1127-1864 (Yuri Pasternak). Β© 2022 Copyright for this paper by its authors. Use permitted under Creative Commons License Attribution 4.0 International (CC BY 4.0). CEUR Workshop Proceedings (CEUR-WS.org) 137 The successful implementation of this measure in the risk analysis of attacked corporate [2, 3, 4] and even social [5, 7] networks convinced the authors of its effectiveness in relation to computer [1, 4] viruses of network structures. Epidemic processes [1] arising in this case require an adequate assessment of the epistability of networks, which are now actually the basis of digital transformation. However, this transformation is exposed to significant danger from cyberattacks for various purposes [2-4,6], among which viruses and worms [1] are the most harmful. Assessment of damages and risks from attacks by these malware can be carried out [1] through the moments of their statistical distribution. It is this message that prompted the authors of this work to turn to an attempt to build software for risk analysis of information and telecommunication networks and their clusters in the context of total virus attacks. 2. Risk assessment and management methodology In the context of the development of this study, it seems appropriate to consider heterogeneous networks. In this case, the expected damage from a virus infection for different network nodes is unequal and the application of the binomial probability distribution will be incorrect. Here, apparently, you should use a polynomial distribution and talk about the risk analysis of several random variables. Appropriate analytics exist for this. It only needs to be adapted for the risk analysis methodology. The possibilities of continuous probability density distributions should also not be neglected. With appropriate discretization, one can pass from them to purely probabilistic estimates. The variety of continuous distributions here opens up sample opportunities for approximating random processes in attacks on information networks, including for protecting them from viral intrusions. In terms of direct calculations of the margin of network stability (epistability) by the risk function, it is possible to propose taking into account its variance. In other words, it seems possible to be limited only by the difference between the fatal value and the expected risk, and to introduce a dispersion correction. In this case, it is proposed to count from the sum of the expectation and the standard deviation of the risk function. Here it is also necessary to determine the range of admissible values and propose adequate control algorithms. Regarding the regulation of the above reference point (for assessing the epistability), obviously, the criterion is the minimization of its coordinate value along the damage axis. This is not difficult for the first of the two design cases considered in the work. However, for the second case (hypergeometric distribution), this approach is not obvious. Here, the analytical estimate (binomial distribution) will have to be replaced by a numerical calculation, possibly even with subsequent optimization. An even more complicated situation will take place in the case of using polynomial distribution and performing risk analysis of heterogeneous networks exposed to virus attacks. In this case, the infection of these elements occurs randomly with the probability of a single infection π estimating the expected π₯ number of damaged elements and minimizing damage to the network by setting up antivirus tools (adjusting the π parameter). For the risk assessment in this problem, it is appropriate to use the binomial probability distribution: π(π₯, π, π) = πΆππ₯ π π₯ (1 β π)πβπ₯ , (1) where 0 β€ π β€ 1 β the probability of a single infection by a virus of one network node; π β a positive integer equal to the number of hosts; π₯ β the expected number of nodes affected by the virus. Based on the risk measure taken [1-7], its value will be (π₯, π’0 ). When normalizing (2) in terms of damage to one node), can be determined from (1) as follows: π ππ π (π₯, π, π) = (π₯, π’0 ) π(π₯, π, π). (2) Risk function shown on Figure 1. 138 Risk π (π₯) Stability margin π Damage Figure 1: Risk function When normalizing (2) in terms of damage to one node π’0 we have: π ππ π (π₯, π, π) = π₯ πΆππ₯ π π₯ (1 β π)πβπ₯ . (3) For a random risk variable (3), the expected value is found: Π(Ρ ) = ππ [1 β π(π + 1)]. (4) From expression (4), it is possible to estimate the margin of stability of the virus-attacked network in relation to its lethal damage to all nodes π: π§(π ππ π) = π β π(π₯). (5) When normalizing expression (5) with respect to π, it has the value of normalized risk stability: πβπ(π₯) π(π₯) π§(π ππ π) = π =1β π . (6) Taking into account (4), the last expression (6) can be reduced to the following quadratic equation: π2 (π + 1) β π + (1 β π§) = 0. (7) The solution to (7) with respect to π is two roots: 1 Β±β1β4(π+1)(1βπ§) π1,2 = 2(π+1) . (8) 139 Let us find their (8) range of admissible values of π: 1 1 2(π+1) β€ π β€ π+1. (9) It is within these (9) limits of probability π that the inductive anti-virus systems of homogeneous elements of the attacked network are tuned by moving away from the fatal edge of risk resistance: 4π+3 π§ = 4π+4. (10) The set of expressions (8) - (10) is the main one for this regulation. Let's complicate the task. The above methodology provides parametric (using π) risk management. However, in practice, a more successful increase in the epidemic resilience of the network can be obtained through effective clustering of the network. With this in mind, letβs take a look at the following problem. There is an information network with fairly uniform π elements. In this case, the unacceptable damage to the network is the destruction of π elements by the virus. In order to increase the epidemic security of the network, its administrator seeks to create clusters of dimension π elements in it. Hence, it becomes necessary to assess the number of surviving operational elements in such clusters (risk analysis) and try to manage it in the course of information warfare. For the risk assessment in this