MODELING OF SECURITY THREATS FOR BUILDING A COMPREHENSIVE INFORMATION PROTECTION SYSTEM AT OBJECT OF INFORMATIZATION
Abstract
Within the framework of this study, the typical structure of the informatization facility was analyzed in detail, which allowed qualified specialists to better understand the mechanisms and aspects through which various categories of objects and subjects of information processing that may be subject to security threats. The main mechanism for building a comprehensive information security system is the threat model. This model is aimed at identifying and identifying potential threats, their subsequent analysis and minimizing the risks of their implementation associated with damage to the informatization facility. In the framework of this study, the domestic FSTEC knowledge base and the international ATT&CK and CAPEC knowledge bases are considered to build a threat model. They contain comprehensive information about the tactics and techniques used by intruders in carrying out attacks on informatization facilities. In the course of the research, various tactics used by the attackers were classified in detail. Special attention was paid to the definition of the main tactics that determine the entry points of the informatization object, which are used to further carry out the attack. In the context of developing an effective threat model, it seems advisable to conduct a comprehensive analysis of the data contained in knowledge bases and their subsequent joint use in the process of building a threat model at informatization facilities. This approach makes it possible to systematize and structure information, which contributes to a more accurate and reasonable construction of a model for the implementation of potential threats at different stages of an attack on an informatization facility. To build a comprehensive information security system, a decision support system was considered. The analysis of modern scientific research devoted to the applied methods in the construction of support systems is carried out. As a result of the work, the relationship between knowledge bases of tactics and techniques, as well as well-known vulnerabilities, was shown using the ontology method, which allows us to build a model of a complex threat attack, and identify the targets affected by an attacker at various stages of a complex attack, the criticality of the vulnerability used and the platform on which this vulnerability is implemented, and the definition of negative consequences
References
1. O Strategii natsional'noy bezopasnosti Rossiyskoy Federatsii: ukaz Prezidenta Rossiyskoy Federatsii ot 02.07.2021 g. № 400 [On the National Security Strategy of the Russian Federation: Decree of the Presi-dent of the Russian Federation dated 07/02/2021 No. 400].
2. Doktrina informatsionnoy bezopasnosti Rossiyskoy Federatsii: Utverzhdena Ukazom Prezidenta Ros-siyskoy Federatsii ot 5 dekabrya 2016 g. № 646 [Information Security Doctrine of the Russian Federa-tion: Approved by Decree of the President of the Russian Federation No. 646 dated December 5, 2016].
3. Yagnina O.A., Shcherbov I.L., Yakushina A.E. Prinyatie resheniya po organizatsii zashchity informatsii na ob"ektakh informatizatsii [Decision-making on the organization of information protection at in-formatization facilities], Informatika i kibernetika [Informatics and Cybernetics], 2022, No. 1 (27), pp. 31-35. EDN VYNLED.
4. GOST R 51275-2006. Zashchita informatsii. Ob"ekt informatizatsii. Faktory, vozdeystvuyushchie na informatsiyu. Obshchie polozheniya [GOST R 51275-2006. Information protection. The object of in-formatization. Factors influencing information. General provisions].
5. Metodicheskiy dokument «Metodika otsenki ugroz bezopasnosti informatsii»: Utverzhden FSTEK Ros-sii 5 fevralya 2021 g. [Methodological document "Methodology for assessing information security threats": Approved by the FSTEC of Russia on February 5, 2021].
6. MITTRE ATT&CK obshchedostupnaya baza znaniy o taktikakh i tekhnika zloumyshlennikov, osno-vannaya na real'nykh nablyudeniyakh [MITTRE ATT&CK a publicly available knowledge base on the tactics and techniques of intruders based on real observations]. Available at: https://attack.mitre.org/ (accessed 15 April 2025).
7. CAPEC slovar' izvestnykh skhem atak, ispol'zuemykh protivnikami dlya ispol'zovaniya izvestnykh ne-dostatkov v vozmozhnostyakh kiberbezopasnosti [CAPEC dictionary of known attack schemes used by opponents to exploit known flaws in cybersecurity capabilities]. Available at: https://capec.mitre.org/ (accessed 15 April 2025).
8. CWE spisok obshchedostupnykh uyazvimostey programmnogo-apparatnogo obespecheniya, razrabo-tannyy soobshchestvom [CWE list of publicly available software and hardware vulnerabilities developed by the community]. Available at: https://cwe.mitre.org/ (accessed 15 April 2025).
9. CVE baza dannykh obshcheizvestnykh uyazvimostey [CVE database of well-known vulnerabilities]. Available at: https://www.cve.org/ (accessed 15 April 2025).
10. Bank dannykh ugroz bezopasnosti informatsii FSTEK. Soderzhit svedeniya ob osnovnykh ugrozakh i uyazvimostyakh [The FSTEC Information Security Threat Database. Contains information about the main threats and vulnerabilities]. Available at: https://bdu.fstec.ru/threat (accessed 15 April 2025).
