MODEL OF THE INVESTMENT PROCESS IN CYBER SECURITY DEVELOPMENT FOR BUILDING A DECISION SUPPORT SYSTEM
DOI:
https://doi.org/10.28925/2663-4023.2019.6.154163Keywords:
differential quality game, cyber security, optimal financing strategies, decision support systemAbstract
The topical problem of making the optimal decision on financing pro-jects in the field of cybersecurity in the conditions of active actions of cybersecu-rity violators is considered. A model has been developed for a decision support system for financing projects for the creation and development of cybersecurity management centers for critical infrastructure facilities. The model assumes meth-ods and means of actively countering the attacking side. In contrast to existing approaches, the model is based on solving a bilinear differential quality game with several terminal surfaces. A discrete approximation method was used in the solution. This made it possible to find a solution to the bilinear differential quality game with dependent movements. The results of a computational experiment within the framework of the software implementation of a decision support sys-tem in the field of financing projects in the field of cybersecurity, in particular, in the creation and development of cybersecurity management centers for critical in-frastructure facilities are described. The developed decision support system al-lows obtaining optimal financing strategies by the side of cybersecurity protec-tion. In this case, any ratio of parameters describing the financing process is con-sidered, no matter how financially the attacker (hackers) acted.
Downloads
References
M. Fey, B. Kenyon, K. Reardon, B. Rogers and C. Ross, Security Battleground: An Executive Manual, IntelPRESS. 2013, p. 240.
C. Zimmerman, Ten Strategies of a World-Class. Cybersecurity Operations Center. MITRE Corporate Communications and Public Affairs, 2014, p. 334.
M. Manshaei, Q. Zhu and T. Alpcan, "Game theory meets network security and privacy", ACM Computing Surveys, vol. 48, pp. 51-61, 2015.
N. Ben–Asher, C. Gonzalez, "Effects of cyber security knowledge on attack detection", Computers in Human Behavior, vol. 48, pp. 51–61, 2015.
K. Goztepe, "Designing Fuzzy Rule Based Expert System for Cyber Security", International Journal of Information Security Science, vol. 1, no. 1, pp. 13-19, 2012.
J. Grossklags, "Secure or insure?: a game-theoretic analysis of information security games", in 17th international conference on World Wide Web, Beijing, China, 2008, pp. 209-218.
H. Cavusoglu, B. Mishra, S. Raghunathan, "A model for evaluating IT security investments", Communications of the ACM, vol. 47, no. 7, pp. 87–92, 2004,
A. Fielder, E. Panaousis, P. Malacaria et al, "Decision support approaches for cyber security investment", Decision Support Systems, vol. 86, pp. 13–23, 2016.
P. Meland, I. Tondel, B. Solhaug, "Mitigating risk with cyberinsurance", IEEE Security & Privacy, no. 13(6), pp. 38–43, 2015.
V. Malyukov, "A differential game of quality for two groups of objects", Journal of Applied Mathematics and Mechanics, vol. 55, no.5, pp. 596 – 606, 1991.
A. Lavrent'ev, V. Zjazin, "O primenenii metodov teorii igr dlja reshenija zadach komp'juternoj bezopasnosti", Bezopasnost' informacionnyh tehnologij, no. 3, pp. 19 – 24, 2013.
A. Bykov, N. Altuhov and A. Sosenko, "Zadacha vybora sredstv zashhity informacii v avtomatizirovannyh sistemah na osnove modeli antagonisticheskoj igry", Inzhenernyj vestnik, no. 4, pp. 525–542, 2014.
G. Basalova, A. Sychugov, "Primenenie metodov teorii igr dlja optimizacii vybora sredstv zashhity informacii", Izvestija Tul'skogo gosudarstvennogo universiteta, Tehnicheskie nauki, no. 11(1), pp. 122–128, 2016.
A. Fielder, E. Panaousis, P. Malacaria et al, "Game theory meets information security management", in IFIP International Information Security Conference, Marrakech, Morroco, 2014, pp. 15–29.
R. Zarkumova, "Primenenie metodov teorii igr pri vybore sredstva jeffektivnoj zashhity", Sbornik nauchnyh trudov Novosibirskogo gosudarstvennogo tehnicheskogo universiteta, no. 4, pp. 41–46, 2009.
X. Gao, W. Zhong and S. Mei, "A game-theoretic analysis of information sharing and security investment for complementary firms", Journal of the Operational Research Society, vol. 65, no. 11, pp. 1682–1691, 2014.
V. Lakhno, "Model' intellektual'noj sistemy upravlenija gorodskimi avtobusnymi perevozkami", Radіoelektronіka, informatika, upravlіnnja, no. 2, pp. 119–127, 2016.
V. Malyukov, "Discrete-approximation method for solving a bilinear differential game", Cybernetics and Systems Analysis, vol. 29, no. 6, pp. 879 – 888, 1993.
V. Lakhno, V. Malyukov, N. Gerasymchuk et al, "Development of the decision making support system to control a procedure of financial investment", Eastern-European Journal of Enterprise Technologies, vol. 6, no. 3, pp. 24–41, 2017.
V. Lakhno, "Development of a support system for managing the cyber security", Radio Electronics, Computer Science, Control, no. 2, pp. 109–116, 2017.
F. Smeraldi and P. Malacaria, "How to spend it: optimal investment for cyber security", in 1st International Workshop on Agents and CyberSecurity, Paris, France, 2014, p. 8.
D. Tosh, M. Molloy and S. Sengupta, "Cyber-investment and cyber-information exchange decision modeling", in High Performance Computing and Communications IEEE 7th International Symposium on Cyberspace Safety and Security (CSS), New York, 2015, pp. 1219-1224.
