Method for determination of the probabilities of functioning states of information of protection on cloud computing

Chia sẻ: Nguyễn Thảo | Ngày: | Loại File: PDF | Số trang:10

Thêm vào BST

Báo xấu

19
lượt xem 3
download

Download Vui lòng tải xuống để xem tài liệu đầy đủ

In this article the work of the components of information of protection tools on the occurring violations, their types and the elimination of these violations and the possible trajectory of a change over time of the functioning states of information of protection tools with a discrete time are researched.

Chủ đề:

Bình luận(0) Đăng nhập để gửi bình luận!

Lưu

Nội dung Text: Method for determination of the probabilities of functioning states of information of protection on cloud computing

International Journal of Mechanical Engineering and Technology (IJMET) Volume 10, Issue 03, March 2019, pp. 1645–1654, Article ID: IJMET_10_03_166 Available online at http://www.iaeme.com/ijmet/issues.asp?JType=IJMET&VType=10&IType=3 ISSN Print: 0976-6340 and ISSN Online: 0976-6359 © IAEME Publication Scopus Indexed METHOD FOR DETERMINATION OF THE PROBABILITIES OF FUNCTIONING STATES OF INFORMATION OF PROTECTION ON CLOUD COMPUTING Gulomov Sherzod Rajaboevich Department of Providing Information Security, Tashkent University of Information Technologies named after Muhammad al-Khwarizmi, Tashkent, Uzbekistan Abdullaev Dilmurod Gulamovich Department of Providing Information Security, Tashkent University of Information Technologies named after Muhammad al-Khwarizmi, Tashkent, Uzbekistan Nasrullaev Nurbek Bakhtiyorovich Department of Providing Information Security, Tashkent University of Information Technologies named after Muhammad al-Khwarizmi, Tashkent, Uzbekistan Zokirov Odiljon Yoqubjon ugli Department of Providing Information Security, Tashkent University of Information Technologies named after Muhammad al-Khwarizmi, Tashkent, Uzbekistan ABSTRACT In this article the work of the components of information of protection tools on the occurring violations, their types and the elimination of these violations and the possible trajectory of a change over time of the functioning states of information of protection tools with a discrete time are researched. Schemes for the transition of states of information protection tools and a graph of probabilities of transitions between the functioning states of information of protection tools with discrete time, allows for detecting the vulnerabilities of information of protection tools are developed. Taking into account the above, a method for determining the probabilities of states for the functioning information of protection tools with discrete time allows describing a graph-scheme of transitions using a small dimensionality of sets of states, to make a square transition matrix at a lower bit depth is offered. Key words: Discrete-time, possible trajectory, vulnerability, discrete mode, transition probabilities, content filtering systems http://www.iaeme.com/IJMET/index.asp 1645 editor@iaeme.com
Method For Determination of the Probabilities of Functioning States of Information of Protection on Cloud Computing Cite this Article: Gulomov Sherzod Rajaboevich, Abdullaev Dilmurod Gulamovich, Nasrullaev Nurbek Bakhtiyorovich, Zokirov Odiljon Yoqubjon ugli, Method For Determination of the Probabilities of Functioning States of Information of Protection on Cloud Computing, International Journal of Mechanical Engineering and Technology 10(3), 2019, pp. 1645-1654. http://www.iaeme.com/IJMET/issues.asp?JType=IJMET&VType=10&IType=3 1. INTRODUCTION Cloud computing represents to use a large of technologies without physical connections. But problem appears with sending information over the open network securely. Knowing the probabilities of finding information of protection tools in various states allows you to predict their behavior over time and identify the most likely conditions, which helps to focus the security administrator's attention on less reliable components of information protection tools and make more informed decisions on how to correct the violations. For determine the probabilities of the state of functioning of various information of protection tools, various mathematical methods are further applied, which use data on the reliability of the components included in their composition. In