RECONFIGURATION METAGRAMMATICS FOR DESCRIPTION AND MODELING OF MULTI-STAGE COMPLEX ATTACKS
Keywords:
Modeling, hierarchical parsing, structural adaptation, reconfiguration-matching rule
Abstract
The purpose of the study is determined by a significant expansion of the classes of threats to
modern automated systems, the dynamic development of tactics and techniques for attacking their
information resources. The available methods and hardware and software tools effectively resist
single-stage attacks that have a fixed scheme of destructive impact and time-limited activity. Modern
types of destructive influences are understood as multi-stage complex attacks, for which it is
important to create an adequate and effective apparatus for describing, modeling and repelling
new types of attacks. Research methods are based on the development of a structural-algebraic
approach, primarily on the apparatus of formal grammars and metagrammars. It has been established
that the well-known formal models for describing and modeling multi-stage complex attacks
are cumbersome, and their modification is difficult. Most attack descriptors are not equipped with
a representative set of methods for structural and algebraic analysis of such complexly structured
objects. To describe, model and repel such attacks, a class of reconfiguration metagrammars has
been developed. These metagrammars contain a set of regular and reconfiguration rules for
matching between grammar elements within the grammar. These rules allow you to select specific
branches of the search graph depending on the achieved parsing states. This property significantly
reduces the search space and thus increases the specific efficiency of the search. The developed
apparatus of reconfiguration metagrammars creates the necessary theoretical basis for their effective
use in modeling and reflecting existing and prospective ICAs that have a structural-linguistic
description. The resulting qualimetric five-dimensional diagram, built on a set of practically significant
indicators (homogeneity, connectivity, compactness, adaptability, directionality) showed
the advantage of reconfiguration metagrammars over general metagrammars. Methods of parsing
in reconfiguration metagrammars differ in structural rules of reconfiguration (structural adaptation)
and selection criteria for their adaptation. These procedural features make it possible to
expand the possibilities of attack modeling and improve the efficiency of procedures for repelling
multi-stage complex attacks.
References
1. Anishchenko A.V., Yazov Yu.K. Seti Petri-Markova i ikh primenenie dlya modelirovaniya
protsessov realizatsii ugroz bezopasnosti informatsii v informatsionnykh sistemakh:
monografiya [Petri-Markov networks and their application for modeling the processes of implementing
information security threats in information systems: monograph]. Voronezh:
Kvarta, 2020, 173 p.
2. Maksimova E.A., Sadovnikova N.P. Otsenka infrastrukturnoy ustoychivosti sub"ekta
kriticheskoy informatsionnoy infrastruktury pri destruktivnykh vozdeystviyakh [Assessment of
infrastructural stability of a subject of critical information infrastructure under destructive influences],
Izvestiya YuFU. Tekhnicheskie nauki [Izvestiya SFedU. Engineering Sciences],
2021, No. 4 (221), pp. 155-165.
3. Atakishchev O.I., Borisenkov I.L., Gribunin V.G., Smirnov Ya.D. Kollegial'nye metagrammatiki
dlya modelirovaniya dinamichno izmenyaemykh programm sozdaniya sistem
informatsionnoy bezopasnosti [Collegial meta-grammars for modeling dynamically changing
programs for creating information security systems], Vestnik komp'yuternykh i
informatsionnykh tekhnologiy [Bulletin of Computer and Information Technologies], 2020,
No. 4 (190), pp. 29-43.
4. Atakishchev O.I., Adzhemov S.S., Emel'yanov S.G. Formal'nye grammatiki, metagrammatiki i
grammaticheskie struktury. Ikh primenenie pri prinyatii upravlencheskikh resheniy [Formal
grammars, metagrammatics, and grammatical structures. Their application in making
managerial decisions]. Moscow: MTUSI, 2010, 345 p.
