=Paper=
{{Paper
|id=Vol-3288/short7
|storemode=property
|title=Analysis of Information Flows of Distance Education Systems, Taking into Account the Need to Ensure Their Cybersecurity (short paper)
|pdfUrl=https://ceur-ws.org/Vol-3288/short7.pdf
|volume=Vol-3288
|authors=Valery Lakhno,Lazat Kydyralina,Berik Akhmetov,Bagdat Yagaliyeva,Kayirbek Makulov
|dblpUrl=https://dblp.org/rec/conf/cpits/LakhnoKAYM22
}}
==Analysis of Information Flows of Distance Education Systems, Taking into Account the Need to Ensure Their Cybersecurity (short paper)==
https://ceur-ws.org/Vol-3288/short7.pdf
Analysis of Information Flows of Distance Education Systems,
Taking into Account the Need to Ensure Their Cybersecurity
Valery Lakhno1, Lazat Kydyralina2, Berik Akhmetov3, Bagdat Yagaliyeva3,
and Kayirbek Makulov3
1
National University of Life and Environmental Sciences of Ukraine, 19 H. Rodimtseva str., Kyiv, 03041, Ukraine
2
NJSC “Shakarim University in Semey,” 163 Shugaev str., Semey, 070000, Kazakhstan
3
Yessenov University, microdistrict 32, Aktau, 130000, Kazakhstan
Abstract
A structure for organizing information flows (IF) in distance learning systems (DLS) of
universities is proposed, which is able to increase the efficiency of the complex interaction of
both existing and new promising mechanisms for controlling and processing IF that circulate
in DLS. The proposed additions imply the development of new or the use of ready-made
models of protected information flows (IF) and DLS processes. And besides, the features of
optimization measures related to the information security of the DLS are taken into account.
The proposed model covers a set of conditions and tasks that are priority when searching for
optimal information security measures for DLS.
Keywords 1
Distance learning system, information flows, cybersecurity, information security.
1. Introduction (DEEU), have shown that the most effective
approach can be the one in which the information
flow management system (IF) inside the DEEU is
In the context of the global digitalization of
made based on the separation of the goals of the
society, distance education systems (DLS) are
functioning of these flows, as well as the content
becoming more and more widespread in the field
that each flow contains.
of education, due to their inherent qualitative
During the research, there was performed an
characteristics and features [1–4]. At the same
analysis based on the results of an audit of IS and
time, the tasks of ensuring cybersecurity (KB) of
CS of international companies dealing with
information flows (IF), which contain
relevant issues for state organizations, including
confidential information and belong to the DLS,
universities and other large educational
or are part of its workflow, were updated [5]. The
institutions (EI). First of all, they are EU, the
existing standard solutions for CS od DLS,
USA, and Canada [6]. As the results of such
according to many researchers [6–8], are only able
studies [7] showed, as well as the data cited in [5],
to partially solve problems related to IS and CS od
and not taking into account specific targeted
DLS.
attacks aimed at buffer overflow and violation of
cryptographic protocols [6], a significant number
2. Analysis of Previous Studies of violations is associated with unauthorized data
changes in DEEU (> 12%), with bypassing the
Many authors [1–8], dealing with the issues of restrictions policy on IS in DEEU (> 15%), with
providing IS and CS of enterprises in the digital insufficient protection of the authentication
sphere, and this can undoubtedly include the procedure, etc.
digital educational environment of the university
CPITS-2022: Cybersecurity Providing in Information and Telecommunication Systems, October 13, 2022, Kyiv, Ukraine
EMAIL: lva964@nubip.edu.ua (V. Lakhno); lazat_75@mail.ru (L. Kydyralina); berik.akhmetov@yu.edu.kz (B. Akhmetov);
bagdat.yagaliyeva@yu.edu.kz (B. Yagaliyeva); kaiyrbek.makulov@yu.edu.kz (K. Makulov)
ORCID: 0000-0001-9695-4543 (V. Lakhno); 0000-0002-2836-0919 (L. Kydyralina); 0000-0003-2860-2188 (B. Akhmetov); 0000-0003-
4644-2261 (B. Yagaliyeva); 0000-0002-0826-0371 (K. Makulov)
©️ 2022 Copyright for this paper by its authors.
Use permitted under Creative Commons License Attribution 4.0 International (CC BY 4.0).
