RU180178U1 - Integrated security assessment system for automated military control systems - Google Patents

Abstract

The integrated security assessment system for automated military command and control systems (ACS VN) is designed to generate a comprehensive assessment of the security of military ACS based on the results of its testing and monitoring. The technical result is the optimization of the algorithm for assessing the security of ACS VN by obtaining its comprehensive assessment of security; the formation of a complex image of ACS VN, which increases the efficiency of decision-making on its security, by combining the same parametric data; unloading the computing resources of the system for the integrated assessment of the security of an ACS VN by reducing the number of repeated parametric data in the information storage module; reducing the load on network traffic entering the user interaction module. The specified technical result is achieved by the fact that the operator sets the system operation parameters through the user interaction module. The evaluation module determines the sequence and operation parameters of all modules of the system, after which, based on the results of the operation of the information collection module, the work of the testing module of the ACS VN is started. The data of the test results of the AC HV by means of the data conversion module are brought to a general view, transmitted to the parametric synthesis module. Next, monitoring of the parameters of the ACS VN and its network activity is started. The data collected by the monitoring module is brought to a general view and transmitted to the parametric synthesis module. The parametric synthesis module synthesizes the results of testing and monitoring, as a result of which a complex image of the ACS VN is formed, which is displayed to the operator and transmitted to the evaluation module to form a comprehensive assessment of its security. The generated comprehensive assessment of the security of the ACS VN is transmitted to the user interaction module for output to the operator, as well as to the information storage module for its storage. 1 ill.

Description

The proposed utility model relates to the field of computer technology, namely to automated control systems (hereinafter referred to as ACS) and networks, and can also be used to implement the process of assessing the security of military ACS (hereinafter referred to as ACS VN).

A known analog device for protecting computer networks and systems from computer attacks (RF patent No. 113041, IPC G06F 21/20 (2006.01), application. August 31, 2011, publ. January 27, 2012), which consists in the fact that the system contains a network statistics database assembled by a network monitor connected to the computer’s network interfaces, a traffic volume forecasting unit operating on the basis of cyclic time series analysis, a decision support system (hereinafter referred to as DSS) connected to a network packet filter and deciding to skip or filter Network packages based on a comparison of the actual traffic volume with the forecast result, a DSS training and management unit through which the DSS rules are trained and configured by the system operator.

The disadvantages of this device are

the presence of a network packet filter, the constant operation of which is necessary to obtain an estimate; a long period of preparatory work on promising automated control systems, which is associated with a statistical evaluation methodology; lack of an adaptive security assessment tool taking into account the changing system parameters.

The analogue is known of a simulation simulation device for assessing the security of automated military control systems (RF patent No. 166652, IPC G06F 21/57 (2013.01), application form. by a user, an evaluation module, an information storage module, an information collection module, a testing module, a data conversion module. The main feature of this analogue is the ability to expand tests that mimic the actions of an attacker, as well as obtain a comprehensive assessment of the security of an ACS VN using the method of matching estimates obtained from the test results.

The disadvantage of this device is

the inability to monitor the state of the ACS VN, which, in turn, does not allow the operator to respond in a timely manner to emerging threats to information security.

The closest analogue (prototype) is a utility model, a device for monitoring the state of security of automated military control systems, (known from the application No. 2016149946 accepted for examination on the merits, filed June 21, 2017). This analogue proposes an approach to monitoring the security status of the AC HV by testing and monitoring the system. The analogue model (prototype) is that the system contains a user interaction module, an evaluation module, an information storage module, an information collection module, a testing module, a monitoring module, a data conversion module. The main feature of the analogue (prototype) is the ability to monitor the status of the ACS-VN after generating an assessment of the security of the system. The assessment is generated, in turn, by the results of testing the system for resistance to impact through the network.

Monitoring allows you to get a time-varying assessment of the security of the AC HV in the presence of impact on the system through the network.

The disadvantages of this device are

test and monitoring results contain repeating parametric data; loading the information storage module with redundant and repeating information; increased load on network traffic between data conversion and user interaction modules.

The purpose of the proposed utility model is the optimization of the algorithm for assessing the security of the ACS of the HV, as well as the creation of a comprehensive image of the ACS of the HV according to the results of testing and monitoring of its state.

A new approach is proposed, based on the creation of a system for the integrated assessment of the security of an ACS VN containing a user interaction module, an evaluation module, an information storage module, an information collection module, a testing module, a monitoring module, a data conversion module, characterized in that a parametric synthesis module is added, consisting of a synthesized data output unit and a parametric synthesis unit; the parametric synthesis unit of the parametric synthesis module is connected with the data conversion units of the data conversion unit and the evaluation unit of the evaluation unit; the output of the parametric synthesis unit is transmitted through the output unit of the synthesized data of the parametric synthesis module to the interface blocks of the user interaction module, as well as to the evaluation unit of the evaluation module, which conducts a comprehensive assessment of the security of the AC HV based on the received output data; the evaluation module evaluation unit transmits the generated comprehensive security assessment of the ACS VN to the user interface module interface blocks for output to the operator, as well as the evaluation module evaluation mechanism control unit and the information storage module information output unit to the information storage unit of the information storage module to store it.

