<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE article PUBLIC "-//NLM//DTD JATS (Z39.96) Journal Publishing DTD v1.3 20210610//EN" "JATS-journalpublishing1-3.dtd">
<article article-type="research-article" dtd-version="1.3" xmlns:mml="http://www.w3.org/1998/Math/MathML" xmlns:xlink="http://www.w3.org/1999/xlink" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xml:lang="ru"><front><journal-meta><journal-id journal-id-type="publisher-id">mireabulletin</journal-id><journal-title-group><journal-title xml:lang="ru">Russian Technological Journal</journal-title><trans-title-group xml:lang="en"><trans-title>Russian Technological Journal</trans-title></trans-title-group></journal-title-group><issn pub-type="ppub">2782-3210</issn><issn pub-type="epub">2500-316X</issn><publisher><publisher-name>RTU MIREA</publisher-name></publisher></journal-meta><article-meta><article-id pub-id-type="doi">10.32362/2500-316X-2021-9-6-16-25</article-id><article-id custom-type="elpub" pub-id-type="custom">mireabulletin-395</article-id><article-categories><subj-group subj-group-type="heading"><subject>Research Article</subject></subj-group><subj-group subj-group-type="section-heading" xml:lang="ru"><subject>ИНФОРМАЦИОННЫЕ СИСТЕМЫ. ИНФОРМАТИКА. ПРОБЛЕМЫ ИНФОРМАЦИОННОЙ БЕЗОПАСНОСТИ</subject></subj-group><subj-group subj-group-type="section-heading" xml:lang="en"><subject>INFORMATION SYSTEMS. COMPUTER SCIENCES. ISSUES OF INFORMATION SECURITY</subject></subj-group></article-categories><title-group><article-title>Разработка моделей аналитической системы обработки данных для мониторинга ИБ объекта информатизации, использующего облачную инфраструктуру</article-title><trans-title-group xml:lang="en"><trans-title>The development of models of an analytical data processing system for monitoring information security of an informatization object using cloud infrastructure</trans-title></trans-title-group></title-group><contrib-group><contrib contrib-type="author" corresp="yes"><contrib-id contrib-id-type="orcid">https://orcid.org/0000-0002-4844-4714</contrib-id><name-alternatives><name name-style="eastern" xml:lang="ru"><surname>Сизов</surname><given-names>В. А.</given-names></name><name name-style="western" xml:lang="en"><surname>Sizov</surname><given-names>V. A.</given-names></name></name-alternatives><bio xml:lang="ru"><p>Сизов Валерий Александрович, д.т.н., профессор, кафедра Прикладной информатики и информационной безопасности Института математики, информационных систем и цифровой экономики</p><p>117997, Россия, Москва, Стремянный пер., 36</p></bio><bio xml:lang="en"><p>Valerii A. Sizov, Dr. Sci. (Eng.), Professor, Department of Applied Informatics and Information Security, Institute of Mathematics, Information Systems and Digital Economy</p><p>36, Stremyanny per., Moscow, 117997 Russia</p></bio><email xlink:type="simple">sizov.va@rea.ru</email><xref ref-type="aff" rid="aff-1"/></contrib><contrib contrib-type="author" corresp="yes"><contrib-id contrib-id-type="orcid">https://orcid.org/0000-0002-8424-3071</contrib-id><name-alternatives><name name-style="eastern" xml:lang="ru"><surname>Киров</surname><given-names>А. Д.</given-names></name><name name-style="western" xml:lang="en"><surname>Kirov</surname><given-names>A. D.</given-names></name></name-alternatives><bio xml:lang="ru"><p>Киров Алексей Дмитриевич, специалист, специализированная учебно-научная лаборатория по информационному противоборству в бизнесе, кафедра Прикладной информатики и информационной безопасности Института математики, информационных систем и цифровой экономики</p><p>117997, Россия, Москва, Стремянный пер., 36</p></bio><bio xml:lang="en"><p>Aleksey D. Kirov, Specialist, Specialized Educational and Scientific Laboratory on Information Confrontation in Business, Department of Applied Informatics and Information Security, Institute of Mathematics, Information Systems and Digital Economy</p><p>36, Stremyanny per., Moscow, 117997 Russia</p></bio><email xlink:type="simple">kirov.ad@rea.ru</email><xref ref-type="aff" rid="aff-1"/></contrib></contrib-group><aff-alternatives id="aff-1"><aff xml:lang="ru"><institution>Российский экономический университет имени Г.