Development of the model of the antagonistic agents behavior under a cyber conflict

Authors

DOI:

https://doi.org/10.15587/1729-4061.2019.175978

Keywords:

behavior models, antagonistic agents, attack tree, business process loop

Abstract

The results of the development of the model of the antagonistic agents behavior in a cyber conflict are presented. It is shown that the resulting model can be used to analyze investment processes in security systems, taking into account the assumption that investment processes are significantly influenced by the behavior of parties involved in a cyber conflict.

General approaches to model development are presented. First of all, the system of concepts, assumptions and limitations is formed, within the framework of which a mathematical model of behavior must be developed. Taking this into account, the mathematical model of the conflicting agents behavior, presented in the form of algebraic and differential equations, is developed. The developed model presents both the technical characteristics of the security system and the psychological characteristics of the participants in the cyber conflict, which affect the financial characteristics of the investment processes in cybersecurity systems. A distinctive feature of the proposed model is the simultaneous consideration of the behavior of the parties to a cyber conflict not as independent parties, but as agents mutually interacting with each other. The model also makes it possible to simulate the destabilizing effect of the confrontation environment disturbances on the behavior of the conflicting parties, changing the degree of vulnerability of the cybersecurity system along various attack vectors and the level of their success.

Using the developed model, simulation modeling of the interacting agents behavior in a cyber conflict is performed. The simulation results showed that even the simplest behavior strategies of the attacking side (“the weakest link”) and the defense side (“wait and see”) make it possible to ensure information security of the business process loop.

The developed model of interaction between the attacker and the defender can be considered as a tool for modeling the processes of the conflicting parties behavior when implementing various investment scenarios. The simulation results enable decision-makers to receive support regarding the direction of investment in the security of the business process loop.

Author Biographies

Oleksandr Milov, Simon Kuznets Kharkiv National University of Economics Nauky ave., 9-А, Kharkiv, Ukraine, 61166

PhD, Associate Professor

Department of Cyber Security and Information Technology

Serhii Yevseiev, Simon Kuznets Kharkiv National University of Economics Nauky ave., 9-А, Kharkiv, Ukraine, 61166

Doctor of Technical Sciences, Senior Researcher

Department of Cyber Security and Information Technology

Yevheniia Ivanchenko, National Aviation University Kosmonavta Komarova аve., 1, Kyiv, Ukraine, 03058

PhD, Associate Professor

Department of Information Technology Security

Stanislav Milevskyi, Simon Kuznets Kharkiv National University of Economics Nauky ave., 9-А, Kharkiv, Ukraine, 61166

PhD, Associate Professor

Department of Cyber Security and Information Technology

Oleksandr Nesterov, National Defense University of Ukraine named after Ivan Cherniakhovskyi Povitroflotsky ave., 28, Kyiv, Ukraine, 03049

Adjunct

Department of Communications and Automated Control Systems

Oleksandr Puchkov, National Technical University of Ukraine “Igor Sikorsky Kyiv Polytechnic Institute” Verkhnokliuchova str., 4, Kyiv, Ukraine, 03056

PhD, Professor

Institute of Special Communication and Information Security

Anatolii Salii, National Defense University of Ukraine named after Ivan Cherniakhovskyi Povitroflotsky ave., 28, Kyiv, Ukraine, 03049

PhD, Associate Professor, Deputy Head of Institute

Aviation and Air Defense Institute

Oleksandr Timochko, Ivan Kozhedub Kharkiv National Air Force University Sumska str., 77/79, Kharkiv, Ukraine, 61023

Doctor of Technical Sciences, Professor

Department of Air Navigation and Combat Control of Aviation

Vitalii Tiurin, National Defense University of Ukraine named after Ivan Cherniakhovskyi Povitroflotsky ave., 28, Kyiv, Ukraine, 03049

PhD, Associate Professor, Head of Institute

Aviation and Air Defense Institute

Аleksandr Yarovyi, National Technical University of Ukraine “Igor Sikorsky Kyiv Polytechnic Institute” Verkhnokliuchova str., 4, Kyiv, Ukraine, 03056