5. Atakishchev O.I., Borisenkov I.L., TSar'kov A.N. Smirnov Ya.D. Osobennosti kollegial'nykh
metagrammatik i ikh ispol'zovaniya pri reshenii zadach grafodinamiki [Features of collegial
metagrammatics and their use in solving graphodynamics problems], Sb. materialov XV
Vserossiyskoy nauchno-prakticheskoy konferentsii «Perspektivnye sistemy i zadachi
upravleniya» [Collection of materials of the XV All-Russian Scientific and Practical Conference
"Perspective systems and management tasks"]. Rostov-on-Don – Taganrog: Izd-vo
YuFU, 2020, pp. 223-226.
6. Emel'yanov S.G., Atakishchev O.I., Strebkov D.A., Zaichko V.A. Nechetkaya mnogourovnevaya
modifikatsiya metoda analiza ierarkhiy i sposob opredeleniya otsenok predpochtitel'nosti
al'ternativnykh variantov sozdaniya slozhnykh sistem kosmicheskogo naznacheniya v usloviyakh
povysheniya neopredelennosti vneshney sredy [Fuzzy multilevel modification of the hierarchy analysis
method and a method for determining the preference estimates of alternative options for creating
complex space systems in conditions of increasing uncertainty of the external environment],
Izvestiya YuZGU [Proceedings of Southwest State University], 2012, No. 5 (44), Part 2, pp. 50-60.
7. Atakishcheva I.V., Emel'yanov S.G. [i dr.]. Etalonnaya model' dvoystvenno-atributnoy
transliruyushchey metagrammatiki i strukturno-lingvisticheskiy sposob obrabotki
slozhnoorganizovannykh dannykh [The reference model of dual-attribute broadcasting
metagrammatics and the structural-linguistic method of processing complexly organized data],
Izvestiya Tul'skogo gosudarstvennogo universiteta. Seriya «Tekhnologicheskaya
sistematika» [Izvestiya Tula State University. The series "Technological systematics"],
2006, Issue 14, pp.. 24-28.
8. Emel'yanov S.G., Atakishcheva I.V. Metagrammaticheskie modeli dlya opisaniya variantov
slozhnostrukturirovannykh strategiy upravleniya [Metagrammatic models for describing variants
of complex structured management strategies ], Perspektivnye sistemy i zadachi
upravleniya: Sb. materialov ko 2-y Vserossiyskoy nauchno-prakticheskoy konferentsii [Promising
management systems and tasks: Collection of materials for the 2nd All-Russian Scientific
and Practical Conference]. KChR Dombay, 2007, pp. 23-26.
9. Emel'yanov S.G., Atakishcheva I.V. [i dr.]. Osobennosti primeneniya strukturnolingvisticheskogo
podkhoda na osnove metagrammatik pri vybore slozhnostrukturirovannykh
strategiy i programm upravleniya [Features of the use of a structural-linguistic approach based
on metagrammatics in the selection of complex structured management strategies and programs],
Covremennye informatsionnye tekhnologii v deyatel'nosti organov gosudarstvennoy
vlasti: Sb. materialov 1-y Vserossiyskoy nauchno-tekhnicheskoy konferentsii [Modern information
technologies in the activities of public authorities: Collection of materials of the 1st
All-Russian Scientific and Technical Conference]. Kursk, 2008, pp. 90-92.
10. Emel'yanov S.G., Atakishcheva I.V. [i dr.]. Metagrammaticheskie modeli dlya opisaniya
slozhnostrukturirovannykh strategiy upravleniya i otsenki riskov ikh realizatsii [Metagrammatic
models for describing complex structured management strategies and risk assessment of their implementation],
Covremennye informatsionnye tekhnologii v deyatel'nosti organov gosudarstvennoy
vlasti: Sb. materialov 1-y Vserossiyskoy nauchno-tekhnicheskoy konferentsii [Modern information
technologies in the activities of public authorities: Collection of materials of the 1st All-Russian Scientific
and Technical Conference]. Kursk, 2008, pp. 92-94.
