№ 4 (50)

The emergence in Europe of a new concept of personal data (PD) protection in 2018 did not find wide coverage in the domestic press. The PD protection system in this concept has changed somewhat in the direction of expanding both the very concept of “personal data”, and in the direction of creating strict mechanisms for ensuring and controlling security. The purpose of the article: the development of a unified model for the presentation of PD to solve certain problems. This allows you to determine the minimum required number of parameters in the PD model with a certain probability of solving these problems and develop a mechanism for responsibility for their processing.The proposed model can be used as a novel approach to solving the problems of secure processing, storage, transfer and liability.Main research methods: system analysis of existing normative and other documents, set theory and algebra of logic.Scientific novelty. A new approach to the description of the PD model is proposed, based on the solution of 2 groups of tasks that require the use of this data. The classes of security threats to the subject of PD in case of their compromise are determined. Requirements for information security systems and mechanisms of responsibility of personal data operators are formulated.
Keywords: information security, personal data model, threats, personal data operator, responsibility, GDPR.

1. Soldatova V.I. Zashhita personal’nyh dannyh v uslovijah primenenija cifrovyh tehnologij. Lex russica (Russkij zakon). 2020;73(2). S.33-43. https://doi.org/10.17803/1729-5920.2020.159.2.033-043
2. Mochalov A. N. Cifrovoj profil’: osnovnye riski dlja konstitucionnyh prav cheloveka v uslovijah pravovoj neopredelennosti // Lex russica. — 2021. — T. 74. — № 9. — S. 88–101. — DOI: 10.17803/1729-5920.2021.178.9.088-101.
3. Chris Jay Hofnagle, Bart van der Sloot and Frederik Zuiderveen Borgesius (2019) European Union General Data Protection Regulation: What it is and what it means, Information and Communications Technology Act, 28:1, 65-98, DOI: 10.1080/ 13600834.2019 .1573501
4. Cheharina V. I. O konstitucionalizacii prava na zashhitu personal›nyh dannyh: iz zarubezhnogo opyta //Mezhdunarodnyj zhurnal gumanitarnyh i estestvennyh nauk. – 2020. – №. 3-2. – S. 223-228.
5. Haritonova A. R. Sohrannost› i anonimnost› personal›nyh dannyh v social›nyh setjah //Predprinimatel›skoe pravo. Prilozhenie» Pravo i Biznes». – 2019. – №. 4. – S. 48-55.
6. Kuznecova S. S. Pravo na anonimnost› v seti Internet: aktual›nye voprosy realizacii i zashhity // Rossijskoe pravo: obrazovanie, praktika, nauka. 2020. № 5. S. 33–41. DOI: 10.34076/2410-2709-2020-5-33-41
7. Karchija A. A. Tendencii razvitija pravovyh institutov pod vlijaniem pandemii: rossijskij i zarubezhnyj opyt //Monitoring pravoprimenenija. – 2021. – №. 1 (38). – S. 10-15.
8. Dokuchaev V. A., Maklachkova V. V., Stat›ev V. Ju. Klassifikacija ugroz bezopasnosti personal›nyh dannyh v informacionnyh sistemah // T-Comm - Telekommunikacii i Transport.– 2020. № 1
9. Rozhkova M. A., Glonina V. N. Personal›nye i nepersonal›nye dannye v sostave bol›shih dannyh // Pravo cifrovoj jekonomiki–2020. Ezhegodnik-antologija/ruk. i nauch. red. MA Rozhkova. Moskva: Statut. – 2020. – S. 271-296.
10. Ingo Siegert, Vered Silber Varod, Nehoray Carmi, Pawel Kamocki (2020) Personal data protection and academia: GDPR issues and multi-modal datacollections «in the wild»\ Article in Online Journal of Applied Knowledge Management · June 2020. DOI: 10.36965/OJAKM.2020.8(1)16-31
11. Smolenskij M. B., Levshin N. S. Zakonodatel›stvo o personal›nyh dannyh kak instrument gosudarstvennogo regulirovanija v sfere informacionnyh kommunikacij // Nauka i obrazovanie: hozjajstvo i jekonomika; predprinimatel›stvo; pravo i upravlenie. – 2019. – №. 5. – S. 75-80.
12. Modelirovanie riskov informacionnoj bezopasnosti v cifrovoj jekonomike: monografija / A.S. Minzov, E.N. Cheremisina, N.A. Tokareva, S.V. Bobyleva; pod red. A.S. Minzova. — M.: KURS, 2021. — 112 s.
13. Stankevich M.A., Ignat’ev N.A., Smirnov I.V., Kisel’nikova N.V. Vyjavlenie lichnostnyh chert u pol’zovatelej social’noj seti VKontakte // Voprosy kiberbezopasnosti. 2019. № 4 (32). S. 80-87. DOI: 10.21681/2311-3456-2019-4-80-87
14. Kondakov S.E., Chudin K.S. Razrabotka issledovatel’skogo apparata ocenki jeffektivnosti mer obespechenija zashhity personal’nyh dannyh // Voprosy kiberbezopasnosti. 2021. № 5 (45). S. 45-51. DOI: 10.21681/2311-3456-2021-5-45-51
15. Dorofeev A.V., Markov A.S. Strukturirovannyj monitoring otkrytyh personal’nyh dannyh v seti internet // Monitoring pravoprimenenija. 2016. № 1 (18). S. 41-53.

Purpose: assessment of the possibility, de nition of conditions and a brief description of the relational languages of logical-linguistic modeling for a formalized description and presentation of the processes of implementing information security threats in information systems.Method: application of the logical-linguistic modeling apparatus, which makes it possible to formally describe information security threats and a set of actions performed in the course of their implementation, taking into account the capabilities of relational description languages, such as Codd's language, context-free plex-language, RX-code language, syntagmatic chains and semantic networks.Result: a brief description and comparative analysis of relational description languages and features that affect the possibility of their use for describing threats to information security and logical-linguistic modeling of their implementation processes are given. The expediency of such modeling is shown when creating promising expert systems designed for automated and automatic analysis of threats, when maintaining a data bank of threats based on the results of monitoring publications about them on the Internet.Examples of constructing formal logical-linguistic descriptions of well-known threats of computer attacks on information systems using RX-code languages and semantic networks are given, proposals are made for expanding the language of semantic networks to describe threats, taking into account new data on threats and methods for their implementation.It is noted that the proposed approach to modeling the processes of implementation of information security threats, as a rule, is applicable in the absence of the need to take into account the time factor when assessing the possibilities of their implementation.
Keywords: security threat, relational language, assessment, functional model, Petri-Markov net, security measure.

1. Jazov Ju.K., Solov’ev S.V. Organizacija zashhity informacii v informacionnyh sistemah ot nesankcionirovannogo dostupa. Monografija. – Voronezh: Kvarta. 2018. – 588 s. ISBN 978-5-93737-158-4
2. Kireeva N.V., Pozdnjak I.S., Filippov N.V. Podhod k sozdaniju jekspertnoj sistemy ocenki informacionnoj bezopasnosti
telekommunikacionnyh sistem // Jelektrosvjaz’. 2022. №2. S. 61 – 66. ISSN 0013-5771
3. Zegzhda P.D., Anisimov V.G., Suprun A.F., Anisimov E.G., Saurenko T.N. Modeli i metod podderzhki prinjatija reshenij po obespecheniju informacionnoj bezopasnosti informacionno-upravljajushhih sistem // Problemy informacionnoj bezopasnosti. Komp’juternye sistemy. 2018 . №1. S. 43 – 47. ISSN 2071-8217
