DEVELOPMENT OF A SUPPORT SYSTEM FOR MANAGING THE CYBER SECURITY

V. A. Lakhno

Abstract


Context. In this paper the urgent problem of development of software of decision making support systems in information security is solved. Approach is based on a choice of rational options of response to events taking into account operational state-of-health data of a subject to protection.

Objective. Goal of the research is developing a cyber-threats counterwork model using decision support system, choosing rational variants of reactions on the occurrences in cybersecurity, and taking into account current operational data.

Method. The information object cyber security operational management system and the formation of the protection methods rational sets model which is based on a morphological approach is developed. It is proposed to find an optimal variant of the information security perimeter sets using an object function that maximizes the correlation of a consolidated figure of “information security” to consolidated figure “costs”.

Results. A model for the operational management of cyber security-critical computer systems was developed. This model allows us to generate different variants of protection sets that are compliant with a computer system taking into account morphological matrices for each security perimeter prepared with the intelligent decision support system. It is proved that the use of the developed decision support systems can significantly reduce the costs planned for the complex means of cyber defense, as well as reduce the time to inform decisionmakers
on how to counter the identified information security incidents.

Conclusions. Scientific novelty of research consists that the model of operational management of cyber security of an information objects and formation of a rational complex of security features based on morphological approach is for the first time offered. The practical value of the developed methods and instruments is that they allow: to reduce time of development of systems of cyber security, to increase efficiency of planning of rational modular composition of security features due to creation of information and software environment in case of design; to increase validity of the made decisions on operational and to organizational technical control by protection


Keywords


Information safety; information security management; decision support system; morphological approach

References


Zhang Y., Wang L., Sun W., Green R. C., Alam M. Distributed Intrusion Detection System in a Multi-Layer Network Architecture of Smart Grids, IEEE Transactions on Smart Grid, 2011, Vol. 2, No. 4, pp. 796–808. DOI:10.1109/TSG.2011.2159818

Al-Jarrah O., Arafat A. Network Intrusion Detection System using attack behavior classification, Information and Communication Systems (ICICS), 2014 5th International Conference, 2014, pp. 1–6. DOI: 10.1109/IACS.2014.6841978

Louvieris P., Clewley N., Liu X. Effects-based feature identification for network intrusion detection, Neurocomputing, 2013, Vol. 121, Iss. 9, P. 265–273. DOI:10.1016/j.neucom.2013.04.038

Lakhno V. Creation of the adaptive cyber threat detection system on the basis of fuzzy feature clustering, Eastern-European Journal of Enterprise Technologies, 2016, Vol. 2, No. 9(80): Information and controlling system, pp. 18–25. DOI: 10.15587/1729- 4061.2016.66015

Panaousis E., Fielder A., Malacaria P., Hankin C., Smeraldi F. Cybersecurity Games and Investments: A Decision Support Approach, Chapter Decision and Game Theory for Security of the series Lecture Notes in Computer Science, 2014, Vol. 8840, pp. 266–286. DOI: 10.1007/978-3-319-12601-2_15

Cavusoglu H., Srinivasan R., Wei T. Y. Decision-theoretic and game-theoretic approaches to IT security investment, Journal of Management Information Systems, 2008, Vol. 25(2), pp. 281–304.

Li-Yun, Chang, Zne-Jung Lee Applying fuzzy expert system to information security risk Assessment – A case study on an attendance system, 2013 International Conference on Fuzzy Theory and Its Applications, 2013, pp. 346–351. DOI: 10.1109/iFuzzy.2013.6825462

Atymtayeva L., Kozhakhmet K., Bortsova G. Building a Knowledge Base for Expert System in Information Security, Chapter Soft Computing in Artificial Intelligence, 2014, Vol. 270, pp. 57–76. DOI:10.1007/978-3-319-05515-2_7

Kanatov M., Atymtayeva L., Yagaliyeva, B. Expert systems for information security management and audit. Implementation phase issues, Soft Computing and Intelligent Systems (SCIS), Joint 7th International Conference on and Advanced Intelligent Systems (ISIS), 15th International Symposium on 3–6 Dec. 2014, pp. 896–900. DOI:10.1109/SCIS-ISIS.2014.7044702

