5 research outputs found
Π‘ΠΎΠ²Π΅ΡΡΠ΅Π½ΡΡΠ²ΠΎΠ²Π°Π½ΠΈΠ΅ Π³ΡΠ°ΡΠΎΠ² Π°ΡΠ°ΠΊ Π΄Π»Ρ ΠΌΠΎΠ½ΠΈΡΠΎΡΠΈΠ½Π³Π° ΠΊΠΈΠ±Π΅ΡΠ±Π΅Π·ΠΎΠΏΠ°ΡΠ½ΠΎΡΡΠΈ: ΠΎΠΏΠ΅ΡΠΈΡΠΎΠ²Π°Π½ΠΈΠ΅ Π½Π΅ΡΠΎΡΠ½ΠΎΡΡΡΠΌΠΈ, ΠΎΠ±ΡΠ°Π±ΠΎΡΠΊΠ° ΡΠΈΠΊΠ»ΠΎΠ², ΠΎΡΠΎΠ±ΡΠ°ΠΆΠ΅Π½ΠΈΠ΅ ΠΈΠ½ΡΠΈΠ΄Π΅Π½ΡΠΎΠ² ΠΈ Π°Π²ΡΠΎΠΌΠ°ΡΠΈΡΠ΅ΡΠΊΠΈΠΉ Π²ΡΠ±ΠΎΡ Π·Π°ΡΠΈΡΠ½ΡΡ ΠΌΠ΅Ρ
Both timely and adequate response on the computer security incidents and organization losses from the computer attacks depend on the accuracy of situation recognition under the cybersecurity monitoring. The paper is devoted to the enhancement of the attack models in the form of attack graphs for the cybersecurity monitoring tasks. A number of important issues related to the application of attack graphs and their solutions are considered. They include inaccuracies in the definition of the pre- and post-conditions of attack actions, the processing of attack graph cycles for the application of Bayesian inference for the attack graph analysis, the mapping of security incidents on an attack graph, the automatic countermeasure selection in case of a high security risk level. The paper demonstrates a software prototype of the security monitoring system component which was earlier implemented and modified considering the suggested enhancements. The results of experiments are described. The influence of the modifications on the cybersecurity monitoring results is shown on a case study.Π‘Π²ΠΎΠ΅Π²ΡΠ΅ΠΌΠ΅Π½Π½ΠΎΡΡΡ ΠΈ Π°Π΄Π΅ΠΊΠ²Π°ΡΠ½ΠΎΡΡΡ ΡΠ΅Π°Π³ΠΈΡΠΎΠ²Π°Π½ΠΈΡ Π½Π° ΠΈΠ½ΡΠΈΠ΄Π΅Π½ΡΡ ΠΊΠΎΠΌΠΏΡΡΡΠ΅ΡΠ½ΠΎΠΉ Π±Π΅Π·ΠΎΠΏΠ°ΡΠ½ΠΎΡΡΠΈ, Π° ΡΠ°ΠΊΠΆΠ΅ ΠΏΠΎΡΠ΅ΡΠΈ ΠΎΡΠ³Π°Π½ΠΈΠ·Π°ΡΠΈΠΉ ΠΎΡ ΠΊΠΎΠΌΠΏΡΡΡΠ΅ΡΠ½ΡΡ
Π°ΡΠ°ΠΊ, Π·Π°Π²ΠΈΡΡΡ ΠΎΡ ΡΠΎΡΠ½ΠΎΡΡΠΈ ΠΎΠΏΡΠ΅Π΄Π΅Π»Π΅Π½ΠΈΡ ΡΠΈΡΡΠ°ΡΠΈΠΈ ΠΏΡΠΈ ΠΌΠΎΠ½ΠΈΡΠΎΡΠΈΠ½Π³Π΅ ΠΊΠΈΠ±Π΅ΡΠ±Π΅Π·ΠΎΠΏΠ°ΡΠ½ΠΎΡΡΠΈ. Π‘ΡΠ°ΡΡΡ ΠΏΠΎΡΠ²ΡΡΠ΅Π½Π° ΡΠΎΠ²Π΅ΡΡΠ΅Π½ΡΡΠ²ΠΎΠ²Π°Π½ΠΈΡ ΠΌΠΎΠ΄Π΅Π»Π΅ΠΉ Π°ΡΠ°ΠΊ Π² Π²ΠΈΠ΄Π΅ Π³ΡΠ°ΡΠΎΠ² Π΄Π»Ρ Π·Π°Π΄Π°Ρ ΠΌΠΎΠ½ΠΈΡΠΎΡΠΈΠ½Π³Π° ΠΊΠΈΠ±Π΅ΡΠ±Π΅Π·ΠΎΠΏΠ°ΡΠ½ΠΎΡΡΠΈ. Π Π°ΡΡΠΌΠ°ΡΡΠΈΠ²Π°Π΅ΡΡΡ ΡΡΠ΄ Π°ΠΊΡΡΠ°Π»ΡΠ½ΡΡ
