Development of a Method for Determining the List of Key Threats to Information Security of Computer Networks

Cybersecurity (CS) for computer networks (CNs) has remained a persistent and evolving concern from the inception of CNs to the present day [1]. A critical component of CS algorithms is the development of a comprehensive list encompassing all contemporary threats [2]. Despite ongoing advancements, the majority of safety issues pertinent to CS continue to be pressing [3].

A paramount objective in advancing CS methods is to diminish the dependence on the expertise of specialized personnel in the compilation of a definitive list of key threats. This research is directed toward the establishment of an innovative method for assembling such a list for the CS of CNs. Distinct from existing approaches, the proposed method employs specialized matrices that delineate communication protocols between pairs of elements. These matrices articulate the interactions among internal elements that replicate the CN and models that represent threats to CS.

The research has yielded several noteworthy outcomes:

1. The construction of a CN model utilizing metagraphs, which stands apart from similar constructs due to the delineation of relationships among diverse software components within the CN.
2. The formulation of a threat model to CS for any CN, characterized by the generation and categorization of various threat scenarios, underpinned by the analysis of metagraphs.
3. The introduction of a novel method for enumerating key threats to the CS of CNs, which is distinguished from analogous methods by the utilization of matrices that explicate the interactions of internal components.

The utility of this approach is further emphasized by the employment of attribute metagraphs, which are noted for their capacity to map connections across different software strata of computer systems.

3.1 Techniques to ensure the compilation of a list of key threats to the information security of each CN

Based on the results of the assessment, which allows modeling of each threat, and techniques that analyze the degree of risk to which IS are exposed, we can conclude that a key list of threats can be obtained:

• By describing the system and defining the totality of its components that need to be protected.
• By determining the degree of threat to each component identified at the 1^st stage of creating the list.

Subsequently, techniques should be applied that compile a list of key threats, based on a matrix describing the relationship between its components.

3.2 Generalized mechanism for method functioning

The method that opens up the possibility of compiling a list of key threats to CS covers several stages:

• Classifying each component belonging to the CN.
• Creating a matrix that reflects the nature of the relationship among all components.
• Providing a list of key threats.

The order of operation of the method presented in IDEF0 is shown in Figure 1.

The amount of input data should include the following:

• Lists of additional and systemic software packages.
• Specifics of the logical structure of the assessed CNs.
• Lists of protocols used to ensure the stable transmission of information.
• Several requirements regarding the consideration of threats to the level of security in the general list of threats.

The practical implementation of this method makes it possible to form a complete list of threats to the CSs of the considered CNs.

The control mechanisms include the imitation of the CN behavior, which is described below.

1.png

Figure 1. Representation of the methodology for compiling a list of key threats to the CS of a CN

It is necessary to clarify some initial data. Thus, CNs are studied in the format of a structure that includes interconnected components, and the available internal relationships among them are also assessed.

Threats refer to the category of unauthorized amendments recorded in any CN. Therefore, every threat affecting security, rather than the information environment, is subject to consideration.

Today, when discussing accessibility, the degree of information accessibility should be considered, rather than the level of accessibility of the average user.

It should also be noted that at this stage, the degree of interrelationship of each component is assessed. It turns out that the classification of the components that form any CN can be modeled by graph vertices. This figure shows the following:

1. available software;
2. reliable OS;
3. a number of subnetworks.

It is assumed that each protocol and component included in the CN fully corresponds to each layer of the OSI models:

• The software must function on the basis of the protocols that are at the application level and on the relationships of the OS level.
• The OS will interact on the basis of protocols of various levels.
• Any subnetwork will interact on the basis of protocols of various levels.
• The relationship matrix, which is the basis of our method, can be expressed as follows:

1. Identify a list of components included in the CN regarding their compliance with the logical structure of the CN.
2. Identify a list covering all involved protocols.
3. Compare lists of components and protocols.