this case, the choice of a specific method depends, first of all, on the type of the considered information of protection tools - with discrete or with continuous operation time. For example, records from the work logs of information of protection system components with discrete-time work about occurring violations, their types and about these violations (automatically or by the administrator) are the source of data for the subsequent determination of the reliability indicators of these components [1], consequently, the means discrete time information. Naturally, such data should be sufficient in order to be able to determine with acceptable accuracy the statistical estimates of indicators, that is, the samples must be representative. 2. CLOUD SECURITY SERVICES Cloud security specialists indicate that the report reflects the consensus of experts on the most significant security threats in the cloud and focuses on threats stemming from the sharing of common cloud resources and access to them by multiple users on demand. In Fig.1 is shown main barriers to implement cloud services. Financial barrier No barriers to implement No work of cloud services for IT-personal Important to improve personal qualification Difficulty to explain opportunity of the cloud services No prepare to send confidential information No control on the channel and API for third party 0% 10% 20% 30% 40% 50% 60% 70% 80% Figure 1 The main barriers to implement cloud services http://www.iaeme.com/IJMET/index.asp 1646 editor@iaeme.com
Gulomov Sherzod Rajaboevich, Abdullaev Dilmurod Gulamovich, Nasrullaev Nurbek Bakhtiyorovich, Zokirov Odiljon Yoqubjon ugli In figure 1, we can see that cloud security specialists have more present of barriers and problems on the information sending channel and cloud API. All cloud services have fallowing threats: Data theft, data lost, account theft, hacking, unprotected interfaces and APIs, DDoS attack, malicious insider, using of cloud resources by hackers, lacking of foresight, related vulnerability, and cloud services can be slow. To eliminate from these threats are used fallowing security services: Identity and access management, data loss prevention, web security, e-mail security, security assessments, intrusion management, security information and event management, encryption, business continuity and disaster recovery, network security. Also, for data exchanging over the network, we need to develop protected scheme. We offer following recommendations: As more companies store their data in the cloud and their employees use cloud services more and more. IT specialists need to pay more attention to implementing more effective mechanisms to control user access, such as multi-factor authentication. This is especially true for companies that provide third parties and vendors with access to their data in the cloud. Multi-factor authentication solutions can be centrally managed and provide more secure access to all applications and data, whether they are hosted in the cloud or on the company's own hardware. IT specialists are able to fulfil their mission to protect corporate data and at the same time act as a tool in the implementation of "Shadow it", implementing measures to ensure data security, for example, introducing the approach “encryption-as-a-service”. This approach allows to IT specialists to centrally manage data protection in the cloud, enabling other business units to find and use cloud services as needed. 3. FORMULATION OF THE PROBLEM The trajectory of the change in time of the functioning state hDT (t) information of protection tools with discrete-time work at a selected observation interval [t 0 , t H ] in connection with the appearance or elimination of a certain type of error, it can be represented as shown in Fig.2. Figure 2 Possible trajectory of change in time of the functioning state hDT (t) information of protection tools with discrete-time work http://www.iaeme.com/IJMET/index.asp 1647 editor@iaeme.com