Head of Education Department

Institute of Special Communication and Information Security

References

  1. Gordon, L. A., Loeb, M. P., Lucyshyn, W. (2003). Sharing information on computer systems security: An economic analysis. Journal of Accounting and Public Policy, 22 (6), 461–485. doi: https://doi.org/10.1016/j.jaccpubpol.2003.09.001
  2. Huang, C. D., Hu, Q., Behara, R. S. (2006). Economics of information security investment in the case of simultaneous attacks. The Fifth Workshop on the Economics of Information Security. Available at: http://weis2006.econinfosec.org/docs/15.pdf
  3. Gordon, L. A., Loeb, M. P. (2002). The economics of information security investment. ACM Transactions on Information and System Security, 5 (4), 438–457. doi: https://doi.org/10.1145/581271.581274
  4. Gordon, L. A., Loeb, M. P. (2006). Budgeting process for information security expenditures. Communications of the ACM, 49 (1), 121–125. doi: https://doi.org/10.1145/1107458.1107465
  5. Böhme, R., Nowey, T. (2008). Economic Security Metrics. Lecture Notes in Computer Science, 176–187. doi: https://doi.org/10.1007/978-3-540-68947-8_15
  6. Gordon, L. A., Loeb, M. P., Lucyshyn, W. (2003). Information security expenditures and real options: a wait-and-see approach. Computer Security Journal, 19 (2), 1–7.
  7. Suby, M., Dickson, F. (2015). The 2015 (ISC)2 Global Information Security Workforce Study. A Frost & Sullivan White Paper, 46. Available at: https://www.isc2.org/-/media/Files/Research/GISWS-Archive/GISWS-2015.ashx?la=en&hash=01D5BD45477FB7B45EF773366CF7D1D9BB6A6753
  8. Whitman, M. E. (2003). Enemy at the gate. Communications of the ACM, 46 (8), 91–95. doi: https://doi.org/10.1145/859670.859675
  9. Gordon, L. A., Loeb, M. P., Lucyshyn, W., Zhou, L. (2015). The impact of information sharing on cybersecurity underinvestment: A real options perspective. Journal of Accounting and Public Policy, 34 (5), 509–519. doi: https://doi.org/10.1016/j.jaccpubpol.2015.05.001
  10. Gordon, L. A., Loeb, M. P., Zhou, L. (2016). Investing in Cybersecurity: Insights from the Gordon-Loeb Model. Journal of Information Security, 07 (02), 49–59. doi: https://doi.org/10.4236/jis.2016.72004
  11. Magic Quadrant for Security Information and Event Management. Available at: https://www.novell.com/docrep/documents/yuufbom4u2/gartner_magic_quadrant_siem_report_may2011.pdf
  12. Shameli-Sendi, A., Aghababaei-Barzegar, R., Cheriet, M. (2016). Taxonomy of information security risk assessment (ISRA). Computers & Security, 57, 14–30. doi: https://doi.org/10.1016/j.cose.2015.11.001
  13. Gartner IT Key Metrics Data 2012: IT Enterprise Summary Report. Available at: https://www.slideshare.net/vashistvishal/itkmd12-it-enterprisesummaryreport
  14. Anderson, R. (2001). Why information security is hard - an economic perspective. Seventeenth Annual Computer Security Applications Conference. doi: https://doi.org/10.1109/acsac.2001.991552
  15. Halliday, S., Badenhorst, K., von Solms, R. (1996). A business approach to effective information technology risk analysis and management. Information Management & Computer Security, 4 (1), 19–31. doi: https://doi.org/10.1108/09685229610114178
  16. Khanmohammadi, K., Houmb, S. H. (2010). Business Process-Based Information Security Risk Assessment. 2010 Fourth International Conference on Network and System Security. doi: https://doi.org/10.1109/nss.2010.37
  17. Yevseiev, S. (2016). Methodology for information technologies security evaluation for automated banking systems of Ukraine. Ukrainian Scientific Journal of Information Security, 22 (3), 297–309. doi: https://doi.org/10.18372/2225-5036.22.11103
  18. Willemson, J. (2006). On the Gordon & Loeb model for information security investment. The Fifth Workshop on the Economics of Information Security. University of Cambridge.
  19. Willemson, J. (2010). Extending the Gordon and Loeb Model for Information Security Investment. 2010 International Conference on Availability, Reliability and Security. doi: https://doi.org/10.1109/ares.2010.37
  20. Derrick Huang, C., Hu, Q., Behara, R. S. (2008). An economic analysis of the optimal information security investment in the case of a risk-averse firm. International Journal of Production Economics, 114 (2), 793–804. doi: https://doi.org/10.1016/j.ijpe.2008.04.002
  21. Wang, Q., Zhu, J. (2016). Optimal information security investment analyses with the consideration of the benefits of investment and using evolutionary game theory. 2016 2nd International Conference on Information Management (ICIM). doi: https://doi.org/10.1109/infoman.2016.7477542
  22. Gordon, L. A., Loeb, M. P., Lucyshyn, W. (2003). Sharing information on computer systems security: An economic analysis. Journal of Accounting and Public Policy, 22 (6), 461–485. doi: https://doi.org/10.1016/j.jaccpubpol.2003.09.001
