Example of Differential Transformations Application in Cybersecurity Ruslan Hryshchuk 1 1 Korolyov Zhytomyr Military Institute, 22 Mira Avenue, Zhytomyr, 10004, Ukraine Abstract Cybersecurity as a relatively new science covers quite a large number of areas, most of which are still in their infancy. The basis of cybersecurity, like any exact science, is mathematics. But the non-stationary and at the same time nonlinear nature of phenomena and processes occurring in cyberspace places special requirements on the mathematical tools used in cybersecurity. On the one hand, it should be adapted as much as possible for solving specialized problems, on the other hand, such mathematical tools should describe the phenomena and processes that are being studied quite fully and adequately. Today, in the field of cybersecurity, mathematical tools based on set theories, graphs, logic, probabilities, etc. are widely used. A special place in this field today is given to data mining, simulation, situational and cognitive modeling, parametric and structural synthesis of information security systems. The article develops the idea of applying in the field of cybersecurity the well-known mathematical apparatus of differential transformations of Academician of the National Academy of Sciences of Ukraine G. Pukhov, which has already found wide application in other branches of science and technology-electronics, electrical engineering, mechanics, chemical technologies, space research, etc. For this purpose, examples of the use of differential transformations for constructing models of cyberattack patterns for attack detection systems, mathematical models for assessing the level of security of information and telecommunications systems from zero- day cyberattacks by security analysis systems, and for building new cryptographic systems are given. The prospects for applying differential transformations to study the processes of interaction in social networks, as an example of sociotechnical cybernetic systems, are shown. Keywords 1 Cybersecurity, differential transformations, original, image, model, cyberattack pattern, security level, system of differential equations, graph model, differential game. 1. Introduction mechanics [3], heat engineering [4], optimal control [5], computer engineering [6], and Space Research [7]. Such a wide range of applications of Differential transformations of Academician differential transformations is due to their of the National Academy of Sciences of Ukraine significant advantages over the known LaPlace, G. E. Pukhov [1] have now become an effective Fourier, Mellin, and Taylor-Cauchy integral tool for studying nonlinear and non-stationary transformations. The main advantage of processes in many branches of Science and differential transformations over the integral technology. One of the first applied applications transformations mentioned above is the of differential transformations was their use for possibility of their application for the correct solving electrical engineering problems [1]. Over solution of nonlinear problems described by a time, differential transformations began to be used to solve problems in radio engineering [2], III International Scientific And Practical Conference “Information Security And Information Technologies”, September 13–19, 2021, Odesa, Ukraine EMAIL: Dr.Hry@i.ua ORCID: 0000-0001-9985-8477 ©️ 2021 Copyright for this paper by its authors. Use permitted under Creative Commons License Attribution 4.0 International (CC BY 4.0). CEUR Workshop Proceedings (CEUR-WS.org) fairly wide class of systems of Integral and 4. Concept presentation differential equations [1]. In the field of cybersecurity, as is known [8], The essence and content of differential most of the phenomena and processes that occur transformations are described in the works of their in information security systems are non- author, for example in [1] and others. let's stationary. Many of them can be described and are consider an example of their application for already described by systems of linear and differential game modeling of cyberattack nonlinear inhomogeneous differential equations. processes [10, 14]. For example, today models of various malicious Example. Let the change in cybersecurity software samples such as SIS, SIR, SAIR, PSIDR, States in a computer network be described by a described by systems of differential equations, are graph model (fig. 1). widely known [8]. Some processes, such as the encryption process for a new type of symmetric P1 (t0 ) Pz (t0 ) cryptosystems, are described by Integral 1 z Equations [9]. P1 (t ) ...  