Combining of Heterogeneous Destructive Impact on the Information System and Countering Attacks (on Example by Insider Activity and DDoS-Attack)

Abstract

Problem statement. By now, information security specialists have developed a sufficiently broad pool of mechanisms and means of countering cyberattacks for virtually all classes of destructive effects on information systems. Therefore, in order to break the relative parity "attack vs defense", attackers intensify their onslaught on information security systems by combining heterogeneous destructive influences, thus hampering the ability to counteract them. Despite a significant number of publications devoted to such information confrontation, there are no scientific studies devoted to analyzing this relatively new phenomenon in terms of identifying the limits of combinations, as well as the ability to counteract possible combinations in the public domain. The aim of the work is to study the phenomenon of combining heterogeneous destructive influences on the information system and counteracting such attacks. Methods used. The possibility of combining qualitatively heterogeneous attacks on the information system of the organization is studied. In order to classify and distinguish such attacks, categorical division apparatus is applied using the following pairs: Human vs Automaton, Inside vs Outside, Single vs Multiple. Result. The application of categorical division allowed to distinguish 8 classes of attacks from the position of their realization mechanism; the interpretation of each of the classes is given and an example is given. Novelty. The combination of two seemingly unrelated destructive influences – insider activity and DDoS-attack – is considered for the first time; their generalized scheme, stages of their implementation, as well as the complexity of counteraction to them are given.