MODELS OF MALICIOUS SOFTWARE AND FAULT TOLERANCE OF INFORMATION COMMUNICATION NETWORKS

Abstract

The aim of this paper is to develop a model that would enable a standardized representation of malicious software’s structure, functions and to get a quantitative estimation of the fault tolerance of information and telecommunication networks affected by malicious software. The paper shows the relevance and importance of the malicious software models and evaluation of the fault tolerance of information and telecommunication networks affected by malicious software. Malicious software refers to software systems able to covertly deploy, establish unauthorized virtual data communication channel, self-propagate, self-modify, conduct unauthorized collection of information on the network and information technology interference against it. The structural and functional model of malicious software developed in this paper is composed of the following set of diagrams and function descriptions: structures of covert deployment and malicious software installation using electronic mail, structural and functional diagram of the main module of malicious software and covert deployment modules, structural and functional diagram of malicious software while implementing malicious functions, malicious software certificate. The diagrams detail the standard functions, operating procedures and information interaction of malicious software modules of the external and internal networks via an unauthorized virtual data communication channel. Primary malicious software modules are considered through the example of the Careto targeted computer attack. The model of fault tolerance of information and telecommunication networks affected by malicious software is described by indicators that characterize the ability of the networks and information security facilities to maintain and recover specified probabilistic and temporal characteristics over the period of malicious software activity. The following indicators are considered: probability that information and telecommunication networks and information security facilities maintain the specified probabilistic and temporal characteristics over the period of malicious software activity, probability that information and telecommunication networks and information security facilities recover the probabilistic and temporal characteristics after the effects of malicious software activity, factor of operation availability of information and telecommunication networks to perform the specified probabilistic and temporal characteristics under malicious software activity at an arbitrary moment in time, mathematical expectation of the duration of malicious software activity, mathematical expectation of the recovery time of the probabilistic and temporal characteristics of information and telecommunication networks and information security facilities. It is assumed that the values of the parameters required for the calculation of the indicators of the fault tolerance model of information and telecommunication networks were obtained as the result of a testbed simulation of the networks affected by malicious software. In the conclusion it is noted that the developed models enable the identification of the general structure of covert deployment and installation of attacking malicious software using electronic mail, structural and functional diagram of the main module of malicious software and covert deployment modules, structural and functional diagram of malicious software while implementing malicious functions, malicious software certificate, as well as evaluate the fault-tolerance of information and telecommunication networks and information security facilities affected by malicious software, quantify the probabilistic and temporal fault tolerance, recoverability and availability characteristics of networks.