Authors

Multi-criteria assessment of information security threats based on the technologies of digital twins and threat intelligence

Currently, the problem of ensuring information security of critical information infrastructure is steadily increasing and acquiring strategic importance, which is caused by the explosive growth of complex targeted attacks on infrastructure facilities. The solution to this problem requires the development of new approaches for assessing information security threats that combine the relevance of data provided by threat intelligence technology with a deep understanding of the specifics of the protected systems. An analysis of the state of the problem shows that existing approaches for assessing information security threats to critical information infrastructure facilities have such shortcomings as a gap between threat intelligence data and the context of a specific system, subjectivity of qualitative assessments, and the complexity of ranking threats given many conflicting criteria. To overcome these shortcomings, the article proposes a method for multi-criteria assessment of information security threats to critical information infrastructure facilities that integrates threat intelligence and digital twin technologies, where the digital twin technology is designed to provide the necessary understanding of object specifics. A system of indicators has been developed, structured according to five projections of threat assessment: severity of consequences, intruder capabilities, vulnerability of the facility, complexity of the attack, and effectiveness of protection. A conceptual model of an information security threat assessment system based on the technologies of digital twins and threat intelligence has been developed. A multi-criteria threat assessment methodology is presented, in which the integral threat index and Pareto-optimal threat ranks are calculated based on a set of criteria. Experimental testing on synthetic data confirmed the consistency of the results of these calculations. Practical application of the proposed method allows for threat analysis both as a whole and within individual projections of the indicator system. Read more...