Peculiarities of Solving the Problem of Controlling Information Security Risks in the Development of Protection Methods against Covert (Steganographic) Information Exchange in Public Internet Resources
{"title":"Peculiarities of Solving the Problem of Controlling Information Security Risks in the Development of Protection Methods against Covert (Steganographic) Information Exchange in Public Internet Resources","authors":"M. Yu. Fedosenko","doi":"10.3103/S0146411624700809","DOIUrl":null,"url":null,"abstract":"<p>This paper describes the stage of the practical control of information security risks of a web resource as a result of its use as a medium and communication channel in a steganographic information exchange. The possibility of using steganography in public internet resources as an intruder’s tool for the exchange of illegal data and realization of computer attacks is established on the basis of the available research results. It is proved that developing methods for preventing malicious use of steganographic algorithms is an urgent task. The information security threats concerning steganographic methods according to the database of the Federal Service for Technical and Export Control of the Russian Federation are considered. These threats are used to develop a four-level model of threats of a web resource on the part of user data, including risks of violation of integrity, access, confidentiality, and statements of Federal Law no. 374-FL (and corrections to Federal Law no. 149-FL On the Information, Information Technologies, and Protection of Information). Taking into account the statements of Federal Law no. 374-FL demonstrates the problem of the unavailability of data for checking malicious use in their covert exchange. On the basis of the developed model, the risks of a web resource are assessed by the Microsoft Security Assessment Tool (MSAT), as well as theoretically estimated by the FRAP and CRAMM matrices to demonstrate the peculiarities of using a specific approach to solve the problem of countering the new type of attacks. The necessary measures and mitigation components are calculated by the mathematical programming methods to reveal the minimal and optimal quantitative composition of the protection components against the malicious use of steganography. These measures and components consist of specialists, their competencies, and software tools needed for high-quality protection of a web resource within the studied scientific problem of malicious use of information protection technologies in the course of malpractice, as well as further development of tools for countering and analyzing the data arriving at the web resource.</p>","PeriodicalId":46238,"journal":{"name":"AUTOMATIC CONTROL AND COMPUTER SCIENCES","volume":"58 8","pages":"1169 - 1179"},"PeriodicalIF":0.6000,"publicationDate":"2025-03-14","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"AUTOMATIC CONTROL AND COMPUTER SCIENCES","FirstCategoryId":"1085","ListUrlMain":"https://link.springer.com/article/10.3103/S0146411624700809","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q4","JCRName":"AUTOMATION & CONTROL SYSTEMS","Score":null,"Total":0}
引用次数: 0
Abstract
This paper describes the stage of the practical control of information security risks of a web resource as a result of its use as a medium and communication channel in a steganographic information exchange. The possibility of using steganography in public internet resources as an intruder’s tool for the exchange of illegal data and realization of computer attacks is established on the basis of the available research results. It is proved that developing methods for preventing malicious use of steganographic algorithms is an urgent task. The information security threats concerning steganographic methods according to the database of the Federal Service for Technical and Export Control of the Russian Federation are considered. These threats are used to develop a four-level model of threats of a web resource on the part of user data, including risks of violation of integrity, access, confidentiality, and statements of Federal Law no. 374-FL (and corrections to Federal Law no. 149-FL On the Information, Information Technologies, and Protection of Information). Taking into account the statements of Federal Law no. 374-FL demonstrates the problem of the unavailability of data for checking malicious use in their covert exchange. On the basis of the developed model, the risks of a web resource are assessed by the Microsoft Security Assessment Tool (MSAT), as well as theoretically estimated by the FRAP and CRAMM matrices to demonstrate the peculiarities of using a specific approach to solve the problem of countering the new type of attacks. The necessary measures and mitigation components are calculated by the mathematical programming methods to reveal the minimal and optimal quantitative composition of the protection components against the malicious use of steganography. These measures and components consist of specialists, their competencies, and software tools needed for high-quality protection of a web resource within the studied scientific problem of malicious use of information protection technologies in the course of malpractice, as well as further development of tools for countering and analyzing the data arriving at the web resource.
期刊介绍:
Automatic Control and Computer Sciences is a peer reviewed journal that publishes articles on• Control systems, cyber-physical system, real-time systems, robotics, smart sensors, embedded intelligence • Network information technologies, information security, statistical methods of data processing, distributed artificial intelligence, complex systems modeling, knowledge representation, processing and management • Signal and image processing, machine learning, machine perception, computer vision
京公网安备 11010802042870号
京ICP备2023020795号-1
分享
求助内容:
应助结果提醒方式:
扫码关注我们