CEUR Workshop Proceedings (CEUR-WS.org)
104
� Different according to the source data [7] can The decrease of the effectiveness of already
be the targets, objects and subjects of cyber implemented measures for information
attacks on DEEU, see Table 1. protection over time.
The decrease of the reliability of information
Table 1 processing in IEEU by physical obsolescence
Aims, objects and subjects of attacks on of the equipment and software.
DEEU(according to [7])
Thus, within the framework of this subsection
Types of cyberattacks
of the research, we will consider the task of
Cyber Cyberaudit is Cyber fraud Cyber
espionage is development is the “sale” sabotage is a creating a DLS structure that would take into
unauthorized of of fake decrease in account the degree of security of individual
transmission cyberattack electronic productivity, information flows within the DEEU, and would
using hidden scenarios, documents, including at
(undeclared) hacker and and etc. the expense
also potentially be able to provide control over the
data “friendly” of the DEEU IF, as well as protect the DLS from arbitrary
communicati cyberattacks, resources, in information attacks by computer intruders.
on channels, search for particular, till
IP programs, vulnerabilitie a complete
For DLS, as for most digital systems, there are
etc.). s in the DEEU. stop of the two types of key threats that, to one degree or
educational another, can affect the level of students'
process. preparation, as well as the performance of DLS as
Objects of cyberattacks
a whole. Such groups of threats, without a more
Information Own or EI Local network
Systems of EI. ordered databases, component.
detailed classification, to which a fairly large
software of number of studies by other authors are devoted
EI. [9–15], include:
The objects of cyberattacks on DEEU are: IS of EI, distance External threats, i.e. remote influence on
education systems, database servers, data of students, staff,
support staff, etc. the DLS of an attacker, for example, aimed at
creating opportunities for illegal penetration into
Attacking side
Novice hackers, professional hackers, competitors, insiders,
the DLS.
organized crime groups, etc. Internal threats, unlawful introduction by
At the same time, the level of technical equipment and malefactors of foreign information flows into the
competence of the attacking side can be quite high.
DEEU, in particular, into information systems,
using vulnerabilities and weaknesses in the DLS
For several years, analysts in the field of IS and protection circuits.
CS have fixed a trend indicating a steady increase We believe that in order to realize the main
of the number of cyber incidents and cyberattacks mission of the DLS, i.e. to give chances to all
in DEEU. students, regardless of their location, economic
This, in particular, can be explained by the social, and other conditions, to receive a quality
increase of the number of local networks of education and at the same time remain cost-
universities and other EI that are connected to effective and competitive, any DLS of a modern
public networks [6]. university should have the following properties:
In publications devoted to the problem of Qualitatively and promptly process
evaluating the security of DEEU [5] it is noted information flows that circulate in the DLS,
that in addition to the technical tasks on protection as well as in the DEEU as a whole.
of the information circulating in ICSU, it is Contribute to a continuous and stable cycle of
necessary to analyze periodically information work of the DLS.
risks and to monitor the effectiveness of the
Ensure the confidentiality of personal data of
implemented measures aimed at ensuring IS and
teachers and students who use DLS.
CS of the university. These procedures allow to
consider: Purpose of the study is development of
models of protected information flows (IF) and
The variability of requirements in the tasks of
processes in DLS, which will allow taking into
information protection (for example, from
account the features of optimization measures
content protection to protection of personal related to IS of DLS.
information of employees and students).
The potential possibility for the emergence of
new cyberthreats and vulnerabilities in ICSU.
105
�3. Models and Methods DEEU and DLS, and most importantly, registers
and analyzes the status of “encoded IF.” If the
current IF, located in the IFAB, does not pass the
Based on the above, it is possible to present the
check for this status, the encoding procedure is
structure of the DLS and its main information
performed in relation to it. By encoding, we mean
flows, based not only on the functional
the implementation of the procedure, when, based
requirements for the DLS, but also taking into
on the sets of goals and semantic elements, a new
account the need to solve the problem of ensuring
IF will be formed with a formalized structure that
information and cyber security of such systems.
corresponds to the expression:
M C INFL M ind , M sem , M con , (1)
The block diagram is shown on Fig. 1. This
approach allows, to the extent necessary, to take
into account both the basic requirements for the where MC INFL is structure of the encoded IF; Mind
DLS, and take into account the tasks of protecting is a set of indices that determine the ownership of
information flows within the system. IF; Msem is set of semantic IF content; Mcon is a set
In case of the emergence of external of initial content corresponding to the IF.
information flows, indicated in diagram 1 as "1", Therefore, it is possible to implement
they must first be processed in the block protection against basic internal threats in the IF
responsible for collecting and processing section "1-2". Of course, for this it is necessary,
information before getting into the DEEU and its based on the architecture of a particular DLS, to
DLS component (on Fig. 1. designated as BCPI). select adequate means and methods of protection.
