International Journal of Civil Engineering and Technology (IJCIET) Volume 10, Issue 1, January 2019, pp.1–9, Article ID: IJCIET_10_01_001 Available online at http://www.iaeme.com/IJCIET/issues.asp?JType=IJCIET&VType=10&IType=1 ISSN Print: 0976-6308 and ISSN Online: 0976-6316 ©IAEME Publication Scopus Indexed OPTIMIZATION OF INFORMATION AND COMMUNICATION TRANSPORT SYSTEMS PROTECTION TASKS Prof. V. Lakhno Head of Department of Computer Systems and Networks, National University of Life and Environmental Sciences of Ukraine, Kyiv, Ukraine Prof. S. Tsiutsiura Department of Information Technologies National University of Construction and Architecture, Kyiv, Ukraine Y. Ryndych Department of Informative and Computer Systems, Chernihiv National University of Technology, Chernihiv, Ukraine A. Blozva Department of Computer Systems and Networks, National University of Life and Environmental Sciences of Ukraine, Kyiv, Ukraine A.Desiatko Department of Software Engineering and Cyber Security National University of Trade and Economics, Kyiv, Ukraine Y. Usov Department of Cybersecurity and Mathematical Simulation, Chernihiv National University of Technology, Chernihiv, Ukraine S. Kaznadiy Department of Informative and Computer Systems, Chernihiv National University of Technology, Chernihiv, Ukraine ABSTRACT A modified algorithm for estimating the limits of the dual problem solution with the branching order determination for solving the tasks of providing cyber security and protection of information in information and communication transport systems (ICTS) is proposed. Effective influence of the prior branching order determination of http://www.iaeme.com/IJCIET/index.asp 1 editor@iaeme.com Optimization of Information and Communication Transport Systems Protection Tasks variables is experimentally tested. It is proved that the use of the algorithm improved will increase the validity of the decisions made at the stages of ICTS design. The proposed algorithm is universal and can be applied to solve a wide range of optimization tasks. Key words: Protection of Information, Information and Communication Systems, Transport, Tasks Optimization. Cite this Article: V. Lakhno, S. Tsiutsiura, Y. Ryndych, A. Blozva, A.Desiatko, Y. Usov and S. Kaznadiy, Optimization of Information and Communication Transport Systems Protection Tasks, International Journal of Civil Engineering and Technology (IJCIET) 10(1), 2019, pp. 1–9. http://www.iaeme.com/IJCIET/issues.asp?JType=IJCIET&VType=10&IType=1 1. INTRODUCTION The peculiarity of the tasks for optimizing the complex of information security methods (ISM) and its restorative redundancy is the presence of limitations, the feasibility of which is verified by the analytical methods or by the method of simulation. To solve the problems of such a class, two approaches are proposed: 1) inclusion the nonlinear constraints in the scheme of branching; 2) solving the reduced task without taking into account nonlinear constraints, and on the received set of admissible decisions, the feasibility checking of these restrictions comes out. When performing the task using the first approach, on the opinion of many experts [1,2], it is advisable to use algorithms based on the ideas of the branches and limits method. In order to determine the set of admissible solutions of the reduced task, the modified method of the functional equations dynamic programming counter solution is proposed in the article. While modifying the method, indicators characterizing the ratio of the information owner to the potential risks associated with investing in ISM is taken into account, namely the variants in which the owner can choose from the following options : 1) protection of all the nodes of information and communication transport systems(ICTS); 2) selective protection of those ICTS nodes that are in communication with public networks (PN); protection of nodes with critically important information for business processes of the company; etc. For the security subsystems synthesis, it is necessary to choose such a set which ensures either the minimum probability of unauthorized access (UAA) with restrictions on the value, time and other indicators, or the minimum total losses from overcoming protection and the costs of development and operation of ISW, or the minimum costs for the development and operation of the system with limitations on the likelihood of protection overcoming. These factors led to the relevance of the chosen article topic. 