P (t ) 0 z P0 (t0 ) 1 c Pc (t0 ) Therefore, given the prospects of differential P (t ) . P ( z t ) c 0 2 0 c− 2 0 transformations as a modern mathematical tool, it 0  .  2 c−2 c P0 (t ) P2 (t ) … P (t ) is considered appropriate to expand the scope of c −2 Pc (t ) 0  c its application in the interests of Applied 0 2 .  c−2 c 0  .  c −1 c Solutions to cybersecurity problems. P3 (t ) 3 P (t )  ...  c−1 3 c −1 P3 (t0 ) Pc −1 (t0 ) 2. The Latest Studies and Printed Figure 1: Cybersecurity state change graph model Works Analysis In fig. 1 the following designations are For the first time, the use of differential accepted: Pz (t ) – probabilities of a computer network transformations for solving cybersecurity problems was proposed in [10]. Their main purpose was to solve linear and nonlinear being in one of the cybersecurity states z = 0, c at inhomogeneous systems of differential equations some point in time t ; that describe the processes of attacking information in information security systems. Pz (t0 ) – zero initial conditions when a During 2009-2010, the theoretical foundations of computer network is in one of the cybersecurity modeling the processes of attack on information states z = 0, c at a time t0 ; and its protection based on differential transformations were developed. The result of the z  – intensity of recovery streams of research was the publication of the corresponding infected hosts on the computer network, z = 0, c ; monograph [11]. Over time, differential transformations found a place in the creation of  z  – intensity of streams infection of hosts symmetric cryptosystems [12] and began to be in the computer network with malware, z = 0, c . used to construct patterns of potentially dangerous cyber attacks [13]. There is still no unified vision Circles on fig. 1 indicates the cybersecurity of the role and place of differential transformation States in which the computer network may be in the field of cybersecurity. located. Above the transition Arrows are the corresponding flow intensities that put the network in the corresponding states. 3. Purpose According to the above example (see fig. 1) it is necessary to build a differential game model of The purpose of the article is to systematize the the cyberattack process on a computer network well-known areas of application of differential and assess its level of security under the accepted transformations of Academician of the National conditions. Academy of Sciences of Ukraine G. E. Pukhov in Solving the example. Let's make a system of the field of cybersecurity and determine further Kolmogorov-Chapman differential equations. promising ways of their implementation in this The number of equations in a given system is industry. determined by the number of states in which a computer network can be located (see fig. 1). The where  z max and  z max – are the maximum following general rule should be followed when flow intensities in the z -th state, respectively. compiling the system: Using the method of differential on the left side of each equation of the system transformations [1], we obtain a spectral model of is the derivative of the probability of a certain ( z cybersecurity states -th) state; on the right - the sum of the products of the  T  P0 ( k + 1) = k + 1 −  3 0 P0 ( k ) + probabilities of all states from which the arrows enter this state, on the intensity of the  corresponding information flows, minus the total intensity of all flows that bring the system out of  0 1 ( +  P ( k ) + P ( k ) + P ( k )  ; 2 3  ) this state, multiplied by the probability of this ( z  T  P1 ( k + 1) =  − ( 0 + 1 ) P1 ( k ) + -th) state.  