  23. Derrick Huang, C., Behara, R. S., Hu, Q. (2007). Chapter 3 Economics of Information Security Investment. Handbooks in Information Systems, 53–69. doi: https://doi.org/10.1016/s1574-0145(06)02003-4
  24. Bodin, L. D., Gordon, L. A., Loeb, M. P. (2005). Evaluating information security investments using the analytic hierarchy process. Communications of the ACM, 48 (2), 78–83. doi: https://doi.org/10.1145/1042091.1042094
  25. Mamers, T. (2018). The art and science of information security investments for small enterprises. Tallinn, 109.
  26. Kanungo, S. (2006). Portfolio approach to information technology security resource allocation decisions. The Tenth Pacific Asia Conference on Information Systems, 286–299.
  27. Ojamaa, A., Tyugu, E., Kivimaa, J. (2008). Pareto-optimal situaton analysis for selection of security measures. MILCOM 2008 - 2008 IEEE Military Communications Conference. doi: https://doi.org/10.1109/milcom.2008.4753520
  28. Kirt, T., Kivimaa, J. (2010). Optimizing IT Security costs by evolutionary algorithms. Conference on Cyber Conflict Proceedings. Tallinn, 145–160.
  29. Dewri, R., Ray, I., Poolsappasit, N., Whitley, D. (2012). Optimal security hardening on attack tree models of networks: a cost-benefit analysis. International Journal of Information Security, 11 (3), 167–188. doi: https://doi.org/10.1007/s10207-012-0160-y
  30. Khouzani, M., Malacaria, P., Hankin, C., Fielder, A., Smeraldi, F. (2016). Efficient Numerical Frameworks for Multi-objective Cyber Security Planning. Lecture Notes in Computer Science, 179–197. doi: https://doi.org/10.1007/978-3-319-45741-3_10
  31. Panaousis, E., Fielder, A., Malacaria, P., Hankin, C., Smeraldi, F. (2014). Cybersecurity Games and Investments: A Decision Support Approach. Decision and Game Theory for Security, 266–286. doi: https://doi.org/10.1007/978-3-319-12601-2_15
  32. Zhuo, Y., Solak, S. (2014). Measuring and Optimizing Cybersecurity Investments: A Quantitative Portfolio Approach. Proceedings of the 2014 Industrial and Systems Engineering Research Conference.
  33. Buldas, A., Laud, P., Priisalu, J., Saarepera, M., Willemson, J. (2006). Rational Choice of Security Measures Via Multi-parameter Attack Trees. Lecture Notes in Computer Science, 235–248. doi: https://doi.org/10.1007/11962977_19
  34. Levchenko, E. G., Prus, R. B., Rabchun, D. I. (2013). Conditions of saddle point existence in multilevel information security systems. Bezpeka informatsiyi, 19 (1), 70–76.
  35. Levchenko, Ye. H., Demchyshyn, M. V., Rabchun, A. O. (2011). The mathematical models of economic management of information security. Systemni doslidzhennia ta informatsiyni tekhnolohiyi, 4, 88–96.
  36. Vlasov, D. A., Sinchukov, A. V. Teoriya igr: filosofskie i metodicheskie osobennosti. Available at: https://dspace.kpfu.ru/xmlui/bitstream/handle/net/110961/mathedu2016_123_127.pdf?sequence=-1&isAllowed=y
  37. Goryashko, A. P. (2014). Game Theory: From Analysis to Synthesis (Survey of the Markets Design Results). Cloud of Science, 1 (1).
  38. Kotenko, I. V., Ulanov, A. V. (2006). Komandy agentov v kiberprostranstve: modelirovanie protsessov zashchity informatsii v global'nom Internete. Trudy ISA RAN, 27, 108–129.
  39. Akhmetov, B., Kydyralina, L., Lakhno, V., Mohylnyi, G., Akhmetova, J., Tashimova, A. (2018). Model for a computer decision support system on mutual investment in the cybersecurity of educational institutions. International Journal of Mechanical Engineering and Technology, 9 (10), 1114–1122.
  40. Yevseiev, S., Aleksiyev, V., Balakireva, S., Peleshok, Y., Milov, O., Petrov, O. et. al. (2019). Development of a methodology for building an information security system in the corporate research and education system in the context of university autonomy. Eastern-European Journal of Enterprise Technologies, 3 (9 (99)), 49–63. doi: https://doi.org/10.15587/1729-4061.2019.169527
  41. Milov, O., Voitko, A., Husarova, I., Domaskin, O., Ivanchenko, Y., Ivanchenko, I. et. al. (2019). Development of methodology for modeling the interaction of antagonistic agents in cybersecurity systems. Eastern-European Journal of Enterprise Technologies, 2 (9 (98)), 56–66. doi: https://doi.org/10.15587/1729-4061.2019.164730
  42. Behara, R., Huang, C. D., Hu, Q. (2007). A System Dynamics Model of Information Security Investments. ECIS 2007 Proceedings, 177. Available at: http://aisel.aisnet.org/ecis2007/177
  43. Marco, C., Nizovtsev, D. (2006). Understanding and Influencing Attackers' Decisions: Implications for Security Investment Strategies. Proceedings of the Fifth Workshop on the Economics of Information Security. Cambridge.