2. LITERATURE REVIEW AND PROBLEM POSING General application of the branches and limits method efficiency to solve the problem of optimizing the distribution of program arrays (PA) and information arrays (IA), as well as their restorative reserve, is influenced by the choice of the branching strategy and the method of estimating the decision limits. It is proposed for reducing the computational complexity of the branches and limits method to make the evaluation of decision limits by an approximate method of solving the dual task, in relation to the initial problem, using the theory of duality for the preliminary determination of the branching variables order. This will allow, with a slight deterioration in the accuracy of the decision limits determination, to reduce the total time of solving tasks at the expense of the decision limits determination computational complexity by the methods [1–6andothers],compared with the exact ones. But all the works http://www.iaeme.com/IJCIET/index.asp 2 editor@iaeme.com V. Lakhno, S. Tsiutsiura, Y. Ryndych, A. Blozva, A.Desiatko, Y. Usov and S. Kaznadiy considered do not contain the acceptable algorithm for estimating the limits of the dual problem solution with the branching order determination for the problem solution of providing information protection in information and communication transport systems in the paradigm of object-oriented programming. Therefore, in general, the task of the algorithm modification is to estimate the limits of the dual problem solution with the branching order determination for solving the problems of providing information security in ICTS, taking into account the results of the other authors proposed in [1–6], as well as our own publications [7–14]. 3. GOAL AND OBJECTIVES OF THE STUDY The objective of the article is to develop the algorithm for estimating the limits of the dual problem solution with the branching order determination for solving the tasks of providing information security in information and communication transport systems. The following tasks are solved for this: - to improve the existing algorithms of optimizing the information security content in ICTS; - to check the efficiency and adequacy of the algorithm proposed. 4. MODELS AND METHODS Distribution of PA and IA on a network nodes is determined by the distribution plan, which is given by the matrices X = x k j , Y = yf j . To solve the tasks of the article it is necessary to identify the following components of the decision vector X (x 1 , x 2 ,..., x n ) , that maximize the function: n PA( x ) c j x j (1) j 1 in the zone, specified by the restrictions: x j 0,1, j 1,2,..., n n a j 1 ij x j bi (2) i 1,2,..., m. (3) where РА – is the number of possible offender targets in ICTS; c j – the cost of m - ISM at the j -th line of defense; aij the corresponding threat number for ICTS; bi number of ICTS threats, which are implemented by the offender in achieving the ultimate goal of the attack; n – is a set of security numbers that can potentially be used to counter a hacker. To estimate the solution limits, condition (2) is weakened and replaced by the condition: 0 xj 1 j 1, n. Then it is a dual problem for tasks (1) and (2) mn m ZL min bi yi yi , i m 1 i 1 with restrictions: http://www.iaeme.com/IJCIET/index.asp 3 editor@iaeme.com (4) Optimization of Information and Communication Transport Systems Protection Tasks m a i 1 ij y i y m j c j , j 1,2 ,..., n , (5) yi 0, (6) i = 1,2,...,m + n. In the research works, the probabilistic probability of overcoming protection i , j ( t ) for D i as a means (method) of protection, belonging to the turning point j and fixed by the object pa has been determined, when the levels are to overcome j - 1, j - 2,...,1 . We denote Qmatrix qei ,e 0,1,..., n, contains the dual problem solution i 1,2,..., m n – a matrix, k-th line (4) – (6), but with j i1 , i 2 ,..., i k ; KS KS1 KS 0 –the set of variables indexes, included in КS – is a partial solution (here KS1 j \ x