Abstract
This work studies a Markov model of cyberthreats that affect a computer system. In this model the computer system is considered as a system with failures and recoveries, which is similar to reliability theory models. To estimate the functional-temporal properties of the system, a parameter called the system life time is introduced and defined as the number of transitions in the respective Markov chain until the first time of entering the final state. Since this random variable plays an important role in estimating the security level of the computer system, its distribution of probabilities in case of mutually exclusive cyberthreats is studied in detail; in particular, explicit analytical formulas are derived for numerical characteristics of its distribution, including expected value and variance. Then the considered Markov model is substantially generalized by dropping the assumption that cyberthreats affecting the system are mutually exclusive. This modification expands the respective Markov chain through additional states without any essential modifications in its structure. This fact has allowed extending the previous analytical results for the expected value and variance of the life time to the case of nonmutually exclusive cyberthreats. In conclusion, the Markov model of nonmutually exclusive cyberthreats is used to state the problem of finding an optimal configuration of information security tools in a given cyberthreat space. It is essential that the formulated optimization problems belong to the class of nonlinear discrete (Boolean) programming problems. In conclusion, an example is considered that showcases the solution for selecting the optimal set of information security tools for a computer system.
This is a preview of subscription content, log in via an institution to check access.
Similar content being viewed by others
Notes
The costs are sufficiently notional, because the modern market offers a broad diversity of specific models of protection tools of various classes. In addition, the costs of actual systems strongly depend on their proper parameters (number of workstations, users, and others), and also on their operational life, etc.
Remember that σ(x) = \(\sum\nolimits_{i = 1}^n {{{2}^{{n - i}}}} {{x}_{i}}\).
REFERENCES
Ye, N., Zhang, Y., and Borror, C.M., Robustness of the Markov-chain model for cyber-attack detection, IEEE Trans. Reliab., 2004, vol. 53, no. 1, pp. 116–123.
Jha, S., Tan, K., and Maxion, R., Markov chains, classifiers, and intrusion detection., Proc. IEEE Computer Security Foundations Workshops, 2001, vol. 1, pp. 206–219.
Ahmadian Ramaki, A., Rasoolzadegan, A., and Javan Jafari, A., A systematic review on intrusion detection based on the Hidden Markov Model, Stat. Anal. Data Mining: ASA Data Sci. J., 2018, vol. 11, no. 3, pp. 111–134.
Garcia-Teodoro, P., Diaz-Verdejo, J., Maciá-Fernández, G., and Vázquez, E., Anomaly-based network intrusion detection: Techniques, systems and challenges, Comput. Secur., 2009, vol. 28, nos. 1–2, pp. 18–28.
Billings, L., Spears, W., and Schwartz, I., A unified prediction of computer virus spread in connected networks, Phys. Lett. A, 2002, vol. 297, nos. 3–4, pp. 261–266.
Boyko, A., A method for analytical modeling of the process of spreading viruses in computer networks of various structures, Tr. SPIIRAN, 2015, vol. 5, no. 42, pp. 196–211.
Dalinger, Y., Babanin, D., and Burkov, S.M., Mathematical models of the spread of viruses in computer networks of various structures, Inf. Sist. Upr., 2012, no. 4, pp. 25–33.
Del Rey, A., Mathematical modeling of the propagation of malware: A review, Secur. Commun. Networks, 2015, vol. 8, no. 15, pp. 2561–2579.
Yang, M., Jiang, R., Gao, T., Xie, W., and Wang, J., Research on cloud computing security risk assessment based on information entropy and Markov chain, Int. J. Network Secur., 2018, vol. 20, no. 4, pp. 664–673.
Xiaolin, C., Xiaobin, T., Yong, Z., and Hongsheng, X., A Markov game theory-based risk assessment model for network information system, International Conference on Computer Science and Software Engineering, IEEE, 2008, vol. 3, pp. 1057–1061.
Orojloo, H. and Azgomi, M., A method for modeling and evaluation of the security of cyber-physical systems, 11th International ISC Conference on Information Security and Cryptology, IEEE, 2014, pp. 131–136.
Almasizadeh, J. and Azgomi, M., A stochastic model of attack process for the evaluation of security metrics, Comput. Networks, 2013, vol. 57, no. 10, pp. 2159–2180.
Shcheglov, K. and Shcheglov, A., Markov models of threats to the security of information systems, Izv. Vyssh. Uchebn. Zaved., Priborostr., 2015, vol. 58, no. 12, pp. 957–965.
Rosenko, A., Mathematical modeling of the impact of internal threats on security of confidential information circulating in an automated information system, Izv. Yuzhn. Fed. Univ., Tekh. Nauki, 2008, vol. 85, no. 8, pp. 71–81.
Magazev, A. and Tsyrulnik, V., Investigation of a Markov model for computer system security threats, Autom. Control Comput. Sci., 2018, vol. 52, no. 7, pp. 615–624.
Magazev, A. and Tsyrulnik, V., Optimizing the selection of information security remedies in terms of a Markov security model, J. Phys.: Conf. Ser., 2018, vol. 1096, 012160.
Shirtz, D. and Elovici, Y., Optimizing investment decisions in selecting information security remedies, Inf. Manage. Comput. Secur., 2011, vol. 19, no. 2, pp. 95–112.
Prudnikov, A.P., Brychkov, Yu.A., and Marichev, O.I., Integrals and Series: Elementary Functions, New York: Gordon & Breach Sci. Publ., 1986, vol. 1.
Feller, W., An Introduction to Probability Theory and Its Applications, John Wiley & Sons Inc., 1968, vol. 1.
Ovchinnikov, A.I., A mathematical model for the optimal choice of means of protection against security threats in computing networks at enterprises, Vestn. Mosk. Gos. Tekh. Univ. im. N.E. Baumana, Ser. Priborostr., 2007, no. 3, pp. 115–121.
Kovalev, M., Diskretnaya optimizatsiya (tselochislennoe programmirovanie) (Discrete Optimization (Integer Programming)), Moscow: Editorial URSS, 2003, 2nd ed.
Beshelev, S.D. and Gurvich, F., Matematiko-statisticheskie metody ekspertnykh otsenok (Mathematical-Statistical Methods of Expert Estimates), Moscow: Statistika, 1980.
Funding
This study was funded by the Russian Foundation for Basic Research, project no. 19-37-90122.
Author information
Authors and Affiliations
Corresponding authors
Ethics declarations
The authors declare that they have no conflicts of interest.
Additional information
Translated by S. Kuznetsov
About this article
Cite this article
Kassenov, A.A., Magazev, A.A. & Tsyrulnik, V.F. Markov Model of Nonmutually Exclusive Cyberthreats and Its Applications for Selecting an Optimal Set of Information Security Tools. Aut. Control Comp. Sci. 55, 623–635 (2021). https://doi.org/10.3103/S0146411621070075
Received:
Revised:
Accepted:
Published:
Issue Date:
DOI: https://doi.org/10.3103/S0146411621070075