Yu-Ping Ou Yanga, How-Ming Shieha, Gwo-Hshiung Tzeng A VIKOR technique based on DEMATEL and ANP for information security risk control assessment, Information Sciences, 2013, Vol. 232, pp. 482–500. http://dx.doi.org/10.1016/ j.ins.2011.09.012

Bulgurcu B., Cavusoglu H. and Benbasat I. Information security policy compliance: An empirical study of rationality-based beliefs and information security awareness, MIS Quarterly, 2010, No. 34(3), pp. 523–548.

Linda O., Manic M., Vollmer T., Wright J. Fuzzy logic based anomaly detection for embedded network security cyber sensor, Computational Intelligence in Cyber Security (CICS), IEEE Symposium on 11–15 April 2011, 2011, pp. 202–209. DOI: 10.1109/CICYBS.2011.5949392

Demetz L., Bachlechner D. To Invest or Not to Invest? Assessing the Economic Viability of a Policy and Security Configuration Management Tool, The Economics of Information Security and Privacy, Springer, Heidelberg, 2013, pp. 25–47. DOI:10.1007/ 978-3-642-39498-0_2

Oglaza A., Laborde R., Zarate P. Authorization Policies: Using Decision Support System for Context-Aware Protection of User’s Private Data, Trust, Security and Privacy in Computing and Communications (TrustCom), 12th IEEE International Conference on 16–18 July 2013, 2013, pp. 1639–164. DOI: 10.1109/TrustCom.2013.202.

Lakhno V., Kazmirchuk S., Kovalenko Y., Myrutenko L., Zhmurko T. Design of adaptive system of detection of cyberattacks, based on the model of logical procedures and the coverage matrices of features, Eastern-European Journal of Enterprise Technologies, 2016, No. 3/9 (81), pp. 30–38. DOI: 10.15587/1729-4061.2016.71769

Gamal, M. M., Hasan, B., Hegazy, A.F. A Security Analysis Framework Powered by an Expert System, International Journal of Computer Science and Security, 2011, Vol. 4, No. 6, pp. 505–527.

Goztepe, K. Designing Fuzzy Rule Based Expert System for Cyber Security, International Journal of Information Security Science, 2012, Vol. 1, No. 1, pp. 13–19.

Robert S. Gutzwiller, Sarah M. Hunt, Douglas S. Lange A task analysis toward characterizing cyber-cognitive situation awareness (CCSA) in cyber defense analysts, Cognitive Methods in Situation Awareness and Decision Support (CogSIMA), IEEE International Multi-Disciplinary Conference on 21–25 March 2016, 2016. DOI: 10.1109/COGSIMA.2016.7497780.

Loren Paul Reesa, Jason K. Deanea, Terry R. Rakesa, Wade H. Bakerb Decision support for Cybersecurity risk planning, Decision Support Systems, 2011, Vol. 51, Iss. 3, рр. 493–505. DOI.org/10.1016/j.dss.2011.02.013

Paliwal, S., Gupta, R. Denial-of-Service, Probing & Remote to User (R2L) Attack Detection using Genetic Algorithm, International Journal of Computer Applications, 2012, Vol. 60, No. 19, pp. 57–62.

Ben-Asher N., Gonzalez C. Effects of cyber security knowledge on attack detection, Computers in Human Behavior, 2015, Vol. 48, pp. 51–61. DOI: 10.1016/j.chb.2015.01.039

Burachok, V. Algorithm for evaluating the degree of protection of special information and telecommunication systems, Information Security, 2011, No. 3, pp. 19–27.

Valenzuela J., Wang J., Bissinger N. Real-Time Intrusion Detection in Power System Operations, IEEE Transactions on Power Systems, 2013, Vol. 28, No. 2, pp. 1052–1062. DOI:10.1109/ TPWRS.2012.2224144

Potij O. V., Ljenshyn A. V. Doslidzhennja metodiv ocinky ryzykiv bezpeci informacii’ ta rozrobka propozycij z i’h vdoskonalennja na osnovi systemnogo pidhodu, Zbirnyk naukovyh prac’ Harkivs’kogo universytetu Povitrjanyh Syl, 2010, Vyp. 2(24), pp. 85–91.