4. Bukatova I.L. Jevoljucionnoe modelirovanie: idei, osnovy teorii, prilozhenija. M.: Znanie, 2020. – 888 c.
5. Balan V.P., Dushkin A.V., Novosel’cev V.I., Sumin V.I. Vvedenie v sistemnoe proektirovanie intellektual’nyh baz znanij / Pod red. V.I. Novosel’ceva – M.: Gorjachaja linija – Telekom. 2016. – 107 s. ISBN 978-5-9912-0589-4
6. Kravchenko Ju.A. Zadachi semanticheskogo poiska, klassifikacii, strukturizacii i integracii informacii v kontekste problem upravlenija znanijami // Izvestija JuFU. Tehnicheskie nauki. 2016. №7(180). S. 6 – 18. ISSN 1999 – 9429
7. Marchenko A.A. Metod avtomaticheskogo postroenija ontologicheskih baz znanij. II. Avtomaticheskoe opredelenie semanticheskih otnoshenij v ontologicheskoj seti // Kibernetika i sistemnyj analiz. 2016. Tom 52, №2. ISSN 0023-1274
8. Jarushkina N.G., Moshkin V.S., Filippov A.A., Gus’kov G.Ju. Romanov A.A., Namestikov A.M. Razrabotka programmnoj sistemy semanticheskogo analiza kontenta social’nyh media. Matematicheskoe modelirovanie infokommunikacionnyh sistem // Radiotehnika. 2018. №6. S.73 – 79. ISSN 033-8486
9. Umara Noor, Zahid Anwar, Asad Waqar Malik, Sharifullah Khan, Shahzad Saleem A machine learning framework for investigating data breaches based on semantic analysis of adversary’s attack patterns in threat intelligence repositories // Future Generation Computer Systems. 2019. Volume 95. S.467 – 487. DOI 10.1016/Future.2019.01.022
10. Dojnikova E.V. Fedorchenko A.V., Kotenko I.V., Novikova E.S. Metodika ocenivanija zashhishhennosti na osnove semanticheskoj modeli metrik i dannyh // Voprosy kiberbezopasnosti. 2021. №1 (41). S. 29 – 40. DOI 10.21681/ 2311-3456-2021-1-29-40
11. Vasil’ev V.I., Vul’fin A.M., Kuchkarova N.V. Avtomatizacija analiza ujazvimostej programmnogo obespechenija na osnove tehnologii text mining // Voprosy kiberbezopasnosti. 2020. №4 (38). S. 22 – 31. DOI 10.21681/ 2311-3456-2020-04-22-31
12. Fedorchenko A.V., Dojnikova E.V., Kotenko I.V. Avtomatizirovannoe opredelenie aktivov i ocenka ih kritichnosti dlja analiza zashhishhennosti informacionnyh sistem // Trudy SPIIRAN. 2019. T.18. №5. S. 1182-1211. DOI 10.15622/ sp.2019.18.5.1182-1211
13. Garshina V.V., Stepancov V.A., Dankovceva A.Ju. Semanticheskij analiz informacionnyh riskov i ugroz na osnove ontologii standarta ISO/IES 27001 // Vestnik Voronezhskogo gosudarstvennogo universiteta, serija «Sistemnyj analiz i informacionnye tehnologii». 2018. №4. S. 73 – 80. ISSN 1995 – 5499
14. Bubakar I., Bud’ko M.B., Bud’ko M.Ju., Girik A.V. Ontologicheskoe obespechenie upravlenija riskami informacionnoj bezopasnosti. Trudy ISP RAN. 2021,tom 33, vyp. 5. S. 41-64. DOI: 10.15514/ISPRAS–2021–33(5)–3
15. Vasil’ev V. I., Vul’fin A. M., Kirillova A. D., Kuchkarova N. V. Metodika ocenki aktual’nyh ugroz i ujazvimostej na osnove tehnologij kognitivnogo modelirovanija i Text Mining // Sistemy upravlenija, svjazi i bezopasnosti. 2021. № 3. S. 110-134. DOI: 10.24412/2410-9916-2021-3-110-134
16. Jazov Ju.K., Anishhenko A.V. Seti Petri-Markova i ih primenenie dlja modelirovanija processov realizacii ugroz bezopasnosti informacii v informacionnyh sistemah. Monografija. – Voronezh: Kvarta, 2020. – 173 s. ISBN 978-5-93737-187-4

Purpose of the article: development of mechanisms for evaluating the actions of agents of complex information systems from the point of view of information security.Research method: game-theoretic models using stochastic modeling methods.The result: the description of the subject area of application of the model is given, it is shown that the actions of the violator and defender can be considered from the point of view of obtaining and further escalation of access rights on the objects of the information system. It is shown that the model of information confrontation between the defender and the violator can be represented by the triple “graph, agent, rules”. The de nition of the basic terms and concepts of the model is given. The basic principles of the model functioning have been developed. The possibility of implementing calculations of the results of agents' activities and the results of the game in the conditions of information uncertainty is shown. A list of basic values of the model is de ned that allow calculating the costs and winnings of the participants of the game. The basic rules for calculating costs and winnings have been developed. The input parameters of the model that are set during its initialization are de ned. The role and place of “playing with nature” for calculating the basic values of the model are shown.
Keywords:  information security model, assessment of complex systems, game-theoretic approach, information uncertainty, playing with nature.

1. Kalashnikov A.O. Infrastruktura kak kod: formiruetsya novaya real’nost’ informacionnoj bezopasnosti / A.O. Kalashnikov, K.A. Bugajskij // Informaciya i bezopasnost’. 2019. T. 22. № 4. S. 495-506.
2. Lavrova D. S. Modelirovanie setevoj infrastruktury’ slozhny’x ob”ektov dlya resheniya zadachi protivodejstviya kiberatakam / D. S. Lavrova, D. P. Zegzhda, E. A. Zajceva // Voprosy’ kiberbezopasnosti. – 2019. – № 2(30). – S. 13-20. DOI:10.21681/2311-3456-2019-2-13-20
3. Dojnikova E. V. Ocenivanie zashhishhennosti i vy’bor kontrmer dlya upravleniya kiberbezopasnost’yu / E. V. Dojnikova, I. V. Kotenko.
M.: RAN, 2021. — 184 s., ISBN 978-5-907366-23-7.
4. Seredkin S. P. Modelirovanie ugroz bezopasnosti informacii na osnove banka ugroz Federal’noj sluzhby’ po texnicheskomu i e’ksportnomu kontrolyu Rossii / S. P. Seredkin // Informacionny’e texnologii i matematicheskoe modelirovanie v upravlenii slozhny’mi sistemami. – 2022. – № 1(13). – S. 43-54.
5. Serdechny’j A. L. Modelirovanie, analiz i protivodejstvie scenariyam komp’yuterny’x atak, realizuemy’x gruppirovkoj APT29 v raspredelenny’x komp’yuterny’x sistemax / A. L. Serdechny’j, P. S. Krayushkin, M. A. Tarelkin, Yu. K. Yazov // Informaciya i bezopasnost’. – 2021. – T. 24. – № 1. – S. 83-92.
6. Serdechny’j A. L. Modelirovanie, analiz i protivodejstvie scenariyam komp’yuterny’x atak, realizuemy’x gruppirovkoj APT3 v raspredelenny’x komp’yuterny’x sistemax / A. L. Serdechny’j, A. V. Ajdarkin, M. A. Tarelkin, A. E. Deshina // Informaciya i bezopasnost’. – 2021. – T. 24. – № 1. – S. 35-46.
7. Budnikov S. A. Modelirovanie APT-atak, e’kspluatiruyushhix uyazvimost’ Zerologon / S. A. Budnikov, E. E. Butrik, S. V. Solov’ev // Voprosy’ kiberbezopasnosti. – 2021. – № 6(46). – S. 47-61. DOI:10.21681/2311-3456-2021-6-47-61
8. Egoshin N. S. Model’ tipovy’x ugroz bezopasnosti informacii, osnovannaya na modeli informacionny’x potokov / N. S. Egoshin // Doklady’ Tomskogo gosudarstvennogo universiteta sistem upravleniya i radioe’lektroniki. – 2021. – T. 24. – № 3. – S. 21-25.
9. Kondakov S. E. Model’ processa provedeniya komp’yuterny’x atak s ispol’zovaniem special’ny’x informacionny’x vozdejstvij / S. E. Kondakov, I. S. Rud’ // Voprosy’ kiberbezopasnosti. – 2021. № 5(45). S. 12-20. DOI:10.21681/2311-3456-2021-5-12-20
10. Ery’shov V. G. Modelirovanie processa zashhity’ ob”ektov kriticheskoj informacionnoj struktury’ promy’shlenny’x predpriyatij ot komp’yuterny’x atak / V. G. Ery’shov, R. D. Kulikov // Morskoj vestnik. – 2021. – № 1(77). – S. 91-96.11. Xovanskov S. A. Metodika zashhity’ raspredelenny’x vy’chislenij v mnogoagentnoj sisteme / S. A. Xovanskov, V. A. Litvinenko, V. S.