k +1  Based on the above rule we have  + + 0 P0 ( k )  ; (6)   d P0 ( t )   dt ( = −3 0 P0 ( t ) + 0 P1 ( t ) +   T  Pc ( k + 1) = −3 c P0 ( k ) + k +1    ) + P2 ( t ) + P3 ( t ) ;    d P2 ( t ) = − (  +  ) P ( t ) +  (  +c Pz ( k ) + Pc − 2 ( k ) + Pc −1 ( k )  . )   dt 0 1 1    + 0 P0 ( t ) ; (1)  When receiving the system (6), the condition  is assumed that the constant H duration Т of  d Pc ( t ) ( infection of the computer network with malware.  = − 3 c P0 ( t ) + c Pz ( t ) + Assigning sequentially integer values to the  dt argument k =: 0,1, according to the spectral   ) + Pc − 2 ( t ) + Pc −1 ( t ) . Model (6), we find the discrete of differential  spectra for the desired model P0 ( k + 1) , i.e.  Let us impose additional (initial) conditions on P0 ( 0 ) =  P0 ( t0 )  = 1 , P0 (1) = . (7) System (1) that will provide it with a single solution Let's find the best strategies for allocating players resources zopt і  zopt , game price I  P0 ( t0 ) = 1 , P2 ( t0 ) = = Pc ( t0 ) = 0 , (2) (level of protection of the computer network from the malware) and, in fact, the model P0 ( t ) itself, we will also define the rationing conditions which is the trajectory of the game. To do this, we will present the board I with a P0 ( t0 ) + P2 ( t0 ) + + Pc ( t0 ) = 1 . (3) general integral model In the differential game setting [11], the T 1 intensity of flows z  and  z  are called P0 ( t ) dt . T t I= (8) strategies of players of cyber attack and cyber 0 defense, respectively, and are limited in their boundaries When players choose a minimax strategy 0  z   z max , (4) min max = I ( t , P0 ( t ) ,  ( t ) ,  ( t ) )  ( t )  E  ( t )  E 0   z   z max , (5) using a direct differential transformation [1], the any deviation from the optimal strategy by one of fee (8) is defined in terms of differential spectrum the players will inevitably lead to losses in the fee, discretion P0 ( k ) (7) as provided that the optimal strategy is chosen by the other player, that is k = P (k ) . I= 0 k =0 k + 1 (9) ( I t , P0opt ( t ) , 0 , 0max opt  )   E (  min I t , P0 ( t ) , 0 , 0max opt , ) To find optimal strategies 0 and 0 opt opt allocate available resources (4) and (5), we ( I t , P0opt ( t ) , 0min opt , 0 ) ( ,  ). examine functionality I (9) for an extremum (expression (9) takes the form of a functional  max I t , P0 ( t ) , 0min opt 0   E when the values of the corresponding discretes (7) are substituted for it). The necessary conditions for the existence of So, if there is a saddle point  (12), then when the extremum of the functional I ( 0 , 0 ) (9) players choose the optimal strategies (10), the price of the game – the level of protection of the allow us to determine the optimal strategies of computer network from the malware I  is players: determined from the board (9). When moving to the time domain using the  I (  ,  ) inverse transformation [1], the trajectory of a  0 0 =0; 0opt ;   0 differential game-a differential game model of the   →  (10) cyberattack process on a computer network   I ( 0 , 0 )  opt P0opt ( t ) , provided that players choose optimal  = 0.  0 .   0 strategies (10), will have the form Sufficient conditions for the existence of the k = k extremum of functional I ( 0 , 0 ) (9) allow us to ( t ) =    P0opt ( k ) . t P0opt (13) k =0  H  determine the sign of the found extremums, i.e.  2 I (  ,  ) In all other cases –  0 0 0; 0opt min ;   02   k = k →   t   2 (11) P0 ( t ) =    P0 ( k ) . (14)   I ( 0 , 0 )  opt k =0  H    0.  0 max .   