Uploaded by IAEME PUBLICATION

OPTIMIZATION OF INFORMATION AND COMMUNICATION TRANSPORT SYSTEMS PROTECTION TASKS

advertisement
International Journal of Civil Engineering and Technology (IJCIET)
Volume 10, Issue 1, January 2019, pp.1–9, Article ID: IJCIET_10_01_001
Available online at http://www.iaeme.com/IJCIET/issues.asp?JType=IJCIET&VType=10&IType=1
ISSN Print: 0976-6308 and ISSN Online: 0976-6316
©IAEME Publication
Scopus Indexed
OPTIMIZATION OF INFORMATION AND
COMMUNICATION TRANSPORT SYSTEMS
PROTECTION TASKS
Prof. V. Lakhno
Head of Department of Computer Systems and Networks,
National University of Life and Environmental Sciences of Ukraine, Kyiv, Ukraine
Prof. S. Tsiutsiura
Department of Information Technologies
National University of Construction and Architecture, Kyiv, Ukraine
Y. Ryndych
Department of Informative and Computer Systems,
Chernihiv National University of Technology, Chernihiv, Ukraine
A. Blozva
Department of Computer Systems and Networks,
National University of Life and Environmental Sciences of Ukraine, Kyiv, Ukraine
A.Desiatko
Department of Software Engineering and Cyber Security
National University of Trade and Economics, Kyiv, Ukraine
Y. Usov
Department of Cybersecurity and Mathematical Simulation,
Chernihiv National University of Technology, Chernihiv, Ukraine
S. Kaznadiy
Department of Informative and Computer Systems,
Chernihiv National University of Technology, Chernihiv, Ukraine
ABSTRACT
A modified algorithm for estimating the limits of the dual problem solution with
the branching order determination for solving the tasks of providing cyber security
and protection of information in information and communication transport systems
(ICTS) is proposed. Effective influence of the prior branching order determination of
http://www.iaeme.com/IJCIET/index.asp
1
editor@iaeme.com
Optimization of Information and Communication Transport Systems Protection Tasks
variables is experimentally tested. It is proved that the use of the algorithm improved
will increase the validity of the decisions made at the stages of ICTS design.
The proposed algorithm is universal and can be applied to solve a wide range of
optimization tasks.
Key words: Protection of Information, Information and Communication Systems,
Transport, Tasks Optimization.
Cite this Article: V. Lakhno, S. Tsiutsiura, Y. Ryndych, A. Blozva, A.Desiatko, Y.
Usov and S. Kaznadiy, Optimization of Information and Communication Transport
Systems Protection Tasks, International Journal of Civil Engineering and Technology
(IJCIET) 10(1), 2019, pp. 1–9.
http://www.iaeme.com/IJCIET/issues.asp?JType=IJCIET&VType=10&IType=1
1. INTRODUCTION
The peculiarity of the tasks for optimizing the complex of information security methods
(ISM) and its restorative redundancy is the presence of limitations, the feasibility of which is
verified by the analytical methods or by the method of simulation. To solve the problems of
such a class, two approaches are proposed: 1) inclusion the nonlinear constraints in the
scheme of branching; 2) solving the reduced task without taking into account nonlinear
constraints, and on the received set of admissible decisions, the feasibility checking of these
restrictions comes out.
When performing the task using the first approach, on the opinion of many experts [1,2],
it is advisable to use algorithms based on the ideas of the branches and limits method. In order
to determine the set of admissible solutions of the reduced task, the modified method of the
functional equations dynamic programming counter solution is proposed in the article. While
modifying the method, indicators characterizing the ratio of the information owner to the
potential risks associated with investing in ISM is taken into account, namely the variants in
which the owner can choose from the following options : 1) protection of all the nodes of
information and communication transport systems(ICTS); 2) selective protection of those
ICTS nodes that are in communication with public networks (PN); protection of nodes with
critically important information for business processes of the company; etc.
For the security subsystems synthesis, it is necessary to choose such a set which ensures
either the minimum probability of unauthorized access (UAA) with restrictions on the value,
time and other indicators, or the minimum total losses from overcoming protection and the
costs of development and operation of ISW, or the minimum costs for the development and
operation of the system with limitations on the likelihood of protection overcoming. These
factors led to the relevance of the chosen article topic.
2. LITERATURE REVIEW AND PROBLEM POSING
General application of the branches and limits method efficiency to solve the problem of
optimizing the distribution of program arrays (PA) and information arrays (IA), as well as
their restorative reserve, is influenced by the choice of the branching strategy and the method
of estimating the decision limits. It is proposed for reducing the computational complexity of
the branches and limits method to make the evaluation of decision limits by an approximate
method of solving the dual task, in relation to the initial problem, using the theory of duality
for the preliminary determination of the branching variables order. This will allow, with a
slight deterioration in the accuracy of the decision limits determination, to reduce the total
time of solving tasks at the expense of the decision limits determination computational
complexity by the methods [1–6andothers],compared with the exact ones. But all the works
http://www.iaeme.com/IJCIET/index.asp
2
editor@iaeme.com
V. Lakhno, S. Tsiutsiura, Y. Ryndych, A. Blozva, A.Desiatko, Y. Usov and S. Kaznadiy
considered do not contain the acceptable algorithm for estimating the limits of the dual
problem solution with the branching order determination for the problem solution of
providing information protection in information and communication transport systems in the
paradigm of object-oriented programming.
Therefore, in general, the task of the algorithm modification is to estimate the limits of the
dual problem solution with the branching order determination for solving the problems of
providing information security in ICTS, taking into account the results of the other authors
proposed in [1–6], as well as our own publications [7–14].
3. GOAL AND OBJECTIVES OF THE STUDY
The objective of the article is to develop the algorithm for estimating the limits of the dual
problem solution with the branching order determination for solving the tasks of providing
information security in information and communication transport systems. The following
tasks are solved for this:
- to improve the existing algorithms of optimizing the information security content in ICTS;
- to check the efficiency and adequacy of the algorithm proposed.
4. MODELS AND METHODS
Distribution of PA and IA on a network nodes is determined by the distribution plan, which is
given by the matrices X = x k j , Y = yf j .
To solve the tasks of the article it is necessary to identify the following components of the
decision vector X  (x 1 , x 2 ,..., x n ) , that maximize the function:
n
PA( x )   c j x j
(1)
j 1
in the zone, specified by the restrictions:
x j  0,1, j  1,2,..., n
n
a
j 1
ij
x j  bi
(2)
i  1,2,..., m.
(3)
where РА – is the number of possible offender targets in ICTS; c j – the cost of m - ISM
at the j -th line of defense; aij  the corresponding threat number for ICTS; bi  number of
ICTS threats, which are implemented by the offender in achieving the ultimate goal of the
attack; n – is a set of security numbers that can potentially be used to counter a hacker.
To estimate the solution limits, condition (2) is weakened and replaced by the condition:
0  xj 1
j  1, n.
Then it is a dual problem for tasks (1) and (2)
mn
 m

