| Peer-Reviewed

Analysis of the Conditions of Experimental Evaluation Security of Applied Computer Process

Received: 22 April 2022     Accepted: 6 May 2022     Published: 26 May 2022
Views:       Downloads:
Abstract

The need to ensure the effective operation of entities of the National Cyber Security System stipulate the urgency of developing a scientific and methodological apparatus for rapid response to cyber incidents (cyberattacks). The fundamental impossibility of achieving algorithmic and information completeness of cyber defense equipment anticipates the implementation of a process to support the decision-making of the operational staff of cybersecurity. Another factor of decision uncertainty is the lack of a priori data to identify the magnitude of the damage from the effects of the cyber incident. The latter is due to the fact that the description of a cyber incident consists of a set of signs of detection of a possible (potential) cyberattack, but the amount of damage cannot be reliably known instantly. Determining the amount of damage at the moment of detecting a cyberattack can be done using security proof models of information security theory, based on the subject-object representation of the object of cybersecurity. The use of these models requires knowledge of the probability of protection against the imposition of unforeseen execution for applied computing processes of all types in the object of cyber security. The proposition is to evaluate the reliability from influence on the applied computational process in the form of an experiment. The experiment allows obtaining the most complete image of the possibilities and features of the use of typical vulnerabilities of the software implementation of the target computational process. The organization of the experiment is to establish the fact of the execution of an active code from the composition of special code combinations in input data. The result of the experiment: a description of the code combination of input data (subsets of possible combinations) the processing of which led to the execution of the active payload; the average time of the experiment with the target computing process before the transfer of control to the active payload. The article is devoted to the presentation of the results of the analysis of conditions that must be taken into account when organizing an experimental assessment of the possibility of influence on the applied computational process.

Published in International Journal of Intelligent Information Systems (Volume 11, Issue 3)
DOI 10.11648/j.ijiis.20221103.11
Page(s) 35-38
Creative Commons

This is an Open Access article, distributed under the terms of the Creative Commons Attribution 4.0 International License (http://creativecommons.org/licenses/by/4.0/), which permits unrestricted use, distribution and reproduction in any medium or format, provided the original work is properly cited.

Copyright

Copyright © The Author(s), 2022. Published by Science Publishing Group

Keywords

Computational Process, Critical Data, Method of Imposing Code, Cyberattack, Vulnerability, Experiment

