RUS | UKR || Master's portal of DonNTU

---

Sergey Brich 

Faculty: Computer Science and Technology

Speciality: Computer Ecological and Economic Monitoring

Theme of master's work:

Integrated model of counter attacks in the socio-technical systems

Scientific adviser: Natalia Gubenko 

---

About author

---

Abstract
Qualification Masters work

In the general sense of the term sociotechnical systems (STS) - on the one side, refers to the interaction of infrastructure elements of society, focused implementations of society, and human behavior, on the other side. Social institutions and their substructures can also be regarded as a complex of sociotechnical systems. The concept of sociotechnical systems based on the idea of interaction between man and machine. Design of technical and social conditions must be in such way, that technological efficiency and humanitarian aspects do not conflict each other.

The world is small, and therefore dangerous, which undoubtedly strengthens the relevance of information security in the socio-technical systems.

Due to the rapid growth of the Internet, the problem of protection of information resources is being increasingly important. If you are connected to the Internet, your system may be attacked.

Aims.

The aim of this work is to develop and research an integrated model of counter attacks in the socio-technical systems.

Problems solved in the master’s work:

• Research of possible types of attacks in the socio-technical systems;
• Analysis of existing models and methods of counteraction to attacks;
• Develop an integrated model of counter attacks.

Scientific innovation

Scientific innovation of the research is expected to:

• Development of software implementing an integrated model of counter attacks;
• Carrying out the computational experiments of the new model;
• Implementation the comparative analysis of the proposed model and existing detection features.

A review of research on the topic in DonNTU

In our university the problem of choosing an optimal model of counter attacks involved Aslamov Sergey (http://www.masters.donntu.ru/2002/fvti/aslamov/rus/magwork.htm)

A review of research on the topic in Ukraine

Authentication issues in socio-technical system takes the director of the Institute of Mathematical Machines and Systems, chairman of the parliamentary group of developers of electronic systems Anatoly Morozov. To vote at meetings of the Verkhovna Rada has developed a system Rada-4.

A review of research on the topic in World

Methods of modeling socio-technical systems involved Nikolic, I., Weijnen, M.P.C. , Dijkema, G.P.J. «Co-Evolutionary Method For Modelling Large Scale Socio-Technical Systems Evolution».

Attacks in sociotechnical systems and options for response.

Specificity of information and telecommunication systems (ITCS) is that their objects are distributed in space and the relationship between them is carried out physically (by network connections) and software (using the messages). Moreover, all control messages and data sent between objects ITCS are transmitted by network connection in a packet exchange. Statistics of attacks allows to distinguish five major classes of security threats ITCS[1]:

1. Port Scanning
2. Password guessing
3. Analysis of network traffic
4. The introduction of a false proxy object
5. Denial of service.

Denial of service. - Dos-attack - the attack on computer systems with a view to bring it to failure, that is creating the conditions under which legitimate (lawful) system users can not access the system-provided resources (servers), or access is difficult. Refusal "enemy" system can be both an end in itself (for example, make inaccessible popular site), and one of the steps to mastering the system.

There are existing types of DDoS-attacks:

• UDP flood
• TCP flood
• TCP SYN flood
• Smurf-attacks
• ICMP flood

Universal methods of protection from DDoS-attacks do not exist. But the general recommendations for reducing risk and harm reduction can be attributed to measures such as competent configuration features like anti-spoofing and anti-DoS on routers and firewalls. These features limit the number of half-open channels, not allowing the system to overload.

The introduction of a false proxy object - an attack on a DNS server

The result of this attack is to make the imposed correspondence between IP addresses and domain names in the DNS cache server. As a result of the success attack, all users receive incorrect information about domain names and IP addresses.

As an analysis of existing methods of protection, countering attacks can be carried by the following methods.

By transfer of the DNS to work with TCP

The transition from UDP to TCP slows down the system. When using TCP is required to create a virtual connection, and also worth bearing in mind that, finite network operating system first sends DNS-query using the UDP protocol, and if they will have a special response from the DNS-server, then the network operating system sends a DNS-query using TCP. Using TCP complicate an attack by spoofing packets, but slow down.

By analyzing DNS traffic.