Xovanskova // Izvestiya YuFU. Texnicheskie nauki. – 2019. – № 4(206). S. 68-80.
12. Dojnikova E. V. Ocenka zashhishhennosti komp’yuterny’x setej na osnove metrik CVSS / E. V. Dojnikova, A. A. Chechulin, I. V. Kotenko // Informacionno-upravlyayushhie sistemy’. – 2017. – № 6(91). S. 76-87.
13. Puchkov V. V. Analiz zashhishhennosti kiberfizicheskix sistem s ispol’zovaniem grafov atak / V. V. Puchkov, I. V. Kotenko // Informacionnaya bezopasnost’ regionov Rossii (IBRR-2021) : Materialy’ konferencii, Sankt-Peterburg, 27–29 oktyabrya 2021 goda. – Sankt-Peterburg: Regional’naya obshhestvennaya organizaciya “Sankt-Peterburgskoe Obshhestvo informatiki, vy’chislitel’noj texniki, sistem svyazi i upravleniya”, 2021. – S. 98-100.
14. Levshun D. S. Problemny’e voprosy’ informacionnoj bezopasnosti kiberfizicheskix sistem / D. S. Levshun, D. A. Gajfulina, A. A. Chechulin, I. V. Kotenko // Informatika i avtomatizaciya. – 2020. – T. 19. – № 5. – S. 1050-1088.
15. Kalashnikov, A.O. Model’ upravleniya informacionnoj bezopasnost’yu kriticheskoj informacionnoj infrastruktury’ na osnove vy’yavleniya anomal’ny’x sostoyanij (chast’ 1) / A.O. Kalashnikov, E.V. Anikina // Informaciya i bezopasnost’. – 2018. – T. 21. – № 2. – S. 145-154.
16. Kalashnikov, A.O. Modeli kolichestvennogo ocenivaniya komp’yuterny’x atak / A.O. Kalashnikov, K.A. Bugajskij, E.V. Anikina // Informaciya i bezopasnost’. – 2019. – T. 22. – № 4. – S. 517-538.
17. Vdovikina N.V. Operacionny’e sistemy’: vzaimodejstvie processov / N.V. Vdovikina, I.V. Mashechkin, A.N. Terexin, A.N. Tomilin. – M.: MAKS Press, 2008. 216 s.

Purpose: on the basis of analysis of a comprehensive approach to the assessment of threats to information security to substantiate a methodological approach to a comprehensive description of the object of information protection with an assessment of its risks. Offer a tool for building private models and information security management system.Research method: use of partial integral index of security, which re ects the average risk of damage during the implementation of a threat of a certain type and characterizes the degree of danger. Analysis of the architecture of the object of assessment in relation to possible violations of information security, information security risk assessment using the apparatus of the theory of fuzzy sets when considering the methodological approach to a comprehensive description of the object of information security with an assessment of its risks.Result: proposed a comprehensive approach to assessing threats to the security of information. The assessment of the state of the protection object in case of violation of security is carried out with the help of particular integral index of security, which characterizes the possibility of in icting damage in its implementation, according to which the ranking is made. On the basis of this methodical approach to complex description of the object of information protection with an assessment of its risks, using analysis of architecture of the object in application to possible violations of information security, and also making an assessment of risk using the apparatus of the theory of fuzzy sets is substantiated. This methodical approach is a formal tool for building private models and information security management system as a whole. On the basis of these models, it is possible to develop: methods of quantitative estimation of security; methods and approaches to the description of the factors in uencing security; methods of security estimation of operating systems with use of the methodological approach to information systems security.
Keywords:  information security, information system, information protection, information security threat, information protection object, assessment object, cyberspace.

1. Koloskov, S. Strategija dejstvij ministerstva oborony SShA v kiberprostranstve / S. Koloskov // Zarubezhnoe voennoe obozrenie. - 2016. - № 10. - S. 3-7.
2. Batashov, V. Dejatel’nost’ ministerstva oborony SShA po razvitiju novyh tehnologij v sfere kiberbezopasnosti / V.Batashov // Zarubezhnoe voennoe obozrenie. - 2018. - № 10. - S. 10-13.
3. Harris Sh. Kiber vojn@. Pjatyj teatr voennyh dejstvij – M.: Al’pina non-fikshn, 2016. - 390 s.
4. Starodubcev Ju.I., Zakalkin P.V., Ivanov S.A. Mnogovektornyj konflikt v kiberprostranstve kak predposylka formirovanija novogo vida Vooruzhennyh Sil // Voennaja mysl’. 2021. № 12. S.126-135.
5. Bojko A.A. Boevaja jeffektivnost’ kiberatak: analiticheskoe modelirovanie sovremennogo boja. Sistemy upravlenija, svjazi i bezopasnosti. 2020. N 4. S. 101-133.
6. Starodubcev Ju.I., Zakalkin P.V., Ivanov S.A. Tehnosfernaja vojna kak osnovnoj sposob razreshenija konfliktov v uslovijah globalizacii // Voennaja mysl’. 2020. № 10. S.16-21.
7. Tumar V.A., Levchuk N.N. Kiberprostranstvo kak sreda protivoborstva: voennyj aspekt i Belorusskij opyt normotvorchestva // Vestnik Akademii voennyh nauk. 2020. № 3 (72). S.43-49.
8. Volodenkov S.V. Internet-kommunikacii v global’nom prostranstve sovremennogo politicheskogo upravlenija. – M.: Izdatel’stvo Moskovskogo universiteta; Prospekt, 2018. 272 s., il.
9. Durnev R.A., Krjukov K.Ju., Deduchenko F.M. Preduprezhdenie tehnogennyh katastrof, provociruemyh v hode voennyh dejstvij // Voennaja mysl’. 2019. № 10. S. 41-48.
10. Zarudnickij V.B. Harakter i soderzhanie voennyh konfliktov v sovremennyh uslovijah i obozrimoj perspektive // Voennaja mysl’. 2021. № 1. S.34-44.
11. Birjukov D.N., Lomako A.G., Petrenko S.A. Porozhdenie scenariev preduprezhdenija komp’juternyh atak.Zashhita informacii. Insajd. 2017. N 4 (76). S. 70-79.
12. Drobotun E.B. Teoreticheskie osnovy postroenija sistem zashhity ot komp’juternyh atak dlja avtomatizirovannyh sistem upravlenija. Monografija. – SPb.: Naukoemkie tehnologii, 2017. – 120 s., il. ISBN 978-5-9909412-2-9.
13. Markov A.S. Tehnicheskie reshenija po realizacii podsistem GosSOPKA. V knige: Upravlenie informacionnoj bezopasnost’ju v sovremennom obshhestve. Sbornik nauchnyh trudov V Mezhdunarodnoj nauchno-prakticheskoj konferencii. 2017. S. 85-96.
14. Lauta O.S., Kocynjak M.A., Ivanov D.A., Gudkov M.A. Modelirovanie komp’juternyh atak na osnove metoda preobrazovanija stohasticheskih setej. V sbornike: Radiolokacija, navigacija, svjaz’. Sbornik trudov XXIV Mezhdunarodnoj nauchno-tehnicheskoj konferencii. V 5-i tomah. 2018. S. 137-146.
15. Jazov Ju.K. Organizacija zashhity informacii v informacionnyh sistemah ot nesankcionirovannogo dostupa: monografija / Ju.K. Jazov, S.V. Solov’ev. Voronezh: Kvarta, 2018. – 588 s.
16. Begaev A.N., Begaev S.N., Fedotov V.A. Testirovanie na proniknovenie. SPb.: Universitet ITMO, 2018. – 45 s.
17. Dorofeev A.V., Lemberskaja E.H., Rautkin Ju.V. Analiz zashhishhennosti: normativnaja baza, metodologii i instrumenty.Zashhita informacii. Insajd. 2018. N 4 (82). S. 63-69.
18. Makarenko S.I. Audit bezopasnosti kriticheskoj infrastruktury special’nymi informacionnymi vozdejstvijami. Monografija. – SPb.: Naukoemkie tehnologii, 2018. – 122 s.
19. Kocynjak M.A., Lauta O.S., Ivanov D.A. Matematicheskaja model’ targetirovannoj komp’juternoj ataki.Naukoemkie tehnologii v kosmicheskih issledovanijah Zemli. 2019. T. 11. N 2. S. 73–81. DOI: 24411/2409-5419-2018-10261.
