Correctly implemented selection of equipment to ensure information security (IS) of various objects of informatization (OBI) largely determines the success of modern enterprises, where a variety of information technologies (IT) have become a common component of business processes.

Nowadays, a range of equipment for solving the problems of information security (IS) provision for the objects of informatization (OBI) grants a scope of opportunities for the information security acquisition, see Fig. 1.

 

However, the milestones of the equipment selection for each of the IS circuits do not lose their relevance. It has become especially noticeable during recent years in the face of an increase in the number and complexity of cyber attacks against various OBIs.

The solution of problems related to the equipment selection for IS assurance of the OBI dictates the need to take into account the opposite tendencies: on the one hand, it is necessary to purchase information security hardware and software (H&S), which allows one to ensure a high degree of information security, both for an individual circuit and for OBI as a whole; on the other hand, if one does not consider the critically important objects of informatization (for which a priori reliable protection is a primary task) in the conditions of market competition, it should be taken into account that the costs of acquiring IS H&S should be minimized, and the funds invested into information security should pay off. (A.

2022 Copyright for this paper by its authors.

Nowadays, many IS H&S have similar characteristics, moreover, some IS H&S receive broader capabilities that are overlapping characteristics of more highly specialized information security tools (IST).

Problems of IS H&S selection are especially relevant for state OBIs; since the lack or excess of equipment for various IS circuits on large commercial OBI can be compensated by other IS H&S on another protection circuit. Meanwhile, it is impossible at the state-owned enterprises due to the limited budget. Therefore, the wrong choice of IS H&S can negatively affect the OBIs information security metrics.

There are various ways to optimize the process of IS H&S selection for OBI. Quite a lot of scientific publications are devoted to this topic. A short overview of such researches is given below. However, within the scope of our study, we will focus on the possibilities of genetic algorithm (GA) usage within the problems of components of IS H&S selection along the contours of IS.

The expediency of GA usage can be substantiated by the fact that the problem being solved belongs to multi-criteria and multi-extreme problems [ 1, 2 ].

In [ 3, 4 ] it is shown that GAs can be used in the course of solving multicriteria optimization problems, which are variations of evolutionary search methods.

In [ 5, 6 ] the features of GA usage for tasks related to the choice of equipment for OBI information protection systems are analyzed. However, the solution proposed by the authors is essentially a combination of the standard greedy and GA.

It is quite difficult to unambiguously algorithmize the efficiency of the H&S choice for the multicircuit OBI due to the description of the objective function. The objective function should be multivariable, as far as it is influenced by many factors. Moreover, these factors are often probabilistic. Therefore, it is better to evaluate and model indicators in relation to the IS H&S complexes. And only after such evaluation, the impact of these complexes on the performance indicators of OBI can be evaluated, in particular using the information security metrics of the enterprise. The values of these indicators, including the information security metrics, can be used in the H&S selection for the information security.

All of the above written has determined the relevance of our research.

The formation of the IS infrastructure contours of OBI implies the process of delimiting the tasks related to information protection and cybersecurity between these contours. As shown in Fig. 2.

The contours (perimeters) of the IB OBI in Fig. 2:  PIS (I) – the perimeter of the information system of OBI;  PCOI (II) - perimeter of control of information object;  UAP (III) - User Access Perimeter;  PNE (IV) - the perimeter of the network equipment;  OPIO (V) - the outer perimeter of information object.

In Fig. 2, the following designations are adopted: AVP - anti-virus software; DIC - OBI data integrity control tools; AEIS - audit of cyber incidents; PSIO - providing physical protection for OBI; B - backup of OBI information arrays; UAC - control over the actions of OBI personnel; SDCA - subsystems for detecting cyber attacks on OBI; MACS - event monitoring subsystem; NLAC - control of network activity on OBI.

The goal function for the problem of IS H&S infrastructure optimization for the OBI information security circuit will be described as the cost of an information security tools set. It can be represented as the following expression: where~ ci  cost of the i  the contour of IS OBI; c zj  cost of additional means of protection (IS H&S) for the i  the OBI IS circuit k  number of protection means (IS H&S) for the i  the OBI IS circuit; m  number of IB contours OBI u  the number of options for filling each of the OBI IS contours ciril  the number of IS circuits of OBI, for which specific IS H&S are needed to achieve the required indicators for IS metrics nij  the number of IS H&S type for the go contour of the IS OBI.