ZL  min  bi yi   yi  ,
i  m 1 
 i 1
with restrictions:
http://www.iaeme.com/IJCIET/index.asp
3
editor@iaeme.com
(4)
Optimization of Information and Communication Transport Systems Protection Tasks
m
a
i 1
ij
y i  y m j  c j , j  1,2 ,..., n ,
(5)
yi  0,
(6)
i = 1,2,...,m + n.
In the research works, the probabilistic probability of overcoming protection  i , j ( t ) for
D i as a means (method) of protection, belonging to the turning point j and fixed by the
object pa has been determined, when the levels are to overcome j - 1, j - 2,...,1 .
We denote Qmatrix  qei ,e  0,1,..., n,
contains
the dual
problem solution
i  1,2,..., m  n – a matrix, k-th line
(4) –
(6), but
with
j  i1 , i 2 ,..., i k ;
KS  KS1  KS 0 –the set of variables indexes, included in КS – is a partial solution (here


KS1  j \ x j  1, KS0  j \ x j  0 ; KU   j : j  1,2,...,n – the set of the
variable main task indexes.
Then, an approximate algorithm for estimating the limits of the dual problem solution
with the branching order determination includes the following steps, described in Table 1.
№ of step
Table 1 Algorithm for estimating the limits of the dual problem solution with the branching order
determination for solving the tasks of providing information security in ICTS
1
Calculated parameter
dependence
Action
Formulate a task
1
j pa
Dсзи j
  

p a PA j 1 Dсзи 1
i , j( t )
( pa )
 ws Dcpbj ( pa )  max,
2
Determine the
value
di
k
di
k
bi
,
 aij

jI
Choose the
variable
yr
k  1,2,... – iteration
k
number, I – condition indexes set
(5 and 6), for which inequality is not
k
d r  min d i
k
k
1, if
D ,
 j
which belons


ws Dcpbj ( p a )  to j - th level,
is assigned to

the object p a ;