20. Dergunov I.Ju., Zima V.M., Glybovskij P.A., Mazhnikov P.V. Model’ processa intellektual’nogo testirovanija AS na proniknovenie s uchetom vremennyh parametrov.Zashhita informacii. Insajd. 2020. N 5 (95). S. 64-67.
21. Zhilenkov A.A., Chernyj S.G. Sistema bezavarijnogo upravlenija kriticheski vazhnymi ob#ektami v uslovijah kiberneticheskih atak // Voprosy kiberbezopasnosti. 2020. № 2 (36). S. 58-66. DOI:10.21681/2311-3456-2020-2-58-66.
22. Kotenko I.V., Kribel’ A.M., Lauta O.S., Saenko I.B. Analiz processa samopodobija setevogo trafika kak podhod k obnaruzheniju kiberatak na komp’juternye seti // Jelektrosvjaz’. 2020. № 12. S.54-59. DOI:10.34832/ELSV.2020.13.12.008.
23. Bochkov S.I., Makarenko G.I., Fedichev A.V. Ob okinavskoj hartii global’nogo informacionnogo obshhestva i zadachah razvitija rossijskih sistem kommunikacii // Pravovaja informatika. 2018. № 1. S. 4-14. DOI: 10.21681/1994-1404-2018-1-04-14
24. Romashkina N.P. Global’nye voenno-politicheskie problemy mezhdunarodnoj informacionnoj bezopasnosti: tendencii, ugrozy, perspektivy // Voprosy kiberbezopasnosti. 2019. № 1(29). S. 2-8. DOI: 10.21681/2311-3456-2019-1-2-9.
25. Karchija A.A., Makarenko G.I., Sergin M.Ju. Sovremennye trendy kiberugroz i transformacija ponjatija kiberbezopasnosti v uslovijah cifrovizacii sistemy prava // Voprosy kiberbezopasnosti. 2019. № 3 (31). S. 18-23. DOI: 10.21681/2311-3456- 2019-3-18-23.
26. Romashkina N.P., Markov A.S., Stefanovich D.V. Mezhdunarodnaja bezopasnost’, strategicheskaja stabil’nost’ i informacionnye tehnologii: Monografija / N.P. Romashkina, A.S. Markov, D.V. Stefanovich. – Moskva, 2020. Ser. Biblioteka Nacional’nogo issledovatel’skogo instituta mirovoj jekonomiki i mezhdunarodnyh otnoshenij imeni E.M. Primakova. – 98 s. il.
27. Kuleshov, Ju.E., Paskrobka, S.I., Sergienko, V.A., Kasanin, S.N. Metodicheskij podhod k ocenke verojatnostej realizacii ugroz bezopasnosti informacii/ Ju.E. Kuleshov, S.I. Paskrobka, V.A. Sergienko, S.N. Kasanin // Nauchno-proizvodstvennyj zhurnal «Vesnik suvjazi». - 2017. - №5. - S. 56-59.

Purpose of the paper: analysis of models and techniques used for attribution of cybersecurity violators in the interests of building a promising attribution system in the implementation of targeted attacks against critical information infrastructure objects.Research method: system analysis of open sources of data on the attribution of cyber-violators in the implementation of targeted attacks against critical information infrastructure objects over a period mainly over the last 5 years.The result obtained: based on the consideration of open sources, the paper presents an analysis of the models and techniques used to attribute cyber intruders in the implementation of targeted attacks and used both in scientific and practical projects. The paper analyzes new models used for attribution, allowing the collection of data at the tactical-technical and socio-political levels. The main indicators of ongoing cyber attacks and intruders that are essential for the implementation of attribution processes are identified. The procedure for generating data for profiling cybergroups is considered, as well as the possibility of using the considered models and techniques in the interests of building a promising system for attribution of a cyber intruder in the implementation of targeted attacks against critical information infrastructure objects. The analysis was carried out according to sources over a twenty-year period, meanwhile, the main works under consideration were published in the last 5 years. The analysis does not claim to be complete, but an attempt is made to cover the most signi cant studies.Scientific novelty lies in the fact that the presented paper is one of the first domestic works that provides a detailed analysis of studies published in recent years in the field of attribution of cyber security violators. Models such as «cyber intrusion chain», «unified cyber intrusion chain», Diamond basic and extended intrusion analysis models, ATT&CK model are considered. Examples of attribution methods for argumentation-based reasoning with evidence at the technical and social levels and the use of technical artifacts to identify false flags in attribution are given. Besides, the paper also lists trends in the usage of modern solutions for detecting and attributing attacks based on artificial intelligence and machine learning.
Keywords: cyber attack, cyber operation, critical infrastructure, artificial intelligence, machine learning, advanced persistent threat, intrusion detection, intruder profiling, cyber кill сhain.

1. Stefano M. La strategia della Nato in ambito cyber / Mele Stefano // Europa Atlantica: [website] – URL: https://europaatlantica.it/
firewall/2019/06/la-strategia-della-nato-in-ambito-cyber/ (date of access: 28.04.2022).
2. James S. Carbanak Threatens Critical Infrastructure: Cybercriminal APTs Merit Significant Investigation and Discussion / S. James. – Washington, DC, USA: ICIT, 2017. – 16 p.
3. Bulusu S.T., Laborde R., Wazan A.S., Barrère F., Benzekri A. Et al. Describing advanced persistent threats using a multi-agent system approach // 2017 1st cyber security in networking conference (CSNet). – IEEE, 2017. – P.1-3. – DOI: 10.1109/CSNET.2017.8241997.
4. Widiyasono N., Giriantari I.A.D., Sudarma M., Linawati L. Detection of Mirai Malware Attacks in IoT Environments Using Random Forest Algorithms / N. Widiyasono, I. A. D. Giriantari, M. Sudarma, L. Linawati // TEM Journal. Volume 10, Issue 3, P.1209-1219. – DOI: 10.18421/TEM103– 27.
5. McAfee Labs Threats Report // McAfee: [website] – URL: https://www.mcafee.com/enterprise/en–us/threat–center/mcafee–labs/reports.html (date of access: 28.04.2022).
6. Antonakakis M., April T., Bailey M., Bernhard M., Bursztein E., Cochran J., Zhou Y. et al. Understanding the mirai botnet // Proceedings of 26th USENIX security symposium (USENIX Security 17). 2017. – P.1093-1110.
7. Eichensehr K.E. Decentralized cyberattack attribution / K.E. Eichensehr // American Journal of International Law. – 2019. – Volume 113. – P.213–217.
8. Tran D. The law of attribution: Rules for attribution the source of a cyber-attack / D Tran // Yale JL & Tech. – 2018. – Volume 20. – P. 376-411.
9. ACSC Releases Annual Cyber Threat Report for 2019–2020. CISA is part of the Department of Homeland Security: [website] – URL: https://us-cert.cisa.gov/ncas/current- activity/2020/09/10/acsc-releases-annual-cyber-threat-report-2019-2020 (date of access: 28.04.2022).
10. Actual cyber threats: results of 2020. Positive Technologies: [website] – URL: https://www.ptsecurity.com/ru-ru/research/analytics/cybersecurity-threatscape-2020 (date of access: 28.04.2022).
11. Cisco Security Report Series. Cisco: [website] – URL: https://www.cisco.com/c/ru_ru/products/security/security-reports.html (date of access: 28.04.2022).
12. Edwards S. Effectively Testing APT Defences: Defining threats, addressing objections to testing and suggesting some practical approaches / S. Edwards, R. Ford, G. Szappanos. 2016 Virus Bulletin: [website] – URL: https://www.virusbulletin.com/virusbulletin/2016/01/paper- effectively-testing-apt-defences-defining-threats-addressing-objections-testing-and-suggesting-some-practical-approaches (date of access: 28.04.2022).
13. Chen P., Desmet L., Huygens C. A study on advanced persistent threats // IFIP International Conference on Communications and Multimedia Security. – Springer, Berlin, Heidelberg, 2014. – P.63-72. – DOI:10.1007/978– 3– 662– 44885– 4_5.hal– 01404186.
14. Edwards S., Ford R., Szappanos G. Effectively Testing APT Defences: Defining threats, addressing objections to testing and suggesting some practical approaches // Virus bulletin conference September. – 2015. P.291-299.