В. Плеханова</institution><country>Россия</country></aff><aff xml:lang="en"><institution>Plekhanov Russian University of Economics</institution><country>Russian Federation</country></aff></aff-alternatives><pub-date pub-type="collection"><year>2021</year></pub-date><pub-date pub-type="epub"><day>02</day><month>12</month><year>2021</year></pub-date><volume>9</volume><issue>6</issue><fpage>16</fpage><lpage>25</lpage><permissions><copyright-statement>Copyright &amp;#x00A9; Сизов В.А., Киров А.Д., 2021</copyright-statement><copyright-year>2021</copyright-year><copyright-holder xml:lang="ru">Сизов В.А., Киров А.Д.</copyright-holder><copyright-holder xml:lang="en">Sizov V.A., Kirov A.D.</copyright-holder><license xml:lang="ru" license-type="creative-commons-attribution" xlink:href="https://creativecommons.org/licenses/by/4.0/" xlink:type="simple"><license-p>Данная работа распространяется под лицензией Creative Commons Attribution 4.0.</license-p></license><license xml:lang="en" license-type="creative-commons-attribution" xlink:href="https://creativecommons.org/licenses/by/4.0/" xlink:type="simple"><license-p>This work is licensed under a Creative Commons Attribution 4.0 License.</license-p></license></permissions><self-uri xlink:href="https://www.rtj-mirea.ru/jour/article/view/395">https://www.rtj-mirea.ru/jour/article/view/395</self-uri><abstract><p>Статья посвящена разработке аналитической системы обработки данных (АСОД) для мониторинга информационной безопасности (ИБ) в рамках системы менеджмента ИБ современных компаний, ведущих свою основную деятельность в киберпространстве и использующих облачную инфраструктуру. На основе анализа современных информационных технологий (ИТ) и наиболее востребованных продуктов обеспечения ИБ облачных инфраструктур, а также существующих научных подходов предложен формализованный подход к синтезу АСОД для мониторинга ИБ такого объекта информатизации. Этот подход учитывает полезность используемых ИТ с позиции ИБ. Представлена общая модель структуры информационного обеспечения АСОД для мониторинга ИБ, а также модель зависимости полезности ИТ от времени и соотношения уровня квалификации специалиста по ИБ и злоумышленника. В качестве критерия в первой оптимизационной модели используется качество системы мониторинга ИБ. В качестве ограничений предлагаются следующие: ограничение на время принятия решения на инцидент; ограничение на степень качества анализа событий ИБ аналитической системой обработки данных и ограничение на совместимость функций анализа данных с типами данных о событиях ИБ. Приведенные результаты исследования второй модели показывают логически непротиворечивую зависимость полезности ИТ от времени и соотношения уровня квалификации специалиста по ИБ к уровню квалификации злоумышленника. Представлены частные модели структуры информационного обеспечения АСОД, позволяющие определить рациональную структуру информационного обеспечения АСОД по частным критериям. В качестве частных критериев используются следующие: максиминный критерий полезности информационного обеспечения АСОД для мониторинга ИБ объекта информатизации в облачной инфраструктуре и критерий максимума актуальности информационного обеспечения, распределенного по узлам облачной инфраструктуры для систем с невысокой степенью централизации управления.