Research Article

Multifactor Violator Model. Condition-factors and Resource-factors

Oleksandr Kireienko
National Technical University of Ukraine, Ukraine.
* Corresponding author
DOI icon 10.24018/ejece.2020.4.2.196

Read Counter
351

Downloads
360

Citations

Share

Article Sidebar

Submitted 2020-03-03
Published 2020-03-14

Read counter = 351 times

Table of Contents

Article Main Content

Attack scenarios with limitations were investigated. Resource-factors and condition-factors were set as two types of limitations. Resource-factors are spent at each step of attack and can be replenished completely or partially if a given attack step was successful. A situation, where successful completion of current step with one or more preceding ones is required to replenish resource-factors, is possible. After each step of attack the violator can “exchange” resource-factors to accumulate the required amount of those factors for the next step. The lack of the required amount of resource-factors may either forcefully interrupt an attack or to lower success probability or reduce the time required by protection side to discover the consequences of an attack. This article doesn’t consider the change of relative cost of resource-factors, that is caused by urgency, so that all resource-factors have fixed cost regardless of violator’s reserve of these resource-factors. 

Conditions-factors are fixed limitations for conducting an attack. Discrepancy of condition-factors makes it impossible to either start an attack or to finish the current attack’s step. In certain cases the lack in one condition-factor can be compensated with excess of another condition-factor or via spending additional resource-factors.

The influence on resource-factors and condition-factors is laid as a basis of protection strategies. The strategy of increasing the values of condition-factors for violator decreases the total amount of attacks on a system by screening beginner violators. The threat level from groups of violators and from experienced violators will remain unchanged. The strategy of increasing the rate of resource-factors spending is designed to interrupt attacks in progress. Strategy of decreasing the amount of resource-factors that can be replenished after successful completion of certain steps of attack scenario is meant to decrease violator’s interest in attacking specifically our system and to decrease the chances of attack repetition if an attack occurred.

Keywords: condition-factors multifactor violator model scenario violator model resource-factors

References

  1. Yu. M. Polekhina, D. S. Tymofeiev (2010). Model Porushnyka. Meta ta Pryntsypy Rozrobky. Sovremennyye informatsionnyye tekhnologii. [Online]. Available: http://www.rusnauka.com/11_EISN_2010/Informatica/63866.doc.htm
     Google Scholar
  2. D. S. Biriukov, V. A. Zaslavskyi, V. V. Yevhiienko and O. V. Franchuk, ?Modeliuvannia ta Otsinka Stsenariiv Zahroz dlia Obiektiv krytychnoi Infrastruktury,? NAUKOVI ZAPYSKY, vol. 99, pp. 97-101, 2009
     Google Scholar
  3. V. L. Buriachok, ?Model Formuvannia Dereva Atak dlia oderzhannia Informatsii v informatsiino-telekomunikatsiinykh Systemakh i Merezhakh pry vyluchenomu Dostupi.? Informatyka ta matematychni metody v modeliuvanni, vol. 3, ?2, pp. 123-131, 2013
     Google Scholar
  4. M.M. Voitko, ?Pobudova uzahalnenoi Modeli Zahroz dlia System Internet-bankinhu.? Financialspace, vol. 3(15), pp. 33-38, 2014
     Google Scholar
  5. I. V. Kotenko, M. V. Stepashkin (2013). Modeli Deystviy Khakerov-zloumyshlennikov pri Realizatsii raspredelennykh mnogoshagovykh Atak. [Online]. Available: http://masters.donntu.org/2013/fknt/zhadanov/library/kotenko_z.pdf
     Google Scholar
  6. Metodika Opredeleniya Ugroz Bezopasnosti Informatsii v Informatsionnykh Sistemakh, Metodic Document 2015.
     Google Scholar
  7. M. Bergh, K. Njenga, ?Information Security Policy Violation: The Triad of Internal Threat Agent Behaviors,? Proceedings of the 1st International Conference on the Internet, Cyber Security, and Information Systems (ICICIS), Gaborone, 18-20 May 2016.
     Google Scholar
  8. A. Loukaka, S. M. Rahman Shawon, ?Discovering new Cyber Protection Approaches from a Security Professional Perspective,? International Journal of Computer Networks & Communications (IJCNC), vol. 9, ?4, pp.13-25, July 2017.
     Google Scholar
  9. S. S. Park, A. B. Ruighaiver, S. B. Maynard and A. Ahmad, ?Towards Understanding Deterrence: Information Security Managers? Perspective.? Proceedings of the International Conference on IT Convergence and Security 2011, Lecture Notes in Electrical Engineering 120, December 2012.
     Google Scholar
  10. E. T. Jensen, ?Cyber Deterrence.? Emory international law review, vol. 26, pp. 774-824, May 29, 2012. [Online]. Available: https://ssrn.com/abstract=2070438
     Google Scholar
  11. H. Mouratidis, P. Giorgini and G. Manson, ?Using Security Attack Scenarios to analyse Security during information Systems Design,? Proceedings International Conference on Enterprise Information Systems, pp. 10-17, Porto, Portugal, 2004
     Google Scholar
  12. S. Abraham, ?Information Security Behavior: Factors and Research Directions.? AMCIS 2011 Proceedings - All Submissions, 462, [Online]. Available: http://aisel.aisnet.org/amcis2011_submissions/462
     Google Scholar