Monte Carlo method for predicting the stability of the functioning of the informatization object in the conditions of massive computer attacks

The application of the Monte Carlo method for solving the problem of predicting the functioning stability of the object of informatization in the conditions of massive computer attacks (MCA) is considered. The field of research represents practical and theoretical interests, since the methods developed by the theory of reliability are focused on simple, stationary, failure flows, which cannot be applied to the MCA conditions. In the conditions of the MCA, the period of normal functioning is commensurate with the recovery time, therefore, the application of the Poisson flow model leads to a significant error. To ensure the reliability of modeling, it is necessary to use an alternating process model, where the recovery time is commensurate with the period of operation and has a finite value, while analytical models of the real functioning processes are cumbersome, difficult to interpret and have no practical application.


Introduction
The development of digital technologies and the complexity of the information infrastructure is accompanied by the growth of cybercrimes [1,2]. Issues related to the risks of information distortion, business process downtime, and successful computer attacks are becoming relevant [1,2]. Issues of testing and monitoring of information systems are discussed in [3,4,5]. Insurance of the listed risks looks like a reasonable way to ensure the protection of information, which is based on the economic factor [6,7]. For the purposes of this article, a computer attack is understood as an attempt to destroy, disclose, modify, block, steal, obtain unauthorized access to an information asset or its unauthorized use [8]. By itself, the procedure for insuring information security risks involves the participation of an information security auditor, in addition to the policyholder and the insurer. The auditor's task is to assess the risk of information security and prepare initial data to substantiate the subject of the contract and its value. At the same time, the auditor must have reliable, scientifically based methods that would allow assessing the functioning stability of the insured object of informatization (OI) in the conditions of massive computer attacks (MCA). At the same time, an important condition is that the reliability and completeness of the audit report should be trusted by the audit customers -the policyholder and the insurer. General issues of the organization and conduct of an information security audit are considered in the works [9,10,11,12,13,14].