problem, it is appropriate to use the hypergeometric probability distribution: πΆ π πΆ πβπ₯ π(π₯, π, π, π) = π₯ πΆπβπ₯ π , (11) π where π₯ β€ π; π β π₯ β€ π β π; π, π, π, π₯ β are integers. Based on the expression (11), by analogy with (2) and (3), we have a normalized risk: π ππ π(π₯, π, π, π) = π₯π(π₯, π, π, π). (12) For a random value of risk (12), the expected value is found: ππ (πβπ)(πβπ) ππ π(π₯) = [ π(πβ1) β π ]. (13) π From expression (4), by analogy with (5) and (6), the stability of a virus-attacked cluster in relation to lethal damage to all of its π nodes: π(π₯) π§(π ππ π) = 1 β π . (14) Using (14), we can construct the equation: ππ (πβπ)(πβπ)βππ(πβ1) π2 π(πβ1) = 1 β π§. (15) The last expression (15) can be reduced to a fourth-order control: π4 (1 β π§) β π3 (1 β π§) + π2 (ππ) + π(ππ 2 ) β (ππ 2 ) = 0, (16) which solution with respect to π is appropriate to implement in an automated mode. In this case, it is possible to determine the dimension of the clusters into which the network should be partitioned to ensure their specified epidemic resistance. This is the structural regulation of the network architecture in order to counteract virus attacks on its users. 140 3. Conclusion In this paper, we propose mathematical support for parametric and structural regulation of network virus attacks. Algorithmization and software implementation of the proposed methods have been carried out outside the scope of the present. In the order of software development, it is possible to describe network structures with heterogeneity of their elements. In terms of the practical application of the proposed software, it is pertinent to note that it can be used to counter not only computer viruses, but also viral content on social networks. The above can be considered as a proposed "roadmap" for further research to expand the listed contradictions. In conclusion, it should be noted that along with the purely cybernetic application of the developed methods, their educational and methodological use is visible. In particular, at the Faculty of Information Technologies and Computer Security of the Voronezh State Technical University for students of the specialties "Computer security of telecommunication systems", a methodology of risk analysis of viral intrusions into network structures has been developed, which can be introduced into the following disciplines of the curriculum: β "Mathematical foundations of risk analysis"; β "Information Risk Management"; β "Research work of students". In this case, the integration of design and training activities within the framework of the Regional Educational and Scientific Center for Information Security Problems (Voronezh, Russian Federation), coordinated by the Institute of Management Problems of the Russian Academy of Sciences, will bring substantially positive results as part of creating the necessary staffing for information security, and in terms of increasing the security of information and telecommunication systems and networks of the region and the state. Therefore, research in the direction declared in this work is advisable to continue and increase their intensity in accordance with the plan proposed in this conclusion. 4. Acknowledgements The authors are deeply grateful to: 1. The faculty of the Department of Information Security Systems of the Voronezh State Technical University for useful advice within the main scientific direction of the Department of Information Risk Management and Security of Information and Telecommunication Networks. 2. Administration of the strategic project "Safe Internet", initiated by the Department of Education and Science of the Voronezh Region, for practical recommendations on the creation of methodological support for risk analysis of information networks in the interests of the region. 3. To the management of the Regional Educational and Scientific Center for Information Security Problems (Voronezh, Russian Federation) for objective and benevolent review of the research results, useful recommendations for their improvement. 4. Head of the Department of Information Security Systems of Voronezh State Technical University, Professor A. Ostapenko. for the creation of comfortable conditions for conducting research by the team of authors with a promising further development of this scientific direction 5. References [1] Islamgulova V.V., Ostapenko A.G., Radko N.M., Babadzhanov R.K., Ostapenko O.A. Discreet risk-models of the process of the development of virus epidemics in non-uniform networks. Journal of Theoretical and Applied Information Technology, 2016, vol. 86, no. 2, pp. 306-315. [2] Butuzov V.V., Ostapenko A.G., Parinov P.A., Ostapenko G.A. Email-flooder attacks: The estimation and regulation of damage. Life Science Journal, 2014, vol. 11, no. 7s, pp. 213-218. 141 [3] Ostapenko A.G., Bursa M.V., Ostapenko G.A., Butrik D.O. Flood-attacks within the hypertext information transfer protocol: damage assessment and management. Biosciences Biotechnology Research Asia, 2014, vol. 11, pp. 173-176. [4] Tsaregorodtsev A.V., Kravets O.Ja., Choporov O.N., Zelenina A.N. Information Security Risk Estimation for Cloud Infrastructure. International Journal on Information Technologies and Security, 2018, vol. 10, no. 4, pp. 67-76. [5] Schwarzkopf E.A., Choporov O.N., Razinkin K.A., Yurasov V.G., Mazalov A.N. Mathematical and algorithmic support for the early detection process automation of potentially dangerous content in internet resources. IOP Conference Series: Materials Science and Engineering, 2020, P. 52037. doi:10.1088/1757-899X/862/5/052037 [6] Ermakov S.A., Zavorykin A.S., Kolenbet N.S., Ostapenko A.G, Kalashnikov A.O. Optimization of expert methods used to analyze information security risk in modern wireless networks. Life Science Journal, 2014, no 11(10s), pp. 511-514. [7] Eshchenko A., Ostapenko G., Bataronov I., Tolstykh N. The automated networks and regional users: risk analysis of their reactions to the attacks of different destructive orientation, IOP Conf. Series: Materials Science and Engineering Bristol, Krasnoyarsk, Russia, 2019, vol. 537, i. 5. P. 1727. Doi:10.1088/1757-899X/537/5/052020 142