References
[1] L. Slipachuk, S. Toliupa and V. Nakonechnyi, "The Process of the Critical Infrastructure Cyber Security Management using the Integrated System of the National Cyber Security Sector Management in Ukraine", 2019 3rd International Conference on Advanced Information and Communications Technologies (AICT), 2019.
[2] Toliupa, S., Parkhomenko, I., & Shvedova, H. Security and regulatory aspects of the critical infrastructure objects functioning and cyberpower level assesment. In 2019 3rd International Conference on Advanced Information and Communications Technologies, AICT 2019 – Proceedings (pp. 463–468).
[3] Zakon Ukrayiny № 2163 VIII ot 05.10.2017 «Pro osnovni zasady zabezpechennya kiberbezpeky Ukrayiny».
[4] Khusainov P. V. Osnovy pobudovy operatsiy-nykh system, kompleksiv ta zasobiv avtomatyzatsiyi upravlinnya viysʹkamy: Navchalʹnyy posibnyk/ P. V. Khusainov, I. YU. Subach, O. V. Silko, S. V. Lyu-barsʹkyy. – K.: VITI, 2016. – 220 s.
[5] Azarenko Ye. V. Proyektirovaniye avtomati-zirovannykh sistem upravleniya na komp'yuternykh setyakh: Monografiya/ Ye. V. Azarenko, B. M. Gerasimov, B. P. Shokhin. – Sevastopol': Gos. Okeanarium, 2007. – 272 s.
[6] Terminolohiya v haluzi zakhystu informatsiyi v kompʺyuternykh systemakh vid nesanktsionovanoho dostupu: ND TZI 1.1–003–99. – Kyiv: DST·SZI SB Ukraine, 1999. – 26 s.
[7] D. C. Wardell, R. F. Mills, G. L. Peterson, M. E. Oxley, A method for revealing and addressing security vulnerabilities in cyber-physical systems by modeling malicious agent interactions with formal verification, Procedia Comput. Sci. 95 (2016) 24–31.
[8] Y. Albrekht and A. Pysarenko, "Multimodular Cyberphysical Systems: Challenges and Existing Solutions,"2020 IEEE 2nd International Conference on Advanced Trends in Information Theory (ATIT), 2020, pp. 376-379, doi: 10.1109/ATIT50783.2020.9349291.
[9] M. Elnour, N. Meskin, K. Khan, R. Jain Application of data-driven attack detection framework for secure operation in smart buildings Sustain. Citie. Soc., 69 (2021), p. 102816, 10.1016/j.scs.2021.102816.
[10] Gerasimov B. M., Divizinyuk M. M., Subach I. YU. Sistemy podderzhki prinyatiya resheniy: proyektirovaniye, primeneniye, otsenka effektivnosti. Sevastopol'.: SNIYAEiP, 2004. – 319 s.
[11] Gerasimov B. M., Kamyshyn V. V. Orhanizatsiyna erhonomika: metody i alhorytmy doslidzhennya ta proektuvannya. – K., Infosystem, 2009. – 212 s.
[12] Antonyuk A. O. Teoretychni osnovy modelyuvannya ta analizu system zakhystu informatsiyi: [monohrafiya]. – Irpinʹ: Natsionalʹnyy universytet DPS Ukrayiny, 2010–310.
[13] The Handbook of Artificial Intelligence, Vol. 1 Avron Barr and Edward A. Feigenbaum (Eds.) William Kaufman, Inc., Los Altos, Calif., 1981, 409 pp, ISBN 0-86576-005-5.
[14] Matematicheskaya Entsiklopediya. T. 1 (A - G). Red. kollegiya: I. M. Vinogradov (glav red) [i dr.] – M., «Sovetskaya Entsiklopediya», 1977, 1152 stb.
[15] Nabi, F., Yong, J., Tao, X., Farhan, M. & Naseem, N. (2021). Organizing Classification of Application Logic Attacks in Component-based E-Commerce Systems. Journal of Computer Science, 17 (11), 1046-1058. https://doi.org/10.3844/jcssp.2021.1046.105
Cite This Article
  • APA Style

    Pavlo Khusainov, Serhii Shtanenko. (2022). Analysis of the Conditions of Experimental Evaluation Security of Applied Computer Process. International Journal of Intelligent Information Systems, 11(3), 35-38. https://doi.org/10.11648/j.ijiis.20221103.11

    Copy | Download

    ACS Style

    Pavlo Khusainov; Serhii Shtanenko. Analysis of the Conditions of Experimental Evaluation Security of Applied Computer Process. Int. J. Intell. Inf. Syst. 2022, 11(3), 35-38. doi: 10.11648/j.ijiis.20221103.11

    Copy | Download

    AMA Style

    Pavlo Khusainov, Serhii Shtanenko. Analysis of the Conditions of Experimental Evaluation Security of Applied Computer Process. Int J Intell Inf Syst. 2022;11(3):35-38. doi: 10.11648/j.ijiis.20221103.11

