Formation of the network attack vector taking into account the connections specifics of techniques and tactics

The problems arising with the tasks of constructing an attack vector in a network infrastructure are considered. The varieties of various tactics and techniques of FSTEC techniques used in the construction of a network attack vector are presented and characterized as well as the specifics of their interrelations with the use of Markov chains in the modeling of attacking influences, their suitability for various procedures for determining vector parameters. When constructing a network attack vector, the features of determining the probabilities of system transitions to various states of network compromise are considered. The formation of the attack vector is studied taking into account the specifics of the multilevel organization of the corporate information system. The features of the construction of a simplified vector are determined taking into account the specifics of tactical relationships (states).

1. Metodika otsenki ugroz bezopasnosti informatsii Metodicheskii dokument FSTEK Rossii: utv. FSTEK Rossii 5 fevralya 2021. [Methodology for assessing threats to information security Methodological document of the FSTEC of Russia]. Moscow, 2021.

2. GOST R 56546-2015 Natsional'nyi standart rossiiskoi federatsii. Zashchita informatsii. Uyazvimosti informatsionnykh sistem. Klassifikatsiya uyazvimostei informatsionnykh system [National Standard of the Russian Federation. Data protection. Vulnerabilities of information systems. Classification of vulnerabilities of information systems]. Moscow, Standartinform, 2018.

3. Gorbachev I. E., Glukhov A. P. Modelirovanie protsessov narusheniya informatsionnoi bezopasnosti kriticheskoi infrastruktury [Modeling the processes of violation of information security of critical infrastructure]. Trudy SPIIRAN, Moscow, 2015, iss. 1(38), pp. 112 – 135.

4. Kotenko I. V., Saenko I. B., Lauta O. S., Kribel' A. M. Metod rannego obnaruzheniya kiberatak na osnove integracii fraktal'nogo analiza i statisticheskih metodov [Method for early detection of cyber-attacks based on the integration of fractal analysis and statistical methods]. Pervaya milya, 2021, no. 6, pp. 64-71.

5. Dobryshin M. M. Model' raznorodnyh komp'yuternyh atak, provodimyh odnovremenno na uzel komp'yuternoj seti svyazi [Model of heterogeneous computer attacks carried out simultaneously on a computer communication network node]. Telekommunikacii, 2019, no. 12, pp. 31-35.

6. Kanaev A. K., Oparin E. V., Oparina E. V. Obobshchennaya model' dejstvij zloumyshlennika pri manipulirovanii soobshcheniyami, soderzhashchimi signaly tochnogo vremeni [A generalized model of an attacker’s actions when manipulating messages containing precise time signals]. T-Comm, vol.16, no. 6, 2022.

7. Petrov M. YU., Fatkieva R. R. Model' sinteza raspredelennyh atakuyushchih elementov v komp'yuternoj seti [Model for the synthesis of distributed attack elements in a computer network]. Trudy uchebnyh zavedenij svyazi. 2020, vol. 6, no. 2, pp. 113-120. DOI:10.31854/1813-324X-2020-6-2-113-120.

8. Shcheglov A. YU. Zashchita komp'yuternoj informacii ot nesankcionirovannogo dostupa [Protecting computer information from unauthorized access]. Saint Petersburg, Nauka i Tekhnika, 2004. 384 p.

9. Galatenko V. A. Upravlenie riskami: obzor upotrebitel'nykh podkhodov (chast' 2) [Risk management: a review of common approaches (part 2)]. Jet Info, no. 12, 2018, available at: https://www.jetinfo.ru/upravlenie-riskami-obzor-upotrebitelnykhpodkhodovchast-2/ (accessed: 29.01.2022).

10. Canadian Institute for Cybersecurity: NSL-KDD dataset, 2009. available at: https://www.unb.ca/cic/datasets/nsl.html (accessed: 17.05.2020).