When delving into the essence of what is happening, the list of components enters the input channel of the method being developed, and it is necessary to determine the degree of correspondence and belonging of each component to the general hierarchy: Subnetworks include operating systems, and they cover all software.

A list combining protocols is created from each protocol, due to which the communication of components within certain CNs is performed.

By comparing lists, it is possible to establish those protocols, relying on which pair of components interact. At the same time, each stage of creating a matrix is divided into a number of successive steps. Guided by the description of the method, it can be concluded that several requirements are put forward for the models used in the matrix that simulate the behavior of the CN, which consider the following:

• Software hierarchy of a particular CN.
• Probability of having a set of relationships among its components.
• The components and the relationships that unite them are described by certain characteristics.

3.3 Metagraphs

The potential of the mathematical complex of metagraphs is the basis of the model that simulates the behavior of the threat and the behavior of the CN. It is necessary to use the provisions put forward by the theoretical foundations of graphs during detecting any threat, as confirmed by Sony and Naik [15] and Godquin et al. [16].

The metagraph allows for the harmonization of two system characteristics: integrity and the possibility of division. For this reason, a subsystem can be derived from the systems, which opens up the possibility to consider the system, or its subsystem, guided by what currently interests the researcher.

Basu and Blanning [17] define a metagraph as a special summation, where ordinary graphs and hypergraphs act as summands. Wang et al. [18] considered the problems associated with metagraphs that arise during visualizations. The researchers also proposed a universal algorithm capable of implementing a software tool for simulating a particular CN. For metagraphs, Šajna and Wagner [19] provide a definition of a metavertex, which represents a certain union that includes several vertices.

Metagraph edges connect the two metavertices. Each edge can have differences in its qualities; therefore, metagraphs can be considered as a type of multigraph (Figure 2).

2.png

Figure 2. Metagraph representation

3.png

Figure 3. Metagraph of nests n

Godquin et al. [16] proposed the determination of the metagraphs of nests n, which appear as follows (Figure 3):

$G=(X, E)$,       (1)

where, G is a metagraph of nests n;

$X=\left\{x_i\right\}, i=\overline{1, n}$ are non-empty incomplete sets covering the vertices;

$E=\left\{e_k\right\}, k=\overline{1, m}$ – non-empty incomplete sets covering graph edges.

Any edges of the n-dimensional graphs connect several subsets related to a set of vertices:

$e_k=\left(V_i, W_i\right)$,              (2)

where, $V_i, W_i \subseteq X$; $V_i \cup W_i \neq \emptyset$; i is the level of nests.

At the same time, there are the following dependencies:

$\begin{gathered}f_1^l: g_1^l\left(x_1^l, e_1^l\right) \rightarrow x_2^p, f_2^p: g_2^p\left(x_2^p, e_2^p\right) \rightarrow \\ x_3^m, \ldots, f_{n-1}^t: g_{n-1}^t\left(x_{n-1}^t, e_{n-1}^t\right) \rightarrow x_n,\end{gathered}$                (3)

where, l,p,r,…,t are the numbers of each vertex and edges of certain levels.

Basu and Blanning [17] describe the characterizing metagraph. Here, each edge or vertex can have many characteristics. In the text of this research, we use exceptional metagraphs, but today there are the results of some assessments that deepen the provisions of theoretical foundations that describe the graphs. For example, Hinding et al. [20] offer and describe in detail the varieties of summation of graphs expressed by protographs and archigraphs.

Such metagraphs can be represented by an orderly four:

$M G=(V, M V, E, M E)$,           (4)

here, MG is a metagraph; V – sets that combine the peaks of metagraph vertices; MV – a set that includes metagraph metavertices; E represents the totalities covering the metagraph edges; ME – the totalities that cover the metagraph metaedges.

Metagraph vertices are inherent in the totality of characteristics:

$v_i=\left\{a t r_k\right\}$,      (5)

here, $v_i$ is a metagraph vertex, $v_i \in V$;

$a t r_k$ is the current characteristic.

