Вестник Дагестанского государственного технического университета: Технические науки (Apr 2021)
GRAPH MODELS OF THE DYNAMICS OF NETWORK ATTACKS IN AUTOMATED SYSTEMS OF INTERNAL AFFAIRS BODIES
Abstract
Objective. The most important task of the theory and practice of ensuring the information security of automated systems during their operation in a secure version at the objects of computerization of internal affairs bodies is to analyze the functioning process of systems for protecting confidential information resources from unauthorized access in case of network attacks, which involves modeling the process of their implementation and the development of graph models of the implementation dynamics of the main types of network attacks. Methods. The method for solving this problem is a mathematical simulation of implementing network attacks in protected automated systems of internal affairs bodies by constructing and describing graph models of typical network attacks on a confidential information resource in the dynamics of their implementation. Results. Based on the analysis of typical network attacks on the information resource of modern automated systems operated in a secure version at the objects of computerization of internal affairs bodies, graph models of these attacks in the dynamics of their implementation were developed, with the allocation of key elements and functional components of models identical to real network attacks. The developed graph models allow visualizing the process of implementing the main malicious functions of the considered network attacks and consider the attacker's alleged actions. Conclusion. The conducted research results can be used to develop simulation models of typical network attacks on a confidential information resource to obtain probabilistic-temporal characteristics in the form of the execution times of each attack of malicious functions for a quantitative risk assessment of their implementation. This can become the basis for forming a specific model of actual attacks for a specific automated system and substantiating quantitative requirements for promising software and information security systems at the computerization facilities of the internal affairs bodies following the current regulatory documentation requirements.
Keywords