</p></abstract><trans-abstract xml:lang="en"><p>The article is devoted to the problem of developing an analytical data processing system for monitoring information security within the information security management system of modern companies conducting their main activities in cyberspace and using cloud infrastructure. Based on the analysis of modern information technologies related to ensuring information security of cloud infrastructure and the most popular products for ensuring information security of cloud infrastructures, as well as existing scientific approaches, a formalized approach to the synthesis of an analytical data processing system for monitoring the information security of an informatization object using cloud infrastructure is proposed. This approach takes into account the usefulness of the used information technologies from the viewpoint of information security. A general model of the structure of information support of an analytical data processing system for monitoring information security, as well as a model of the dependence of the usefulness of information technology on time and the ratio of the skill level of an information security specialist and an attacker are presented. The quality of the information security monitoring system is used as a criterion in the first optimization model. The following limitations are suggested: limitation on the time of making a decision on an incident; limitation on the degree of quality of analysis of information security events by the analytical data processing system and limitation on the compatibility of data analysis functions with data types about information security events. The cited results of the study of the second model show a logically consistent dependence of the usefulness of information technology on time and the ratio of the skill level of an information security specialist to the skill level of an attacker. The particular models of the structure of the information support of ASOD are presented. They make it possible to determine the rational structure information support of ASOD according to particular criteria. The following particular criteria are used: the maximin criterion of the usefulness of the information support of ASOD for monitoring the information security of an informatization object in the cloud infrastructure; the criterion for the maximum relevance of information support distributed over the nodes of the cloud infrastructure for systems with a low degree of centralization of management.</p></trans-abstract><kwd-group xml:lang="ru"><kwd>информационная безопасность</kwd><kwd>аналитическая система обработки данных</kwd><kwd>облачная инфраструктура</kwd><kwd>компьютерное моделирование</kwd><kwd>математическое моделирование</kwd><kwd>мониторинг ИБ</kwd><kwd>объект информатизации</kwd></kwd-group><kwd-group xml:lang="en"><kwd>information security</kwd><kwd>analytical data processing system</kwd><kwd>cloud infrastructure</kwd><kwd>computer modeling</kwd><kwd>mathematical modeling</kwd><kwd>information security monitoring</kwd><kwd>object of informatization</kwd></kwd-group></article-meta></front><back><ref-list><title>References</title><ref id="cit1"><label>1</label><citation-alternatives><mixed-citation xml:lang="ru">Liu Z., Zhao A., Liang M. A port-based forwarding loadbalancing scheduling approach for cloud datacenter networks. J. Cloud Comp. 2021;10(1):13. https://doi.org/10.1186/s13677-021-00226-w</mixed-citation><mixed-citation xml:lang="en">Liu Z., Zhao A., Liang M. A port-based forwarding loadbalancing scheduling approach for cloud datacenter networks. J. Cloud Comp. 2021;10(1):13. https://doi.org/10.1186/s13677-021-00226-w</mixed-citation></citation-alternatives></ref><ref id="cit2"><label>2</label><citation-alternatives><mixed-citation xml:lang="ru">Chen J., Wang Y., Liu T. A proactive resource allocation method based on adaptive prediction of resource requests in cloud computing. J. Wireless Com. Network. 2021;24. https://doi.org/10.1186/s13638-021-01912-8</mixed-citation><mixed-citation xml:lang="en">Chen J., Wang Y., Liu T. A proactive resource allocation method based on adaptive prediction of resource requests in cloud computing. J. Wireless Com. Network. 