Evaluación de la seguridad real del sistema de información mediante el estudio de la equivalencia de las tecnologías aplicadas
Resumen
Esta investigación está dedicada a uno de los problemas urgentes en el ámbito de la provisión de seguridad, aplicado en diversas áreas de la actividad humana relacionadas con los sistemas de información. Se asocia a una situación típica de discrepancia entre los costes de mejora de los métodos de seguridad y el nivel de seguridad alcanzado en este caso. Se demuestra que uno de los enfoques metodológicos más prometedores para encontrar una solución a este problema está relacionado con el estudio de las perspectivas de adaptación de las soluciones existentes con integración en el entorno informático que implementan la nueva tecnología. De acuerdo con este concepto, la transición equivalente entre las tecnologías de la información debe llevarse a cabo manteniendo el nivel de seguridad general de la información. Se determinó el objetivo principal de la investigación, que se refiere al desarrollo de un modelo analítico para controlar la equivalencia de las tecnologías de la información en los sistemas de seguridad de la información. Se analizó el estado actual en el campo de la seguridad de la información. Se puso de manifiesto que las herramientas y mecanismos existentes hoy en día y presentados en el mercado pertinente que previenen los riesgos y amenazas para el funcionamiento de los sistemas de información asociados al robo y la distorsión de datos son "estrechos", es decir, adaptados para resolver los problemas locales a los que se enfrentan los atacantes.
Referencias bibliográficas
Aboaoja, F. A., Zainal, A., Ghaleb, F. A., Al-rimy, B. A. S., Eisa, T. A. E., & Elnour, A. A. H. (2022). Malware detection issues, challenges, and future directions: A survey. Applied Sciences, 12(17), 8482. https://doi.org/10.3390/app12178482
Al-Asli, M., & Ghaleb, T. A. (2019). Review of signature-based techniques in antivirus products. 2019 International Conference on Computer and Information Sciences (ICCIS). https://doi.org/10.1109/iccisci.2019.8716381
Barbosa, R. R. R., Sadre, R., & Pras, A. (2013). Flow whitelisting in SCADA networks. International Journal of Critical Infrastructure Protection, 6(3–4), 150–158. https://doi.org/10.1016/j.ijcip.2013.08.003
Bashendy, M., Tantawy, A., & Erradi, A. (2023). Intrusion response systems for cyber-physical systems: A comprehensive survey. Computers & Security, 124, 102984. https://doi.org/10.1016/j.cose.2022.102984
Bist, A. S. (2013). Code emulation technique for computer virus detection. International Journal of Engineering Sciences and Research Technology, 2(12), 3479–3481.
Dhanasekar, D., Di Troia, F., Potika, K., & Stamp, M. (2018). Detecting Encrypted and Polymorphic Malware Using Hidden Markov Models. Guide to Vulnerability Analysis for Computer Networks and Systems, 281–299. https://doi.org/10.1007/978-3-319-92624-7_12
Gopinath M., & Sethuraman, S. C. (2023). A comprehensive survey on deep learning based malware detection techniques. Computer Science Review, 47, 100529. https://doi.org/10.1016/j.cosrev.2022.100529
Huh, J. H., Lyle, J., Namiluko, C., & Martin, A. (2011). Managing application whitelists in trusted distributed systems. Future Generation Computer Systems, 27(2), 211–226. https://doi.org/10.1016/j.future.2010.08.014
Kaur, J., & Ramkumar, K. R. (2022). The recent trends in cyber security: A review. Journal of King Saud University - Computer and Information Sciences, 34(8), 5766–5781. https://doi.org/10.1016/j.jksuci.2021.01.018
Khayrutdinov, M. M., Golik, V. I., Aleksakhin, A. V., Trushina, E. V., Lazareva, N. V., & Aleksakhina, Y. V. (2022). Proposal of an algorithm for choice of a development system for operational and environmental safety in mining. Resources, 11(10), 88. https://doi.org/10.3390/resources11100088
Kirilchuk, S., Reutov, V., Nalivaychenko, E., Shevchenko, E., & Yaroshenko, A. (2022). Ensuring the security of an automated information system in a regional innovation cluster. Transportation Research Procedia, 63, 607–617. https://doi.org/10.1016/j.trpro.2022.06.054
Levy, A., & Shalom, B. R. (2020). Online parameterized dictionary matching with one gap. Theoretical Computer Science, 845, 208–229. https://doi.org/10.1016/j.tcs.2020.09.016
Ling, X., Wu, L., Zhang, J., Qu, Z., Deng, W., Chen, X., Qian, Y., Wu, C., Ji, S., Luo, T., Wu, J., & Wu, Y. (2023). Adversarial attacks against Windows PE malware detection: A survey of the state-of-the-art. Computers & Security, 128, 103134. https://doi.org/10.1016/j.cose.2023.103134
