Assessment of the actual security of the information system by studying the equivalence of the applied technologies
Abstract
This research is devoted to one of the urgent problems in the field of security provision, implemented in various areas of human activity related to information systems. It is associated with a typical situation of discrepancy between the costs of improving security methods and the level of security achieved in this case. It is shown that one of the most promising methodological approaches aimed at finding a solution to this problem is related to the study of the prospects for adapting existing solutions with integration into the computing environment that implement the new technology. In accordance with this concept, the equivalent transition between information technologies should be implemented while maintaining the level of overall information security. The main research goal was determined – it concerns the development of an analytical model for controlling the equivalence of information technologies in information security systems. The current state in the field of information security was analyzed. It was revealed that the tools and mechanisms existing today and presented on the relevant market that prevent risks and threats to the functioning of information systems associated with data theft and distortion are “narrow”, that is, adapted to solving local problems facing attackers.
References
Aboaoja, F. A., Zainal, A., Ghaleb, F. A., Al-rimy, B. A. S., Eisa, T. A. E., & Elnour, A. A. H. (2022). Malware detection issues, challenges, and future directions: A survey. Applied Sciences, 12(17), 8482. https://doi.org/10.3390/app12178482
Al-Asli, M., & Ghaleb, T. A. (2019). Review of signature-based techniques in antivirus products. 2019 International Conference on Computer and Information Sciences (ICCIS). https://doi.org/10.1109/iccisci.2019.8716381
Barbosa, R. R. R., Sadre, R., & Pras, A. (2013). Flow whitelisting in SCADA networks. International Journal of Critical Infrastructure Protection, 6(3–4), 150–158. https://doi.org/10.1016/j.ijcip.2013.08.003
Bashendy, M., Tantawy, A., & Erradi, A. (2023). Intrusion response systems for cyber-physical systems: A comprehensive survey. Computers & Security, 124, 102984. https://doi.org/10.1016/j.cose.2022.102984
Bist, A. S. (2013). Code emulation technique for computer virus detection. International Journal of Engineering Sciences and Research Technology, 2(12), 3479–3481.
Dhanasekar, D., Di Troia, F., Potika, K., & Stamp, M. (2018). Detecting Encrypted and Polymorphic Malware Using Hidden Markov Models. Guide to Vulnerability Analysis for Computer Networks and Systems, 281–299. https://doi.org/10.1007/978-3-319-92624-7_12
Gopinath M., & Sethuraman, S. C. (2023). A comprehensive survey on deep learning based malware detection techniques. Computer Science Review, 47, 100529. https://doi.org/10.1016/j.cosrev.2022.100529
Huh, J. H., Lyle, J., Namiluko, C., & Martin, A. (2011). Managing application whitelists in trusted distributed systems. Future Generation Computer Systems, 27(2), 211–226. https://doi.org/10.1016/j.future.2010.08.014
Kaur, J., & Ramkumar, K. R. (2022). The recent trends in cyber security: A review. Journal of King Saud University - Computer and Information Sciences, 34(8), 5766–5781. https://doi.org/10.1016/j.jksuci.2021.01.018
Khayrutdinov, M. M., Golik, V. I., Aleksakhin, A. V., Trushina, E. V., Lazareva, N. V., & Aleksakhina, Y. V. (2022). Proposal of an algorithm for choice of a development system for operational and environmental safety in mining. Resources, 11(10), 88. https://doi.org/10.3390/resources11100088
Kirilchuk, S., Reutov, V., Nalivaychenko, E., Shevchenko, E., & Yaroshenko, A. (2022). Ensuring the security of an automated information system in a regional innovation cluster. Transportation Research Procedia, 63, 607–617. https://doi.org/10.1016/j.trpro.2022.06.054
Levy, A., & Shalom, B. R. (2020). Online parameterized dictionary matching with one gap. Theoretical Computer Science, 845, 208–229. https://doi.org/10.1016/j.tcs.2020.09.016
Ling, X., Wu, L., Zhang, J., Qu, Z., Deng, W., Chen, X., Qian, Y., Wu, C., Ji, S., Luo, T., Wu, J., & Wu, Y. (2023). Adversarial attacks against Windows PE malware detection: A survey of the state-of-the-art. Computers & Security, 128, 103134. https://doi.org/10.1016/j.cose.2023.103134
Madan, S., Sofat, S., & Bansal, D. (2022). Tools and techniques for collection and analysis of internet-of-things malware: A systematic state-of-art review. Journal of King Saud University - Computer and Information Sciences, 34(10), 9867–9888. https://doi.org/10.1016/j.jksuci.2021.12.016