15. Clark R. M. Cyber-Physical Security: Protecting Critical Infrastructure at the State and Local Level / R. M. Clark, S. Hakim. Springer Cham, 2017. – 281 p. DOI: 10.1007/978-3-319-32824-9.
16. Intelligent information security services in critical infrastructures / I.V. Kotenko, I.B. Saenko, E.V. Doynikova [et al.]. – St. Petersburg: BHV-Petersburg, 2019. – 400 p. (in Russian).
17. Sood A. Targeted Cyber Attacks: Multi-staged Attacks Driven by Exploits and Malware / A. Sood, R. Enbody. Elsevier, USA, 2014. — 142 p.
18. Chen J. Special Issue on Advanced Persistent Threat / C. Jiageng, S. Chunhua, K.-H. Yeh, M. Yung // Future Generation Computer Systems. — 2018. — Vol.79. — P.243-246.
19. Robert M. L. The Problems with Seeking and Avoiding True Attribution to Cyber Attacks / M. L. Robert // Sans: [website]. — URL: https://www.sans.org/blog/the– problems– with– seeking– and– avoiding– true– attribution– to– cyber– attacks (date of access: 28.04.2022).
20. Lemay A., Calvet J., Menet F., Fernandez J.M. Survey of publicly available reports on advanced persistent threat actors // Computers & Security. – 2018. Vol.72. P.26-59.
21. Hayes D. A Framework for More Effective Dark Web Marketplace Investigations / D. Hayes, Fr Cappa, J. Cardon // Information. – 2018. – 9 (8). –186. – 17 p. – DOI: 10.3390/info9080186.
22. Arnold N., Ebrahimi M., Zhang N., Lazarine B., Patton M., Chen H., Samtani S. Darknet ecosystem cyberthreat intelligence (CTI) tool // 2019 IEEE International Conference on Intelligence and Security Informatics (ISI). – IEEE, 2019. – P.92-97. – DOI:10.1109/ISI.2019.8823501.
23. Eric M. H. The Cyber Kill Chain / M. H. Eric // Lockheed Martin Corporation: [website]. — URL: https://www.lockheedmartin.com/en–us/capabilities/cyber/cyber– kill– chain.html (date of access: 28.04.2022).
24. Khmyrov S.S., Kotenko I.V. Analysis of the extended “cyber kill chain” model for attribution of cybersecurity violators in the implementation of targeted attacks on critical infrastructure objects // XII St. Petersburg Interregional Conference of the IBRR-2021. 2021. P.103-105 (in Russian).
25. Bahrami P. N. et al. Cyber kill chain-based taxonomy of advanced persistent threat actors: analogy of tactics, techniques, and procedures / P. N. Bahrami, A. Dehghantanha, T. Dargahi, R. M. Parizi, K. K. R. Choo, H. H Javadi // Journal of information processing systems. – 2019. – Vol. 15. – No.4. – P.865-889.
26. Kim H., Kwon H. J., Kim K. K. Modified cyber kill chain model for multimedia service environments // Multimedia Tools and Applications. – 2019. – Vol.78. – No.3. – P.3153-3170.
27. Siddiqi M. A., Ghani N. Critical analysis on advanced persistent threats // International Journal of Computer Applications. – 2016. – Vol.141. – No.13. – P.46-50. – DOI: 10.5120/ijca2016909784.
28. Bhatt P., Yano E. T., Gustavsson P. Towards a framework to detect multi– stage advanced persistent threats attacks // 2014 IEEE 8th international symposium on service oriented system engineering. – IEEE, 2014. – P.390-395. – DOI: 10.1109/SOSE.2014.53.
29. Zhang R. et al. Constructing apt attack scenarios based on intrusion kill chain and fuzzy clustering // Security and Communication Networks. – 2017. – Vol. 2017. – Article ID 7536381, 9 p. – DOI: 10.1155/2017/7536381.
30. Hahn A. et al. A multi-layered and kill-chain based security analysis framework for cyber-physical systems // International Journal of Critical Infrastructure Protection. – 2015. – Vol.11. – P.39-50. – DOI: 10.1016/j.ijcip.2015.08.003.
31. Yadav T., Rao A. M. Technical aspects of cyber kill chain / T. Yadav, A.M. Rao // International Symposium on Security in Computing and Communication. (SSCC 2015). – Springer, Cham, 2015. – Vol.536. – P.438–452. – DOI: 10.1007/978– 3– 319– 22915– 7_40.
32. The Unified Kill Chain: [website]. – URL: https://unifiedkillchain.com/ (date of access: 28.04.2022).
33. Pols P. Modeling Fancy Bear Cyber Attacks: Designing a Unified Kill Chain for analyzing, comparing and defending against cyber attacks / P. Pols // Leiden University. Student Repository: [website]. — URL: https://hdl.handle.net/1887/64569 (date of access: 28.04.2022).
34. Case D. U. Analysis of the cyber attack on the Ukrainian power grid // Electricity Information Sharing and Analysis Center (E– ISAC). – 2016. –Vol.388. – P.1-29.
35. Dargahi T. et al. A cyber– kill– chain based taxonomy of crypto– ransomware features // Journal of Computer Virology and Hacking Techniques. – 2019. – Vol.15. – No.4. – P.277– 305. – DOI: 10.1007/s11416– 019– 00338– 7.
36. Mackenzie P. WannaCry–Aftershock / P. Mackenzie // https://www.sophos.com: [website]. — URL: https://www.sophos.com/en-us/medialibrary/PDFs/technical-papers/WannaCry-Aftershock.pdf (date of access: 28.04.2022).
37. Ahmed Y., Asyhari T., Rahman M.A. A Cyber Kill Chain Approach for Detecting Advanced Persistent Threats // Computers, Materials and Continua. – 2021. – Vol.67. – No.2. – P.2497-2513. – DOI: 10.32604/cmc.2021.014223.
38. Aatiqah F.S., et al. A Cyber Kill Chain against APT attacks / F.S. Aatiqah, D. Menaga, G. Amarthiya, P. Divya // International Journal of Advanced Science and Technology. – 2020. – Vol.29. – No.10. – P.6899–6906.
39. Chu W.L., Lin C.J., Chang K.N. Detection and classification of advanced persistent threats and attacks using the support vector machine // Applied Sciences. – 2019. – Vol.9. – No.21. – 4579. – 16 p. – DOI: 10.3390/app9214579.
40. Hendler D., Kels S., Rubin A. Detecting malicious powershell commands using deep neural networks // Proceedings of the 2018 on Asia conference on computer and communications security. – 2018. – P.187-197. – DOI: 10.1145/3196494.3196511.
41. Li J., Cheng K., Wang S., Morstatter F., Trevino R.P., Tang J., Liu H. Feature selection: A data perspective / J.Li, K.Cheng, S.Wang, F.Morstatter, T.Morstatter, P.Robert, J.Tang, H.Liu // ACM computing surveys (CSUR). – 2017. – Vol.50. – No.6. – P.1-45. – DOI: 10.1145/3136625.
42. Ghafir I., Hammoudeh M., Prenosil V., Han L., Hegarty R., Rabie K., Aparicio-Navarro F.J. Detection of advanced persistent threat using machine learning correlation analysis / I. Ghafir, M. Hammoudeh, V. Prenosil, L. Han, R. Hegarty, K. Rabie, F. J. Aparicio-Navarro // Future Generation Computer Systems. – 2018. – Vol.89. – P.349-359. – DOI: 10.1016/j.future.2018.06.055.
43. Kiwia D. et al. A cyber kill chain based taxonomy of banking Trojans for evolutionary computational intelligence / D. Kiwia, A. Dehghantanha, K. K. R. Choo, J. Slaughter // Journal of computational science. – 2018. – Vol.27. – P.394–409. – DOI: 10.1016/j.jocs.2017.10.020.
44. Siddiqui S., Khan M. S., Ferens K., Kinsner, W. Detecting advanced persistent threats using fractal dimension based machine learning classification // Proceedings of the 2016 ACM on international workshop on security and privacy analytics. – 2016. – P.64-69. – DOI: 10.1145/2875475.2875484.
45. Wilkens F. et al. Multi-Stage Attack Detection via Kill Chain State Machines // Proceedings of the 3rd Workshop on Cyber– Security Arms Race. – 2021. – P.13-24. – DOI: 10.1145/3474374.3486918.