11. Bezkorovaynyy M.M., Kostogryzov A.I., L'vov V.M. Instrumental'no-modeliruyushchiy
kompleks otsenki kachestva funktsionirovaniya informatsionnykh sistem «KOK» [nstrumental
modeling complex for assessing the quality of functioning of information systems "KOK"].
Moscow: «Vooruzhenie. Politika. Konversiya», 2001, 304 p.
12. Iskusstvennyy intellect [Artificial intelligence]: In 3 books: handbook, ed. by D.A. Pospelova.
Moscow: Radio i svyaz', 1990.
13. Gorodetskiy V.I., Drozhzhin V.V., Yusupov R.M. Mnogourovnevye atributnye grammatiki dlya
modelirovaniya slozhnykh strukturno-dinamicheskikh sistem [Multilevel attribute grammars for
modeling complex structural and dynamic systems], Izvestiya AN SSSR. Tekhnicheskaya kibernetika
[News of the USSR Academy of Sciences. Technical cybernetics], 1986, No. 1, pp. 165.
14. Gorodetskiy V.I., Drozhzhin V.V., Polishchuk G.M., Yusupov R.M. [i dr.]. Mnogourovnevye
struktury atributnykh grammatik dlya modelirovaniya slozhnykh organizatsionnykh sistem i
ikh primenenie v zadachakh prinyatiya resheniy [Multilevel structures of attribute grammars
for modeling complex organizational systems and their application in decision-making tasks],
Metody obrabotki informatsii i prinyatiya resheniy: Nauch.-tekhn. sb. (tr.) [Methods of information
processing and decision-making: scientific and technical collection (works)]. Moscow:
MO SSSR, 1983, pp. 3.
15. Nikolaev A.V., Emel'yanov S.G., Gritsenko A.V. [i dr.]. Osobennosti primeneniya strukturnoalgebraicheskogo
podkhoda na osnove atributnykh grammaticheskikh setey k opisaniyu
topologicheskoy struktury seti obmena raznorodnoy informatsiey raspredelennoy sistemy
podderzhki prinyatiya resheniy [Features of the application of the structural-algebraic approach
based on attribute grammatical networks to the description of the topological structure of the network
for the exchange of heterogeneous information of a distributed decision support system],
Izvestiya Tul'skogo gos. un-ta. Seriya «Biznes-protsessy i biznes-sistemy» [News of the Tula State
University. The series "Business processes and business systems"], 2005, Issue 2, pp. 3-9.
16. Akho A., Ul'man Dzh. Teoriya sintaksicheskogo analiza, perevoda i kompilyatsii [Theory of
syntactic analysis, translation and compilation]. Books 1, 2. Moscow: Mir, 1978.
17. Titenko E.A., Semenikhin E.A., Uryas'eva M.V. Modifitsirovannaya sistema Tue i yazyk
obobshchennykh konfliktnykh slov dlya organizatsii parallel'nykh produktsionnykh
vychisleniy [The modified Tue system and the language of generalized conflict words for the
organization of parallel production calculations], Informatsionnye sistemy i tekhnologii [Information
Systems and Technologies], 2011, No. 5 (67), pp. 32-43.
18. Grivachev A.V., Emel'yanov S.G., Titenko E.A. Modifitsirovannaya produktsionnaya sistema
dlya resheniya zadachi strukturnogo raspoznavaniya obrazov [Modified production system for
solving the problem of structural pattern recognition], Naukoemkie tekhnologii [High-tech
technologies], 2014, Vol. 15, No. 12, pp. 9-12.
19. Emel'yanov S.G., Titenko E.A., Zerin I.S. Odnorodnye vychislitel'nye struktury dlya
parallel'nykh simvol'nykh vychisleniy [Homogeneous computational structures for parallel
symbolic computations], Izvestiya Yugo-Zapadnogo gosudarstvennogo universiteta [Proceedings
of the Southwestern State University], 2011, No. 6-2 (39), pp. 77-82.