ΠΏΡΠΎΠ±Π»Π΅ΠΌ, ΡΠ²ΡΠ·Π°Π½Π½ΡΡ
Ρ ΠΈΡΠΏΠΎΠ»ΡΠ·ΠΎΠ²Π°Π½ΠΈΠ΅ΠΌ Π³ΡΠ°ΡΠΎΠ² Π°ΡΠ°ΠΊ, ΠΈ ΡΠΏΠΎΡΠΎΠ±ΠΎΠ² ΠΈΡ
ΡΠ΅ΡΠ΅Π½ΠΈΡ, Π² ΡΠΎΠΌ ΡΠΈΡΠ»Π΅ ΠΎΠΏΠ΅ΡΠΈΡΠΎΠ²Π°Π½ΠΈΠ΅ Π½Π΅ΡΠΎΡΠ½ΠΎΡΡΡΠΌΠΈ ΠΏΡΠΈ ΠΎΠΏΡΠ΅Π΄Π΅Π»Π΅Π½ΠΈΠΈ ΠΏΡΠ΅Π΄- ΠΈ ΠΏΠΎΡΡΡΡΠ»ΠΎΠ²ΠΈΠΉ Π²ΡΠΏΠΎΠ»Π½Π΅Π½ΠΈΡ Π°ΡΠ°ΠΊΡΡΡΠΈΡ
Π΄Π΅ΠΉΡΡΠ²ΠΈΠΉ, ΠΎΠ±ΡΠ°Π±ΠΎΡΠΊΠ° ΡΠΈΠΊΠ»ΠΎΠ² ΠΏΡΠΈ ΠΈΡΠΏΠΎΠ»ΡΠ·ΠΎΠ²Π°Π½ΠΈΠΈ Π±Π°ΠΉΠ΅ΡΠΎΠ²ΡΠΊΠΎΠ³ΠΎ Π²ΡΠ²ΠΎΠ΄Π° Π΄Π»Ρ Π°Π½Π°Π»ΠΈΠ·Π° Π³ΡΠ°ΡΠ° Π°ΡΠ°ΠΊ, ΠΎΡΠΎΠ±ΡΠ°ΠΆΠ΅Π½ΠΈΠ΅ ΠΈΠ½ΡΠΈΠ΄Π΅Π½ΡΠΎΠ² Π½Π° Π³ΡΠ°ΡΠ΅ Π°ΡΠ°ΠΊ, Π° ΡΠ°ΠΊΠΆΠ΅ Π°Π²ΡΠΎΠΌΠ°ΡΠΈΡΠ΅ΡΠΊΠΈΠΉ Π²ΡΠ±ΠΎΡ Π·Π°ΡΠΈΡΠ½ΡΡ
ΠΌΠ΅Ρ Π² ΡΠ»ΡΡΠ°Π΅ Π²ΡΡΠΎΠΊΠΎΠ³ΠΎ ΡΡΠΎΠ²Π½Ρ ΡΠΈΡΠΊΠ°. ΠΡΠ΅Π΄ΡΡΠ°Π²Π»Π΅Π½ ΡΠ΅Π°Π»ΠΈΠ·ΠΎΠ²Π°Π½Π½ΡΠΉ ΡΠ°Π½Π΅Π΅ ΠΈ ΠΌΠΎΠ΄ΠΈΡΠΈΡΠΈΡΠΎΠ²Π°Π½Π½ΡΠΉ Ρ ΡΡΠ΅ΡΠΎΠΌ ΠΏΡΠ΅Π΄Π»ΠΎΠΆΠ΅Π½Π½ΡΡ
ΠΈΠ·ΠΌΠ΅Π½Π΅Π½ΠΈΠΉ ΠΏΡΠΎΠ³ΡΠ°ΠΌΠΌΠ½ΡΠΉ ΠΏΡΠΎΡΠΎΡΠΈΠΏ ΠΊΠΎΠΌΠΏΠΎΠ½Π΅Π½ΡΠ° ΡΠΈΡΡΠ΅ΠΌΡ ΠΌΠΎΠ½ΠΈΡΠΎΡΠΈΠ½Π³Π° ΠΊΠΈΠ±Π΅ΡΠ±Π΅Π·ΠΎΠΏΠ°ΡΠ½ΠΎΡΡΠΈ ΠΈ ΡΠ΅Π·ΡΠ»ΡΡΠ°ΡΡ ΡΠΊΡΠΏΠ΅ΡΠΈΠΌΠ΅Π½ΡΠΎΠ². ΠΠ»ΠΈΡΠ½ΠΈΠ΅ ΠΈΠ·ΠΌΠ΅Π½Π΅Π½ΠΈΠΉ Π½Π° ΡΠ΅Π·ΡΠ»ΡΡΠ°ΡΡ ΠΌΠΎΠ½ΠΈΡΠΎΡΠΈΠ½Π³Π° ΠΊΠΈΠ±Π΅ΡΠ±Π΅Π·ΠΎΠΏΠ°ΡΠ½ΠΎΡΡΠΈ ΠΏΠΎΠΊΠ°Π·Π°Π½ΠΎ Π½Π° ΠΏΡΠΈΠΌΠ΅ΡΠ΅ ΠΎΡΠ΅Π½ΠΊΠΈ Π·Π°ΡΠΈΡΠ΅Π½Π½ΠΎΡΡΠΈ ΡΡΠ°Π³ΠΌΠ΅Π½ΡΠ° ΠΊΠΎΠΌΠΏΡΡΡΠ΅ΡΠ½ΠΎΠΉ ΡΠ΅ΡΠΈ
Analytical attack modeling and security assessment based on the common vulnerability scoring system
The paper analyzes an approach to the analytical attack modeling and security assessment on the base of the Common Vulnerability Scoring System (CVSS) format, considering different modifications that appeared in the new version of the CVSS specification. The common approach to the analytical attack modeling and security assessment was suggested by the authors earlier. The paper outlines disadvantages of previous CVSS version that influenced negatively on the results of the attack modeling and security assessment. Differences between new and previous CVSS versions are analyzed. Modifications of the approach to the analytical attack modeling and security assessment that follow from the CVSS modifications are suggested. Advantages of the modified approach are described. Case study that illustrates enhanced approach is provided
Detection, control and mitigation system for secure vehicular communication
The increase in the safety and privacy of automated vehicle drivers against hazardous cyber-attacks will lead to a considerable reduction in the number of global deaths and injuries. In this sense, the European Commission has focused attention on the security of communications in high-risk systems when receiving a cyber-attack such as automated vehicles. The project SerIoT comes up as an possible solution, providing a useful open and reference framework for real-time monitoring of the traffic exchanged through heterogeneous IoT platforms. This system is capable of recognize suspicious patterns, evaluate them and finally take mitigate actions. The paper presents a use case of the SerIoT project related to rerouting tests in vehicular communication. The goal is to ensure secure and reliable communication among Connected Intelligent Transportation Systems (C-ITS) components (vehicles, infrastructures, etc) using the SerIoT's system capabilities to detect and mitigate possible network attacks. Therefore, fleet management and smart intersection scenarios were chosen, where vehicles equipped with On Board Units (OBU) interact with each other and Road Side Units (RSU) to accomplish an optimal flow of traffic. These equipments use the SerIoT systems to deal with cyber-attacks such as Denial of Service (DoS). Tests have been validated in different scenarios under threats situations. It shows the great performance of the SerIoT system taking the corresponding actions to ensure a continuous and safety traffic flow