Abstract:
Based on the apparatus of regenerating processes, a model is analyzed that describes the process of malicious attacks on a protected object of critical information infrastructure (CII). It is assumed that the intervals between the successive moments of preparation and implementation of malicious attacks are completely independent. These intervals are quite large for each of the attack sources, and the sources do not communicate with each other. The probability of a successful attack from a single source is quite low, so the moments of a successful attack for each of the attack sources are far enough apart from each other. As a result, the event associated with the successful completion of the attack for the attacker is a rare event. However, due to the fact that a successful attack on a CII facility generates large losses and costs, it becomes necessary to study the process under consideration. The main characteristic under study within the framework of the described model is the first (nearest) moment of successful malicious attack. This characteristic is one of the most important for the process of countering attacks. Numerical estimates of the parameters of the moment of the first successful attack will make it possible to more adaptively organize the process of countering attacks by implementing additional information security measures at the most dangerous and vulnerable time intervals. The analysis of this characteristic was performed in the context of the heterogeneity of the behavior of the entire process of countering attacks and countering them. It is assumed that the intervals between successive moments of attacks and the probabilities of attack success vary over time according to a power law on average. This assumption reflects the process of dynamic change in the sources of attacks and in the protection system of the CII facility. An asymptotic relationship is derived for the normal value of the moment of the first attack in conditions when the intervals between successive moments of attacks grow indefinitely, but at the same time the number of attack sources increases so that the average proportion of successful attacks tends to a certain non-zero limit. Asymptotic expressions for the average time to the nearest attack are obtained.
Keywords:information security, critical infrastructure object, time of the nearest successful attack, non-homogeneous regenerative processes, rare events, asymptotic behavior, power-law variation over time.
Fulltext:
PDF file (322 kB)