Meridji, K., Al-Sarayreh, K. T., Abran, A., & Trudel, S. (2019). System security requirements: A framework for early identification, specification and measurement of related software requirements. Computer Standards & Interfaces, 66, 103346. https://doi.org/10.1016/j.csi.2019.04.005
Moreira, N., Molina, E., Lázaro, J., Jacob, E., & Astarloa, A. (2016). Cyber-security in substation automation systems. Renewable and Sustainable Energy Reviews, 54, 1552–1562. https://doi.org/10.1016/j.rser.2015.10.124
Rehman, Z.-U., Khan, S. N., Muhammad, K., Lee, J. W., Lv, Z., Baik, S. W., Shah, P. A., Awan, K., & Mehmood, I. (2018). Machine learning-assisted signature and heuristic-based detection of malwares in Android devices. Computers & Electrical Engineering, 69, 828–841. https://doi.org/10.1016/j.compeleceng.2017.11.028
Seo, J., & Lee, S. (2018). Abnormal behavior detection to identify infected systems using the APChain algorithm and behavioral profiling. Security and Communication Networks, 2018, 1–24. https://doi.org/10.1155/2018/9706706
Sharma, A., Gupta, B. B., Singh, A. K., & Saraswat, V. K. (2022). Orchestration of APT malware evasive manoeuvers employed for eluding anti-virus and sandbox defense. Computers & Security, 115, 102627. https://doi.org/10.1016/j.cose.2022.102627
Shaukat, K., Luo, S., & Varadharajan, V. (2022). A novel method for improving the robustness of deep learning-based malware detectors against adversarial attacks. Engineering Applications of Artificial Intelligence, 116, 105461. https://doi.org/10.1016/j.engappai.2022.105461
Shukla, A., Katt, B., Nweke, L. O., Yeng, P. K., & Weldehawaryat, G. K. (2022). System security assurance: A systematic literature review. Computer Science Review, 45, 100496. https://doi.org/10.1016/j.cosrev.2022.100496
Sibi Chakkaravarthy, S., Sangeetha, D., & Vaidehi, V. (2019). A Survey on malware analysis and mitigation techniques. Computer Science Review, 32, 1–23. https://doi.org/10.1016/j.cosrev.2019.01.002
Syed, N. F., Shah, S. W., Trujillo-Rasua, R., & Doss, R. (2022). Traceability in supply chains: A Cyber security analysis. Computers & Security, 112, 102536. https://doi.org/10.1016/j.cose.2021.102536
Tatarkanov, A., Lampezhev, A., Polezhaev, D., & Tekeev, R. (2022a). Development of components of a distributed fault tolerant medical data storage system. International Journal of Engineering Trends and Technology, 70(12), 76–89. https://doi.org/10.14445/22315381/ijett-v70i12p209
Tatarkanov, A., Lampezhev, A., Polezhaev, D., & Tekeev, R. (2022b). Suboptimal biomedical diagnostics in the presence of random perturbations in the data. International Journal of Engineering Trends and Technology, 70(11), 129–137. https://doi.org/10.14445/22315381/ijett-v70i11p213
Uchendu, B., Nurse, J. R. C., Bada, M., & Furnell, S. (2021). Developing a cyber security culture: Current practices and future needs. Computers & Security, 109, 102387. https://doi.org/10.1016/j.cose.2021.102387
Vouvoutsis, V., Casino, F., & Patsakis, C. (2022). On the effectiveness of binary emulation in malware classification. Journal of Information Security and Applications, 68, 103258. https://doi.org/10.1016/j.jisa.2022.103258
Wang, G.-Y. (2022). Churn prediction for high-value players in freemium mobile games: Using random under-sampling. Statistika: Statistics and Economy Journal, 102(4), 443–453. https://doi.org/10.54694/stat.2022.18
Wang, Y., Jia, P., Peng, X., Huang, C., & Liu, J. (2023). BinVulDet: Detecting vulnerability in binary program via decompiled pseudo code and BiLSTM-attention. Computers & Security, 125, 103023. https://doi.org/10.1016/j.cose.2022.103023
Wang, Y., Li, Q., Chen, Z., Zhang, P., & Zhang, G. (2020). A survey of exploitation techniques and defenses for program data attacks. Journal of Network and Computer Applications, 154, 102534. https://doi.org/10.1016/j.jnca.2020.102534
Yang, Z., Liu, X., Li, T., Wu, D., Wang, J., Zhao, Y., & Han, H. (2022). A systematic literature review of methods and datasets for anomaly-based network intrusion detection. Computers & Security, 116, 102675. https://doi.org/10.1016/j.cose.2022.102675
Zelinka, I., Das, S., Sikora, L., & Šenkeřík, R. (2018). Swarm virus - Next-generation virus and antivirus paradigm? Swarm and Evolutionary Computation, 43, 207–224. https://doi.org/10.1016/j.swevo.2018.05.003
Zhai, X., Appiah, K., Ehsan, S., Howells, G., Hu, H., Gu, D., & McDonald-Maier, K. (2015). Exploring ICMetrics to detect abnormal program behaviour on embedded devices. Journal of Systems Architecture, 61(10), 567–575. https://doi.org/10.1016/j.sysarc.2015.07.007
Downloads
Copyright (c) 2023 Revista Colombiana de Computación
This work is licensed under a Creative Commons Attribution-NonCommercial-ShareAlike 4.0 International License.