The metagraph edges have a totality of characteristics, vertices, and several signs of direction:

$e_j=\left(V_s, V_E, e o,\left\{a t r_k\right\}\right)$,             (6)

here $e_j$ is a metagraph edge, $e_j \in E$; $V_s$ – a metavertex of one of the edges; $V_E$ – a metavertex of one of the edges; ео – a sign that displays the orientation of the edges; $a t r_k$ – a current characteristic.

Thus, the edge directionality features can be characterized by the following values:

$e o=$ true $\mid$ false,            (7)

where, eo = true displays directed edges; eo = false displays a number of non-directed edges.

3.4 CN models

Currently, most ISs rely on several functional stations that are joined in local area networks (LANs). Any functional station in the LAN has an operating system (OS) that includes several software packages [21, 22]. The functioning of the model that imitates IS behavior is based on the method proposed by Shelupanov et al. [23].

The inputs of the model are sets of software, operating system and LANs. The main tasks of this model are to describe the information system, using the structure of the attribute metagraph of nesting 3, and to form links between the given input elements (between software, operating systems and local area networks). The links will be described according to the OSI reference model.

Thus, the OSI model assumes that information among network objects corresponding to different levels will be transmitted under the guidance of several protocols operating for these objects [24].

At the same time, the real and session levels will focus on interaction with the software; therefore, such a relationship can be simulated by protocols at the OSI levels. However, this series of protocols will not be identical to the OSI model in every case, which means that the dependencies of the session levels will be added to the practical ones.

A number of protocols corresponding to the transport levels can be implemented using software tools – OS components. Therefore, any communication in the OS can be described by protocols operating at the OSI transport levels.

Every communication in a LAN environment is performed by routers that use the protocols of the OSI network layers; therefore, the interrelationship in the LAN environment is represented by the protocols that run on these OSI layers [24].

We will not consider the abovementioned levels because this research evaluates IS behavior in virtual environments, and the abovementioned levels reflect the degree of interrelationship of components in real environments.

Each layer describing the relationship of the IS components according to the OSI model is shown in Figure 4.

4.png

Figure 4. Levels of the interaction of the IS components

Any information system is a collection of interdependent components. Therefore, the system is only one of the components of the complex belonging to the higher hierarchy, and any of its elements belong to secondary systems.

IS can be described by nesting metagraph 3, which is built and described in detail by Basu and Blanning [17].

Since this research evaluates only the CN software component, we are dealing with a conflict between the definitions of “operation system” and “software”. More appropriate phrases are “system software” and “application software”. Therefore, we introduce several definitions that describe levels:

• Application software is the software layer.
• System software is the OS level.
• The software that organizes the transfer of information to the CN is a certain level of the subnet.

Nesting metagraph 3 can be the following tuple [17]:

$G=\left(X_1, X_2, X_3, E_1, E_2, E_3\right)$,           (8)

where, G is nesting metagraph 3; $X_1=\left\{x_1^k\right\}, k=\overline{1, q}$ represents sets of software packages; $X_2=\left\{x_2^l\right\}, l=\overline{1, r}$ represents the sets covering OS, $x_2^l \subset X_1$; $X_1=\left\{x_1^k\right\}, k=\overline{1, q}-\mathrm{LAN}$ sets, $x_3^m \subset X_2$ \$ $E_1=\left\{e_1^n\right\}, n=\overline{1, t}$– collections that display relationships in the software environment, based on a certain amount of $X_1$; $E_2=\left\{e_2^o\right\}, o=\overline{1, u}$ - collections that display relationships in the OS environment, which are determined by the set $X_2$; $E_3=\left\{e_3^p\right\}, p=\overline{1, v}$ - collections that display relationships in the LAN environment, which are determined by the set $X_3$.