46. Milajerdi S. M. et al. Holmes: Real– Time APT Detection through Correlation of Suspicious Information Flows // 2019 IEEE Symposium on Security and Privacy (SP). – IEEE, 2019. – P.1137-1152. – DOI: 10.1109/SP.2019.00026.
47. Haas S., Fischer M. GAC: graph-based alert correlation for the detection of distributed multi– step attacks // Proceedings of the 33rd Annual ACM Symposium on Applied Computing. – 2018. – P.979– 988. – DOI: 10.1145/3167132.3167239.
48. Sharafaldin I., Lashkari A. H., Ghorbani A. A. Toward generating a new intrusion detection dataset and intrusion traffic characterization // ICISSp. – 2018. – Vol.1. – P.108-116. – DOI: 10.5220/0006639801080116.
49. Hossain M. N. et al. Dependence-Preserving Data Compaction for Scalable Forensic Analysis // 27th USENIX Security Symposium (USENIX Security 18). – 2018. – P.1723-1740.
50. Al-Mohannadi H. et al. Cyber-attack modeling analysis techniques: An overview // 2016 IEEE 4th international conference on future internet of things and cloud workshops (FiCloudW). – IEEE, 2016. – P.69-76.
51. The Diamond Model of Intrusion Analysis / S. Caltagirone, A. Pendergast, C. Betz // www.threatintel.academy: [website]. — URL: https://www.threatintel.academy/wp-content/uploads/2020/07/diamond-model.pdf(date of access: 28.04.2022).
52. Mwiki H., Dargahi T., Dehghantanha A., Choo Raymond K.-K.R. Analysis and Triage of Advanced Hacking Groups Targeting Western Countries Critical National Infrastructure: APT28, RED October, and Regin: Theories, Methods, Tools and Technologies // Critical Infrastructure Security and Resilience. – 2019. P.221-244. – DOI:10.1007/978-3-030-00024-0_12.
53. Kotheimer J., O’Meara K., Shick D. Using honeynets and the diamond model for ICS threat analysis. – Carnegie-Mellon Univ. Pittsburgh. CMU/SEI-2016-TR-006. CERT Division. 2016.
54. Skopik F., Pahi T. Under false flag: Using technical artifacts for cyber attack attribution // Cybersecurity. – 2020. – Vol. 3. – No.1. – P.1-20. – DOI:10.1186/s42400-020-00048-4
55. Treverton G. The intelligence challenges of hybrid threats: Focus on cyber and virtual realm. – Swedish Defence University. – 2018. – 36 p.
56. MITRE ATT&CK: Design and Philosophy // The MITRE Corporation: [website]. — URL: https://attack.mitre.org/docs/ATTACK_Design_and_Philosophy_March_2020.pdf (date of access: 28.04.2022).
57. Best Practices for MITRE ATT&CK Mapping // www.cisa.gov: [website]. — URL: https://www.cisa.gov/uscert/sites/default/files/publications/Best%20Practices%20for%20MITRE%20ATTCK%20Mapping.pdf (date of access: 28.04.2022).
58. Manocha H. et al. Security Assessment Rating Framework for Enterprises using MITRE ATT&CK Matrix // arXiv preprint arXiv:2108.06559. – 2021. – DOI: 10.48550/arXiv.2108.06559.
59. Aigner A., Khelil A. A Security Qualification Matrix to Efficiently Measure Security in Cyber– Physical Systems // 2020 32nd International Conference on Microelectronics (ICM). – IEEE, 2020. – P.1-4. – DOI: 10.1109/ICM50269.2020.9331797.
60. Aigner A., Khelil A. A Benchmark of Security Metrics in Cyber– Physical Systems // 2020 IEEE International Conference on Sensing, Communication and Networking (SECON Workshops). – IEEE, 2020. – P.1-6. – DOI: 10.1109/SECONWorkshops50264.2020.9149779.
61. Kim K. et al. Automatically Attributing Mobile Threat Actors by Vectorized ATT&CK Matrix and Paired Indicator / K. Kim, Y. Shin, J. Lee, K. Lee // Sensors. – 2021. – Vol.21. – No.19. – 6522. – 12 p. – DOI: 10.3390/s21196522.
62. Georgiadou A., Mouzakitis S., Askounis D. Assessing MITRE ATT& Risk Using a Cyber–Security Culture Framework // Sensors. – 2021. – Vol.21. – No.9. – 3267. – 14 p. – DOI: 10.3390/s21093267.
63. Securing the Extended Internet of Things (XIoT) // The Global State of Industrial Cybersecurity: [website]. — URL: https://claroty.com/(date of access: 28.04.2022).
64. Bodeau D.J. et al. Cyber Threat Modeling: Survey, Assessment, and Representative Framework / D.J. Bodeau, C.D. McCollum, D. B. Fox // www.mitre.org: [website]. — URL: https://www.mitre.org/sites/default/ files/publications/pr_18– 1174– ngci– cyber– threat–modeling.pdf (date of access: 28.04.2022).
65. National Institute of Standards and Framework for Improving Critical Infrastructure Cybersecurity. Version 1.0. February 12, 2014 / Institute of Standards and National // www.nist.gov: [website]. — URL: https://www.nist.gov/system/files/documents/cyberframework/cybersecurity– framework– 021214.pdf (date of access: 28.04.2022).
66. Friedman J., Bouchard M. Definitive Guide to Cyber Threat Intelligence: Using Knowledge about Adversaries to Win the War against Targeted Attacks. – CyberEdge Group, 2015.
67. Seker E. Cyber Threat Intelligence Understanding Fundamentals. 2019. // https://www.researchgate.net: [website]. — URL: https://www.researchgate.net/publication/335692544_Cyber_Threat_Intelligence_ Understanding_Fundamentals (date of access: 28.06.2022).
68. Doynikova E.V., Kotenko I.V. Assessment of security and countermeasure selection for cybersecurity management. St. Petersburg: Publishing house “Science”, 2021. – 197 p. (in Russian).
69. TAXII Version 2.0. Committee Specification 01 // oasis-open.org: [website]. — URL: https://docs.oasis– open.org/cti/taxii/v2.0/taxii– v2.0.html (date of access: 28.04.2022).
70. Papastergiou S., Mouratidis H., Kalogeraki E.M. Handling of advanced persistent threats and complex incidents in healthcare, transportation and energy ICT infrastructures // Evolving Systems. – 2021. – Vol. 12. – No.1. – P.91-108. – DOI: 10.1007/s12530–020– 09335– 4.
71. Guercio, K. Top Threat Intelligence Platforms for 2022 / K. Guercio // www.esecurityplanet.com: [website]. — URL: https://www.esecurityplanet.com/products/threat-intelligence-platforms/ (date of access: 28.06.2022).
72. Gylling A. Enriching Attack Models with Cyber Threat Intelligence. Masters Theses / A. Gylling // Digitala Vetenskapliga Arkivet: [website]. — URL: http://kth.diva-portal.org/smash/get/diva2:1477504/ FULLTEXT01.pdf (date of access: 28.06.2022).
73. Noel L. RedAI: A Machine Learning Approach to Cyber Threat Intelligence. Masters Theses. 2020 // JMU Scholarly Commons: [website]. — URL: https://commons.lib.jmu.edu/cgi/ viewcontent.cgi?article=1093&context=masters202029 (date of access: 28.04.2022).
74. Sahrom A. M., Ariffin A., Selamat S. R., Yusof R. An Attribution of Cyberattack using Association Rule Mining (ARM) // International Journal of Advanced Computer Science and Applications (IJACSA). — 2020. – Vol. 11. – No. 2. – P.352-358.
75. Soldatos J., Philpot J., Giunta G. Cyber– Physical Threat Intelligence for Critical Infrastructures Security: A Guide to Integrated Cyber–Physical Protection of Modern Critical Infrastructures. – Now Publishers, 2020. – 450 p.
76. Securing machine learning algorithms / eds: A. Malatras, I. Agrafiotis, M. Adamczyk. European Union Agency for Cybersecurity (ENISA), 2021. — 70 p.
77. Ferrag M.A. et al. Deep learning techniques for cyber security intrusion detection: A detailed analysis // 6th International Symposium for ICS & SCADA Cyber Security Research 2019. – 2019. – P.126-136.
78. Ferrag M.A. et al. Deep learning for cyber security intrusion detection: Approaches, datasets, and comparative study // Journal of Information Security and Applications. – 2020. – Vol. 50. – 102419.