11. CVSS obshchaya sistema otsenki uyazvimostey [CVSS general vulnerability assessment system]. Available at: https://nvd.nist.gov/vuln-metrics/cvss (accessed 15 April 2025).
12. Shcherbov I.L., Yakushina A.E. Primenenie sistem podderzhki prinyatiya resheniy pri likvidatsii ChS [Application of decision support systems in emergency response], Pozharnaya i tekhnosfernaya be-zopasnost': problemy i puti sovershenstvovaniya [Fire and technosphere safety: problems and ways of improvement], 2019, No. 3 (4), pp. 234-239. EDN TNHWWV.
13. Baranov V.V. Integral'naya model' otsenki zashchishchennosti ob"ektov informatizatsii v usloviyakh destruktivnogo vozdeystviya [An integral model for assessing the security of informatization facilities under conditions of destructive influence], Vestnik SibGUTI [Bulletin of SibGUTI], 2022, No. 3 (59). Available at: https://cyberleninka.ru/article/n/integralnaya-model-otsenki-zaschischennosti-obektov-informatizatsii-v-usloviyah-destruktivnogo-vozdeystviya (accessed 25 March 2025).
14. Baranov V.V., Shelupanov A.A. Metodika i algoritmy rascheta zashchishchennosti elementov raspre-delennykh informatsionnykh sistem v usloviyakh destruktivnogo vozdeystviya [Methods and algorithms for calculating the security of elements of distributed information systems under conditions of destructive influence], Doklady TUSUR [Reports of TUSUR], 2022, Vol. 25, No. 4, pp. 88-100. DOI: 10.21293/1818-0442-2022-25-4-88-100.
15. Parshenkova Yu.A., Maksimova E.A., Matveev A.V. Analiz riskov informatsionnoy bezopasnosti na ob"ektakh kriticheskoy informatsionnoy infrastruktury s pomoshch'yu neyronnykh setey i nechetkikh kognitivnykh kart [Analysis of information security risks at critical information infrastructure facilities using neural networks and fuzzy cognitive maps], Vestnik Sankt-Peterburgskogo universiteta GPS MChS Rossii [Bulletin of the Saint Petersburg University of the Ministry of Emergency Situations of Russia], 2024, No. 3, pp. 86-97. Available at: https://doi.org/10.61260/2218-130X-2024-3-86-97 (ac-cessed 25 March 2025).
16. Vasil'ev V.I., Vul'fin A.M., Kirillova A.D., Kuchkarova N.V. Metodika otsenki aktual'nykh ugroz i uyazvimostey na osnove tekhnologiy kognitivnogo modelirovaniya i Text Mining [Methods for as-sessing current threats and vulnerabilities based on cognitive modeling and Text Mining technologies], Sistemy upravleniya, svyazi i bezopasnosti [Management, communication and security systems], 2021, No. 3, pp. 110-133.
17. Vasil'ev V.I., Vul'fin A.M., Guzairov M.B., Kirillova A.D. Interval'noe otsenivanie informatsionnykh riskov s pomoshch'yu nechetkikh serykh kognitivnykh kart [Interval assessment of information risks us-ing fuzzy gray cognitive maps], Informatsionnye tekhnologii [Information Technologies], 2018,
Vol. 24, No. 10, pp. 657-664. DOI: 10.17587/it.24.657-664. EDN YLHRUT.
18. Abramov E.S., Gevorgyan R.A. Postroenie ontologicheskoy modeli komp'yuternogo prestupleniya [Con-struction of an ontological model of computer crime], Sistemnyy sintez i prikladnaya sinergetika: Sb. nauchnykh rabot XI Vserossiyskoy nauchnoy konferentsii, p. Nizhniy Arkhyz, 27 sentyabrya – 01 2022 goda [System synthesis and applied synergetics: Collection of scientific papers of the XI All-Russian Scientific Conference, Nizhny Arkhyz settlement, September 27 – 01, 2022]. Rostov-on-Don – Tagan-rog: YuFU, 2022, pp. 147-153. DOI: 10.18522/syssyn-2022-29. EDN MEWLTW.
19. Brazhuk A. Threat modeling of cloud systems with ontological security pattern catalog, International Journal of Open Information Technologies, 2021, Vol. 9, No. 5, pp. 36-41. EDN JGZXIC.
20. Glukhov N.I., Nasedkin P.N. Analitika vnutrennikh ugroz informatsionnoy bezopasnosti predpriyatiy [Analytics of internal threats to information security of enterprises], Doklady Tomskogo gosudarstven-nogo universiteta sistem upravleniya i radioelektroniki [Reports of Tomsk State University of Control Systems and Radio Electronics], 2021, Vol. 24, No. 1, pp. 33-41. DOI: 10.21293/1818-0442-2021-24-1-33-41. EDN VRETNT.