Table 1. Characteristics of each element of the set

Concurrently, the following dependencies should be considered:

$f_1^w: g_1^w\left(x_1^k, e_1^n\right) \rightarrow x_2^l$,            (9)

where, $x_1^k$ - an element belonging to the software set.

$e_1^n$ an element belonging to the collection that displays the relationships in the software environment; $x_2^l$ - an element belonging to a set covering all OSs.

$f_2^y: g_2^y\left(x_2^l, e_2^o\right) \rightarrow x_3^m$,                 (10)

here, $x_2^l$ is an element corresponding to the set including OS; $e_2^o$ – an element that belongs to the collection representing the relationships in the OS environment; $x_3^m$ - an element belonging to the LAN set.

Vertices are described by sets of characteristics:

$x_i^b=\left\{a t r_a\right\}$,             (11)

here $i=\overline{1,3}$ are vertex nesting levels; b – numbers of vertices belonging to certain levels i; $a t r_a$ – characteristics of the vertices (numeric, line, etc.).

Edges can be described by the following set of characteristics:

$e_j^h=\left(x_j^c, x_j^d,\left\{a t r_z\right\}\right)$,                (12)

here, $x_d^c$ is the initial vertex of the edges; $x_j^d$ – the final vertex of the edges; $j=\overline{1,3}$ – edge nesting level; $a t r_z$ – the current characteristic of the edges (numeric, line, etc.); h – edge numbers at certain levels j; c, d – vertex numbers at certain levels j.

Some possible characteristics of the components of each considered set are given in Table 1.

3.5 Threat models to CN cybersecurity

3.5.1 Threat models that face CN integrity

The created model contains a list of key threats to the integrity of IS components [25].

Threats can take several forms:

• Threats to the totality of components (metagraph vertices);
• Threats to a collection covering relationships in the environment of components (metagraph edges).

Moreover, any attack can comprise several attacks.

Threats to a combination of components:

1. Component substitutions (vertex).
2. Component exceptions (vertex).
3. Component additions (vertex).

Threats to the collection covering relationships:

1. Relationship substitutions (edge).
2. Relationship exclusions (edge).
3. Relationship additions (edge).

The simulation of the threat to the integrity of the IS components is composed of the sum of each $C_{s i}$:

$\begin{gathered}C_s:=\left(C_{s 1}\left(x_1^k x_2^l x_3^m\right) \cup C_{s 1}\left(e_1^n e_2^o e_3^p\right) \cup\right. \\ C_{s 2}\left(x_1^k x_2^l x_3^m\right) \cup C_{s 2}\left(e_1^n e_2^o e_3^p\right) \cup C_{s 3}\left(x_1^k x_2^l x_3^m\right) \cup \\ \left.C_{s 3}\left(e_1^n e_2^o e_3^p\right) \cup C_{s 4}\left(a t r_a\right) \cup C_{s 4}\left(a t r_z\right)\right),\end{gathered}$                  (13)

here, $C_{s 1}$ is a threat class that replaces a component or relationship:

• $C_{s 1}\left(x_1^k x_2^l x_3^m\right)$ – a threat capable of replacing a component (vertex) at certain levels;
• $C_{s 1}\left(e_1^n e_2^o e_3^p\right)$ – a threat associated with the substitution of relationships (edge) at certain levels;
• $C_{s 2}$ is a class of threat associated with the removal of a component or relationships:
• $C_{s 2}\left(x_1^k x_2^l x_3^m\right)$ – a threat associated with the removal of a component (vertex) at certain levels;
• $C_{s 2}\left(e_1^n e_2^o e_3^p\right)$ a threat associated with the removal of relationships (edge) at certain levels;
• $C_{s 3}$ is a class of threat associated with the addition of a component or relationships;
• $C_{s 3}\left(x_1^k x_2^l x_3^m\right)$ a threat associated with the addition of a component (vertex) at certain levels;
• $C_{s 3}\left(e_1^n e_2^o e_3^p\right)$ a threat associated with the addition of relationships (edge) at certain levels;
• $C_{s 4}$ is a class of threat associated with changes in the settings of a component or relationships;
• $C_{s 4}\left(a t r_a\right)$ a threat associated with changes in the settings (characteristics) of the component (vertex);
• $C_{s 4}\left(a t r_z\right)$ a threat associated with changes in the settings of relationships (edge).