0, othermise.
where
i  1,2,...,m  n,
b m  j  1, j  1,2,..., n
3
Note
performed
I  1,2,..., n
1
k
i
http://www.iaeme.com/IJCIET/index.asp
4
editor@iaeme.com
V. Lakhno, S. Tsiutsiura, Y. Ryndych, A. Blozva, A.Desiatko, Y. Usov and S. Kaznadiy
4
Calculate the
variable value
yr  min
k
j
k
yr and variable
Index i q , which defines the minimum
yr
AS  c j 
index for
branching on the
n  k  1 – th
AS
,
arj
where
circle of the
branches tree
k
, is the variable index xik for
branching on the n  k  1 - th circle.
m  n k 1
  a ij y i ,
t
Write down
Pk   iq .
i 1 t 1
yi  0,
0
i  1,2,..., m  n
5
Determine the
elements value of
the k-th matrix
line
qki  qk 1,i  yr ,
k
i  1,2,..., m  n,
where
6
Exclude from the
k
plural I
equation index,
for which
q0i  0,
i  1,2,..., m  n.
m
 aij y i  ym j  c j ,
i 1
Check the condition k  n , if the
condition is not fulfilled, then put
k=k+1 and go to step 2, otherwise–
to step 7.
j  1,2 ,..., n
7
Calculate
yi
k
When solving the task (2 –3)
variables branching order is
determined by the massif
yi   yi ,
j
j 1
i  1,2,...,m  n ,
m
ZL   bi yi 
PH  i1 ,i2 ,..., in  . First element
xin , and then xin 1 etc.
i 1

mn
y
i  m 1
i
To substantiate the similar choice, an experimental verification of the branching strategies
efficiency and the accuracy influence of estimating limits solution on the branches and limits
method is carried out.
5. SIMULATION EXPERIMENT
In order to increase the efficiency of a counter solution functional equations dynamic
programming method, while solving the problem of optimizing the composition of ISM
complexes, as well as the volume of restorative PA and IA reserves, it is proposed to use a
way to streamline restrictions on rigidity based on the application of the duality theory.
It is assumed that losses can be caused not only by the fact of security violation protection
object pa, but also by the penetration of the j -th protection level by overcoming D j -th
means (method) of protection. Thus, the offender receives the opportunity to use information
that is determined by the level j and D j -th means, to the detriment of the system. If at the j -
http://www.iaeme.com/IJCIET/index.asp
5
editor@iaeme.com
Optimization of Information and Communication Transport Systems Protection Tasks
th level of protection it is possible to use several methods simultaneously, so these methods
are combined in one and correspondingly correct the probabilistic, time and cost
characteristics. The initial problem, taking into account the works’ results of [6–14], is
presented in the following form. It is required to maximize the target function:
N
FR   rj (x j )
j 1
,
(7)
with restrictions:
N
 d (x
j 1
ij
x j  1,2,...Aj
where
j
i  1,2,.., MI,
)  Dmpi ,
(8)
j  1,2,..., N,
,
dij (x j )  0,
rj (x j )  0,
(9)
j = 1,2,..., N, i = 1,2,..., MI.
On the basis of the dynamic programming method optimality principle, two functional
equations can be made:
f n ( D1n ,D2 n ,...,D mn ) 


 max  f n1
x unX un


n  1,2,..., N,
 D1n  d1n(xn ),D 2 n 

 d 2 n(xn ),...,D mn  d mn(xn ) rn(xn ), (10)
m  1,2,..., MI.
PAn(D 0 mp1n ,D 0 mp2 n ,...,D 0 mpmn ) 

 max  PAun1
xnX n

+rn(x n ),
n  N,N  1,...,1,
where
 D 0 mpі1n  d1n(x n ),

 0

0
 D mpі2 n  d 2 n(x n ),...,D mpmn  d mpmn (x n )
(11)
m  1,2 ,...,MI,
n
N
j 1
j n
Dmpin   d ij(x j ), D in0   d ij(x j ), i  1,2,...m.
The functional equations (10) and (11) differ from the usual functional equations in that
the number of restrictions in them is not constant, they can be solved at different values
m  1,2,...,MI. To complete the dual problem, the joint task (7) – (9) is given in the form
of a linear task with additional constraints:
N
Aj
FR  max rkj xkj ,
j 1 k 1
http://www.iaeme.com/IJCIET/index.asp
6
editor@iaeme.com
V. Lakhno, S. Tsiutsiura, Y. Ryndych, A. Blozva, A.Desiatko, Y. Usov and S. Kaznadiy
N
Aj
 d
j 1 k 1
Aj
x
k 1
kj
x  Dmpi ,
ikj kj
 1,
i  1,2,...,MI
(12)
j  1,2,..., N.
xkj  0,1,
k  1,2,..., Aj ,
(13)
j  1,2,..., N
The condition (13) is weakened and replaced by the condition 0  xkj  1, then dual
with respect to the task (2) is the task:
MI  N
 MI