02 Thus, the given example shows the potential Fulfilling the condition of existence saddle possibilities of using differential transformations point  : in modeling cyberattack processes on computer systems and networks in the case of describing  0, (12) malicious software samples by systems of differential equations. where 5. Conclusions ( ) 2   2 I1  0 , 0  =  −    0  0  The article provides an overview of one of the   examples of using differential transformations to − 2 ( ) 2 (   I1  0 , 0   I1  0 , 0   ) solve cybersecurity problems. After analyzing    other well-known examples of the use of   02  0 2    differential transformations [15] in conclusion, we note that they can also be used to solve indicates that it is inappropriate for players to problems in cryptology. deviate from their optimal strategies (10), since 6. Acknowledgements equations as an alternative to algebraic methodology], Prikladnaya elektronika, № 3, pp. 337-349, 2014. DOI: Thanks to professors Vladimir Baranov, 10.13140/RG.2.1.1973.2645. (In Ukrainian). Vladimir Khoroshko and Alexander Korchenko [10] R.V. Hryshchuk Differential-game the introduction to differential transformations and spectral model of the process of attacking cybersecurity. information has been rounded up / R.V. Grishchuk // Bulletin of ZhDTU. - Zhitomir: 7. References ZhDTU, 2009. - No. 48 (I). - S. 152–159. [11] R. V. Hryshchuk. Teoretychni osnovy [1] G. E. Pukhov. Taylor Transforms and Their modeliuvannia protsesiv napadu na Application in Electrical Engineering and informatsyiu metodamy teoryi Electronics [in Russian], Nauk. Dumka, dyferentsialnykh ihor ta dyferentsialnykh Kyiv (1978). peretvoren [Text]: monohrafiya / R. V. [2] I. N. Efimov, E. D. Golovin and O. V. Hryshchuk. – Zhytomyr: Ruta, 2010. – 280 Stoukatch, "Exactitude of the electronic p. devices analysis by the differential [12] R. V. Hryshchuk, O. M. Hryshchuk. A transformations method," 2003 Siberian Generalized Model of Fredholm's Russian Workshop on Electron Devices and Cryptosystem. Cybersecurity: education, Materials. Proceedings. 4th Annual (IEEE science, technique, 2019, Vol. 4 (4), pp. 14– Cat. No.03EX664), 2003, pp. 150-151, doi: 23. DOI: 10.28925/2663-4023.2019.4.1423. 10.1109/SREDM.2003.1224211. (In Ukrainian). [3] R. Hołubowski. Application of differential [13] V.V. Okhrimchuk. The differential-game transformation finite element method in model is used to the template of a potentially aperiodic vibration of non-prismatic beam. unsafe cyber attack // Cyberbezpeka: Procedia engineering 199 (2017): 360-365. education science and technology. Kiev: [4] M. Sharma, K. Singh, A. Kumar. MHD flow Kiev. University of B. Grіnchenka, 2020. № and heat transfer through non-Darcy porous 4 (8). S. 113-123. medium bounded between two parallel plates [14] R. V. Hryshchuk. Method of differential- with viscous and joule dissipation Spec. Top game P-model of processes in attack on Rev. Porous Media Int. J., 5 (2014), pp. 1-11 information / R. V. Grishchuk // Information [5] I. Hwang, J. Jinhua, D. Du. Differential security. - Lugansk: SNU im. V. Dahl, 2009. transformation and its application to - No. 2 (2). - S. 128-132. nonlinear optimal control. 2009. [15] O. M. Hryshchuk. Features of the encryption [6] A. I. Stasiuk, R. V. Hryshchuk, key selection for the Fredholm cryptosystem. L .L. Goncharova. A mathematical Computer Engineering and Cybersecurity: cybersecurity model of a computer network Achievement and Innovation: Materials II for the control of power supply of traction All-Ukrainian. nauk.-practical. conf. substations. Cybern. Syst. 53(3), 476–484 zdobuvachіv vishoї educate th young pupils, (2017). metro Kropyvnytskyi, 25-27 leaf. 2020 p. / [7] M.Yu. Rakushev, "Method for Prediction Of Ministry of Education and Science of Space Vehicle Motion Based on the Ukraine, Derzh. sciences. established Multidimensional Differential-Teylor "Institute of Modernization for the Minister Transformations" in Journal of Automation of Education", Tsentralnoukr. nat. tech. un-t; and Information Sciences, Begell House Inc, - Kropyvnytskyi: TsNTU, 2020. P. 109-110 vol. 51, no. 4, pp. 1-11, 2019. p. [8] R. V. Hryshchuk. Osnovy kibernetychnoi bezpeky [Text]: monohrafiya / R. V. Hryshchuk, Yu. H. Danyk; Yu. H. Dannyk (Ed.). – Zhytomyr: ZhNAEU, 2016. – 636 p. [9] G. Bronshpak, I. Gromiko, S. Docenko and E. Perchik, "Kriptografiya novogo pokoleniya Integralnie uravneniya kak alternativa algebraicheskoi metodologiyi", [New generation cryptography: Integral