The indicators of the existing relationships can be set by the vertex indicator. Some characteristics that describe the relationships in the software collection are represented by the port numbers used in the software. At the same time, the OS collection is expressed by the information protection (IP) addresses used by the OS. Indicators describing the relationships of LAN sets are expressed by the IP addresses of the networks and the routing tables used for interconnection in the environment of the components belonging to this CN.

The collection of threats associated with the integrity of the IS components is given in Table 2.

Each collection of software, OS, and LAN can be designated as $X_1, X_2, X_3$. The collection covering the relationships in the software, OS, and LAN environments is denoted as $E_1, E_2, E_3$. The collection of characteristics software, OS, and LAN will be denoted as $a t r_a$. Here, $a t r_a \in x_1^k$ – will correspond to the software level, $a t r_a \in x_2^l$ – will correspond to the software OS level, and $a t r_a \in x_3^m$ will correspond to the LAN level.

Table 2. Collection of threats related to the IS integrity

3.5.2 Modeling threats to CN privacy

This research could simulate the privacy threat behavior of IS components, given the suggestions of Konev [25]. At the same time, the IS structure was used, which was built due to the metagraph.

With a full-fledged IS, we have described several threats that apply to any vertex and to any edge of metagraphs. Several threats to the characteristics of the metagraphs were described.

The main indicators of metagraphs are as follows:

• OS version numbers.
• Versions of the protocols that provide information transmission.
• Name of the workstations.
• IP addresses.
• The lengths of the keys used to encrypt.

Threats can be expressed as:

• Disclosing data about any protocols according to which OS interconnection is organized in the corresponding LANs.
• Disclosing information about the name of the software operating in any OS.
• Disclosing information about any port used to transfer information in a workstation environment, etc.

The generated threat behavior model describes several threats to the privacy of the IS components.

Privacy displays a data characteristic that restricts third-party access to this information.

Considering confidentiality in a LAN, violators are interested in the entire amount of information about the OS and software installed in this OS, as well as a number of protocols, with regard to which the interconnection of CN components is implemented, including their settings. If attackers become the owners of information about the configuration of any LANs, they will be able to harm such networks.

Creating a model is an addition to simulating threats to the integrity of IS components. The same information leaks that reveal data about any vertex can be attributed to threats to sets of characteristics.

Threats to the set covering edges can include information leaks about any edge.

A model simulating threats to CN privacy – $K_s$ will consider all $K_{s i}$:

$\begin{gathered}K_s:=\left(K_{s 1}\left(x_1^k x_2^l x_3^m\right) \cup K_{s 1}\left(e_1^n e_2^o e_3^p\right) \cup K_{s 2}\left(a t r_a\right) \cup\right. \\ \left.K_{s 2}\left(a t r_z\right)\right),\end{gathered}$              (14)

here, $K_{s 1}$ is a threat class associated with the disclosure of information about the name of the component and relationships:

• $K_{s 1}\left(x_1^k x_2^l x_3^m\right)$ – a threat related to the disclosure of information about the name of the components (vertex) at the appropriate level;
• $K_{s 1}\left(e_1^n e_2^o e_3^p\right)$ – a threat related to the disclosure of information about the name of the components (edge) at the appropriate level;
• $K_{s 2}$ is a threat class associated with the disclosure of information about the setting of components and relationship:
• $K_{s 2}\left(a t r_a\right)$ – a threat related to the disclosure of information about setting the characteristics of components (vertex);
• $K_{s 2}\left(a t r_z\right)$ – a threat related to the disclosure of information about the relationship settings.