20. Dovgal' V.M., Titov V.S., Titenko E.A. Strategii bystrykh simvol'nykh vychisleniy dlya
ischislitel'noy produktsionnoy sistemy [Strategies of fast symbolic calculations for the calculus
production system], Izvestiya vysshikh uchebnykh zavedeniy. Priborostroenie [News of higher
educational institutions. Instrumentation], 2008, Vol. 51, No. 2, pp. 44-47.
21. Maksimova E.A. Metody vyyavleniya i identifikatsii istochnikov destruktivnykh voz-deystviy
infrastrukturnogo geneza [Methods of identification and identification of sources of destructive
impacts of infrastructural genesis], Elektronnyy setevoy politematicheskiy zhurnal "Nauchnye
trudy KubGTU" [Electronic network polythematic journal "Scientific works of KubSTU"],
2022, No. 2, pp. 86-99.
protsessov realizatsii ugroz bezopasnosti informatsii v informatsionnykh sistemakh:
monografiya [Petri-Markov networks and their application for modeling the processes of implementing
information security threats in information systems: monograph]. Voronezh:
Kvarta, 2020, 173 p.
2. Maksimova E.A., Sadovnikova N.P. Otsenka infrastrukturnoy ustoychivosti sub"ekta
kriticheskoy informatsionnoy infrastruktury pri destruktivnykh vozdeystviyakh [Assessment of
infrastructural stability of a subject of critical information infrastructure under destructive influences],
Izvestiya YuFU. Tekhnicheskie nauki [Izvestiya SFedU. Engineering Sciences],
2021, No. 4 (221), pp. 155-165.
3. Atakishchev O.I., Borisenkov I.L., Gribunin V.G., Smirnov Ya.D. Kollegial'nye metagrammatiki
dlya modelirovaniya dinamichno izmenyaemykh programm sozdaniya sistem
informatsionnoy bezopasnosti [Collegial meta-grammars for modeling dynamically changing
programs for creating information security systems], Vestnik komp'yuternykh i
informatsionnykh tekhnologiy [Bulletin of Computer and Information Technologies], 2020,
No. 4 (190), pp. 29-43.
4. Atakishchev O.I., Adzhemov S.S., Emel'yanov S.G. Formal'nye grammatiki, metagrammatiki i
grammaticheskie struktury. Ikh primenenie pri prinyatii upravlencheskikh resheniy [Formal
grammars, metagrammatics, and grammatical structures. Their application in making
managerial decisions]. Moscow: MTUSI, 2010, 345 p.
5. Atakishchev O.I., Borisenkov I.L., TSar'kov A.N. Smirnov Ya.D. Osobennosti kollegial'nykh
metagrammatik i ikh ispol'zovaniya pri reshenii zadach grafodinamiki [Features of collegial
metagrammatics and their use in solving graphodynamics problems], Sb. materialov XV
Vserossiyskoy nauchno-prakticheskoy konferentsii «Perspektivnye sistemy i zadachi
upravleniya» [Collection of materials of the XV All-Russian Scientific and Practical Conference
"Perspective systems and management tasks"]. Rostov-on-Don – Taganrog: Izd-vo
YuFU, 2020, pp. 223-226.
6. Emel'yanov S.G., Atakishchev O.I., Strebkov D.A., Zaichko V.A. Nechetkaya mnogourovnevaya
modifikatsiya metoda analiza ierarkhiy i sposob opredeleniya otsenok predpochtitel'nosti
al'ternativnykh variantov sozdaniya slozhnykh sistem kosmicheskogo naznacheniya v usloviyakh
povysheniya neopredelennosti vneshney sredy [Fuzzy multilevel modification of the hierarchy analysis
method and a method for determining the preference estimates of alternative options for creating
complex space systems in conditions of increasing uncertainty of the external environment],
Izvestiya YuZGU [Proceedings of Southwest State University], 2012, No. 5 (44), Part 2, pp. 50-60.