79. Branitsky A.A., Kotenko I.V. Detection of network attacks based on the integration of neural, immune and neuro-fuzzy classifiers // Information and control systems, 2015, No. 4 (77), P.69-77 (in Russian).
80. Gaifullina D.A., Kotenko I.V. Application of deep learning methods in cybersecurity tasks. Part 1 // Cybersecurity issues. 2020. №3(37). P.76-86. DOI: 10.21681/2311-3456-2020-03-76-86 (in Russian).
81. Gaifullina D.A., Kotenko I.V. Application of deep learning methods in cybersecurity tasks. Part 2 // Cybersecurity issues. 2020. No. 4(38). pp. 11-21. DOI: 10.21681/2311-3456-2020-04-11-21 (in Russian).
82. Eke H. N., Petrovski A., Ahriz H. The use of machine learning algorithms for detecting advanced persistent threats // Proceedings of the 12th International Conference on Security of Information and Networks. – 2019. – P. 1-8.
83. Brogi G. Real-time detection of Advanced Persistent Threats using Information Flow Tracking and Hidden Markov Models. Doctoral dissertation – Conservatoire national des arts et metiers. – CNAM, 2018.
84. Noor U. et al. A machine learning– based FinTech cyber threat attribution framework using high– level indicators of compromise / U. Noor, Z. Anwar, T. Amjad, K. K. R. Choo // Future Generation Computer Systems. – 2019. – Vol. 96. – P.227-242.
85. Karafili E., Wang L., Lupu E. C. An argumentation-based reasoner to assist digital investigation and attribution of cyber-attacks // Forensic Science International: Digital Investigation. – 2020. – Vol. 32. – 300925.
86. Skopik F., Timea P. Under false flag: using technical artifacts for cyber attack attribution // Cybersecurity, 2020. Vol.8, No 3. 20 p.
87. Thomas R., Buchanan B. Attributing Cyber Attacks // Journal of Strategic Studies, 38: 1-2, 2015. P.4-37.
88. Global cybersecurity Index (GCI). International Telecommunication Union [website]. — URL: https://www.itu.int/dms_pub/itu-d/opb/str/D-STR-GCI.01-2017-PDF-E.pdf (date of access: 05.05.2022).
89. Breene K. Who are the cyberwar superpowers?: [website]. — URL: http://www.weforum.org/agenda/2016/05/who-are-the-cyberwarsuperpowers (date of access: 05.05.2022).
90. Kakas A., Moraitis P. Argumentation based decision making for autonomous agents // Proceedings of the second international joint conference on Autonomous agents and multiagent systems (AAMAS ‘03), 2003. P. 883-890.
91. Morgan R., Kelly D. A novel perspective on cyber attribution // 14th International Conference on Cyber Warfare and Security (ICCWS), 2019. 11 p.
92. Chiesa R., Ducci S., & Ciappi S. Profiling Hackers: The Science of Criminal Profiling as Applied to the World of Hacking. Auerbach Publications, 2008, 279 p.
93. Kotenko I., Doynikova E. Security Assessment of Computer Networks based on Attack Graphs and Security Events // Lecture Notes in Computer Science. 2014. Vol.8407. P.462-471.
94. Kotenko I., Chechulin A. Computer Attack Modeling and Security Evaluation based on Attack Graphs // Proceedings of the 2013 IEEE 7th International Conference on Intelligent Data Acquisition and Advanced Computing Systems, IDAACS 2013. 2013. С. 614-619.
95. Doynikova E., Novikova E., Gaifulina D., Kotenko I. Towards Attacker Attribution for Risk Analysis // Risks and Security of Internet and Systems – 15th International Conference, CRiSIS 2020, Paris, France, November 4-6, 2020, Revised Selected Papers. Lecture Notes in Computer Science, 12528. Joaquin Garcia-Alfaro, Jean Leneutre, Nora Cuppens, Reda Yaich (Eds.), Springer 2021, ISBN 978-3-030-68886-8. P.347-353.
96. Kotenko I.V., Khmyrov S.S. Analysis of current methods of attribution of cybersecurity violators in the implementation of targeted attacks on critical infrastructure objects // 10th International Conference on Advanced Infotelecommunications (ICAIT 2021)2021. St. Petersburg: SPbGUT, 2021. Vol.1. P.536-541 (in Russian).

Research objective: to improve the information systems security against network reconnaissance.Methods used: in order to achieve the goal of the research, the methods of mathematical statistics and random processes study were used.Research result: the task of determining the optimal frequency of dynamic configuration of the information system’s structural and functional characteristics at each stage of network reconnaissance, taking into account the requirements for the minimum use of resource capabilities and ensuring a given value of the probability of disclosure of true values of the characteristics of the protected object was solved. The process of network reconnaissance and counteraction is formalized in the form of a Markov random process with discrete states and continuous time. Based on considerations of stability of information exchange between nodes of information system and capabilities of network reconnaissance, the maximum values of time intervals of dynamic configuration of structural and functional characteristics are determined. The obtained values of the optimal and maximum allowable frequency of dynamic configuration allow to estimate the time of disclosure of information system at given intensities of network scanning by reconnaissance tools. The results allow to provide a given level of protection of information system and the stability of its information exchange at the expense of the optimal frequency of dynamic configuration of its structural and functional characteristics.Scientific novelty: solving the problem of scalar optimization of the frequency of con guration of the structural and functional characteristics of the information system under conditions of network reconnaissance using the mathematical apparatus of semi-Markov random processes.
Keywords: network scanning, random process, computer attack, stability of information exchange, probability of disclosure, reconnaissance tool.

1. Kanellopoulos, A., Vamvoudakis, K.G. A Moving Target Defense Control Framework for Cyber-Physical Systems. IEEE Trans. Autom. Control 2020, 65, 1029-1043.
2. Sengupta, S., Chowdhary, A., Sabur, A., Alshamrani, A., Huang, D., Kambhampati, S. A Survey of Moving Target Defenses for Network Security. IEEE Commun. Surv. Tutor. 2020, 22, 1909-1941.
3. Giraldo, J. and Cardenas, A. A. Moving target defense for attack mitigation in multi-vehicle systems. In Proactive and Dynamic Network Defense, Cham, Switzerland:Springer, 2019, 163-190.
4. Vadlamudi, S. G., Sengupta, S., Taguinod, M., Zhao, Z., Doup´e, A., Ahn, G.-J. and Kambhampati, S. Moving target defense for web applications using bayesian stackelberg games. In Proceedings of AAMAS, 2016, 1377–1378.
5. Ivanov I.I., Maksimov R.V. Specifikacija funkcional’noj modeli dlja rasshirenija prostranstva demaskirujushhih priznakov v virtual’nyh chastnyh setjah / I.I. Ivanov, R.V. Maksimov // Innovacionnaja dejatel’nost’ v Vooruzhennyh Silah Rossijskoj Federacii: sb. tr. uchastnikov vsearmejskoj nauchno-prakticheskoj konferencii. – Sankt-Peterburg, 2017. S. 138-147.
6. Ivanov I.I., Maksimov R.V. Jetjudy tehnologii maskirovanija funkcional’no-logicheskoj struktury informacionnyh sistem / I.I. Ivanov, R.V. Maksimov // Innovacionnaja dejatel’nost’ v Vooruzhennyh Silah Rossijskoj Federacii: sb. tr. uchastnikov vsearmejskoj nauchnoprakticheskoj konferencii. – Sankt-Peterburg, 2017. S. 147-154.
7. Maximov R.V., Ivanov I.I., Sharifullin S.R. Network Topology Masking in Distributed Information Systems // Selected Papers of the VIII All-Russian Conference with International Participation «Secure Information Technologies» (BIT 2017). Bauman Moscow Technical University. December 6-7, 2017, Moscow, Russia. P. 83-87.
8. Yan S., Huang X., Ma M., Zhang P., Ma Y. A novel efficient address mutation scheme for IPv6 networks // IEEE Access, vol. 5, 2017. R. 7724–7736.
9. Cho, J., Sharma, D.P. Toward Proactive, Adaptive Defense: A Survey on Moving Target Defense. IEEE Commun. Surv. Tutor. 2020, 22, 709-745.