Wherein

m m k  di ! u   hi   ,

i 1 i 1 di!k! di  number of IS H&S for the OBI circuit.

Optimization can be done for variables c zj and ciril , which are contained in the expression (1). One can write the limitation on the number of minimum required IS H&S as follows: k  nij  di , j 1

i  1..cir.  k    nij  met j  k  j 1   i 1 SM      N M ,     (1) (2) (3) (4)

Restriction on the sufficiency of the integral metric [ 7 ] of information security for all OBI contours for a finite set of IS H&S, which provides a given level of information security for the analyzed object: where met j – IS metrics for the OBI IS contour;

SM  total IS metric for OBI; NM  the required number of APS IS for the safe operation of OBI.

Constraint that describes the integer nature of the current task: ciril , nij  0, ciril , nij  integral.

In the considered GA, the population is a set of decisions in the course of the IS H&S choice. Namely, these are, in fact, different combinations of IS contours sets. Therefore, the individuals in the population will contain one chromosome with the number of genes, which is equal to the number of variants of possible arrangements of the IB contour. It is determined by expression (2). In contrast to the classical GA, which uses binary coding, the study used the coding list

The list item contains such information:  IS contour OBI in accordance with Fig. 1 and 2;  the composition of the IS H&S for the circuit;  general indicators for safety metrics for the circuit;  the cost of a set of IS H&S for the circuit.

The number of genes in the chromosome ( ch ) is taken to be equal to the number of elements in the list of variants of the APS IB sets of the corresponding IB contour. Expression (1) will be used as a fitness function.

Possible combinations of IS H&S sets of individual contours will constitute a population ( pop ). At the same time, restrictions were adopted on the number of minimum required APS IS and their total cost.

In Fig. 3 the procedure, which was applied during the creation of the initial population, is shown

We randomly select the number of the record in the list of IS H&S sets. Add 1 to the gene that corresponds to this set.

Then we check that chromosome ( ch ) meets constraints (3) and (4).

We repeat the procedure shown in Fig. 3 until the required indicators for the IS metrics for the analyzed OBI are achieved. In a specially created data structure we enter the numbers ( NG ) of generations of chromosomes ( ch ).

The size of the population depends on the number of chromosomes. For each chromosome ( ch ) in the population, fitness is assessed by calculating the fitness function. The lower the value of the fitness function will be - the quality of the chromosome will be higher. At the next step of the modified GA operation, see Fig. 4, we sort the obtained values. It is so-called rank selection [ 8–13 ].

The general scheme of the GA is shown in Fig. 4.

Crossing or crossing over is the exchange of chain fragments between two parental chromosomes. In accordance with the block diagram of the algorithm shown in Fig. 4, the partition point is chosen randomly. Next, we attach the left side of the first chromosome in a pair to the right side of the second chromosome. Accordingly, we attach the left side of the second chromosome to the right side of the first chromosome.

We carry out selection for each generation.

We select "viable" individuals on the basis of constraint (4). Then the ranking is performed by the value of the fitness function (1).

The best individuals are transferred unchanged to the next generations.

The computation ends when the specified number of generations is reached. As shown by computational experiments, the convergence of the algorithm is achieved for at least fifty generations.

To check the adequacy of the model described in the work, the corresponding computational experiments were carried out, see Fig. 5.

Computational experiments were carried out for randomly generated IS H&S sets to protect OBI circuits. The efficiency of the three algorithms was compared, see Fig. 5.

In the course of computational experiments, it was found that the modified GA is distinguished by a sufficiently high efficiency and speed. It was found that the time spent on solving the problem when using the modified GA described above is approximately 15–20 times less in comparison with the indicators of the branch and bound method. This circumstance allows, in the future, when finalizing the decision support system, to opt for this particular algorithm.

A modified genetic algorithm (MGA) was proposed; it can be applied in the problem of hardware and software selection for information protection and ensuring information security of informatization objects. In contrast to existing solutions, it was proposed to use a different coding method, as well as to use an elite strategy, selecting the best individuals for the gene bank. The use of a gene bank allows one to reduce the number of generations in the search for the solution. Moreover, it leads to a general reduction in the operating time of the MGA.