Method For Determination of the Probabilities of Functioning States of Information of Protection on Cloud Computing Here: hDT 0 - state of normal operation information of protection tools with discrete-time work; hDT j - the state of the malfunction information of protection tools with discrete-time work due to the i −th occurrence (i = 1, k) j −th error (j = 1, 8) types; j t i - the moment of occurrence of the i −th error of the j −th type, taken from the first record of the i-th error of the j −th type in the log; j t di - the moment of the end of the search (detection) by the administrator of the i −th j −type error and the start of its elimination, which is taken from the last entry in the log about the i −th j-type error; j t ri - the end of the elimination of the i −th error of the j-th type, taken from the record characterizing the recovery of the component after the i −th error of the j −th; j j j Ti - random time between (i − l) −th and i −th errors of the j −th type, equal to Ti = t i − j t r(i−1) ; j j j j j τi - random search time (detection) of the i −th error of the j −th type, equal to τi = t di − t i ; θi j j j - random time to eliminate the i −th error of the j −th type, equal to θi = t ri − t di ; j ξi - random recovery time (search for errors and its elimination) component after the i −th error j j j in the j −th type, equal to ξi = t ri − t i . At the same time, in the information security tools with discrete operating time, the system [2] behaviour (or, something the same, the system trajectory in phase space) is described by a sequence of states. For the effective functioning of vulnerability detection systems and content filtering systems, it is necessary to monitor the information security of the protective equipment, which determines the state changes at any time in the information-communication system. At the same time, to identify the functioning states of information of protection tools with discrete-time work, the following states are introduced hDT i (i=0…n) functioning, in which information of protection tools with discrete-time work can be at an arbitrary point in time. An example: Table 1 Possible functioning state of information of protection tools with discrete-time work State Description hDT 0 the normal functioning of information of protection tools with discrete-time work associated with the inability to obtain updates of the knowledge base of information of h1DT protection tools with discrete-time work. associated with the lack of information of protection tools with discrete-time work of hDT 2 the rights to network access to servers, performed special procedures for detecting events that affect in the information-communication system. failure of information of protection tools with discrete-time work associated with a hDT 3 malfunction of the physical server on which information of protection tools with discrete-time work are deployed. failure of information of protection tools with discrete-time work due to the hDT 4 impossibility of saving the results of special procedures performed. hDT 5 a condition characteristic of an incorrectly completed operation of the index server. hDT 6 the state is characteristic of the ceased to respond to the controls of the indexing server. the state is characteristic of information of protection tools with discrete-time work, when the agent cannot copy files from the information security database with hDT 7 continuous operation time in the storage of information of protection tools with discrete- time work due to unavailability of the network drive on which it is located. http://www.iaeme.com/IJMET/index.asp 1648 editor@iaeme.com
Gulomov Sherzod Rajaboevich, Abdullaev Dilmurod Gulamovich, Nasrullaev Nurbek Bakhtiyorovich, Zokirov Odiljon Yoqubjon ugli the state characterizes the work of information of protection tools with discrete-time work, when the agent cannot copy information of protection tools with discrete-time hDT 8 work of files from the database of other information of protection tools into the storage due to unsuccessful authentication of the module into the information of protection tools database. … … 4. SCHEMES FOR THE TRANSITION OF STATES OF INFORMATION OF PROTECTION TOOLS In Fig.3 is shown an exemplary scheme transition of states of information of protection tools, where hDT DT 0 – is the initial and normal functioning state and h1 – is a state when a violation occurs in the process of functioning of the funds. ℎ1𝐷𝑇 P01 ℎ2𝐷𝑇 P02 ℎ0𝐷𝑇 … … P00 P𝑖 ℎ𝑖𝐷𝑇 Figure 3 The scheme transition from one state to another Furthermore, it can also enter hDT i.i the functioning states of information of protection tools with discrete-time work [3], in which the transition from the states hDT DT DT i (in this case h1 - h8 ), characterized by the violation of the functions of one of the components i, to the states associated with the violation as well the functions of the other component i (Fig.4). ℎ2𝐷𝑇 P02 𝐷𝑇 ℎ2.1 P2.1 P01 ℎ1𝐷𝑇 Figure 4 The scheme of the emergence of new united events http://www.iaeme.com/IJMET/index.asp 1649 editor@iaeme.com