2021;24. https://doi.org/10.1186/s13638-021-01912-8</mixed-citation></citation-alternatives></ref><ref id="cit3"><label>3</label><citation-alternatives><mixed-citation xml:lang="ru">Wang J., Zhang G., Wang W., Zhang K., Sheng Y. Cloud-based intelligent self-diagnosis and department recommendation service using Chinese medical BERT. J. Cloud Comp.: Advances, Systems and Applications. 2021;10(1):4. https://doi.org/10.1186/s13677-020-00218-2</mixed-citation><mixed-citation xml:lang="en">Wang J., Zhang G., Wang W., Zhang K., Sheng Y. Cloud-based intelligent self-diagnosis and department recommendation service using Chinese medical BERT. J. Cloud Comp.: Advances, Systems and Applications. 2021;10(1):4. https://doi.org/10.1186/s13677-020-00218-2</mixed-citation></citation-alternatives></ref><ref id="cit4"><label>4</label><citation-alternatives><mixed-citation xml:lang="ru">Chen Y., Liu H., Wang B., Sonompil B., Ping Y., Zhang Z. A threshold hybrid encryption method for integrity audit without trusted center. J. Cloud Comp.: Advances, Systems and Applications. 2021;10(1):3. https://doi.org/10.1186/s13677-020-00222-6</mixed-citation><mixed-citation xml:lang="en">Chen Y., Liu H., Wang B., Sonompil B., Ping Y., Zhang Z. A threshold hybrid encryption method for integrity audit without trusted center. J. Cloud Comp.: Advances, Systems and Applications. 2021;10(1):3. https://doi.org/10.1186/s13677-020-00222-6</mixed-citation></citation-alternatives></ref><ref id="cit5"><label>5</label><citation-alternatives><mixed-citation xml:lang="ru">Ngoc T.L., Doan B.H. Capability maturity model and metrics framework for cyber cloud security. Scalable Computing: Practice and Experience. 2017;18(4):277−290. https://doi.org/10.12694/scpe.v18i4.1329</mixed-citation><mixed-citation xml:lang="en">Ngoc T.L., Doan B.H. Capability maturity model and metrics framework for cyber cloud security. Scalable Computing: Practice and Experience. 2017;18(4):277−290. https://doi.org/10.12694/scpe.v18i4.1329</mixed-citation></citation-alternatives></ref><ref id="cit6"><label>6</label><citation-alternatives><mixed-citation xml:lang="ru">Afolaranmi S.O., Moctezuma L.E.G., Rak M., Casola V., Rios E., Lastra J.L.M. Methodology to Obtain the Security Controls in Multi-cloud Applications. In: Proceedings of the 6th International Conference on Cloud Computing and Services Science (CLOSER 2016). 2016. V.1. p. 327−332. http://doi.org/10.5220/0005912603270332</mixed-citation><mixed-citation xml:lang="en">Afolaranmi S.O., Moctezuma L.E.G., Rak M., Casola V., Rios E., Lastra J.L.M. Methodology to Obtain the Security Controls in Multi-cloud Applications. In: Proceedings of the 6th International Conference on Cloud Computing and Services Science (CLOSER 2016). V.1. 2016, p. 327−332. http://doi.org/10.5220/0005912603270332</mixed-citation></citation-alternatives></ref><ref id="cit7"><label>7</label><citation-alternatives><mixed-citation xml:lang="ru">Сизов В.А. Разработка моделей повышения эффективности сохранности данных в распределенной вычислительной среде на основе динамического резервирования данных. В сб.: Advances in Science and Technology: сб. статей XXI международной научно-практической конференции. М.: «Актуальность. РФ», 2019. С. 96−100.</mixed-citation><mixed-citation xml:lang="en">Sizov V.A. Development of models for improving the efficiency of data safety in a distributed computing environment based on dynamic data reservation. In: Advances in Science and Technology: Collection of articles of the XXI International Scientific and Practical Conference. 2019, p. 96−100. (in Russ.).</mixed-citation></citation-alternatives></ref><ref id="cit8"><label>8</label><citation-alternatives><mixed-citation xml:lang="ru">Сизов В.А. Модели и методы виртуально-восстановительного резервирования данных автоматизированных информационно-управляющих систем в условиях чрезвычайных ситуаций. Автоматика и телемеханика. 