Научная электронная библиотека ULRICH'S Periodicals Directory

Сибирский государственный университет
науки и технологий имени академика М.Ф. Решетнева

Сибирский аэрокосмический журнал
ISSN 2712-8970 (Print) ISSN 2782-5760 (on-line)

Сведения об образовательной организации

UDK 004.56
RESEARCH OF THE CASE ANALYSIS ALGORITHM IN THE CLASSIFICATION OF PROBLEM OF INFORMATION SECURITY INCIDENTS
V. G. Zhukov*, A. A. Shalyapin, M. M. Sokolov
Reshetnev Siberian State Aerospace University 31, Krasnoyarsky Rabochy Av., Krasnoyarsk, 660037, Russian Federation *E-mail: zhukov.sibsau@gmail.com
The article is devoted to solution of the actual practical task of determining the strategy for responding to informa-tion security incidents in information systems with the help of case analysis. The author examines the process approach to incident management and its main stages. Incident management process, according to regulatory requirements, in-volves four steps: detection of an incident, incident response, investigation, corrective actions. At the second stage there is an urgent problem of a prompt response to information security incidents. It is necessary to decide which strategy should be chosen from a variety of specific strategies or to determine that there is no appropriate strategy and therefore it should be formed. As a solution of the problem of the response strategy selection it is proposed to use the case based analysis apparatus. To solve this problem it is supposed to use a simplified cycle of reasoning based on cases and not including the stage of response scenarios adaptation. The classification is based on the number of found analogies and the value of the similarity degree. Incidents are compared with case classes on the basis of similarities found in each class. According to the degree of similarity an incident corresponds to a specific case in the class and the response strategy associated with it. A new algorithm for classification of information security incidents in information systems based on the case and statistical analysis was worked out in accordance with the proposed concept of incidents analy-sis. The developed algorithm differs from the well-known ones in automatic selection of the optimal threshold value using ROC-analysis. The algorithm allows the selection of the criterion of classifier maximum quality depending on the permissible value of errors of the first and second kind under the given circumstances. The assessment of the developed algorithm effectiveness was carried out. The proposed concept of building the case based system of information security incidents increases responsiveness and allows repetitive using of the previous experience in the process of information security incidents management.
Keywords: information security, incident, case, response strategy, case based analysis.
References

Reference

 

  1. GOST R ISO/MEK 20000-1:2005. Informatsionnaya tehnologiya. Upravlenie uslugami. Ch. 1. “Spetsifikatsiya”. [State Standard R ISO/MEK 20000-1:2005. Information technology – Service management. Part 1: Specification]. Moscow, Standartinform Publ., 2007, 33 p.
  2. GOST R ISO/MEK 20000-2:2005. Informatsionnaya tehnologiya. Upravlenie uslugami. Ch. 2. “Practicheskoe rukovodstvo”. [State Standard R ISO/MEK 20000-1:2005. Information technology. Service management. Part 2: Code of practice]. Moscow, Standartinform Publ., 2007, 55 p.
  3. Shalyapin A. A., Zhukov V. G. [Algorithm of case-based analysis of information security incidents] Materialu XIII mezhdunarod. nauch. konf. “Informatsionnaya bezopasnost-2013” [Proceedings of XIII International. Scientific. Conf. “Information Security-2013”]. Taganrog, 2013, Part 1, Р. 96–104 (In Russ.).
  4. Varshavskiy P. R., Eremeev A. P. [Methods of plausible reasoning, based on analogies and precedents for intelligent decision support systems]. Novosti iskusstvennogo intellekta. 2006, Vol. 2, P. 39–62 (In Russ.).
  5. Berman A. F., Nikolaichuk O. A., Pavlov A. I., Yurin A. U. [The concept of building a case-expert system] Materialy XII mezhdunarod. nauch. konf. po vyichislitelnoy mehanike i sovremennyim prikladnym programmnym sistemam [Proceedings of XII International. Scientific. Conf. “Computational Mechanics and Advanced Applied”]. Vladimir, 2003, Part 2, P. 110–111 (In Russ.).
  6. Vagin V. N, Golovina E. U., Zagoryanskay A. A., Fomina М. V. Dostovernyiy i pravdopodobnyi vyvodi v intellektualnykh sistemakh. [Credible and plausible conclusion in intelligent systems]. Moscow, Fizmatlit Publ., 2008, 704 p.
  7. Varshavskiy P. R., Eremeev A. P. [Search for solutions on the basis of structural analogy for intelligent decision support systems]. Izvestiya RAN. Teoriya I sistemi upravleniya. 2005, Vol. 1, P. 97–109 (In Russ.).
  8. Yahteeva V. G., Yasinskaya O. V. [Application of the methodology of precedent models in the risk management system aimed at early detection of computer attacks]. Vestnik NGU. Informatsionnie tehnologii. 2012, Vol. 2, Р. 106–115 (In Russ.).
  9. Shalyapin A. A. [Application of case analysis for the problem of classification of information security incidents] Materiali VIII vserossiyskoi nauch-prak. konf.
    “Aktualnyie problemy aviatsii i kosmonavtiki”. [Proceedings of VIII All-Russian. Scientific. Conf. “Actual problems of aviation and astronautics”]. Krasnoyarsk, 2012, Part 2, Р. 381–382 (In Russ.).
  10. Shalyapin A. A., Zhukov V. G. [Case based analysis of information security incidents. Materialy XII mezhdunarod. nauch. konf. “Reshetnevskie chtenia” [Proceedings of XVI International. Scientific. Conf. “Reshetnev reading”]. Krasnoyarsk, 2012, Part 2, Р. 213–214 (In Russ.).
  11. Shalyapin A. A. [About setup algorithm analysis of law case incident information security]. Materialy XVII mezhdunarod. nauch. konf. “Reshetnevskie chtenia” [Proceedings of XVII International. Scientific. Conf. “Reshetnev reading”]. Krasnoyarsk, 2013, Part 2, Р. 166–168 (In Russ.).
  12. Shalyapin A. A., Zhukov V. G. [Case based analysis of information security incidents]. Vestnik SibGAU. 2013, No. 2(48), P. 19–24 (In Russ.).
  13. Sokolov M. M. [Investigation of the influence functions for finding the distance to the effectiveness of the system of case detection and analysis of information security incidents]. Materialy XVII mezhdunarod. nauch. konf. “Reshetnevskie chtenia” [Proceedings of XVII International. Scientific. Conf. “Reshetnev reading”]. Krasnoyarsk, 2013, Part 2, Р. 317–319 (In Russ.).
  14. Faizilberg L. S., Zhuk T. N. [Guaranteed performance evaluation of diagnostic tests based on enhanced ROC-analysis]. Upravlyayushie sistemi i mashini. 2009, Vol. 5, P. 3–11 (In Russ.).
  15. Bogomolov A. V., Kukushkin U. A. [Mathematical software meta-analysis of the results of independent experimental biomedical research]. Informatika I sistemi upravleniya. 2011, Vol. 4, P. 65–74 (In Russ.).

Zhukov Vadim Gennad’evich – Cand. Sc., Docent, Information technologies security Dept., Reshetnev Siberian State Aerospace University. E-mail: zhukov.sibsau@gmail.com.

Shalyapin Andrey Anatol’evich – postgraduate student, Reshetnev Siberian State Aerospace University. E-mail: shaaa.sibsau@mail.ru

Sokolov Mikhail Mikhaylovich – Master’s student, Reshetnev Siberian State Aerospace University. E-mail: fintibober@bk.ru