The goal is achieved by creating a parametric synthesis module that allows you to synthesize parametric data coming from the testing and monitoring modules, as well as create a comprehensive image of the ACS VN.

The technical result of the utility model is the optimization of the algorithm for assessing the security of an ACS VN by obtaining its comprehensive assessment of security; the formation of a complex image of ACS VN, which increases the efficiency of decision-making on its security, by combining the same parametric data; unloading the computing resources of the system for the integrated assessment of the security of an ACS VN by reducing the number of repeated parametric data in the information storage module; reducing the load on network traffic entering the user interaction module.

FIG. 1 is a block diagram of a comprehensive security assessment system for automated military control systems.

The essence of the utility model is illustrated by the drawing (Fig. 1) A block diagram of a comprehensive security assessment system for automated military control systems, which shows the modules and blocks: user interaction module 1, containing parameter setting block 1.1 and interface blocks 1.2, rating module 2, which includes a control unit for the evaluation mechanism 2.1 and an evaluation unit 2.2, an information storage unit 3, consisting of an information output unit 3.1 and an information storage unit 3.2, an information collection unit 4, comprising a unit General data 4.1 and the selection block for possible tests 4.2, testing module 5, which includes testing blocks for topologies 5.1 and testing modules for ACS VN 5.2 modules, monitoring module 6, consisting of a monitoring unit for ACS VN 6.1 parameters and a block for monitoring its network activity 6.2 , a data conversion module 7, comprising 7.1 data conversion units, a parametric synthesis module 8, which includes a synthesized data output unit 8.1 and a parametric synthesis unit 8.2.

The system of integrated assessment of security of ACS VN operates as follows.

The operator, through the interface blocks 1.2, sets the system operation parameters in the parameter settings block 1.1. Next, the parameter setting block 1.1 transmits user control commands to the control unit of the evaluation mechanism 2.1. The control unit of the evaluation mechanism 2.1 processes the control commands of the user, transfers the parameters to the information output unit 3.1, which transmits data to the information storage unit 3.2. The information storage unit 3.2 records, reads and contains information on the operation parameters of individual units: analysis rules and information on previously saved security assessments of AC HV. After loading the operating parameters from the information storage module 3, the control unit of the evaluation mechanism 2.1 determines the sequence and operation parameters of all the blocks, sends the operating parameters to the general data collection unit 4.1, in which information about the verified ACS VN is collected for subsequent analysis. All data collected by the general data collection unit 4.1 is transferred to the selection block for possible tests 4.2, which, based on the selected test parameters and the information received, starts the work of the testing modules for topology 5.1 and testing the ACS VN 5.2 modules. The data collected by testing module 5 is transferred to 7.1 data conversion units, which bring the test results to a general view, transfer them to the parametric synthesis block 8.2 and send information about the end of the testing process to the control unit of the evaluation mechanism 2.1. Next, the control unit of the evaluation mechanism 2.1 starts the operation of the monitoring unit for the ACS VN 6.1 parameters and the monitoring unit for its network activity 6.2. The data collected by the monitoring module 6 is transferred to the 7.1 data conversion blocks, which bring the monitoring results to a general view, transfer them to the parametric synthesis block 8.2 and send information about the end of the monitoring process to the control unit of the evaluation mechanism 2.1. Then, in the block of parametric synthesis 8.2, a parametric synthesis of the results of testing and monitoring is performed, as well as a complex image of the ACS VN is generated, which is transmitted through the output unit of the synthesized data 8.1 to the interface blocks 1.2 for output to the operator, as well as to the evaluation unit 2.2, which conducts a comprehensive assessment security ACS VN based on its integrated image. Evaluation unit 2.2 transmits the generated comprehensive security assessment of AC HV to the interface blocks 1.2 for output to the operator, as well as through the evaluation mechanism control unit 2.1 and information output unit 3.1 to the information storage unit 3.2 to store it.

Thus, the proposed utility model allows you to optimize the algorithm for assessing the security of ACS VN and create its integrated image based on the results of testing and monitoring.

Claims (1)

A comprehensive security assessment system for automated military control systems (ACS VN), containing a user interaction module, an assessment module, an information storage module, an information collection module, a testing module, a monitoring module, a data conversion module, characterized in that a parametric synthesis module is added, consisting of a synthesized data output unit and a parametric synthesis unit; the parametric synthesis unit of the parametric synthesis module is connected with the data conversion units of the data conversion unit and the evaluation unit of the evaluation unit; the output of the parametric synthesis unit is transmitted through the output unit of the synthesized data of the parametric synthesis module to the interface blocks of the user interaction module, as well as to the evaluation unit of the evaluation module, which conducts a comprehensive assessment of the security of the AC HV based on the received output data; the evaluation module evaluation unit transmits the generated comprehensive security assessment of the ACS VN to the user interface module interface blocks for output to the operator, as well as the evaluation module evaluation mechanism control unit and the information storage module information output unit to the information storage unit of the information storage module to store it.

Images