РЕКОНФИГУРАЦИОННЫЕ МЕТАГРАММАТИКИ ДЛЯ ОПИСАНИЯ И МОДЕЛИРОВАНИЯ МНОГОЭТАПНЫХ КОМПЛЕКСНЫХ АТАК

Abstract

The purpose of the study is determined by a significant expansion of the classes of threats tomodern automated systems, the dynamic development of tactics and techniques for attacking theirinformation resources. The available methods and hardware and software tools effectively resistsingle-stage attacks that have a fixed scheme of destructive impact and time-limited activity. Moderntypes of destructive influences are understood as multi-stage complex attacks, for which it isimportant to create an adequate and effective apparatus for describing, modeling and repellingnew types of attacks. Research methods are based on the development of a structural-algebraicapproach, primarily on the apparatus of formal grammars and metagrammars. It has been establishedthat the well-known formal models for describing and modeling multi-stage complex attacksare cumbersome, and their modification is difficult. Most attack descriptors are not equipped witha representative set of methods for structural and algebraic analysis of such complexly structuredobjects. To describe, model and repel such attacks, a class of reconfiguration metagrammars hasbeen developed. These metagrammars contain a set of regular and reconfiguration rules formatching between grammar elements within the grammar. These rules allow you to select specificbranches of the search graph depending on the achieved parsing states. This property significantlyreduces the search space and thus increases the specific efficiency of the search. The developedapparatus of reconfiguration metagrammars creates the necessary theoretical basis for their effectiveuse in modeling and reflecting existing and prospective ICAs that have a structural-linguisticdescription. The resulting qualimetric five-dimensional diagram, built on a set of practically significantindicators (homogeneity, connectivity, compactness, adaptability, directionality) showedthe advantage of reconfiguration metagrammars over general metagrammars. Methods of parsingin reconfiguration metagrammars differ in structural rules of reconfiguration (structural adaptation)and selection criteria for their adaptation. These procedural features make it possible toexpand the possibilities of attack modeling and improve the efficiency of procedures for repellingmulti-stage complex attacks.