1998;7:176−184.</mixed-citation><mixed-citation xml:lang="en">Sizov V.A. Models and methods of virtual-recovered redundancy of data of automatic information-control systems under extreme conditions. Autom. Remote Control. 1998;59(7):1047−1053.</mixed-citation></citation-alternatives></ref><ref id="cit9"><label>9</label><citation-alternatives><mixed-citation xml:lang="ru">Arce D.G. Cybersecurity and platform competition in the cloud. Computers &amp; Security. 2020;93:101774. https://doi.org/10.1016/j.cose.2020.101774</mixed-citation><mixed-citation xml:lang="en">[Sizov V.A. Models and methods of virtual-recovered redundancy of data of automatic information-control systems under extreme conditions. Automat. i Telemekh. 1998;(7):176−184 (in Russ.).]</mixed-citation></citation-alternatives></ref><ref id="cit10"><label>10</label><citation-alternatives><mixed-citation xml:lang="ru">Джинчарадзе Г.Р. Методические аспекты организации процедуры оценки персонала. Инженерный Вестник Дона. 2012;2(20):340−345. URL: https://cyberleninka.ru/article/n/metodicheskie-aspekty-organizatsii-protseduryotsenki-personala</mixed-citation><mixed-citation xml:lang="en">Arce D.G. Cybersecurity and platform competition in the cloud. Computers &amp; Security. 2020;93:101774. https://doi.org/10.1016/j.cose.2020.101774</mixed-citation></citation-alternatives></ref><ref id="cit11"><label>11</label><citation-alternatives><mixed-citation xml:lang="ru">Сизов В.А., Киров А.Д. Проблемы внедрения SIEM-систем в практику управления информационной безопасностью субъектов экономической деятельности. Открытое образование. 2020;24(1):69−79. https://doi.org/10.21686/1818-4243-2020-1-69-79</mixed-citation><mixed-citation xml:lang="en">Dzhincharadze G.R. Methodological aspects of the organization of the personnel assessment procedure. Inzhenernyi Vestnik Dona = Engineering journal of Don. 2012;2(20):340−345 (in Russ.). Available from URL: https://cyberleninka.ru/article/n/metodicheskie-aspektyorganizatsii-protsedury-otsenki-personala</mixed-citation></citation-alternatives></ref><ref id="cit12"><label>12</label><citation-alternatives><mixed-citation xml:lang="ru">Lee J., Kim Y.S., Kim J.H., Kim I.K. Toward the SIEM architecture for cloud-based security services. In: 2017 IEEE Conference on Communications and Network Security (CNS). https://doi.org/10.1109/CNS.2017.8228696</mixed-citation><mixed-citation xml:lang="en">Sizov V.A., Kirov A.D. Problems of implementation SIEM-systems in the practice of managing information security of economic entities. Otkrytoe obrazovanie = Open Education. 2020;24(1):69−79 (in Russ.). https://doi.org/10.21686/1818-4243-2020-1-69-79</mixed-citation></citation-alternatives></ref><ref id="cit13"><label>13</label><citation-alternatives><mixed-citation xml:lang="ru">Granadillo G.G., El-Barboni M., Debar H. New types of alert correlation for security information and event management systems. In: 2016 8th IFIP International Conference on New Technologies, Mobility and Security (NTMS). 2016. https://doi.org/10.1109/NTMS.2016.7792462</mixed-citation><mixed-citation xml:lang="en">Lee J., Kim Y.S., Kim J.H., Kim I.K. Toward the SIEM architecture for cloud-based security services. In: 2017 IEEE Conference on Communications and Network Security (CNS). https://doi.org/10.1109/CNS.2017.8228696</mixed-citation></citation-alternatives></ref><ref id="cit14"><label>14</label><citation-alternatives><mixed-citation xml:lang="ru">Kavanagh M., Rochford O. Magic Quadrant for Security Information and Event Management. Gartner technical report. 2015. 15 p.</mixed-citation><mixed-citation xml:lang="en">Granadillo G.G., El-Barboni M., Debar H. New Types of Alert Correlation for Security Information and Event Management Systems. In: 2016 8th IFIP International Conference on New Technologies, Mobility and Security (NTMS). 