7. Atakishcheva I.V., Emel'yanov S.G. [i dr.]. Etalonnaya model' dvoystvenno-atributnoy
transliruyushchey metagrammatiki i strukturno-lingvisticheskiy sposob obrabotki
slozhnoorganizovannykh dannykh [The reference model of dual-attribute broadcasting
metagrammatics and the structural-linguistic method of processing complexly organized data],
Izvestiya Tul'skogo gosudarstvennogo universiteta. Seriya «Tekhnologicheskaya
sistematika» [Izvestiya Tula State University. The series "Technological systematics"],
2006, Issue 14, pp.. 24-28.
8. Emel'yanov S.G., Atakishcheva I.V. Metagrammaticheskie modeli dlya opisaniya variantov
slozhnostrukturirovannykh strategiy upravleniya [Metagrammatic models for describing variants
of complex structured management strategies ], Perspektivnye sistemy i zadachi
upravleniya: Sb. materialov ko 2-y Vserossiyskoy nauchno-prakticheskoy konferentsii [Promising
management systems and tasks: Collection of materials for the 2nd All-Russian Scientific
and Practical Conference]. KChR Dombay, 2007, pp. 23-26.
9. Emel'yanov S.G., Atakishcheva I.V. [i dr.]. Osobennosti primeneniya strukturnolingvisticheskogo
podkhoda na osnove metagrammatik pri vybore slozhnostrukturirovannykh
strategiy i programm upravleniya [Features of the use of a structural-linguistic approach based
on metagrammatics in the selection of complex structured management strategies and programs],
Covremennye informatsionnye tekhnologii v deyatel'nosti organov gosudarstvennoy
vlasti: Sb. materialov 1-y Vserossiyskoy nauchno-tekhnicheskoy konferentsii [Modern information
technologies in the activities of public authorities: Collection of materials of the 1st
All-Russian Scientific and Technical Conference]. Kursk, 2008, pp. 90-92.
10. Emel'yanov S.G., Atakishcheva I.V. [i dr.]. Metagrammaticheskie modeli dlya opisaniya
slozhnostrukturirovannykh strategiy upravleniya i otsenki riskov ikh realizatsii [Metagrammatic
models for describing complex structured management strategies and risk assessment of their implementation],
Covremennye informatsionnye tekhnologii v deyatel'nosti organov gosudarstvennoy
vlasti: Sb. materialov 1-y Vserossiyskoy nauchno-tekhnicheskoy konferentsii [Modern information
technologies in the activities of public authorities: Collection of materials of the 1st All-Russian Scientific
and Technical Conference]. Kursk, 2008, pp. 92-94.
11. Bezkorovaynyy M.M., Kostogryzov A.I., L'vov V.M. Instrumental'no-modeliruyushchiy
kompleks otsenki kachestva funktsionirovaniya informatsionnykh sistem «KOK» [nstrumental
modeling complex for assessing the quality of functioning of information systems "KOK"].
Moscow: «Vooruzhenie. Politika. Konversiya», 2001, 304 p.
12. Iskusstvennyy intellect [Artificial intelligence]: In 3 books: handbook, ed. by D.A. Pospelova.
Moscow: Radio i svyaz', 1990.
13. Gorodetskiy V.I., Drozhzhin V.V., Yusupov R.M. Mnogourovnevye atributnye grammatiki dlya
modelirovaniya slozhnykh strukturno-dinamicheskikh sistem [Multilevel attribute grammars for
modeling complex structural and dynamic systems], Izvestiya AN SSSR. Tekhnicheskaya kibernetika
[News of the USSR Academy of Sciences. Technical cybernetics], 1986, No. 1, pp. 165.
