Analysis of Features and Prospects of Application of Dynamic Iterative Assessment of Information Security Risks

Berestov, Denis та Kurchenko, Oleg та Shcheblanin, Yuri та Korshun, Natalia та Опришко, Тетяна Сергіївна (2021) Analysis of Features and Prospects of Application of Dynamic Iterative Assessment of Information Security Risks CEUR Workshop Proceedings, Workshop on Cybersecurity Providing in Information and Telecommunication Systems (2923). с. 329-335. ISSN 16130073

Текст T_Opryshko_CEUR_21_L.pdf Download (1MB)

Анотація

The article is devoted to the approach to information security risk analysis. The factors influencing the risk analysis process are defined. In such a task there is always a prior probabilistic information about the implementation of threats, which may be changed after the receipt of new expert assessments or as a result of observation of relevant events. One way of “revision” of the relative acceptability of probabilistic models is Bayesian approach, the essence of which implies that the degrees of trust in possible probabilistic models to obtain data are considered. After the information has been received, the probabilities are re-evaluated. In the analysis of information security risks, probabilistic models of the studied systems are used. Probabilistic space of events in the field of information security is determined and in probabilistic space the probabilistic measure is set by this or that method. To solve this problem an artificial neural network can be used. As an alternative to Bayesian approach, the method of maximum function of likelihood can be considered, which is used in the statistical estimation of distribution parameters. Bayesian approach to solving problems has advantages, as many properties of estimates obtained using the likelihood ratio are not performed in the case of a small sample size. Applying Bayesian approach also helps to solve the question of mathematical methods of assessment of prior values that can take the parameters of information security risk. In the presence of a large amount of statistics, the wrong choice of a prior distribution of probabilities will not significantly affect a posterior one. In the absence of such data it is expedient to choose a distribution that minimally affects a posterior distribution. The estimation of probability of realization of threats to information security exploiting relevant vulnerabilities is obtained by using Bayesian network.

Тип елементу :	Стаття
Ключові слова:	Bayesian approach; Information system model; Neural network; Prognostication; Risk; Vulnerability
Типологія:	Це архівна тематика Київського університету імені Бориса Грінченка > Статті у наукометричних базах > Scopus
Підрозділи:	Це архівні підрозділи Київського університету імені Бориса Грінченка > Бібліотека Це архівні підрозділи Київського університету імені Бориса Грінченка > Факультет інформаційних технологій та математики > Кафедра інформаційної та кібернетичної безпеки імені професора Володимира Бурячка
Користувач, що депонує:	Тамара Ростовцева
Дата внесення:	20 Серп 2021 10:31
Останні зміни:	08 Квіт 2022 17:30
URI:	https://elibrary.kubg.edu.ua/id/eprint/36997

Actions (login required)

Перегляд елементу