2016. https://doi.org/10.1109/NTMS.2016.7792462</mixed-citation></citation-alternatives></ref><ref id="cit15"><label>15</label><citation-alternatives><mixed-citation xml:lang="ru">Марков А.С., Цирлов В.Л. Структурное содержание требований информационной безопасности. Мониторинг правоприменения. 2017;1(22):53−61.</mixed-citation><mixed-citation xml:lang="en">Kavanagh M., Rochford O. Magic Quadrant for Security Information and Event Management. Gartner technical report. 2015. 15 p.</mixed-citation></citation-alternatives></ref><ref id="cit16"><label>16</label><citation-alternatives><mixed-citation xml:lang="ru">Nabil M., Soukainat S., Lakbabi A., Ghizlane O. SIEM selection criteria for an efficient contextual security. In: 2017 International Symposium on Networks, Computers and Communications (ISNCC). 2017. https://doi.org/10.1109/ISNCC.2017.8072035</mixed-citation><mixed-citation xml:lang="en">Markov A.S., Tsirlov V.L. Structured content of information security requirements. Monitoring pravoprimeneniya = Monitoring of Law Enforcement. 2017;1(22):53−61 (in Russ.). https://doi.org/10.21681/2412-8163-2017-1-53-61</mixed-citation></citation-alternatives></ref><ref id="cit17"><label>17</label><citation-alternatives><mixed-citation xml:lang="ru">Кирсанов К.К. Теория полезности в период смены концептуальных положений. Науковедение (Вестник Евразийской науки). 2015;7(2):38. URL: http://naukovedenie.ru/PDF/37EVN215.pdf</mixed-citation><mixed-citation xml:lang="en">Nabil M., Soukainat S., Lakbabi A., Ghizlane O. SIEM selection criteria for an efficient contextual security. In: 2017 International Symposium on Networks, Computers and Communications (ISNCC). https://doi.org/10.1109/ISNCC.2017.8072035</mixed-citation></citation-alternatives></ref><ref id="cit18"><label>18</label><citation-alternatives><mixed-citation xml:lang="ru">Котенко И.В., Федорченко А.В., Саенко И.Б., Кушнеревич А.Г. Технологии больших данных для корреляции событий безопасности на основе учета типов связей. Вопросы кибербезопасности. 2017;5(24):2−16. https://doi.org/10.21681/2311-3456-2017-5-2-16</mixed-citation><mixed-citation xml:lang="en">Kirsanov K.K. The theory of utility in the period of change of conceptual provisions. Naukovedenie (The Eurasian Journal). 2015;7(2):38 (in Russ.). Available from URL: http://naukovedenie.ru/PDF/37EVN215.pdf</mixed-citation></citation-alternatives></ref><ref id="cit19"><label>19</label><citation-alternatives><mixed-citation xml:lang="ru">Федорченко А.В., Левшун Д.С., Чечулин А.А., Котенко И.В. Анализ методов корреляции событий безопасности в SIEM-системах. Часть 2. Труды СПИИРАН. 2016;6(49):208−225. https://doi.org/10.15622/sp.49.11</mixed-citation><mixed-citation xml:lang="en">Kotenko I.V., Fedorchenko A.V., Saenko I.B., Kushnerevich A.G. Big data technologies for security event correlation based on event type accounting. Voprosy kiberbezopasnosti = Cybersecurity issues. 2017;5(24):2−16 (in Russ.). https://doi.org/10.21681/2311-3456-2017-5-2-16</mixed-citation></citation-alternatives></ref><ref id="cit20"><label>20</label><citation-alternatives><mixed-citation xml:lang="ru">Fedorchenko A.V., Levshun D.S., Chechulin A.A., Kotenko I.V. An Analysis of Security Event Correlation Techniques in SIEM-Systems. Part 2. Trudy SPIIRAN = SPIIRAS Proceedings. 2016;6(49):209−225 (in Russ.). https://doi.org/10.15622/sp.49.11</mixed-citation><mixed-citation xml:lang="en">Fedorchenko A.V., Levshun D.S., Chechulin A.A., Kotenko I.V. An Analysis of Security Event Correlation Techniques in SIEM-Systems. Part 2. Trudy SPIIRAN = SPIIRAS Proceedings. 2016;6(49):209−225 (in Russ.). https://doi.org/10.15622/sp.49.11</mixed-citation></citation-alternatives></ref></ref-list><fn-group><fn fn-type="conflict"><p>The authors declare that there are no conflicts of interest present.</p></fn></fn-group></back></article>
