Assessment methodology for security of an automated control system of critical information infrastructure against DDoS attacks based on Monte Carlo simulation-Reference-Cited by-同舟云学术

Assessment methodology for security of an automated control system of critical information infrastructure against DDoS attacks based on Monte Carlo simulation

Published:2023-05-09 Issue:1 Volume:50 Page:62-74
ISSN:2542-095X
Container-title:Herald of Dagestan State Technical University. Technical Sciences
language:
Short-container-title:Vestn. Dagest. gos. teh. univ., Teh. nauki

Author:

Voevodin V. A.¹,Chernyaev V. S.¹,Burenok D. S.¹,Vinogradov I. V.¹

Affiliation:

1. National Research University of Electronic Technology

Abstract

Objective. The purpose of the study is to develop a methodology for assessing the security of an automated control system of critical information infrastructure from DDoS attacks. The purpose of the methodology development is to provide the decision–maker with a scientifically sound tool for assessing the risk of implementing a DDoS attack.Method. To achieve the stated goal of the study, simulation modeling based on the Monte Carlo method was used.Result. The expediency of using Monte Carlo simulation to assess the probability of server failure under DDoS attacks is confirmed. It was concluded that the server can be considered as a queuing system, however, the flow of incoming applications under DDoS attacks is not Poisson, so the use of analytical expressions to assess the probability of failure is considered incorrect. The simulation results allow the decision-maker to assess the probability of server failure and make organizational and technical decisions to increase the level of security. Analysis of the simulation results showed the effectiveness of improving server performance by increasing service channels.Conclusion. Thus, the developed methodology will be useful in conducting an information security audit of an organization to justify the amount of its insurance premium in the framework of cyber risk insurance. A possible direction for further research is to study the issue of computer network security, taking into account the features of a specific topology.

Publisher

FSB Educational Establishment of Higher Education Daghestan State Technical University

Subject

Polymers and Plastics,General Environmental Science

Reference17 articles.

1. Analysis of existing automated process control systems [Electronic resource]. Access mode: https://cyberleninka.ru/article/n/analiz-suschestvuyuschih-avtomatizirovannyh-sistem-upravleniyatehnologicheskim-protsessom/viewer

2. The threat of DDoS attacks and ambiguous attitude to them [Electronic resource]. Access mode: https://www.kaspersky.ru/blog/ugroza-ddos-atak-i-neodnoznachnoe-k-nim-otnoshenie/3236/

3. Federal Law No. 152-FZ of 27.07.2006 "On personal data" // SPS ConsultantPlus.

4. Resolution of the Government of the Russian Federation of November 1, 2012 N 1119 Moscow "On approval of requirements for the protection of personal data during their processing in personal data information systems"

5. Government Resolution No. 162 of 17.02.2018 "On approval of the Rules for the Implementation of state Control in the Field of ensuring the security of Significant objects of critical information infrastructure of the Russian Federation"

Cited by 2 articles. 订阅此论文施引文献订阅此论文施引文献，注册后可以免费订阅5篇论文的施引文献，订阅后可以查看论文全部施引文献

1. Recommendations for using a methodology for assessing the security of an automated control system for critical information infrastructure from DDoS attacks based on Monte Carlo simulation;Herald of Dagestan State Technical University. Technical Sciences;2023-10-27

2. DDoS Simulation: Empowering Targets through Simulated Attacks;2023 IEEE 17th International Conference on Application of Information and Communication Technologies (AICT);2023-10-18