Each setting can be set in the vertex characteristics. Relationships can be set in the characteristics of any edge. The settings here include all information about the software versions, OS versions, and each driver that uses the software. Network settings include information about each protocol, such as key lengths that are used for encryption, protocol versions, max-address, and IP address of each network device, etc.

At the same time, the level of damage is determined by the importance of the processed data in the IS.

The name of the software, OS, and LAN is determined by the full addresses of the CN components, including their full names.

The collection of threats to the set of vertices is given in Tables 3 and 4.

The totality of threats to a large number of characteristics of any vertex is given in Table 5. The totality of threats to the disclosure of information regarding network settings for the collections of each vertex is given in Table 6.

Table 3. Collection of threats to the privacy of multiple components

Table 4. Collection of threats to the privacy of collections covering relationships

Table 5. Collection of threats to the privacy of each setting

Table 6. Collection of threats to privacy for a large number of characteristics of each edge

3.5.3 Models that simulate threats to CN integrity and confidentiality

The security of $T_S$ systems is determined by the union of $K_S$, and $C_S$:

$T_S=K_S \cup C_S ;$               (15)

here, $K_S$ is a model of threat to the privacy of IS components; $C_S$ – a model of threat to the integrity of information system components. By combining the collections, a set will be created that includes all the components belonging to the 1^st or 2^nd sets.

Therefore, the overall CN security level is represented by the sum of the following equations:

$\begin{gathered}T_S:=\left(C_{s 1}\left(x_1^k x_2^l x_3^m\right) \cup C_{s 1}\left(e_1^n e_2^o e_3^p\right) \cup\right. \\ C_{s 2}\left(x_1^k x_2^l x_3^m\right) \cup C_{s 2}\left(e_1^n e_2^o e_3^p\right) \cup C_{s 3}\left(x_1^k x_2^l x_3^m\right) \cup \\ C_{s 3}\left(e_1^n e_2^o e_3^p\right) \cup C_{s 4}\left(a t r_a\right) \cup K_{s 1}\left(x_1^k x_2^l x_3^m\right) \cup \\ \left.K_{s 1}\left(e_1^n e_2^o e_3^p\right) \cup K_{s 2}\left(a t r_a\right) \cup K_{s 2}\left(a t r_z\right)\right)\end{gathered}$             (16)

Thus, two models based on metagraphs were developed and combined: the model of integrity threats and the model of confidentiality threats of information system elements, into one, which is called the model of threats to the security of the computer network.

As a result of the assessment, a method was created to determine the list of key threats, and two models were presented, one that simulates the CN and another that simulates the behavior of each threat to the CN.

Its main advantage is repeatability. For example, its use by different specialists leads to a similar list of threats, regardless of the qualifications of these specialists. In addition, this method can be used as one of the steps in assessing the security level of a CN. However, the condition in this case is the correct formation of the list of elements of the system under consideration.

Simulation of each threat, based on working with metagraphs, opens up the prospect of compiling complete lists of threats to CN privacy. It should be noted that the created model, which simulates the behavior of a threat, represents most threats more qualitatively than the threat data bank, which stores information about all known threats. This model could identify 11 more threat options.

A number of shortcomings that occurred when simulating threats were considered and eliminated. For example:

1) Components belonging to the violator model were practically excluded.

2) Each threat was described in detail and classified.

3) Each threat was assigned to the category of threats to the system.

4) Subjective opinion and the impact exerted by the qualifications of specialized experts during compiling the list of threats are now practically disregarded.

As a result of the practical application of this method, it was revealed that the compiled list of threats exceeded the previous list by 17%, which was compiled by specialists before.

Models that simulate metagraph-based CN behavior open up the possibility of representing software components and all possible relationships among them. The software components are practical, system, and network software packages. All of these will lead to improved security for a particular system.

The developed method allows compiling a list of threats to the CS of any CNs and makes it possible to increase the number of detected threats. The approach can be extended to identify information security threats.