GOST Style Citations


1. Distributed Intrusion Detection System in a Multi-Layer Network Architecture of Smart Grids / [Y. Zhang, L. Wang, W. Sun, R. C. Green II at al] // IEEE Transactions on Smart Grid. – 2011. – Vol. 2, No. 4. – P. 796–808. DOI:10.1109/TSG.2011.2159818

2. Al-Jarrah O. Network Intrusion Detection System using attack behavior classification / O. Al-Jarrah, A. Arafat // 5th International Conference Information and Communication Systems (ICICS). – 2014. – P. 1–6. DOI: 10.1109/IACS.2014.6841978

3. Louvieris P. Effects-based feature identification for network intrusion detection / P. Louvieris, N. Clewley, X. Liu //Neurocomputing. – 2013. – Vol. 121, Iss. 9. – P. 265–273. DOI:10.1016/j.neucom.2013.04.038

4. Lakhno V. Creation of the adaptive cyber threat detection system on the basis of fuzzy feature clustering / V. Lakhno // Eastern-European Journal of Enterprise Technologies. – 2016. – Vol. 2, No 9(80). – P. 18–25. DOI: 10.15587/1729-4061.2016.66015

5. Cybersecurity Games and Investments: A Decision Support Approach / [E. Panaousis, A. Fielder, P. Malacaria, C. Hankin et al] // Chapter Decision and Game Theory for Security. – 2014. – Vol. 8840. – P. 266–286. DOI: 10.1007/978-3-319-12601-2_15

6. Cavusoglu H. Decision-theoretic and game-theoretic approaches to IT security investment / H. Cavusoglu, R. Srinivasan, T. Y. Wei // Journal of Management Information Systems. – 2008. – Vol. 25(2). – P. 281–304.

7. Li-Yun Chang. Applying fuzzy expert system to information security risk Assessment – A case study on an attendance system / Li-Yun Chang, Zne–Jung Lee // 2013 International Conference on Fuzzy Theory and Its Applications. – P. 346–351. DOI: 10.1109/iFuzzy.2013.6825462

8. Atymtayeva L. Building a Knowledge Base for Expert System in Information Security / L. Atymtayeva, K. Kozhakhmet, G. Bortsova // Chapter Soft Computing in Artificial Intelligence. – 2014. – Vol. 270. – P. 57–76. DOI:10.1007/978-3-319-05515-2_7

9. Kanatov M. Expert systems for information security management and audit / M. Kanatov, L. Atymtayeva, B. Yagaliyeva // Implementation phase issues, Soft Computing and Intelligent Systems, Joint 7th International Conference on and Advanced Intelligent Systems (ISIS), 15th International Symposium on 3–6 Dec. 2014. – P. 896–900. DOI:10.1109/SCISISIS. 2014.7044702

10. Yanga Y.-P. Ou. A VIKOR technique based on DEMATEL and ANP for information security risk control assessment / Y.-P. O. Yanga, H. Shieha, G. Tzeng // Information Sciences. – 2013. – Vol. 232. – P. 482–500. http://dx.doi.org/10.1016/ j.ins.2011.09.012

11. Bulgurcu B. Information security policy compliance: An empirical study of rationality-based beliefs and information security awareness / B. Bulgurcu, H. Cavusoglu, I. Benbasat // MIS Quarterly. – 2010. – No. 34(3). – P. 523–548.