This block, in accordance with the
recommendations [15–18], implements the
DEEU
following functions: Rectorate, deans
Analysis of incoming traffic and protection of Financial
14 Accounting
DLS from external ones (cybersecurity block - divisions 4 5 6
15
CSB); Functional divisions Ki
Accounting for staff and
students
IF analysis (information flow analysis block - International 3 7
IFAB). This block is intended for: (a) IF relations
CSB IFAB
monitoring - tracking IF circulating in the DLS, as Information
funds
1
11
2
10
8
DLS software
9
well as their accounting and accumulation of Others PLB IMB
statistics; (b) analysis of IF from the functional 12 13
BCPI
units of the university; (c) encoding-decoding IF,
and the formation of specialized IF, which are Figure 1: Scheme of DLS information flows, taking
intended exclusively for students; (d) IF routing; into account the need to ensure their
(e) protection against internal threats. cybersecurity
Planning (Planning Block, PLB). This block is
designed to collect, store and backup information In order for a targeted or accidental malicious
that circulates in the DLS). IF to be processed in the DLS, it must first be
Implementation (Implementation Block converted to the IF format accepted in the system.
(IMB). This block is intended for the subsequent Otherwise, this thread will be ignored. At the
implementation of the plans and data developed in same time, after encoding, the initial IF will lose
the IMB. its initial activity, and, therefore, will no longer
Each of the above functions can be pose a direct threat to the DLS.
implemented based on the work of their own If the IF meets all the requirements, primarily
algorithms to solve the tasks. The coordinated in terms of IS and CS, then based on the set Mind,
work of all blocks is able to filter out “potentially this IF will be forwarded to its recipients, based
dangerous” or “malicious flows” (viruses, spam, on the routing algorithm and tasks. These IFs on
etc.), which will prevent the implementation of Fig. 2 are designated by the positions 3–10. We
many external and internal cyber threats for DLS. believe that the DLS works in conjunction with
Upon successful verification in the CSB, the the electronic document management system
IF-1 information flow is transmitted to the (EDMS), which are now being widely introduced
analysis unit, i.e. in AB. The block diagram of into the digital environment of universities around
IFAB operation is shown on Fig. 2. As mentioned the world [1–4]. Such an organization of IF
above, IFAB performs the work of evaluating and circulation in the DEEU and DLS will increase the
processing all information flows circulating in the efficiency of all structural units of universities that
106
�are responsible for organizing distance education, 3. Evaluating the effectiveness of investments in
primarily by updating a specific IF within the IS and CS of the DEEU and/or DLS.
framework of only their own functional tasks. 4. Creation of an integrated mechanisms for
providing IS and CS to the DEEU and/or DLS.
Кi=2…10
The proposed structure for organizing
Yes No information flows in the DLS of universities, in
IF encoded?
Set of semantic elements
our opinion, is able to effectively implement the
complex interaction of both existing and new
10
promising mechanisms for controlling and
Extraction of
semantic elements processing IF that circulate in the DEEU and
from IF
DLS.
Cyber attacks on DLS [5, 6, 15, 17] lead to
IF encoding information loss, equipment and hardware
failures, significant material and moral losses that
Set of DLS goals are inflicted on the owner and users of the network
10
and the DEEU as a whole. Most often, a cyber
Analysis of conformity encoded by IF attack is a consequence of the presence of
weaknesses in the DEEU, its information
networks (InN) or in their protection systems.
