Egyptian Informatics Journal (Mar 2023)
A computationally efficient method for assessing the impact of an active viral cyber threat on a high-availability cluster
Abstract
The field of computer science, like its sub-field of cyber threat modelling, is rapidly evolving. The prerequisites for key changes can be summarized as follows: cyber threats are evolving; there are leaks of special services tools; agile development methodology is being introduced everywhere; the boundaries of the object of protection are blurred; the scope of application of artificial intelligence is expanding; potentially vulnerable API integrations are increasingly being used. These factors lead to the fact that the processes of analysis of cyber threats, analysis of protective measures, generalization of data, and development of protective tools should now be considered continuous, not discrete. At the same time, the cost of cybersecurity increases like an avalanche in an attempt to avoid reputational and information losses. The only way to avoid this tendency is to apply a rational, scientific, accurate method of cognition to these processes. Thus, the creation of mathematical models of processes in the field of cybersecurity is now more relevant than ever. The article is devoted to the investigation of the process of the influence of an active viral cyber threat on a high-availability cluster in the paradigm of the provisions of the theory of Markov processes, graph theory and the theory of mathematical analysis. The main contribution of the research is a formalized computationally efficient method of approximate estimation of the average number of affected elements of the target high-availability cluster under the influence of an active viral cyber threat. Also, a criterion that allows estimating the trend of the quantitative parameter of the metric of the model of the studied process at medium and long time intervals is proposed. To obtain the declared scientific result, the authors: - formulated a Markov model of the process of the influence of an active viral cyber threat on a high availability cluster; - substantiated a compact metric for accurate assessment of the average number of cluster elements affected by an active viral cyber threat at any time; - formulated a computationally efficient method of approximate estimation of the parameter of the mentioned metric for the model of the target studied process; - proposed a criterion that allows researchers to evaluate the trend of the parameter of the mentioned metric for the model of the target researched process at medium and long intervals of time. The adequacy of the formulated method has been proven empirically.