12. Fuzzy logic based anomaly detection for embedded network security cyber sensor / [O. Linda, M. Manic, T. Vollmer, J. Wright] // Computational Intelligence in Cyber Security (CICS), IEEE Symposium on 11–15 April 2011. – P. 202–209. DOI: 10.1109/ CICYBS.2011.5949392

13. Demetz L. To Invest or Not to Invest? Assessing the Economic Viability of a Policy and Security Configuration Management Tool / L. Demetz, D. Bachlechner // The Economics of Information Security and Privacy, Springer, 2013. – P. 25–47. DOI:10.1007/978-3-642-39498-0_2

14. Oglaza A. Authorization Policies: Using Decision Support System for Context-Aware Protection of User’s Private Data, Trust, Security and Privacy in Computing and Communications (TrustCom) / A. Oglaza, R.Laborde, P. Zarate // 2013 12th IEEEInternational Conference on 16–18 July 2013, Melbourne, VIC Australia. – P. 1639–164. DOI: 10.1109/TrustCom.2013.202.

15. LakhnoDesign of adaptive system of detection of cyber-attacks, based on the model of logical procedures and the coverage matrices of features / [V. Lakhno, S. Kazmirchuk, Y. Kovalenko, L. Myrutenko et al] // Eastern-European Journal of Enterprise Technologies. – 2016. – No. 3/9 (81). – P. 30–38. DOI: 10.15587/1729-4061.2016.71769

16. Gamal M. M. A Security Analysis Framework Powered by an Expert System / M. M. Gamal, B. Hasan, A. F. Hegazy // International Journal of Computer Science and Security. – 2011. – Vol. 4, No. 6. – P. 505–527.

17. Goztepe K. Designing Fuzzy Rule Based Expert System for Cyber Security / K. Goztepe // International Journal of Information Security Science. – 2012. – Vol. 1, No. 1. – P. 13–19.

18. Gutzwiller R. S. A task analysis toward characterizing cybercognitive situation awareness (CCSA) in cyber defense analysts / R. S. Gutzwiller, S. M. Hunt, D. S. Lange // 2016 IEEE International Multi-Disciplinary Conference on 21–25 March 2016, DOI: 10.1109/COGSIMA.2016.7497780.

19. Decision support for Cybersecurity risk planning / [L. P. Reesa, J. K. Deanea, T. R. Rakesa, W. H. Bakerb] // Decision Support Systems. – 2011. – Vol. 51, Iss. 3. – P. 493–505. DOI.org/10.1016/ j.dss.2011.02.013

20. Paliwal S. Denial-of-Service, Probing & Remote to User (R2L) Attack Detection using Genetic Algorithm / S. Paliwal, R. Gupta// International Journal of Computer Applications. – 2012. – Vol. 60, No.19. – P. 57–62.

21. Ben-Asher N. Effects of cyber security knowledge on attack detection / N. Ben-Asher, C. Gonzalez // Computers in Human Behavior. – 2015. – Vol. 48. – P. 51–61. DOI: 10.1016/ j.chb.2015.01.039

22. Buryachok V. L. Algoritm ocіnyuvannya stupenya zaxishhenostі specіal’nix іnformacіjno-telekomunіkacіjnix sistem // Zaxist іnformacії. – 2011. – No. 3. – P. 19–27.

23. Valenzuela J. Real-Time Intrusion Detection in Power System Operations / J. Valenzuela, J. Wang, N. Bissinger // IEEE Transactions on Power Systems, 2013. – Vol. 28, No. 2. – P. 1052–1062. DOI:10.1109/TPWRS.2012.2224144

24. Потій О. В. Дослідження методів оцінки ризиків безпеці інформації та розробка пропозицій з їх вдосконалення на основі системного підходу / О. В. Потій, А. В. Лєншин [Текст] // Збірник наукових праць Харківського університету Повітряних Сил. – 2010. – Вип. 2(24). – С. 85–91.





DOI: https://doi.org/10.15588/1607-3274-2017-2-12



Copyright (c) 2017 V. A. Lakhno

Creative Commons License
This work is licensed under a Creative Commons Attribution-ShareAlike 4.0 International License.

Address of the journal editorial office:
Editorial office of the journal «Radio Electronics, Computer Science, Control»,
Zaporizhzhya National Technical University, 
Zhukovskiy street, 64, Zaporizhzhya, 69063, Ukraine. 
Telephone: +38-061-769-82-96 – the Editing and Publishing Department.
E-mail: rvv@zntu.edu.ua

The reference to the journal is obligatory in the cases of complete or partial use of its materials.