Statement of the research problem
The task of predicting the functioning stability of the OI, in the conditions of the MCA, is formulated as follows. The initial data is determined: • the characteristic of the stability of OI to computer attacksu = {Tp, P}, including the time between failures of operability in normal operating conditions -Tp and the values of the probabilities of OI damage as a result of CA, P = {Pi} in i-x attacks, it is proposed to determine the probability values Pi in accordance with the approach given in [11,12] and the methods published in [9,10] and software tools [15,16,17]; • variable characteristics of recoverability of the OI r = {TR, G(t)}, where TR ={Ri l , Ri u } is the predicted recovery time interval Ri of OI and distribution function G(t) of random recovery time intervals ofOI i after the i-th attack, G(t) = {Gi(t)}, i = 1, 2, …, n, n is the number of attacks, Ri l is the evaluation of the lower bound of the recovery time of the OI after the i-th attack Ri u in the estimation of upper bound of the recovery time of the OI after the i-th attack. It is proposed to determine the values of the parameters using the methodology published in [18] and software tools [15,16].
It is necessary to develop a general procedure and investigate special cases of determining the smallest value of the vm stability function of the OI at a given waiting time interval of MCA (0, T]. = ∈(0, ] ( , , , ).
Then the stability function v of the OI in accordance with [19] will have the form: ( , , , ) = Κ g ( , ) ( , , , ) , where Kg is the readiness coefficient of the OI; φ (t, λ, r, u) is the survivability function of the OI, where t is the current time of the evaluation of the survivability function. Algorithms of exact analytical models are based on a general estimation procedure, which is based on mathematical models of the distribution functions F (t) and G (t) [18]. The most difficult is the first stage, during which various types of the operator A are considered and the appropriate one is selected: • the operator A0, defined under arbitrary distribution laws F (t) and G (t) and various Pi (the process of ensuring business continuity. In this case, the recovery process can be characterized as a general semi-Markov process; • the operator A1, defined for the same distribution laws Fi (t) = F (t) and Gi (t) = G (t) and equal to Pi = P. In this case, the recovery process can be characterized as a private semi-Markov process; • the operator A2, defined for the exponential distribution laws F(t) = 1e -t and G(t) = 1e -t and equal to Pi = P. In this case, the process can be characterized as Markov process; • the operator A3, determined by a single computer attack n = 1. The set of algorithms for solving the problem of assessing the stability of the functioning of the OI in the conditions of MCA can be divided into three subsets, depending on the model used to restore the The derivation of analytic relations for the definition of A2, A3 is given in [19]. It is advisable to use exact analytical methods for a relatively small number of CA n, for n ≤ 2, since with an increase in the number of n, rather complex, cumbersome and difficult to interpret analytical expressions are required to calculate the survivability function (t).
Algorithms for approximate analytical methods are based on the use of various approximating dependencies that simplify analytical expressions for calculating the functions F (t), Gi (t), and (t), which make it possible to describe the truncated laws of normal distribution of random variables  and . with sufficient accuracy for value judgments. This requires the application of higher order Erlang laws, which greatly complicates the mathematical model.
It is advisable to use the statistical modeling algorithm for large values of n, when the analytical expressions for the mapping (t) are cumbersome, the numerical process requires significant resources, the distribution functions of random variables have arbitrary laws, and the probability of being hit in the OI from impact to impact may differ. • Tv1j = Twij + ij * ; i = 1, 2, …, n, Tv0j = 0; • n is the number of computer attacks; • ij *i -th realization of a random variable, formed using a random number sensor in accordance with the selected distribution law F(t); • ij *i-th realization of a random variable , formed using a random number sensor in accordance with the selected distribution law G(t). 4. For each implementation of j, the success event of the computer attacks is determined in accordance with the condition: if Rnd() > P, then the attack is considered unsuccessful, where Rnd () is the value of the random number generator in the interval (0, 1) distributed according to a given random variable distribution law.  [20], which allows us to obtain the survivability function of the OI for MCA condition with an arbitrary number of impacts and arbitrary distribution laws of random variables  and .
As a result of modeling, it is possible to predict: • the lower and upper limits of the recovery time of the object in conditions of MCA, which provides a given value of the survivability index; • changing the survivability function of the object of a computer attack in the process of MCA; • unfavorable time intervals during which the survivability function is minimal or may be lower than the required one.
The simulation results, depending on the number of implementations of the random process of changing the survivability function in the MCA process, are shown in figure 1. With an increase in the number of implementations, the survivability function becomes more smoothed, and local minimums can be observed already on 500 implementations, look at the average graph in figure 1. 3. Example. For example, let's take the following legend. Let's assume that the insurance company has established lowering coefficients of the insurance tariff for information risk insurance, depending on the security of the OI in relation to the MCA (from the minimum value of the survivability function m: (m < 0.79; is risk insurance is unprofitable for the insurer); ((0,79  m < 0,8; k = 1); (0,8  m < 0,9; k = 0,7); (0,9  m < 0,95; k = 0,5); (m > 0,95; k = 0,45, and to provide m > 0,95 requires a significant resource that is unprofitable for the insured)), where k is the coefficient of reduction of the insurance premium depending on the values of the functions of vitality m.
The management of the OI and the insurer (hereinafter the Parties to the contract) decided to apply for an audit opinion from an independent audit company to assess the protection of the OI from MCA. Based on the results of the audit (audit report), make a decision on the expediency of the financial risks insurance associated with a possible violation of business continuity as a result of MCA.
To assess the level of protection from MCA, the audit company planned an experiment with a statistical model, for which: a) MCA scenario was formed and agreed with the Audit Customers; b) the OI business continuity plan (Plan) was studied and the initial data for modeling was obtained.

Characteristics of the massive CA on the OI (fixed variables):
The predicted number of computer attack in the MCA -4. The forecast of the computer attack intensity is one computer attack for 12 hours. The predicted period of implementation of the MCA is 2 days. The plan for restoring the continuity of the OI business has established that lthe minimum possible time for restoring the OI's operability after the computer attack is 6 hours (0.25 days), and the maximum permissible time is u = 12 hours (0.5 days). The random variable  is distributed according to a uniform law within the lower -l and upper -u, boundaries of the specified range (variable variables).
Limitations: the recovery is carried out by scanning the server equipment and workstations with the help of an antivirus, deleting the malicious files and restoring the affected files; the business continuity plan provides that the lowest value of the OI survivability function should not fall below 0.8, i.e. m 