Method For Determination of the Probabilities of Functioning States of Information of Protection on Cloud Computing Here, for the above example of states in table 1 hDT i,i may include the following combined states: DT DT DT DT DT DT DT hDT DT DT DT DT DT DT DT DT 2.1 , h2.4 , h2.5 , h2.6 , h2.7 , h2.8 , h3.1 , h3.5 , h3.6 , h3.7 , h3.8 , h4.7 , h4.8 , h5.1 , h5.3 , h5.4 , hDT DT DT DT DT DT DT DT DT DT DT DT DT 5.6 , h5.7 , h5.8 , h6.3 , h6.4 , h6.5 , h6.7 , h6.8 , h7.1 , h7.5 , h7.6 , h8.5 , h8.6 It can be noted that in the elimination of any violation of information of protection tools with discrete-time work, it proceeds from such states of operation as DT DT DT DT DT DT DT DT hDT 0 , h1 , h2 , h3 , h4 , h5 , h6 , h7 , h8 in one of the state hDT DT i (in this case h1 - h8 ). DT Thus, the set of possible functioning states of information of protection tools with discrete- time work, due to disruptions in the operation of its components or the restoration of their operability, has the following form: DT DT DT DT DT DT DT DT DT DT DT DT hDT 0 , h1 , h2 , h3 , h4 , h5 , h6 , h7 , h8 , h2.1 , h2.4 , h2.5 , h2.6 , h2.7 , DT DT DT DT DT DT DT HDT = { hDT DT DT DT DT DT DT 2.8 , h3.1 , h3.5 , h3.6 , h3.7 , h3.8 , h4.7 , h4.8 , h5.1 , h5.3 , h5.4 , h5.6 , h5.7 ,} hDT DT DT DT DT DT DT DT DT DT DT 5.8 , h6.3 , h6.4 , h6.5 , h6.7 , h6.8 , h7.1 , h7.5 , h7.6 , h8.5 , h8.6 Under eliminating some previously occurring violation of information of protection tools with discrete-time work, it goes into a state of proper operation hDT 0 . The change of the functioning states of information of protection tools with discrete-time work occurs at random times, in those periods when, according to their work schedule, this security tool performs its functions. Violations in the work and elimination of errors that occur are possible without participation, as well as with human participation. 5. GRAPH OF PROBABILITIES OF TRANSITIONS BETWEEN THE FUNCTIONING STATES OF INFORMATION OF PROTECTION TOOLS WITH DISCRETE TIME Using lots of H_DT, it is possible to describe the behavior of information of protection tools with discrete-time work, as an object with discrete operating time, in the form of a directed graph presented in Figure 5. Figure 5 Graph of transition probabilities between the functioning states of information of protection tools with discrete-time work http://www.iaeme.com/IJMET/index.asp 1650 editor@iaeme.com
Gulomov Sherzod Rajaboevich, Abdullaev Dilmurod Gulamovich, Nasrullaev Nurbek Bakhtiyorovich, Zokirov Odiljon Yoqubjon ugli The vertices of the graph characterize possible states of information of protection tools with discrete-time work [4] and the weights of arcs of the graph indicate the corresponding probabilities of transitions from one state to another for a certain period of time ∆t, determining the discrete mode of its operation. Here: Pq,q , q = 0,1,2,3,4,5,6,7,8 – the state saving probabilities; DT DT DT DT DT hDT DT DT DT 0 , h1 , h2 , h3 , h4 , h5 , h6 , h7 , h8 on time ∆t; Pq,r , q, r = 0,1,2,3,4,5,6,7,8,2.1,2.4,2.5,2.6,2.7,2.8,3.1,3.5,3.6,3.7,3.8,4.7,4.8, 5.1,5.3,5.4,5.6,5.7,5.8,6.3,6.4,6.5,6.7,6.8,7.1,7.5,7.6,8.5,8.6. q ≠ r- the transition probabilities from the state hDT DT q в hr in time ∆t. The specific type of the graph of transition probabilities is due to the limited mode of maintenance of information of protection tools with discrete-time work in the process of occurring violations, that is, in practice this device is serviced by one repairman. Probabilities Pq,r , q ≠ r, describe transitions associated with the occurrence of violations of a certain type or their elimination in time ∆t. In accordance with the comment made earlier, the normal operation time of individual components of information of protection tools with discrete-time work and the time for elimination of violations arising in them are random variables that have exponential distribution laws. Accordingly, when determining the