Downloads

Published

2019-08-15

How to Cite

Milov, O., Yevseiev, S., Ivanchenko, Y., Milevskyi, S., Nesterov, O., Puchkov, O., Salii, A., Timochko, O., Tiurin, V., & Yarovyi А. (2019). Development of the model of the antagonistic agents behavior under a cyber conflict. Eastern-European Journal of Enterprise Technologies, 4(9 (100), 6–19. https://doi.org/10.15587/1729-4061.2019.175978

Issue

Vol. 4 No. 9 (100) (2019): Information and controlling system

Section

Information and controlling system

License

Copyright (c) 2019 Oleksandr Milov, Serhii Yevseiev, Yevheniia Ivanchenko, Stanislav Milevskyi, Oleksandr Nesterov, Oleksandr Puchkov, Anatolii Salii, Oleksandr Timochko, Vitalii Tiurin, Аleksandr Yarovyi

Creative Commons License

This work is licensed under a Creative Commons Attribution 4.0 International License.

The consolidation and conditions for the transfer of copyright (identification of authorship) is carried out in the License Agreement. In particular, the authors reserve the right to the authorship of their manuscript and transfer the first publication of this work to the journal under the terms of the Creative Commons CC BY license. At the same time, they have the right to conclude on their own additional agreements concerning the non-exclusive distribution of the work in the form in which it was published by this journal, but provided that the link to the first publication of the article in this journal is preserved.

A license agreement is a document in which the author warrants that he/she owns all copyright for the work (manuscript, article, etc.).
The authors, signing the License Agreement with TECHNOLOGY CENTER PC, have all rights to the further use of their work, provided that they link to our edition in which the work was published.
According to the terms of the License Agreement, the Publisher TECHNOLOGY CENTER PC does not take away your copyrights and receives permission from the authors to use and dissemination of the publication through the world's scientific resources (own electronic resources, scientometric databases, repositories, libraries, etc.).
In the absence of a signed License Agreement or in the absence of this agreement of identifiers allowing to identify the identity of the author, the editors have no right to work with the manuscript.
It is important to remember that there is another type of agreement between authors and publishers – when copyright is transferred from the authors to the publisher. In this case, the authors lose ownership of their work and may not use it in any way.