ZL  min  Dmpi yi   yi ,
i  MI 1 
 i 1
MI
d
i 1
ikj
(14)
yi  y MI  j  rkj ,
k  1,2,..., Aj , j  1,2,..., N,
(15)
y i  0, i  1,2,...,MI  N.
(16)
where MI  is the number of threats for ICTS.
The task (14) – (16) is used to rearrange the restrictions on stiffness. From the economic
interpretation of the dual task, it follows that the greater the value of the variable, the more
restrictive it is to it. In view of this, the restriction of the original task must be arranged in a
manner i1 ,i2 ,..., iMI , that satisfies the condition y i1  y i2  ...  y iMI .
Experimental verification results of the preliminary determination variables branching
order effect are shown in Fig. 1.
С1 – is a simplex-method without branches order determining;
С2 – is a simplex-method with branches order determining.
Figure 1. Comparative characteristics of the branches and limits method for different restrictions
stiffness values
http://www.iaeme.com/IJCIET/index.asp
7
editor@iaeme.com
Optimization of Information and Communication Transport Systems Protection Tasks
The analysis of the results showed that the use of the preliminary determination variables
branching order method together with estimation decision limits simple-method can reduce
the time of solving tasks in 5 – 20 times.
6. RESULTS AND DISCUSSION
The analysis of the obtained results showed that the volume of information circulating in the
system at the expense of rational distribution of PM and MI decreased by 17–20%, with more
than 35% increase in the probability of solving all problems in the system with a minimum
amount of restorative reserve for each PA and IA, while increasing the stability of the
information-computing process [17, 18].
The simulation results showed that the probability of solving all tasks in the system with
allowance for restorative redundancy at the volume of the reserve in one copy increased by
28–30% with increasing probability of solving each of the tasks not lower than 5–7%.
7. GRATITUDES
The research and the article were done within the framework of promising scientific and
technical programs of the Department of Computer Systems and Networks of the National
University of Life and Environmental Sciences of Ukraine, as well as the grant of the
Republic of Kazakhstan, registration number AP05132723 “Development of adaptive expert
systems in the area of cybersecurity of critical objects of informatization”.
8. CONCLUSIONS
The article proposes the modified algorithm for estimating the limits of the dual problem
solution with the branching order determination for solving the problems of providing
information security in ICTS.
Under the computing experiment, the effectiveness influence of the previous
determination branching order of variables is checked. The use of the improved algorithm, as
well as the complex of models and methods developed for its optimization in the information
computing process is proved and ensuring the security of the information, allows to increase
the validity of the decisions taken at the stages of the ICTS designing, exploitation and
reconstruction of ICTS with distributed processing.
The proposed methods and algorithms are universal and can be applied to solve a wide
range of optimization tasks.
REFERENCES
[1]
[2]
[3]
[4]
[5]
Gordon, L. A., & Loeb, M. P. (2002). The Economics of Information Security Investment.
ACM Transactions On Information and System Security (TISSEC), 5(4), pp. 438–457.
Lakhno, V.A., Kravchuk, P.U., Malyukov, V.P., Domrachev, V.N., Myrutenko, L.V.,
Piven, O.S. (2017). Developing of the cyber security system based on clustering and
formation of control deviation signs, Journal of Theoretical and Applied Information
Technology, Vol. 95, Iss. 21, pp. 5778–5786.
Cavusoglu, H., Mishra, B., & Raghunathan, S. (2004). A Model for Evaluating IT
Security Investments.Communications of The ACM,47(7), pp. 87–92.
Campbell, K., Gordon, L. A., Loeb, M. P., & Zhou, L. (2003). The Economic Cost of