specific transition probabilities Pq,r formulas are used that characterize specific violations or their elimination, that is, the probability that during ∆t will happen j − th error: 𝚀j (∆t)=1 − e−λj∆t , (j = 1, i) (1), or in time ∆t j −th error will eliminated: Pj (∆t) = 1 − e−μj∆t , (j = 1, i). (2) Here the intensity of occurrence Sj violation j −th type is calculated according to the following formula: 1 Sj = j , (3) T j it evaluates the average time T uptime. Error recovery rates μSj , j = 1,8 is calculated as follows: 1 μSj = j (4) ξ 1 j estimated average recovery time ξ as arithmetic means of previously obtained values Ti and j j θi , ξi (i = 1, k). Probabilities Pq,q are defined with the use of transition probability diagrams characterizing transitions of information of protection tools with discrete-time work from different functioning states to others in time ∆t, taking into account the fact that the events take place form a complete group, since they determine the fact that information of protection tools with discrete-time work at any time are in one of the possible functioning states. Based on the foregoing, it is proposed to modify the method for determining probabilities with the separation of violation conditions by belonging to protective means with discrete operation time [5-6]. Note that it was mentioned above that to determine the functioning states of http://www.iaeme.com/IJMET/index.asp 1651 editor@iaeme.com
Method For Determination of the Probabilities of Functioning States of Information of Protection on Cloud Computing information of protection tools with discrete-time work, the following states are introduced hDT i (i=0…n) functioning, in which information of protection tools with discrete-time work can be at an arbitrary point in time. For this case, enter the following value: DTk hi Here: i – (i = 0, … n) the index state of information of protection tools with discrete-time work (Table 2); k – is a type of discrete time protection, discrete time protection means include vulnerability detection systems and content filtering systems. Wherein in this case k takes two values, such k = 1,2, accordingly (Table 2). Table 2 The index state of information of protection tools with discrete-time work Type of information of protection tools with i – (i=0,…n) the index state of information of discrete-time work protection tools with discrete-time work DT1 DT1 DT1 DT1 DT1 k = 1 (vulnerability detection systems) h0 , h1 , h2 , h3 , h4 DT2 DT2 DT2 DT2 DT2 k = 2 (content filtering systems) h0 , h5 , h6 , h7 , h8 For example, if the information security monitoring system will analyze the vulnerability detection system, then the states belonging to this system will be less than the above proposed method, i.e.: HDT1 = {hDT DT1 DT1 DT1 DT1 0 , h1 , h2 , h3 , h4 } 1 Using this set HDTk , it is possible to describe the probabilities of transitions between the states of functioning of a vulnerability detection system, as an object with discrete time of operation, in the form of a directed graph presented in Figure 6. Figure 6 – Graph of probabilities of transitions between states of the system functioning and detection of vulnerabilities At the same time, the vertices of the graph characterize the possible states of the vulnerability detection systems and the weights of the arcs of the graph indicate the http://www.iaeme.com/IJMET/index.asp 1652 editor@iaeme.com
Gulomov Sherzod Rajaboevich, Abdullaev Dilmurod Gulamovich, Nasrullaev Nurbek Bakhtiyorovich, Zokirov Odiljon Yoqubjon ugli corresponding probabilities of transitions from one state to another for a certain period of time ∆t, determining the discrete mode of its operation. Here: Pq,q , q = 0, 1, 2, 3, 4- state saving probabilities; DT DT DT DT DT h0 1 , h1 1 , h2 1 , h3 1 , h4 1 in time ∆t; DT DT Pq,r , q, r = 0,1,2,3,4, 2.1, 2.4, 3.1, q ≠ r- the transition probabilities from the state hq 1 hr 1 in time ∆t. Accordingly, under determining the specific transition probabilities Pq,r formulas are used that characterize specific violations or their elimination, that is, the probability that during ∆t will happen j −th the error is determined by the formula (1), or in time ∆t j −th error will be eliminated by the formula (2). In this case, the vector function of probability p(m), characterizing the change in states hDT1 ∈ HDT1 , q = 0,1,2,3,4, 2.1, 2.4, 3.1. p(m) = (p(m)0 , p(m)1 , p(m)2 , p(m)3 , p(m)4 , p(m)2.1 , p(m)2.4 , p(m)3.1 ) m = 0,1,2, …, (5) and stationary probability vector p, characterizing their steady state values under m → , p = (p0 , p1 , p2 , p3 , p4 , p2.1 , p2.4 , p3.1 ) (6) Using the above reasoning, you can create transition matrices corresponding to the graph of transition probabilities between the states of the functioning of the vulnerability detection system. P00 P01 P02 P03 P04 P10 P11 P2.1 P3.1 0 M = ||P20 0 P22 0 0 || (7) P30 0 0 P33 0 P40 0 P2.4 0 P44 Also, the (7) matrix is square (5x5), the number of its rows and columns is determined by the number of possible states of operation of the vulnerability detection system, forming a set of HDT1 . The column determines the probability of saving q −th state and transition into it from other states when triggered in one cycle from (m-1) to m. The line determines the probability distribution of each of the states of information security tools with a discrete operating time, that is, the probability q − th states and transition probabilities from q −th states to others [7- 8]. The sum of the members of each row is 1, i.e. matrix М is stochastic. Initial probability distribution M(0) functioning states hDT1 ∈ HDT1 , characterizing the possibility of finding a vulnerability detection system at the initial moment of time (m = 0) in any state, it is defined in the general form by a row vector М(0) = ‖p(0)0 , p(0)1 , p(0)2 , p(0)3 , p(0)4 ‖ (8) A modified method for determining the probabilities of states for vulnerability detection systems, which is included in the type of discrete-time protection tools, makes it possible to describe the system of equations in general form as p0 = P00 p0 + P10 p1 + P20 p2 + P30 p3 + P40 p4 p1 = P01 p0 + P11 p1 , follows: p2 = P02 p0 + P2,2.1 p2.1 + P22 p2 + P2,2.4 p2.4 , (9) p3 = P03 p0 + P3,3.1 p3.1 + P33 p3 , { p4 = P04 p0 + P44 p4 . At that http://www.iaeme.com/IJMET/index.asp 1653 editor@iaeme.com
Method For Determination of the Probabilities of Functioning States of Information of Protection on Cloud Computing p0 + p1 + p2 + p3 + p4 = 1, where pq , q = 0,1,2,3,4- sought limit probabilities. 6. CONCLUSIONS This method allows for describing a graph-scheme of transitions using a small dimension of the sets of states, to make a square matrix of transitions of lower bit ness, on the basis of which one can easily describe the system of equations for other information of protection systems that are included in the type information of protection tools with discrete-time work on cloud computing. REFERENCES [1] S. Chen, B. Mulgrew, and P. M. Grant, “A clustering technique for digital communications channel equalization using radial basis function networks,” IEEE Trans. on Neural Networks, vol. 4, pp. 570-578, July 1993. [2] Miller D.R., Harris Sh., Harper A.A., VanDyke S., Black Ch. Security Information and Event Management (SIEM) Implementation. McGraw–Hill Companies. 2011. 430 p. [3] Ingols K., Chu M., Lippmann R., Webster S., Boyer S. Modeling modern network attacks and countermeasures using attack graphs // Proceedings of the 2009 Annual Computer Security Applications Conference (ACSAC ’09), Washington, D.C., USA, IEEE Computer Society, 2009. P.117–126. [4] Badger, M. Zenoss Core Network and System Monitoring / M. Badger. - Birmingham: Packt Publising, 2008. - 261 p. [5] Igor Kotenko, Elena Doynikova. Security Assessment of Computer Networks based on Attack Graphs and Security Events // Lecture Notes in Computer Science (LNCS), Vol.8407. 2014, P.462-471. [6] Igor Kotenko, Evgenia Novikova. Visualization of Security Metrics for Cyber Situation Awareness // International Conference on Availability, Reliability and Security September 8nd – 12th, 2014. Fribourg, Switzerland. IEEE Computer Society. 2014. P.506-513. [7] S.K. Ganiev, Sh.R. Gulomov, A.A.Abdurahmonov, N.B.Nasrullaev. Methods monitoring of network traffics for intrusion detection and special filtering traffic on «E-Government». ISSN 1815-4840. International scientific-technical journal. 2017, №5(77). Tashkent, Uzbekistan, -P.76-84. [8] Distributed and network based Processing (PDP 2015). Turku, Finland. 4 6 March 2015. Los Alamitos, California. IEEE Computer Society. 2015. P.567-574. http://www.iaeme.com/IJMET/index.asp 1654 editor@iaeme.com