Yes
Need in IF
No Withdrawal of IF from
2 That is, a vulnerability is a weakness in the
DLS
encoding? information assets of the DEEU or in the ISS,
leading to the possibility of implementing certain
cyber threats. Therefore, in order to counteract the
IF ownership analysis
main cyber threats, the information security
Кi=3…10
system of the DLS should solve the following
tasks:
Figure 2: Block diagram of processing
To delimit and control the access of
information flows in the analysis block
subscribers (users) to the resources of the DLS
To maintain the relevance of the information or/and InN.
arrays (IA) contained in the DLS and their backup To implement functions for the protection of
copies, the PLB is used. This contributes to data transmitted within the framework of the
solving the problem of restoring IA and relevant information flows through
monitoring their integrity in cases of accidental communication channels.
failure or targeted destructive impacts on the DLS To register, collect, store, process and issue
by computer intruders. information about all events (including
In case where the analyzed IF contains incoming and outgoing flows) that occur in the
requests for the provision of a certain course or InN, DLS or DEEU.
other educational content, control actions (CA)
To implement monitoring of the work of users
should be automatically generated in the IFAB,
which are then sent to the CA. The result of the of InN (DLS).
implementation of the CA will be the formation of To ensure that the operating environment is
a virtual environment that contains elements that closed for already tested software.
contribute to the implementation of the request. To implement protection against uncontrolled
Based on the scheme of information flows of introduction of potentially dangerous software
DLS, taking into account the need to ensure their into the InN (DLS) (for example, containing
cybersecurity, a fundamentally new methodology “bookmarks” or leading to critical errors).
for creating an IS support system for DEEU and To carry out self-defense against means of
DLS is proposed. The methodology contains the overcoming the information security system
following steps:
and protection against the introduction and
1. Determination of the probability of the impact
of IS and CS threats on the DEEU and/or DLS. spread of malicious software.
2. Determination of a generalized indicator of the To ensure the availability of DLS information
level of IS and CS of the DEEU and/or DLS. resources, for example, by data backup.
107
� To ensure and control the integrity of critical Pg is the value of the probability of authorized
resources for the DLS or DEEU as a whole. access to IR in the DLS allowed by information
During the research, the method of managing security metrics;
the IS of DLS or DEEU was considered. The PTRk(Δtk,t) is the value of the probability of
method is based on a set of optimization models, realization of the IF or processes; violation at the
and the main steps of this method were: k-th value of the review period of the IS activities
Measures to develop several alternative of the DLS at the time T;
models of protected IF in the DLS circuits. Pper is admissible value for the probability of
violation of IF or processes in the DLS.
Measures for the development or selection of
In this case, you can get a solution that allows
an adequate optimization model of the LMS to achieve the minimum integral losses on the
time interval is IL0 t0 , T .
IS.
Search for the extremum of the objective
function in the analysis of alternative sets of Taking into account the structural features of
the protected information flows and processes in
DLS protection tools, etc.
the DLS, the value of the protected information
In particular, as part of the development of a resources, the potential awareness of intruders,
method for justifying measures to ensure the IS of there is proposed a model that develops the
the DLS by the criterion of an integral loss Shewhart-Deming cyclic control model.
minimum, such a model was proposed to find the
optimal values of the periods for reviewing
measures aimed at ensuring the IS of the DLS of 4. Conclusions
the university.
If it is necessary to justify the review period for The following results were obtained in the
measures related to the provision of IS of the DLS research:
(and/or DEEU) is t0 , it is necessary to solve the A structure for organizing information flows
following system of equations: (IF) in distance learning systems (DLS) of
universities is proposed, which is able to
IL0 t 0 , T min Lk t k , t dt ,
T
increase the efficiency of the complex
kAL 0 interaction of both existing and new promising
Lk t k , t TC k t k , t RV t PTRk t k , t , mechanisms for controlling and processing IF
that circulate in the DEEU and DLS.
Pck t k , t Pg , (2) The proposed additions imply the development
PTRk t k , t Pper , of new or the use of ready-made models of the
protected IF and processes with DLS. And
k 1,2,3,...K .
besides, the features of optimization measures
where AL is area of permissible time periods for related to the information security of the DLS
reviewing measures for the IS of the DLS; are taken into account. The proposed model
Lk(Δtk,t) is the resulting losses at the k-th value of
covers a set of conditions and tasks that are
the review period associated with the IS of the DLS
priorities in the search for optimal information
at a point in time t ;
TCk(Δtk,t) is total costs for IS of the DLS at the security measures for DLS.
k-th value of the period, for example, can be
determined depending on the strategy of investing 5. References
in IS systems chosen by the university
management. Such models are presented in detail [1] S. Aljawarneh, A Web Engineering Security
in [18, 19]; Methodology for E-Learning Systems.