14. Gorodetskiy V.I., Drozhzhin V.V., Polishchuk G.M., Yusupov R.M. [i dr.]. Mnogourovnevye
struktury atributnykh grammatik dlya modelirovaniya slozhnykh organizatsionnykh sistem i
ikh primenenie v zadachakh prinyatiya resheniy [Multilevel structures of attribute grammars
for modeling complex organizational systems and their application in decision-making tasks],
Metody obrabotki informatsii i prinyatiya resheniy: Nauch.-tekhn. sb. (tr.) [Methods of information
processing and decision-making: scientific and technical collection (works)]. Moscow:
MO SSSR, 1983, pp. 3.
15. Nikolaev A.V., Emel'yanov S.G., Gritsenko A.V. [i dr.]. Osobennosti primeneniya strukturnoalgebraicheskogo
podkhoda na osnove atributnykh grammaticheskikh setey k opisaniyu
topologicheskoy struktury seti obmena raznorodnoy informatsiey raspredelennoy sistemy
podderzhki prinyatiya resheniy [Features of the application of the structural-algebraic approach
based on attribute grammatical networks to the description of the topological structure of the network
for the exchange of heterogeneous information of a distributed decision support system],
Izvestiya Tul'skogo gos. un-ta. Seriya «Biznes-protsessy i biznes-sistemy» [News of the Tula State
University. The series "Business processes and business systems"], 2005, Issue 2, pp. 3-9.
16. Akho A., Ul'man Dzh. Teoriya sintaksicheskogo analiza, perevoda i kompilyatsii [Theory of
syntactic analysis, translation and compilation]. Books 1, 2. Moscow: Mir, 1978.
17. Titenko E.A., Semenikhin E.A., Uryas'eva M.V. Modifitsirovannaya sistema Tue i yazyk
obobshchennykh konfliktnykh slov dlya organizatsii parallel'nykh produktsionnykh
vychisleniy [The modified Tue system and the language of generalized conflict words for the
organization of parallel production calculations], Informatsionnye sistemy i tekhnologii [Information
Systems and Technologies], 2011, No. 5 (67), pp. 32-43.
18. Grivachev A.V., Emel'yanov S.G., Titenko E.A. Modifitsirovannaya produktsionnaya sistema
dlya resheniya zadachi strukturnogo raspoznavaniya obrazov [Modified production system for
solving the problem of structural pattern recognition], Naukoemkie tekhnologii [High-tech
technologies], 2014, Vol. 15, No. 12, pp. 9-12.
19. Emel'yanov S.G., Titenko E.A., Zerin I.S. Odnorodnye vychislitel'nye struktury dlya
parallel'nykh simvol'nykh vychisleniy [Homogeneous computational structures for parallel
symbolic computations], Izvestiya Yugo-Zapadnogo gosudarstvennogo universiteta [Proceedings
of the Southwestern State University], 2011, No. 6-2 (39), pp. 77-82.
20. Dovgal' V.M., Titov V.S., Titenko E.A. Strategii bystrykh simvol'nykh vychisleniy dlya
ischislitel'noy produktsionnoy sistemy [Strategies of fast symbolic calculations for the calculus
production system], Izvestiya vysshikh uchebnykh zavedeniy. Priborostroenie [News of higher
educational institutions. Instrumentation], 2008, Vol. 51, No. 2, pp. 44-47.
21. Maksimova E.A. Metody vyyavleniya i identifikatsii istochnikov destruktivnykh voz-deystviy
infrastrukturnogo geneza [Methods of identification and identification of sources of destructive
impacts of infrastructural genesis], Elektronnyy setevoy politematicheskiy zhurnal "Nauchnye
trudy KubGTU" [Electronic network polythematic journal "Scientific works of KubSTU"],
2022, No. 2, pp. 86-99.
Published
2023-02-17
Issue
Section
SECTION II. MODELING OF PROCESSES AND SYSTEMS
