Authors

Multi-criteria assessment of information security threats based on the technologies of digital twins and threat intelligence

Currently, the problem of ensuring information security of critical information infrastructure is steadily increasing and acquiring strategic importance, which is caused by the explosive growth of complex targeted attacks on infrastructure facilities. The solution to this problem requires the development of new approaches for assessing information security threats that combine the relevance of data provided by threat intelligence technology with a deep understanding of the specifics of the protected systems. An analysis of the state of the problem shows that existing approaches for assessing information security threats to critical information infrastructure facilities have such shortcomings as a gap between threat intelligence data and the context of a specific system, subjectivity of qualitative assessments, and the complexity of ranking threats given many conflicting criteria. To overcome these shortcomings, the article proposes a method for multi-criteria assessment of information security threats to critical information infrastructure facilities that integrates threat intelligence and digital twin technologies, where the digital twin technology is designed to provide the necessary understanding of object specifics. A system of indicators has been developed, structured according to five projections of threat assessment: severity of consequences, intruder capabilities, vulnerability of the facility, complexity of the attack, and effectiveness of protection. A conceptual model of an information security threat assessment system based on the technologies of digital twins and threat intelligence has been developed. A multi-criteria threat assessment methodology is presented, in which the integral threat index and Pareto-optimal threat ranks are calculated based on a set of criteria. Experimental testing on synthetic data confirmed the consistency of the results of these calculations. Practical application of the proposed method allows for threat analysis both as a whole and within individual projections of the indicator system. Read more...

A method for dynamic detection of cyber threats in distributed Internet of Things systems based on generative models

The article examines the problem of dynamic cyberthreat detection in distributed Internet of Things systems, addressing the limited adaptability of static intrusion detection systems and the vulnerability of machine learning models to adversarial influences. The aim of the work is to improve the effectiveness of cyberthreat detection in distributed IoT systems based on efficiency and timeliness criteria by using generative models capable of simulating normal and abnormal node behavior while accounting for environmental variability. A method based on generative adversarial models and contrastive learning is employed to generate anomaly estimates for IoT data time windows and make decisions based on a threshold rule. A computational experiment was conducted on the open N-BaIoT dataset for Mirai family attack scenarios, comparing statistical, linear, and autoencoder-based anomaly detection methods on windowed representations of IoT data. It was demonstrated that the selected feature description ensures high cyberthreat detection efficiency with short inference times, and the use of an autoencoder yields the best F1-score values across the scenarios considered. The obtained results confirm the potential for further implementation of the proposed generative method for analyzing IoT traffic time sequences and its application in intelligent network security monitoring tools at the edge and gateway levels of IoT systems. Read more...