j 1, KS0 j \ x j 0 ; KU j : j 1,2,...,n – the set of the variable main task indexes. Then, an approximate algorithm for estimating the limits of the dual problem solution with the branching order determination includes the following steps, described in Table 1. № of step Table 1 Algorithm for estimating the limits of the dual problem solution with the branching order determination for solving the tasks of providing information security in ICTS 1 Calculated parameter dependence Action Formulate a task 1 j pa Dсзи j p a PA j 1 Dсзи 1 i , j( t ) ( pa ) ws Dcpbj ( pa ) max, 2 Determine the value di k di k bi , aij jI Choose the variable yr k 1,2,... – iteration k number, I – condition indexes set (5 and 6), for which inequality is not k d r min d i k k 1, if D , j which belons ws Dcpbj ( p a ) to j - th level, is assigned to the object p a ; 0, othermise. where i 1,2,...,m n, b m j 1, j 1,2,..., n 3 Note performed I 1,2,..., n 1 k i http://www.iaeme.com/IJCIET/index.asp 4 editor@iaeme.com V. Lakhno, S. Tsiutsiura, Y. Ryndych, A. Blozva, A.Desiatko, Y. Usov and S. Kaznadiy 4 Calculate the variable value yr min k j k yr and variable Index i q , which defines the minimum yr AS c j index for branching on the n k 1 – th AS , arj where circle of the branches tree k , is the variable index xik for branching on the n k 1 - th circle. m n k 1 a ij y i , t Write down Pk iq . i 1 t 1 yi 0, 0 i 1,2,..., m n 5 Determine the elements value of the k-th matrix line qki qk 1,i yr , k i 1,2,..., m n, where 6 Exclude from the k plural I equation index, for which q0i 0, i 1,2,..., m n. m aij y i ym j c j , i 1 Check the condition k n , if the condition is not fulfilled, then put k=k+1 and go to step 2, otherwise– to step 7. j 1,2 ,..., n 7 Calculate yi k When solving the task (2 –3) variables branching order is determined by the massif yi yi , j j 1 i 1,2,...,m n , m ZL bi yi PH i1 ,i2 ,..., in . First element xin , and then xin 1 etc. i 1 mn y i m 1 i To substantiate the similar choice, an experimental verification of the branching strategies efficiency and the accuracy influence of estimating limits solution on the branches and limits method is carried out. 5. SIMULATION EXPERIMENT In order to increase the efficiency of a counter solution functional equations dynamic programming method, while solving the problem of optimizing the composition of ISM complexes, as well as the volume of restorative PA and IA reserves, it is proposed to use a way to streamline restrictions on rigidity based on the application of the duality theory. It is assumed that losses can be caused not only by the fact of security violation protection object pa, but also by the penetration of the j -th protection level by overcoming D j -th means (method) of protection. Thus, the offender receives the opportunity to use information that is determined by the level j and D j -th means, to the detriment of the system. If at the j - http://www.iaeme.com/IJCIET/index.asp 5 editor@iaeme.com Optimization of Information and Communication Transport Systems Protection Tasks th level of protection it is possible to use several methods simultaneously, so these methods are combined in one and correspondingly correct the probabilistic, time and cost characteristics. The initial problem, taking into account the works’ results of [6–14], is presented in the following form. It is required to maximize the target function: N FR rj (x j ) j 1 , (7) with restrictions: N d (x j 1 ij x j 1,2,...Aj where j i 1,2,.., MI, ) Dmpi , (8) j 1,2,..., N, , dij (x j ) 0, rj (x j ) 0, (9) j = 1,2,..., N, i = 1,2,..., MI. On the basis of the dynamic programming method optimality principle, two functional equations can be made: f n ( D1n ,D2 n ,...,D mn ) max f n1 x unX un n 1,2,..., N, D1n d1n(xn ),D 2 n d 2 n(xn ),...,D mn d mn(xn ) rn(xn ), (10) m 1,2,..., MI. PAn(D 0 mp1n ,D 0 mp2 n ,...,D 0 mpmn ) max PAun1 xnX n +rn(x n ), n N,N 1,...,1, where D 0 mpі1n d1n(x n ), 0 0 D mpі2 n d 2 n(x n ),...,D mpmn d mpmn (x n ) (11) m 1,2 ,...,MI, n N j 1 j n Dmpin d ij(x j ), D in0 d ij(x j ), i 1,2,...m. The functional equations (10) and (11) differ from the usual functional equations in that the number of restrictions in them is not constant, they can be solved at