RECONFIGURATION METAGRAMMATICS FOR DESCRIPTION AND MODELING OF MULTI-STAGE COMPLEX ATTACKS

Authors

  • О.I. Atakishchev ANO "Institute of Engineering Physics"
  • V.G. Gribunin ANO "Institute of Engineering Physics"
  • V.E. Ananyev ANO "Institute of Engineering Physics"
  • Е.А. Titenko South-West State University image/svg+xml

Keywords:

Modeling, hierarchical parsing, structural adaptation, reconfiguration-matching rule

Abstract

The purpose of the study is determined by a significant expansion of the classes of threats to
modern automated systems, the dynamic development of tactics and techniques for attacking their
information resources. The available methods and hardware and software tools effectively resist
single-stage attacks that have a fixed scheme of destructive impact and time-limited activity. Modern
types of destructive influences are understood as multi-stage complex attacks, for which it is
important to create an adequate and effective apparatus for describing, modeling and repelling
new types of attacks. Research methods are based on the development of a structural-algebraic
approach, primarily on the apparatus of formal grammars and metagrammars. It has been established
that the well-known formal models for describing and modeling multi-stage complex attacks
are cumbersome, and their modification is difficult. Most attack descriptors are not equipped with
a representative set of methods for structural and algebraic analysis of such complexly structured
objects. To describe, model and repel such attacks, a class of reconfiguration metagrammars has
been developed. These metagrammars contain a set of regular and reconfiguration rules for
matching between grammar elements within the grammar. These rules allow you to select specific
branches of the search graph depending on the achieved parsing states. This property significantly
reduces the search space and thus increases the specific efficiency of the search. The developed
apparatus of reconfiguration metagrammars creates the necessary theoretical basis for their effective
use in modeling and reflecting existing and prospective ICAs that have a structural-linguistic
description. The resulting qualimetric five-dimensional diagram, built on a set of practically significant
indicators (homogeneity, connectivity, compactness, adaptability, directionality) showed
the advantage of reconfiguration metagrammars over general metagrammars. Methods of parsing
in reconfiguration metagrammars differ in structural rules of reconfiguration (structural adaptation)
and selection criteria for their adaptation. These procedural features make it possible to
expand the possibilities of attack modeling and improve the efficiency of procedures for repelling
multi-stage complex attacks.

References

Downloads

Published

2023-02-17

Issue

No. 5 (2022)

Section

SECTION II. MODELING OF PROCESSES AND SYSTEMS