{"title":"调查了在自动化过程控制系统中使用软模拟器来响应计算机威胁实施的事实的结果","authors":"M. Tumbinskaya, A. Abzalov","doi":"10.37791/2687-0649-2022-17-1-83-96","DOIUrl":null,"url":null,"abstract":"Ensuring information security of automated process control systems (IACS) is a difficult task and its solution requires an integrated approach. Various computer threats need to be considered, which may be external, internal, accidental or deliberate. With the global growth of cybercrimes and the constant improvement of cyberattacks, it is necessary to increase the level of security of IACS, web resources, information systems, etc. Achieving the goal of increasing the level of security is possible by solving the problem of training users to respond to the facts of the implementation of computer threats during the operation of the IACS, i. e. information security incidents. The article describes software, the main task of which is to provide users of an industrial automated system with practical skills for an adequate response to incidents, which will increase the level of users' knowledge in the field of information security. The paper presents an analysis of the information security of an automated process control system, which showed that, on average, in 89.5% of cases, attackers use malicious software to gain access to information unauthorizedly, and on average, in 83% of cases, they use social engineering methods. An industrial automated system of a large enterprise in the machine- building industry of the Republic of Tatarstan was selected for the study. The results of the study and experimental data showed that as a result of training and after it, users more correctly and adequately respond to emerging information security incidents due to the fact that most situations were considered and analyzed during the training period using software. On average, the number of attacks in the analyzed periods as a whole decreased by 28%: the number of attacks carried out using social engineering methods decreased by 51.75%, the number of attacks using malicious software by 40.25%, the number of DoS-type attacks – by 11.75%, the number of credential brute-force attacks – by 7.5%.","PeriodicalId":44195,"journal":{"name":"Journal of Applied Mathematics & Informatics","volume":"16 1","pages":""},"PeriodicalIF":0.4000,"publicationDate":"2022-01-30","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":"{\"title\":\"Investigation of the results of using a soft simulator for responding to the facts of the implementation of computer threats in an automated process control system\",\"authors\":\"M. Tumbinskaya, A. Abzalov\",\"doi\":\"10.37791/2687-0649-2022-17-1-83-96\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"Ensuring information security of automated process control systems (IACS) is a difficult task and its solution requires an integrated approach. Various computer threats need to be considered, which may be external, internal, accidental or deliberate. With the global growth of cybercrimes and the constant improvement of cyberattacks, it is necessary to increase the level of security of IACS, web resources, information systems, etc. Achieving the goal of increasing the level of security is possible by solving the problem of training users to respond to the facts of the implementation of computer threats during the operation of the IACS, i. e. information security incidents. The article describes software, the main task of which is to provide users of an industrial automated system with practical skills for an adequate response to incidents, which will increase the level of users' knowledge in the field of information security. The paper presents an analysis of the information security of an automated process control system, which showed that, on average, in 89.5% of cases, attackers use malicious software to gain access to information unauthorizedly, and on average, in 83% of cases, they use social engineering methods. An industrial automated system of a large enterprise in the machine- building industry of the Republic of Tatarstan was selected for the study. The results of the study and experimental data showed that as a result of training and after it, users more correctly and adequately respond to emerging information security incidents due to the fact that most situations were considered and analyzed during the training period using software. On average, the number of attacks in the analyzed periods as a whole decreased by 28%: the number of attacks carried out using social engineering methods decreased by 51.75%, the number of attacks using malicious software by 40.25%, the number of DoS-type attacks – by 11.75%, the number of credential brute-force attacks – by 7.5%.\",\"PeriodicalId\":44195,\"journal\":{\"name\":\"Journal of Applied Mathematics & Informatics\",\"volume\":\"16 1\",\"pages\":\"\"},\"PeriodicalIF\":0.4000,\"publicationDate\":\"2022-01-30\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"0\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"Journal of Applied Mathematics & Informatics\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.37791/2687-0649-2022-17-1-83-96\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"Q4\",\"JCRName\":\"MATHEMATICS, APPLIED\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"Journal of Applied Mathematics & Informatics","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.37791/2687-0649-2022-17-1-83-96","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q4","JCRName":"MATHEMATICS, APPLIED","Score":null,"Total":0}
Investigation of the results of using a soft simulator for responding to the facts of the implementation of computer threats in an automated process control system
Ensuring information security of automated process control systems (IACS) is a difficult task and its solution requires an integrated approach. Various computer threats need to be considered, which may be external, internal, accidental or deliberate. With the global growth of cybercrimes and the constant improvement of cyberattacks, it is necessary to increase the level of security of IACS, web resources, information systems, etc. Achieving the goal of increasing the level of security is possible by solving the problem of training users to respond to the facts of the implementation of computer threats during the operation of the IACS, i. e. information security incidents. The article describes software, the main task of which is to provide users of an industrial automated system with practical skills for an adequate response to incidents, which will increase the level of users' knowledge in the field of information security. The paper presents an analysis of the information security of an automated process control system, which showed that, on average, in 89.5% of cases, attackers use malicious software to gain access to information unauthorizedly, and on average, in 83% of cases, they use social engineering methods. An industrial automated system of a large enterprise in the machine- building industry of the Republic of Tatarstan was selected for the study. The results of the study and experimental data showed that as a result of training and after it, users more correctly and adequately respond to emerging information security incidents due to the fact that most situations were considered and analyzed during the training period using software. On average, the number of attacks in the analyzed periods as a whole decreased by 28%: the number of attacks carried out using social engineering methods decreased by 51.75%, the number of attacks using malicious software by 40.25%, the number of DoS-type attacks – by 11.75%, the number of credential brute-force attacks – by 7.5%.
京公网安备 11010802042870号
京ICP备2023020795号-1
分享
求助内容:
应助结果提醒方式:
扫码关注我们