Publicly Announced Information Security Breaches: Empirical Evidence from The Stock
Market.Journal of Computer Security,11(3), 431–448.
Osobennosti zashchity informacii v raspredelennyh sistemah telekommunikacij i
korporativnyh sistemah svyazi. V 3-h tomah [Tekst] / O.V. Esikov, R.N. Akinshin, A.S.
Kislicyn // Obespechenie informacionnoj bezopasnosti v ehkonomicheskoj i
http://www.iaeme.com/IJCIET/index.asp
8
editor@iaeme.com
V. Lakhno, S. Tsiutsiura, Y. Ryndych, A. Blozva, A.Desiatko, Y. Usov and S. Kaznadiy
[6]
[7]
[8]
[9]
[10]
[11]
[12]
[13]
[14]
[15]
[16]
[17]
[18]
telekommunikacionnoj sferah: Kollektivnaya monografiya. Pod red. E.M. Suhareva. – M.:
Radiotekhnika, 2003.
Fielder, A., Panaousis, E., Malacaria, P., Hankin, C., & Smeraldi, F. (2016). Decision
Support Approaches for Cyber Security Investment.Decision Support Systems,86, pp. 13–
23.
Feng, N., Wang, H. J., & Li, M. (2014). A Security Risk Analysis Model for Information
Systems: Causal Relationships of Risk Factors and Vulnerability Propagation Analysis
.Information Sciences,256, pp. 57–73.
Akhmetov, B. etc. (2018). Development of Sectoral Intellectualized Expert Systems and
Decision Making Support Systems in Cybersecurity. In Proceedings of the Computational
Methods in Systems and Software (pp. 162–171). Springer, Cham.
Petrov, B. B., Karpinskyy, M., etc. (2016). Immune and defensive corporate systems with
intellectual identification of threats. Śląska Oficyna Drukarska, Pszczyna. 212 p.
Lakhno, V., Kozlovskyi, V., Boiko, Y., Mishchenko, A., Opirskyy, I. Management of
Information Protection Based on the Integrated Implementation of Decision Support
Systems, Easterneuropean Journal of Enterprise Technologies, 5/9 (89), 2017, pp. 36–42.
Lakhno, V., Malyukov, V., Parkhuts, L., Buriachok, V., Satzhanov, B., & Tabylov, A.
(2018). Funding Model for Port Information System Cyber Security Facilities with
Incomplete Hacker Information Available. Journal of Theoretical & Applied Information
Technology, 96(13). pp. 4215–4225.
Akhmetov, B., etc. (2018). Models and Algorithms of Vector Optimization in Selecting
Security Measures for Higher Education Institution’s Information Learning Environment.
In Proceedings of the Computational Methods in Systems and Software (pp. 135–142).
Springer, Cham.
Lakhno, V., Petrov, A., & Petrov, A. “Development of a Support System for Managing
the Cyber Security of Information and Communication Environment of Transport”, In
International Conference on Information Systems Architecture and Technology, 2017, pp.
113–127. Springer, Cham.
Lakhno V.A., Tretynyk V.V. (2019) Information Technologies for Maintaining of
Management Activity of Universities. In: Hu Z., Petoukhov S., Dychka, I., He, M. (eds)
Advances in Computer Science for Engineering and Education. ICCSEEA 2018.
Advances in Intelligent Systems and Computing, vol 754. pp. 663–672.
Lakhno, V., Tkach, Y.,Petrenko, T.,Zaitsev, S. & Bazylevych, V. (2016). Development of
adaptive expert system of information security using a procedure of clustering the
attributes of anomalies and cyber attacks. Eastern European Journal of Enterprise
Technologies, 6/9 (84), pp. 32–44.
Lakhno, V.,Zaitsev, S.,Tkach, Y. &Petrenko, T. Adaptive expert systems development for
cyber attacks recognition in information educational systems on the basis of signs’
clustering. Advances in Intelligent Systems and Computing, volume 754, pp. 673–682.
V. Lakhno, V. Buriachok, L. Parkhuts etc. (2018). Development of a conceptual model of
adaptive access rights management with using the apparatus of Petri nets. International
Journal of Civil Engineering & Technology (IJCIET), Vol. 9, Iss. 11, pp. 95–104.
B. Akhmetov, L.Kydyralina etc. (2018). Model for a computer decision support system on
mutual investment in the cybersecurity of educational institutions, International Journal of
Mechanical Engineering & Technology (IJMET), Vol. 9,Iss. 10, pp. 1114–1122.
http://www.iaeme.com/IJCIET/index.asp
9
editor@iaeme.com
Download