Peculiarities of Solving the Problem of Controlling Information Security Risks in the Development of Protection Methods against Covert (Steganographic) Information Exchange in Public Internet Resources

IF 0.6 Q4 AUTOMATION & CONTROL SYSTEMS AUTOMATIC CONTROL AND COMPUTER SCIENCES Pub Date : 2025-03-14 DOI:10.3103/S0146411624700809
M. Yu. Fedosenko
{"title":"Peculiarities of Solving the Problem of Controlling Information Security Risks in the Development of Protection Methods against Covert (Steganographic) Information Exchange in Public Internet Resources","authors":"M. Yu. Fedosenko","doi":"10.3103/S0146411624700809","DOIUrl":null,"url":null,"abstract":"<p>This paper describes the stage of the practical control of information security risks of a web resource as a result of its use as a medium and communication channel in a steganographic information exchange. The possibility of using steganography in public internet resources as an intruder’s tool for the exchange of illegal data and realization of computer attacks is established on the basis of the available research results. It is proved that developing methods for preventing malicious use of steganographic algorithms is an urgent task. The information security threats concerning steganographic methods according to the database of the Federal Service for Technical and Export Control of the Russian Federation are considered. These threats are used to develop a four-level model of threats of a web resource on the part of user data, including risks of violation of integrity, access, confidentiality, and statements of Federal Law no. 374-FL (and corrections to Federal Law no. 149-FL On the Information, Information Technologies, and Protection of Information). Taking into account the statements of Federal Law no. 374-FL demonstrates the problem of the unavailability of data for checking malicious use in their covert exchange. On the basis of the developed model, the risks of a web resource are assessed by the Microsoft Security Assessment Tool (MSAT), as well as theoretically estimated by the FRAP and CRAMM matrices to demonstrate the peculiarities of using a specific approach to solve the problem of countering the new type of attacks. The necessary measures and mitigation components are calculated by the mathematical programming methods to reveal the minimal and optimal quantitative composition of the protection components against the malicious use of steganography. These measures and components consist of specialists, their competencies, and software tools needed for high-quality protection of a web resource within the studied scientific problem of malicious use of information protection technologies in the course of malpractice, as well as further development of tools for countering and analyzing the data arriving at the web resource.</p>","PeriodicalId":46238,"journal":{"name":"AUTOMATIC CONTROL AND COMPUTER SCIENCES","volume":"58 8","pages":"1169 - 1179"},"PeriodicalIF":0.6000,"publicationDate":"2025-03-14","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"AUTOMATIC CONTROL AND COMPUTER SCIENCES","FirstCategoryId":"1085","ListUrlMain":"https://link.springer.com/article/10.3103/S0146411624700809","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q4","JCRName":"AUTOMATION & CONTROL SYSTEMS","Score":null,"Total":0}
引用次数: 0

Abstract

This paper describes the stage of the practical control of information security risks of a web resource as a result of its use as a medium and communication channel in a steganographic information exchange. The possibility of using steganography in public internet resources as an intruder’s tool for the exchange of illegal data and realization of computer attacks is established on the basis of the available research results. It is proved that developing methods for preventing malicious use of steganographic algorithms is an urgent task. The information security threats concerning steganographic methods according to the database of the Federal Service for Technical and Export Control of the Russian Federation are considered. These threats are used to develop a four-level model of threats of a web resource on the part of user data, including risks of violation of integrity, access, confidentiality, and statements of Federal Law no. 374-FL (and corrections to Federal Law no. 149-FL On the Information, Information Technologies, and Protection of Information). Taking into account the statements of Federal Law no. 374-FL demonstrates the problem of the unavailability of data for checking malicious use in their covert exchange. On the basis of the developed model, the risks of a web resource are assessed by the Microsoft Security Assessment Tool (MSAT), as well as theoretically estimated by the FRAP and CRAMM matrices to demonstrate the peculiarities of using a specific approach to solve the problem of countering the new type of attacks. The necessary measures and mitigation components are calculated by the mathematical programming methods to reveal the minimal and optimal quantitative composition of the protection components against the malicious use of steganography. These measures and components consist of specialists, their competencies, and software tools needed for high-quality protection of a web resource within the studied scientific problem of malicious use of information protection technologies in the course of malpractice, as well as further development of tools for countering and analyzing the data arriving at the web resource.

Abstract Image

查看原文
分享 分享
微信好友 朋友圈 QQ好友 复制链接
本刊更多论文
求助全文
约1分钟内获得全文 去求助
来源期刊
AUTOMATIC CONTROL AND COMPUTER SCIENCES
AUTOMATIC CONTROL AND COMPUTER SCIENCES AUTOMATION & CONTROL SYSTEMS-
CiteScore
1.70
自引率
22.20%
发文量
47
期刊介绍: Automatic Control and Computer Sciences is a peer reviewed journal that publishes articles on• Control systems, cyber-physical system, real-time systems, robotics, smart sensors, embedded intelligence • Network information technologies, information security, statistical methods of data processing, distributed artificial intelligence, complex systems modeling, knowledge representation, processing and management • Signal and image processing, machine learning, machine perception, computer vision
期刊最新文献
Segmenting Input Data to Improve the Quality of Identification of Information Security Events Steganalytical Module for Detecting Embeddings in Images with a Low Stego Container Filling Intelligent Mechanisms for Extracting Signs of File Modification in Dynamic Virus Analysis Peculiarities of Solving the Problem of Controlling Information Security Risks in the Development of Protection Methods against Covert (Steganographic) Information Exchange in Public Internet Resources Application of Indicator Functions in Models of Detection and Neutralization of Harmful Information Objects
×
引用
GB/T 7714-2015
复制
MLA
复制
APA
复制
导出至
BibTeX EndNote RefMan NoteFirst NoteExpress
×
×
提示
您的信息不完整,为了账户安全,请先补充。
现在去补充
×
提示
您因"违规操作"
具体请查看互助需知
我知道了
×
提示
现在去查看 取消
×
提示
确定
0
微信
客服QQ
Book学术公众号 扫码关注我们
反馈
×
意见反馈
请填写您的意见或建议
请填写您的手机或邮箱
已复制链接
已复制链接
快去分享给好友吧!
我知道了
×
扫码分享
扫码分享
Book学术官方微信
Book学术文献互助
Book学术文献互助群
群 号:481959085
Book学术
文献互助 智能选刊 最新文献 互助须知 联系我们:info@booksci.cn
Book学术提供免费学术资源搜索服务,方便国内外学者检索中英文文献。致力于提供最便捷和优质的服务体验。
Copyright © 2023 Book学术 All rights reserved.
ghs 京公网安备 11010802042870号 京ICP备2023020795号-1