different values m 1,2,...,MI. To complete the dual problem, the joint task (7) – (9) is given in the form of a linear task with additional constraints: N Aj FR max rkj xkj , j 1 k 1 http://www.iaeme.com/IJCIET/index.asp 6 editor@iaeme.com V. Lakhno, S. Tsiutsiura, Y. Ryndych, A. Blozva, A.Desiatko, Y. Usov and S. Kaznadiy N Aj d j 1 k 1 Aj x k 1 kj x Dmpi , ikj kj 1, i 1,2,...,MI (12) j 1,2,..., N. xkj 0,1, k 1,2,..., Aj , (13) j 1,2,..., N The condition (13) is weakened and replaced by the condition 0 xkj 1, then dual with respect to the task (2) is the task: MI N MI ZL min Dmpi yi yi , i MI 1 i 1 MI d i 1 ikj (14) yi y MI j rkj , k 1,2,..., Aj , j 1,2,..., N, (15) y i 0, i 1,2,...,MI N. (16) where MI is the number of threats for ICTS. The task (14) – (16) is used to rearrange the restrictions on stiffness. From the economic interpretation of the dual task, it follows that the greater the value of the variable, the more restrictive it is to it. In view of this, the restriction of the original task must be arranged in a manner i1 ,i2 ,..., iMI , that satisfies the condition y i1 y i2 ... y iMI . Experimental verification results of the preliminary determination variables branching order effect are shown in Fig. 1. С1 – is a simplex-method without branches order determining; С2 – is a simplex-method with branches order determining. Figure 1. Comparative characteristics of the branches and limits method for different restrictions stiffness values http://www.iaeme.com/IJCIET/index.asp 7 editor@iaeme.com Optimization of Information and Communication Transport Systems Protection Tasks The analysis of the results showed that the use of the preliminary determination variables branching order method together with estimation decision limits simple-method can reduce the time of solving tasks in 5 – 20 times. 6. RESULTS AND DISCUSSION The analysis of the obtained results showed that the volume of information circulating in the system at the expense of rational distribution of PM and MI decreased by 17–20%, with more than 35% increase in the probability of solving all problems in the system with a minimum amount of restorative reserve for each PA and IA, while increasing the stability of the information-computing process [17, 18]. The simulation results showed that the probability of solving all tasks in the system with allowance for restorative redundancy at the volume of the reserve in one copy increased by 28–30% with increasing probability of solving each of the tasks not lower than 5–7%. 7. GRATITUDES The research and the article were done within the framework of promising scientific and technical programs of the Department of Computer Systems and Networks of the National University of Life and Environmental Sciences of Ukraine, as well as the grant of the Republic of Kazakhstan, registration number AP05132723 “Development of adaptive expert systems in the area of cybersecurity of critical objects of informatization”. 8. CONCLUSIONS The article proposes the modified algorithm for estimating the limits of the dual problem solution with the branching order determination for solving the problems of providing information security in ICTS. Under the computing experiment, the effectiveness influence of the previous determination branching order of variables is checked. The use of the improved algorithm, as well as the complex of models and methods developed for its optimization in the information computing process is proved and ensuring the security of the information, allows to increase the validity of the decisions taken at the stages of the ICTS designing, exploitation and reconstruction of ICTS with distributed processing. The proposed methods and algorithms are universal and can be applied to solve a wide range of optimization tasks. REFERENCES [1] [2] [3] [4] [5] Gordon, L. A., & Loeb, M. P. (2002). The Economics of Information Security Investment. ACM Transactions On Information and System Security (TISSEC), 5(4), pp. 438–457. Lakhno, V.A., Kravchuk, P.U., Malyukov, V.P., Domrachev, V.N., Myrutenko, L.V., Piven, O.S. (2017). Developing of the cyber security system based on clustering and formation of control deviation signs, Journal of Theoretical and Applied Information