##plugins.themes.bootstrap3.article.main##

  •   Oleksandr Kireienko

Abstract

Attack scenarios with limitations were investigated. Resource-factors and condition-factors were set as two types of limitations. Resource-factors are spent at each step of attack and can be replenished completely or partially if a given attack step was successful. A situation, where successful completion of current step with one or more preceding ones is required to replenish resource-factors, is possible. After each step of attack the violator can “exchange” resource-factors to accumulate the required amount of those factors for the next step. The lack of the required amount of resource-factors may either forcefully interrupt an attack or to lower success probability or reduce the time required by protection side to discover the consequences of an attack. This article doesn’t consider the change of relative cost of resource-factors, that is caused by urgency, so that all resource-factors have fixed cost regardless of violator’s reserve of these resource-factors. 
Conditions-factors are fixed limitations for conducting an attack. Discrepancy of condition-factors makes it impossible to either start an attack or to finish the current attack’s step. In certain cases the lack in one condition-factor can be compensated with excess of another condition-factor or via spending additional resource-factors.
The influence on resource-factors and condition-factors is laid as a basis of protection strategies. The strategy of increasing the values of condition-factors for violator decreases the total amount of attacks on a system by screening beginner violators. The threat level from groups of violators and from experienced violators will remain unchanged. The strategy of increasing the rate of resource-factors spending is designed to interrupt attacks in progress. Strategy of decreasing the amount of resource-factors that can be replenished after successful completion of certain steps of attack scenario is meant to decrease violator’s interest in attacking specifically our system and to decrease the chances of attack repetition if an attack occurred.

Keywords: condition-factors, multifactor violator model, scenario violator model, resource-factors

References

Yu. M. Polekhina, D. S. Tymofeiev (2010). Model Porushnyka. Meta ta Pryntsypy Rozrobky. Sovremennyye informatsionnyye tekhnologii. [Online]. Available: http://www.rusnauka.com/11_EISN_2010/Informatica/63866.doc.htm

D. S. Biriukov, V. A. Zaslavskyi, V. V. Yevhiienko and O. V. Franchuk, “Modeliuvannia ta Otsinka Stsenariiv Zahroz dlia Obiektiv krytychnoi Infrastruktury,” NAUKOVI ZAPYSKY, vol. 99, pp. 97-101, 2009

V. L. Buriachok, “Model Formuvannia Dereva Atak dlia oderzhannia Informatsii v informatsiino-telekomunikatsiinykh Systemakh i Merezhakh pry vyluchenomu Dostupi.” Informatyka ta matematychni metody v modeliuvanni, vol. 3, ?2, pp. 123-131, 2013

M.M. Voitko, “Pobudova uzahalnenoi Modeli Zahroz dlia System Internet-bankinhu.” Financialspace, vol. 3(15), pp. 33-38, 2014

I. V. Kotenko, M. V. Stepashkin (2013). Modeli Deystviy Khakerov-zloumyshlennikov pri Realizatsii raspredelennykh mnogoshagovykh Atak. [Online]. Available: http://masters.donntu.org/2013/fknt/zhadanov/library/kotenko_z.pdf

Metodika Opredeleniya Ugroz Bezopasnosti Informatsii v Informatsionnykh Sistemakh, Metodic Document 2015.

M. Bergh, K. Njenga, “Information Security Policy Violation: The Triad of Internal Threat Agent Behaviors,” Proceedings of the 1st International Conference on the Internet, Cyber Security, and Information Systems (ICICIS), Gaborone, 18-20 May 2016.

A. Loukaka, S. M. Rahman Shawon, “Discovering new Cyber Protection Approaches from a Security Professional Perspective,” International Journal of Computer Networks & Communications (IJCNC), vol. 9, ?4, pp.13-25, July 2017.

S. S. Park, A. B. Ruighaiver, S. B. Maynard and A. Ahmad, “Towards Understanding Deterrence: Information Security Managers’ Perspective.” Proceedings of the International Conference on IT Convergence and Security 2011, Lecture Notes in Electrical Engineering 120, December 2012.

E. T. Jensen, “Cyber Deterrence.” Emory international law review, vol. 26, pp. 774-824, May 29, 2012. [Online]. Available: https://ssrn.com/abstract=2070438

H. Mouratidis, P. Giorgini and G. Manson, “Using Security Attack Scenarios to analyse Security during information Systems Design,” Proceedings International Conference on Enterprise Information Systems, pp. 10-17, Porto, Portugal, 2004

S. Abraham, “Information Security Behavior: Factors and Research Directions.” AMCIS 2011 Proceedings - All Submissions, 462, [Online]. Available: http://aisel.aisnet.org/amcis2011_submissions/462

Downloads

Download data is not yet available.

##plugins.themes.bootstrap3.article.details##

How to Cite
[1]
Kireienko, O. 2020. Multifactor Violator Model. Condition-factors and Resource-factors. European Journal of Electrical Engineering and Computer Science. 4, 2 (Mar. 2020). DOI:https://doi.org/10.24018/ejece.2020.4.2.196.