10. Sokolovsky, S.P., Telenga, A.P., Voronchikhin, I.S. Moving target defense for securing Distributed Information Systems // Informatika: problemy, metodologija, tehnologii. Sbornik materialov XIX mezhdunarodnoj nauchno-metodicheskoj konferencii / pod redakciej D.N. Borisova. – Voronezh.: VGU, 2019. S. 639-643.
11. Sposob zashhity vychislitel’nyh setej. Pat. 2716220 Ros. Federacija, MPK G06F 21/606 / Maksimov R.V., Sokolovskij S.P., Voronchihin I.S.; zajavitel’ i patentoobladatel’ Krasnodarskoe vysshee voennoe uchilishhe (RU). – № 2019123718; zajavl. 22.07.2019; opubl. 06.03.20. Bjul. № 7. 33 s.
12. Sposob zashhity vychislitel’nyh setej. Pat. 2726900 Ros. Federacija, MPK G06F 21/554 / Maksimov R.V., Sokolovskij S.P., Voronchihin I.S., Gritchin A.D. i dr.; zajavitel’ i patentoobladatel’ Krasnodarskoe vysshee voennoe uchilishhe (RU). – № 2019140769; zajavl. 19.12.2019; opubl. 16.07.20. Bjul. № 20. 45 s.
13. Maksimov R.V., Sokolovskij S.P., Voronchihin I.S. Algoritm i tehnicheskie reshenija dinamicheskogo konfigurirovanija klient-servernyh vychislitel’nyh setej // Informatika i avtomatizacija. 2020. № 5. S. 1018-1049.
14. Sokolovskij S.P. Model’ zashhity informacionnoj sistemy ot setevoj razvedki dinamicheskim upravleniem ee strukturno-funkcional’nymi harakteristikami // Voprosy oboronnoj tehniki. Serija 16 protivodejstvie terrorizmu. 2020. № 7-8. S. 62-73.
15. Wang K., Chen X., Zhu Y. Random domain name and address mutation (RDAM) for thwarting reconnaissance attacks // PLoS ONE 12 (5): e01771112017, 2017. R. 22.
16. Sokolovskij S.P., Maksimov R.V., Voronchihin I.S. Algoritm i tehnicheskie reshenija dinamicheskogo konfigurirovanija klient-servernyh vychislitel’nyh setej // Informatika i avtomatizacija, 2020. T. 19. № 5. S. 1090–1121.
17. Iskolnyy B.B., Maximov R.V., Sharifullin S.R. Survivability Assessment of Distributed Information and Telecommunication Networks // Selected Papers of the VIII All-Russian Conference with International Participation «Secure Information Technologies» (BIT 2017). Bauman Moscow Technical University. December 6-7, 2017, Moscow, Russia. P. 59-65.
18. Glen D. Learn Kali Linux 2019: Perform powerful penetration testing using Kali Linux, Metasploit, Nessus, Nmap, and Wireshark. Birmingham: Packt Publishing, 2019. 550 p.
19. Mul’tiservisnyj marshrutizator s upravleniem parametrami setevyh soedinenij i maskirovaniem vychislitel’noj seti. Pat. 205636 Ros. Federacija, MPK H04L 12/00 / Maksimov R.V., Sokolovskij S.P., Voronchihin I.S., Gugin A.Ju.; zajavitel’ i patentoobladatel’ Obshhestvo s ogranichennoj otvetstvennost’ju «Piter Soft» (RU). – № 2020128357; zajavl. 24.08.2020; opubl. 23.07.2021. Bjul. № 21. 21 s.
20. Wang, K., Chen, X., Zhu, Y. Random domain name and address mutation (RDAM) for thwarting reconnaissance attacks. PLoS ONE 12 (5): e01771112017, 2017, 22 r. https://doi.org/10.1371/journal.pone.0177111.

Purpose of the article: to develop a way to increase the level of protection of an information system from an attack using DNS tunneling.Method: using entropy to identify domains and subdomains used when transferring data through a DNS tunnel.The result: a method of data transmission through the DNS protocol bypassing the information security tools is considered. A malicious le was transferred using DNS tunneling, and an analysis was made of the operation of information protection tools during transmission. Information security tools do not detect the transfer of a malicious le via the DNS protocol, but they do if it is transferred in clear text. The concept of information entropy, its role in data processing is given. By calculating the entropy for domain names, the domain used in the transmission of a malicious le through the DNS tunnel was identi ed. It is concluded that entropy can be used not only to detect data transfer through the DNS tunnel, but also to detect the activity of malicious software that uses random domain and subdomain names in its work.The scienti c novelty lies in the fact that malicious activity is detected without using the knowledge base. There is no need to signature check each DNS request, it is enough to calculate the entropy to detect an attack.
Keywords: computer attack, information protection, suricata, entropy, SIEM, message broker, elasticsearch.

1. Levickij, N. D. Udalennyj server svoimi rukami. Ot azov sozdaniya do prakticheskoj raboty : rukovodstvo / N. D. Levickij. – SanktPeterburg: Nauka i Tekhnika, 2021. – 400 s. – ISBN 978-5-94387-568‑7.
2. Kolisnichenko, D. N. LINUX. Polnoe rukovodstvo Po rabote i administrirovaniyu : rukovodstvo / D. N. Kolisnichenko. – Sankt-Peterburg: Nauka i Tekhnika, 2021. – 480 s. – ISBN 978-5-94387-608-0.
3. Doncov, V. P. Linux na primerah : rukovodstvo / V. P. Doncov, I. V. Safin. – Sankt-Peterburg: Nauka i Tekhnika, 2017. – 352 s. – ISBN 978-5-94387-742-1.
4. Diogenes, YU. Kiberbezopasnost’. strategiya atak i oborony / YU. Diogenes, E. Ozkajya; perevod s anglijskogo D. A. Belikova. – Moskva : DMK Press, 2020. – 326 s. – ISBN 978-5-97060-709-1.
5. Belous, A. I. Osnovy kiberbezopasnosti. Ctandarty, koncepcii, metody i sredstva obespecheniya: enciklopediya / A. I. Belous, V. A. Soloduha. – Moskva: Tekhnosfera, 2021. – 482 s. – ISBN 978-5-94836-612‑8.
6. Bertram A. Powershell dlya sisadminov / A. Bertram – Sankt-Peterburg: Izdatel’skij dom «Piter», 2021 – 416 s.
7. Kollinz, Majkl. Zashchita setej. Podhod na osnove analiza dannyh / Majkl Kollinz. – M.: DMK Press, 2020. – 307 s.: il. – ISBN 978-5-97060-649-0.
8. Avdoshin, S.M. Diskretnaya matematika. Modulyarnaya algebra, kriptografiya, kodirovanie / S.M. Avdoshin, A.A. Nabebin. – Moskva: DMK Press, 2017. – 352 s. – ISBN 978-5-94074-408-3.
9. Borzunov, S. V. Algebra i geometriya s primerami na Python / S. V. Borzunov, S. D. Kurgalin. – 3-e izd., ster. – Sankt-Peterburg : Lan’, 2022. – 444 s. – ISBN 978-5-8114-9980-9.
10. Abdenov A.ZH., Trushin V.A., Sulajman K. Analiz, opisanie i ocenka funkcional’nyh uzlov SIEM-sistemy [Kniga]. – Novosibirsk: Novosibirskij gosudarstvennyj tekh-nicheskij universitet, 2018. – str. 122.
11. Gavin M. Roy RabbitMQ in Depth / Gavin M. Roy — Shelter Island, NY: Manning Publications, 2018. — 264 p.
12. Narkhede N., Shapira G., Palino T. Kafka: The Definitive Guide. Real-Time Data and Stream Processing at Scale / Neha Narkhede, Gwen Shapira, Todd Palino — Sebastopol, USA: O’Reilly Media, 2017. — 566 p.
13. Quevedo W. Practical NATS / Waldemar Quevedo — San Francisco, California, USA: APRESS, 2018. — 260 p.
14. Nidhem M., Hodler E. Grafovye algoritmy. Prakticheskaya realizaciya na platformah Apache Spark i Neo4j. / per. s angl. V. S. YAcenkova – M.: DMK Press, 2020. – 258 s.
15. Sachdeva G. S. Practical ELK Stack: Build Actionable Insights and Business Metrics Using the Combined Power of Elasticsearch, Logstash, and Kibana / Gurpreet S. Sachdeva — San Francisco, California, USA: APRESS, 2017. — 318 p.