Counteract the attacks can be achieved through traffic analysis. The DNS-server is constantly sending false packets with false IP addresses. If capturing packets from the server has not happened, the attack is characterized by a large number of DNS packets with the same name. This is due to the necessity of selection of certain parameters of the DNS exchange. Analyzing DNS traffic can ignore such packets, which would avoid spoofing IP addresses.

Conclusions

To date, analysis shows that the existing network protocols are outdated and do not have the necessary means of protection. TCP / IP was designed decades ago to link the experimental network ARPAnet to other satellite networks, but not to construct the global Internet. Subsequent versions of the protocol (ipv6) – did not show a high security. Detection intrusion into information system - resource-intensive process that requires collecting large amounts of information on the operation of IP and the analysis of these data. To increase the effectiveness of counter attacks, you must use an integrated approach of intrusion detection, using both signature and behavioral methods, which greatly reduces the risk of invasion. At the moment there are no 100% protection against attacks on sociotechnical systems. Perhaps to counter attacks, only complicate their conduct. For the most part counter attacks made on the basis of traffic analysis and auxiliary systems filter out spurious traffic, thus leaving resources capable and visited. There is a need to integrate all of these methods to counter one large sociotechnical system aimed at countering attacks.

Literature

1. Остапенко Г. А., Мешкова Е. А. Информационные операции и атаки в социотехнических систе-мах: / Остапенко Г.А. Под редакцией Борисова В.И. [Текст] – М: Горячая линия-Телеком, 2006. - 184 с.
2. Ульянов Ю. В. Разработка структуры сетевых криптографических устройств на основе HDL и FPGA технологий. ДонНТУ, 2006. [Электронный ресурс] / Портал магистров ДонНТУ, - http://www.masters.donntu.ru/2006/fvti/ulyanov/diss/referat.htm
3. Об электронной цифровой подписи. [Электронный ресурс] http://www.e-forma.com.ua/about_ecp.php
4. Сердюк В. А., Вы атакованы - защищайтесь![Электронный ресурс] http://www.bytemag.ru/articles/detail.php?ID=9036
5. Баричев С. Г. Криптография без секретов.[Текст] 2004 г.; Стр. : 43
6. Как защитить внутреннюю сеть и сотрудников компании от атак, основанных на использовании социотехники [Электронный ресурс] http://technet.microsoft.com/ru-ru/library/cc875841.aspx
7. Асламов С. А. Исследование методов аутентификации в защищенных программных системах. [Электронный ресурс] / Портал магистров ДонНТУ, - http://www.masters.donntu.ru/2002/fvti/aslamov/rus/magwork.htm
8. Романов А. Н. Разработка алгоритмов для защиты информационных систем от вирусных атак. ДонНТУ, 2007 [Электронный ресурс] / Портал магистров ДонНТУ, http://www.masters.donntu.ru/2007/kita/romanov/diss/index.htm
9. Обсуждение способов и методов защиты от "взлома" программного обеспечения [Электронный ресурс] / http://forum.is.ua/showthread.php?mode=hybrid&t=16215
10. Атаки конкурентов, способные нанести вред вашему сайту: Атака на DNS [Электронный ресурс] - http://virusinfo.info/showthread.php?t=56901
11. Сетевые атаки.Основные Виды. [Электронный ресурс] - http://support.anthill.ru/forum/index.php?topic=4843.0
12. Trist E. The evolution of socio-technical systems. [Электронный ресурс] http://stsroundtable.com/wiki/Reference:Evolution_of_socio-technical_systems
13. Chaula J. A. A Socio-Technical Analysis of Information Systems Security Assurance A Case Study for Effective Assurance. [Электронный ресурс]
14. Frey W. Socio-Technical Systems in Professional Decision Making. [Электронный ресурс] http://cnx.org/content/m14025/latest/
15. Green D. Socio-technical Systems in Global Markets. [Электронный ресурс] http://nuleadership.wordpress.com/2010/08/23/socio-technical-systems-in-global-markets/

Comment

When writing this abstract the master’s qualification work is not completed. Date of final completion of work: December, 2011. Full text of the work and materials on a work theme can be received from the author or his scientific supervisor after that date.

---