RV(t) is the value of protected information Network Security, vol. 3, 2011, pp. 12–15.
resources presented in the DLS or DEEU; [2] Z. Brzhevska, et al., Analysis of the Process
K is the number of possible values for the review of Information Transfer from the Source-to-
period for IS activities of the DLS and/or DEEU; User in Terms of Information Impact, in
Pck(Δtk,t) is probability of authorized access to Cybersecurity Providing in Information and
IR in DLS; Telecommunication Systems II, vol. 3188,
2021, pp. 257–264.
108
�[3] Z. B. Hu, V. Buriachok, V. Sokolov, Computing and Communication
Implementation of Social Engineering Technologies (RIVF), IEEE, 2020.
Attack at Institution of Higher Education, in: [13] N. Rjaibi, et al., Mean Failure Cost as a
Proceedings of the 1th International Measurable Value and Evidence of
Workshop on Cyber Hygiene & Conflict Cybersecurity: E-learning Case Study,
Management in Global Information International Journal of Secure Software
Networks (CybHyg), vol. 2654, 2019, pp. Engineering (IJSSE), vol. 4.3, 2013, pp. 64–
155–164. 81.
[4] M. Vladymyrenko, et al., Analysis of [14] T. Nguyen, V. Reddi, Deep Reinforcement
Implementation Results of the Distributed Learning for Cyber Security, in IEEE
Access Control System, in VI In-ternational Transactions on Neural Networks and
Scientific and Practical Conference Learning Systems, 2019.
Problems of Infocommunications. Science [15] A. Ahmed, et al., Teaching Cyber-Security
and Technology, 2019, pp. 39–44. doi: for Distance Learners: A Reflective Study, in
10.1109/PICST47496.2019.9061376. 2020 IEEE Frontiers in Education
[5] S. H. Hasan, D. M. Alghazzawi, A. Zafar, E- Conference (FIE), IEEE, 2020, pp. 1–7.
Learning Systems and Their Security, BRIS [16] A. Elsawy, O. Ahmed, O., E-Learning using
Journal of Adv. S&T, vol. 2, 2014, pp. 83– the Blackboard System in Light of the
92. Quality of Education and Cyber Security,
[6] L. B. A. Rabai, N. Rjaibi, A. B. Aissa, International Journal of Current Engineering
Quantifying Security Threats for E-Learning and Technology, vol. 9, no. 1, 2019, pp. 49–
Systems, in International Conference on 54.
Education and e-Learning Innovations, 2012, [17] O. Keskin, et al., Economics-Based Risk
pp. 1–6. Management of Distributed Denial of
[7] A. Blanco-Justicia, et al., Achieving Security Service Attacks: A Distance Learning Case
and Privacy in Federated Learning Systems: Study, in ICCWS 2018 13th International
Survey, Research Challenges and Future Conference on Cyber Warfare and Security,
Directions. Engineering Applications of vol. 343, 2018.
Artificial Intelligence, vol. 106, 2021, [18] D. Lakhno, et al., Methodology for Placing
104468. Components of a Video Surveillance System
[8] C. Savulescu, et al., Security in E-Learning for Smart City Based on a Composite Cost
Systems, in 2015 7th International Optimization Model, Lecture Notes in
Conference on Electronics, Computers and Networks and Systems, vol. 501, 2022, pp.
Artificial Intelligence (ECAI), 2015. 13–23.
[9] L. A. Alexei, A. Alexei, Cyber Security [19] V. Lakhno, et al., Modeling and Optimi-
Threat Analysis in Higher Education zation of Discrete Evolutionary Systems of
Institutions as a Result of Distance Learning, Information Security Management in a
International Journal of Scientific and Random Environment, Smart Innovation,
Technology Research, vol. 3, 2021, pp. 128– Systems and Technologies, vol. 269, 2022,
133. pp. 9–22.
[10] D. Koller, N. Friedman, Probabilistic
Graphical Models. Principles and
Techniques, MIT Press, 2009.
[11] G. Rajaboevich, N. Nasrullaev, D. Fayzieva,
Methods and Intelligent Mechanisms for
Constructing Cyberattack Detection
Components on Distance-Learning Systems,
in 2020 International Conference on
Information Science and Communications
Technologies (ICISCT), IEEE, 2020.
[12] D. Dang-Pham, et al., Network Analytics for
Improving Students’ Cybersecurity
Awareness in Online Learning Systems,
2020 RIVF International Conference on
109
