RADIOELECTRONIC AND COMPUTER SYSTEMS

The subject of the research in this article is the methods for detecting intrusions into the information systems of organizations to justify the requirements for the functioning of the monitoring agent of the selected logical object. The aim is to develop a method for building a dynamic model of the logical object of the information system and determine the law of its operation. Tasks: to substantiate the need to create security monitoring agents for logical objects of information systems; identify the main functions of security monitoring agents for logical objects; to propose a method for building a dynamic model of the functioning of a logical object and determining the law of its functioning. The methods used are abstraction, system approach, and methods of mathematical modeling using the provisions of the theory of finite automata. The following results were obtained. A method for constructing a dynamic model of a logical object of an information system is proposed. The dynamic model of the operation of the selected logical object reflects the allowable processes in the space of states that occur during the implementation of functions following the specifications defined by the protocol. This dynamic model is represented by a system of algebraic equations in the space of states, which are formed because of the formalization of the processes of realization of certain functions. The solution of a system of algebraic equations in the space of states as a dynamic model of a logical object is a regular expression for a set of admissible processes. This regular expression defines the set of possible trajectories in the space of states, which is the law of operation of this logical object. Conclusions. The proposed method for building a dynamic model of the logical object in contrast to the existing one is based on the formalization of the processes of implementing of partial functions of the protocol, which allows determining the law of the selected logical object, to ensure the adequacy and accuracy of the model. The law of functioning is the basis for the substantiation of initial data for a statement of problems of identification and diagnosing of a condition of the safety of logical objects of an information system. The solution to these problems is needed to substantiate the requirements for the functioning of the agent to monitor the state of the selected logical object and respond to its changes.vulnerabilities of information systems; the logical object of the information system; information system security status; dynamic model of a logical object; the law of functioning of a logical object

vulnerabilities of information systems; the logical object of the information system; information system security status; dynamic model of a logical object; the law of functioning of a logical object

CVSS Severity Distribution Over Time. National Vulnerability Database. Information Technology Laboratory, NIST. Available at: https://nvd.nist.gov/general/visualizations/vulnerability-visualizations/cvss-severity-distribution-over-time# (аccessed 19.11.2021).

Scarfone, K., Mell, P. Guide to Intrusion Detection and Prevention Systems (IDPS). Recommendations of the National Institute of Standards and Technology. NIST Special Publication 800-94. NIST, 2007. 127 p. DOI: 10.6028/NIST.SP.800-94.

Mudzingwa, D., Agrawal, R. A study of methodologies used in intrusion detection and prevention systems (IDPS). 2012 Proceedings of IEEE Southeastcon, 2012, pp. 1–6. DOI: 10.1109/SECon.2012.6197080.

Ponmurugan, P., Venkatesh, C., Priyadharshini, M. Divya., Balamurugan, S. Intrusion Detection Strategies in Smart Grid. In book: Design and Analysis of Security Protocol for Communication. John Wiley & Sons, February 2020, pp. 223–245. DOI: 10.1002/9781119555759.ch10.

Yang, Y., McLaughlin, K., Sezer, S., Yuan, Y. B., Huang W. Stateful Intrusion Detection for IEC 60870-5-104 SCADA Security. IEEE PES General Meeting. Conference & Exposition, 2014, pp. 1–5. DOI: 10.1109/PESGM.2014.6939218.

Aljeaid, D., Ma, X., Langensiepen, C. Analysis of Security Protocols using Finite-State Machines. International Journal of Advanced Research in Artificial Intelligence, 2015, vol. 4, no. 4. pp. 46–53. DOI: 10.14569/IJARAI.2015.040407.

Basin, D., Cremers, C., Meadows, C. Model Checking Security Protocols. In: Clarke E., Henzinger T., Veith H., Bloem R. (eds) Handbook of Model Checking. Springer, Cham, 2018, pp. 727–762. DOI: 10.1007/978-3-319-10575-8_22.

Shirey, R. RFC 4949. Internet Security Glossary, Version 2. Network Working Group, 2007. 365 p.

Gajdur, G. I., Gaxov, S. O. Teorety`chny`j pidxid do vy`rishennya problemy` vy`yavlennya shkidly`vy`x procesiv na osnovi analizu staniv logichnogo ob'yekta informacijnoyi sy`stemy` [Theoretical approach to solving the problem of detecting malicious processes based on the analysis of the states of the entity of the information system]. Telekomunikacijni ta informacijni texnologiyi – Telecommunication and Informative Technologies, 2021, no. 1(70), pp. 79-87. DOI: 10.31673/2412-4338.2021.017987.

Kapitonova, Yu. V., Letichevskii, A. A., Matematicheskaya teoriya proektirovaniya vychislitel'nykh sistem [Mathematical theory of computing systems design]. Moscow, Nauka Publ., 1988. 295 p.

Kent, S., Seo, K. Security Architecture for the Internet Protocol. Request for Comments: 4301. Network Working Group, December 2005. 102 p.

Kent, S. IP Authentication Header. Request for Comments: 4302. Network Working Group, December 2005. 35 р.

Kent, S. IP Encapsulating Security Payload (ESP). Request for Comments: 4303. Network Working Group, December, 2005. 45 р.

Shelexov, I. V., Barchenko, N. L. et al. Nechitka iyerarxichna ocinka yakosti kompleksny`x sy`stem zaxy`stu informaciyi [A hierarchical fuzzy quality assessment of complex security information systems]. Radioelektronni i komp'uterni sistemi – Radioelectronic and computer systems, 2020, no. 4(96), pp. 106-115. DOI: 10.32620/reks.2020.4.10.

Lysenko, S. M., Kharchenko, V. S. et al. Rezy`l`yentnist` komp'yuterny`x sy`stem v umovax kiberzagroz: taksonomiya ta ontologiya [Computer systems resilience in the presence of cyber threats: taxonomy and ontology]. Radioelektronni i komp'yuterni sy`stemy`, 2020, vol.93, no. 1(93), рр. 17-28. DOI: 10.32620/reks.2020.1.02.