0,8.
It is required to determine whether the specified characteristics of the business continuity restoration plan meet the established requirement for the specified characteristics of the MCA -(m  0,8, in order to obtain a discount coefficient k = 0.7). If the requirements are not met, then by correcting the values of the changeable variables, find their values at which the requirements are met and at the same time the minimum resource is required -Rπ, such problem statements are given in [21,22]. Rπ is the required resource for the implementation of the π -th plan for maintaining the continuity of the OI business, π-th, is the set of plans for maintaining the continuity of the OI business satisfying the condition 0,8 m  0,81. The upper limit of the OI survivability function, 0.81, is motivated by the fact that it is necessary: a) reduce the dimension of the task of finding a rational Plan; b) eliminate the excessive resource intensity of the Plan.
If the value of the survivability function for a given Plan meets the requirements (0,8 m 0,81; k = 0,7), then an audit report is formed on the compliance of the Plan with the requirements. Otherwise, the task becomes more complicated and the search for a rational version of the Plan is carried out. If the survivability function significantly exceeds the requirements, then an audit report is formed on the excessive resource intensity of the Plan. If the survivability function is less than the requirements, then an audit opinion is formed on the insufficient level of protection of the OI.
To solve the problem, an experiment was planned and conducted with a statistical model of the Plan. The model was built using Excel tools. The final result is represented by OI survivability functions graph, Figure 2. The search problem is solved graphically. So, if the survivability function is below the permissible limit (m 0,8; k = 0,7), then either P is fixed, and the lower-l and u decrease within the limits of the recovery time of operability. Or, with fixed l and u, measures are taken to reduce the probability of the OI damage. The required resource is estimated and compared with the benefit from the resulting reduction coefficient of the insurance premium.
For graphics l = 0.25 day and u = 0.5 days, the value m 0,62 does not meet the requirements to receive a reducing factor (0,9  m  0,8; k = 0,7). By sequentially reducing l and u and performing statistical modeling and displaying the results graphically, the search for a variant when m  0.81, i.e. slightly exceeds the required value, is carried out. The desired solution is l = 0.1 days (2.4 hours) and u = 0.2 days (4.8 hours). To achieve this result, it will be necessary to increase the resource allocated to maintain the readiness of the OI, to increase the capabilities of the recovery system.
The results of statistical modeling by the Monte Carlo method are shown in figure 2. According to the figure, the security of the informatization object PA=0.25 is required (m  0.81) -this is a very high level of security. To ensure this level of security, a significant resource is required for the construction of protection lines and for annual operating costs.

Modeling scenarios of massive computer attacks
The application of the Monte Carlo method for modeling the processes of OI functioning in the conditions of the MCA, taking into account the importance of the CA object as part of the computational network (CN) is of practical interest. For this purpose, a block for setting various attack implementation scenarios was introduced into the model. The variants of process control schemes considered in [21,22] are shown in figure 4. b) requirements for the minimum value of the OI survivability function; c) a subset of controlled elements that are included in the technological chain (characteristic of the attack period) and are elements of the CN. It is required: to ensure the exchange of technological information between the decision-maker (DM) and the management objects -MO) -to ensure the controllability of the automated process control system. The attacker's goal is to cause maximum damage to the controllability of the OI (to minimize the number of MO).
Formal statement of the problem: Initial data: • n -is the number of computer attacks; • the structure of the (1-N) automated control system, where 1 is the pole of the automated control system, N are the poles of the controlled objects (CO); the threshold number of controlled objects NR, that have at least one connection with the automated control system, which ensures the controllability of the automated control system; • V={vi}the set of node elements of the CN, vi = 1, if the element is in a working state, vi = 0, otherwise, i = 0, 1, 2,..., K, K is the number of node elements of the CN, i = 0 is the index of the poles of the DM, i = 1 to K are the indices of node elements of the CN; • E = {eij}the set of connection lines between the node elements of the set V, eij=1, if the connection between the i-th and j-th nodes is provided, eij = 0, if the connection between the nodes is not provided, i = 1,2,..., K-1, j=2,3,...K, K is the number of elements of the set V, including the control element and N-controlled elements; • V* = {v*}  V is a subset of MO that are under the control of the DM.