Technology, Vol. 95, Iss. 21, pp. 5778–5786. Cavusoglu, H., Mishra, B., & Raghunathan, S. (2004). A Model for Evaluating IT Security Investments.Communications of The ACM,47(7), pp. 87–92. Campbell, K., Gordon, L. A., Loeb, M. P., & Zhou, L. (2003). The Economic Cost of Publicly Announced Information Security Breaches: Empirical Evidence from The Stock Market.Journal of Computer Security,11(3), 431–448. Osobennosti zashchity informacii v raspredelennyh sistemah telekommunikacij i korporativnyh sistemah svyazi. V 3-h tomah [Tekst] / O.V. Esikov, R.N. Akinshin, A.S. Kislicyn // Obespechenie informacionnoj bezopasnosti v ehkonomicheskoj i http://www.iaeme.com/IJCIET/index.asp 8 editor@iaeme.com V. Lakhno, S. Tsiutsiura, Y. Ryndych, A. Blozva, A.Desiatko, Y. Usov and S. Kaznadiy [6] [7] [8] [9] [10] [11] [12] [13] [14] [15] [16] [17] [18] telekommunikacionnoj sferah: Kollektivnaya monografiya. Pod red. E.M. Suhareva. – M.: Radiotekhnika, 2003. Fielder, A., Panaousis, E., Malacaria, P., Hankin, C., & Smeraldi, F. (2016). Decision Support Approaches for Cyber Security Investment.Decision Support Systems,86, pp. 13– 23. Feng, N., Wang, H. J., & Li, M. (2014). A Security Risk Analysis Model for Information Systems: Causal Relationships of Risk Factors and Vulnerability Propagation Analysis .Information Sciences,256, pp. 57–73. Akhmetov, B. etc. (2018). Development of Sectoral Intellectualized Expert Systems and Decision Making Support Systems in Cybersecurity. In Proceedings of the Computational Methods in Systems and Software (pp. 162–171). Springer, Cham. Petrov, B. B., Karpinskyy, M., etc. (2016). Immune and defensive corporate systems with intellectual identification of threats. Śląska Oficyna Drukarska, Pszczyna. 212 p. Lakhno, V., Kozlovskyi, V., Boiko, Y., Mishchenko, A., Opirskyy, I. Management of Information Protection Based on the Integrated Implementation of Decision Support Systems, Easterneuropean Journal of Enterprise Technologies, 5/9 (89), 2017, pp. 36–42. Lakhno, V., Malyukov, V., Parkhuts, L., Buriachok, V., Satzhanov, B., & Tabylov, A. (2018). Funding Model for Port Information System Cyber Security Facilities with Incomplete Hacker Information Available. Journal of Theoretical & Applied Information Technology, 96(13). pp. 4215–4225. Akhmetov, B., etc. (2018). Models and Algorithms of Vector Optimization in Selecting Security Measures for Higher Education Institution’s Information Learning Environment. In Proceedings of the Computational Methods in Systems and Software (pp. 135–142). Springer, Cham. Lakhno, V., Petrov, A., & Petrov, A. “Development of a Support System for Managing the Cyber Security of Information and Communication Environment of Transport”, In International Conference on Information Systems Architecture and Technology, 2017, pp. 113–127. Springer, Cham. Lakhno V.A., Tretynyk V.V. (2019) Information Technologies for Maintaining of Management Activity of Universities. In: Hu Z., Petoukhov S., Dychka, I., He, M. (eds) Advances in Computer Science for Engineering and Education. ICCSEEA 2018. Advances in Intelligent Systems and Computing, vol 754. pp. 663–672. Lakhno, V., Tkach, Y.,Petrenko, T.,Zaitsev, S. & Bazylevych, V. (2016). Development of adaptive expert system of information security using a procedure of clustering the attributes of anomalies and cyber attacks. Eastern European Journal of Enterprise Technologies, 6/9 (84), pp. 32–44. Lakhno, V.,Zaitsev, S.,Tkach, Y. &Petrenko, T. Adaptive expert systems development for cyber attacks recognition in information educational systems on the basis of signs’ clustering. Advances in Intelligent Systems and Computing, volume 754, pp. 673–682. V. Lakhno, V. Buriachok, L. Parkhuts etc. (2018). Development of a conceptual model of adaptive access rights management with using the apparatus of Petri nets. International Journal of Civil Engineering & Technology (IJCIET), Vol. 9, Iss. 11, pp. 95–104. B. Akhmetov, L.Kydyralina etc. (2018). Model for a computer decision support system on mutual investment in the cybersecurity of educational institutions, International Journal of Mechanical Engineering & Technology (IJMET), Vol. 9,Iss. 10, pp. 1114–1122. http://www.iaeme.com/IJCIET/index.asp 9 editor@iaeme.com