    Copy | Download

  • @article{10.11648/j.ijiis.20221103.11,
      author = {Pavlo Khusainov and Serhii Shtanenko},
      title = {Analysis of the Conditions of Experimental Evaluation Security of Applied Computer Process},
      journal = {International Journal of Intelligent Information Systems},
      volume = {11},
      number = {3},
      pages = {35-38},
      doi = {10.11648/j.ijiis.20221103.11},
      url = {https://doi.org/10.11648/j.ijiis.20221103.11},
      eprint = {https://article.sciencepublishinggroup.com/pdf/10.11648.j.ijiis.20221103.11},
      abstract = {The need to ensure the effective operation of entities of the National Cyber Security System stipulate the urgency of developing a scientific and methodological apparatus for rapid response to cyber incidents (cyberattacks). The fundamental impossibility of achieving algorithmic and information completeness of cyber defense equipment anticipates the implementation of a process to support the decision-making of the operational staff of cybersecurity. Another factor of decision uncertainty is the lack of a priori data to identify the magnitude of the damage from the effects of the cyber incident. The latter is due to the fact that the description of a cyber incident consists of a set of signs of detection of a possible (potential) cyberattack, but the amount of damage cannot be reliably known instantly. Determining the amount of damage at the moment of detecting a cyberattack can be done using security proof models of information security theory, based on the subject-object representation of the object of cybersecurity. The use of these models requires knowledge of the probability of protection against the imposition of unforeseen execution for applied computing processes of all types in the object of cyber security. The proposition is to evaluate the reliability from influence on the applied computational process in the form of an experiment. The experiment allows obtaining the most complete image of the possibilities and features of the use of typical vulnerabilities of the software implementation of the target computational process. The organization of the experiment is to establish the fact of the execution of an active code from the composition of special code combinations in input data. The result of the experiment: a description of the code combination of input data (subsets of possible combinations) the processing of which led to the execution of the active payload; the average time of the experiment with the target computing process before the transfer of control to the active payload. The article is devoted to the presentation of the results of the analysis of conditions that must be taken into account when organizing an experimental assessment of the possibility of influence on the applied computational process.},
     year = {2022}
    }
    

    Copy | Download

  • TY  - JOUR
    T1  - Analysis of the Conditions of Experimental Evaluation Security of Applied Computer Process
    AU  - Pavlo Khusainov
    AU  - Serhii Shtanenko
    Y1  - 2022/05/26
    PY  - 2022
    N1  - https://doi.org/10.11648/j.ijiis.20221103.11
    DO  - 10.11648/j.ijiis.20221103.11
    T2  - International Journal of Intelligent Information Systems
    JF  - International Journal of Intelligent Information Systems
    JO  - International Journal of Intelligent Information Systems
    SP  - 35
    EP  - 38
    PB  - Science Publishing Group
    SN  - 2328-7683
    UR  - https://doi.org/10.11648/j.ijiis.20221103.11
    AB  - The need to ensure the effective operation of entities of the National Cyber Security System stipulate the urgency of developing a scientific and methodological apparatus for rapid response to cyber incidents (cyberattacks). The fundamental impossibility of achieving algorithmic and information completeness of cyber defense equipment anticipates the implementation of a process to support the decision-making of the operational staff of cybersecurity. Another factor of decision uncertainty is the lack of a priori data to identify the magnitude of the damage from the effects of the cyber incident. The latter is due to the fact that the description of a cyber incident consists of a set of signs of detection of a possible (potential) cyberattack, but the amount of damage cannot be reliably known instantly. Determining the amount of damage at the moment of detecting a cyberattack can be done using security proof models of information security theory, based on the subject-object representation of the object of cybersecurity. The use of these models requires knowledge of the probability of protection against the imposition of unforeseen execution for applied computing processes of all types in the object of cyber security. The proposition is to evaluate the reliability from influence on the applied computational process in the form of an experiment. The experiment allows obtaining the most complete image of the possibilities and features of the use of typical vulnerabilities of the software implementation of the target computational process. The organization of the experiment is to establish the fact of the execution of an active code from the composition of special code combinations in input data. The result of the experiment: a description of the code combination of input data (subsets of possible combinations) the processing of which led to the execution of the active payload; the average time of the experiment with the target computing process before the transfer of control to the active payload. The article is devoted to the presentation of the results of the analysis of conditions that must be taken into account when organizing an experimental assessment of the possibility of influence on the applied computational process.
    VL  - 11
    IS  - 3
    ER  - 

    Copy | Download

Author Information
  • Department of Cyber Security, Military Institute of Telecommunications and Informatization, Kyiv, Ukraine

  • Department of Military Training, Military Institute of Telecommunications and Informatization, Kyiv, Ukraine

  • Sections