Adaptive Management of Information Network Protection with Analysis of Intruder's Actions

Introduction:The known methods of adaptive management of information network protection with special security measures are not effective enough in modern conditions, as they only take into account collected and processed data on security events and do not analyze the dynamics of the actions.Purpose:Developing a method of adaptive control of information network protection based on the analysis of violator's actions.Results:A method has been proposed for adaptive management of information network protection. Unlike other known methods, it is based on analyzing the dynamics of the violator's actions and determining the situational confrontation parameters under stochastic uncertainty. The method includes situation monitoring, operational control of the sequence of violator's actions, modeling the attacker's strategy, determining the situational parameters with a reliable prediction of the intrusion strategy. During the analysis, the network administrator receives information about the priority purposes of an intruder, the tools used and the vulnerabilities of the network. This provides an opportunity to promptly take measures to increase the security of the network and avoid its compromise.Practical relevance: Тhis approach allows you to maintain the operation of automated management systems for an organization with integrated structure, taking into account the scaling in planning and making changes to the structure on the background of information confrontation at the required level when multiple threats are changing their dynamics.