Madan, S., Sofat, S., & Bansal, D. (2022). Tools and techniques for collection and analysis of internet-of-things malware: A systematic state-of-art review. Journal of King Saud University - Computer and Information Sciences, 34(10), 9867–9888. https://doi.org/10.1016/j.jksuci.2021.12.016
Meridji, K., Al-Sarayreh, K. T., Abran, A., & Trudel, S. (2019). System security requirements: A framework for early identification, specification and measurement of related software requirements. Computer Standards & Interfaces, 66, 103346. https://doi.org/10.1016/j.csi.2019.04.005
Moreira, N., Molina, E., Lázaro, J., Jacob, E., & Astarloa, A. (2016). Cyber-security in substation automation systems. Renewable and Sustainable Energy Reviews, 54, 1552–1562. https://doi.org/10.1016/j.rser.2015.10.124
Rehman, Z.-U., Khan, S. N., Muhammad, K., Lee, J. W., Lv, Z., Baik, S. W., Shah, P. A., Awan, K., & Mehmood, I. (2018). Machine learning-assisted signature and heuristic-based detection of malwares in Android devices. Computers & Electrical Engineering, 69, 828–841. https://doi.org/10.1016/j.compeleceng.2017.11.028
Seo, J., & Lee, S. (2018). Abnormal behavior detection to identify infected systems using the APChain algorithm and behavioral profiling. Security and Communication Networks, 2018, 1–24. https://doi.org/10.1155/2018/9706706
Sharma, A., Gupta, B. B., Singh, A. K., & Saraswat, V. K. (2022). Orchestration of APT malware evasive manoeuvers employed for eluding anti-virus and sandbox defense. Computers & Security, 115, 102627. https://doi.org/10.1016/j.cose.2022.102627
Shaukat, K., Luo, S., & Varadharajan, V. (2022). A novel method for improving the robustness of deep learning-based malware detectors against adversarial attacks. Engineering Applications of Artificial Intelligence, 116, 105461. https://doi.org/10.1016/j.engappai.2022.105461
Shukla, A., Katt, B., Nweke, L. O., Yeng, P. K., & Weldehawaryat, G. K. (2022). System security assurance: A systematic literature review. Computer Science Review, 45, 100496. https://doi.org/10.1016/j.cosrev.2022.100496
Sibi Chakkaravarthy, S., Sangeetha, D., & Vaidehi, V. (2019). A Survey on malware analysis and mitigation techniques. Computer Science Review, 32, 1–23. https://doi.org/10.1016/j.cosrev.2019.01.002
Syed, N. F., Shah, S. W., Trujillo-Rasua, R., & Doss, R. (2022). Traceability in supply chains: A Cyber security analysis. Computers & Security, 112, 102536. https://doi.org/10.1016/j.cose.2021.102536
Tatarkanov, A., Lampezhev, A., Polezhaev, D., & Tekeev, R. (2022a). Development of components of a distributed fault tolerant medical data storage system. International Journal of Engineering Trends and Technology, 70(12), 76–89. https://doi.org/10.14445/22315381/ijett-v70i12p209
Tatarkanov, A., Lampezhev, A., Polezhaev, D., & Tekeev, R. (2022b). Suboptimal biomedical diagnostics in the presence of random perturbations in the data. International Journal of Engineering Trends and Technology, 70(11), 129–137. https://doi.org/10.14445/22315381/ijett-v70i11p213
Uchendu, B., Nurse, J. R. C., Bada, M., & Furnell, S. (2021). Developing a cyber security culture: Current practices and future needs. Computers & Security, 109, 102387. https://doi.org/10.1016/j.cose.2021.102387
Vouvoutsis, V., Casino, F., & Patsakis, C. (2022). On the effectiveness of binary emulation in malware classification. Journal of Information Security and Applications, 68, 103258. https://doi.org/10.1016/j.jisa.2022.103258
Wang, G.-Y. (2022). Churn prediction for high-value players in freemium mobile games: Using random under-sampling. Statistika: Statistics and Economy Journal, 102(4), 443–453. https://doi.org/10.54694/stat.2022.18
Wang, Y., Jia, P., Peng, X., Huang, C., & Liu, J. (2023). BinVulDet: Detecting vulnerability in binary program via decompiled pseudo code and BiLSTM-attention. Computers & Security, 125, 103023. https://doi.org/10.1016/j.cose.2022.103023
Wang, Y., Li, Q., Chen, Z., Zhang, P., & Zhang, G. (2020). A survey of exploitation techniques and defenses for program data attacks. Journal of Network and Computer Applications, 154, 102534. https://doi.org/10.1016/j.jnca.2020.102534
Yang, Z., Liu, X., Li, T., Wu, D., Wang, J., Zhao, Y., & Han, H. (2022). A systematic literature review of methods and datasets for anomaly-based network intrusion detection. Computers & Security, 116, 102675. https://doi.org/10.1016/j.cose.2022.102675
Zelinka, I., Das, S., Sikora, L., & Šenkeřík, R. (2018). Swarm virus - Next-generation virus and antivirus paradigm? Swarm and Evolutionary Computation, 43, 207–224. https://doi.org/10.1016/j.swevo.2018.05.003
Zhai, X., Appiah, K., Ehsan, S., Howells, G., Hu, H., Gu, D., & McDonald-Maier, K. (2015). Exploring ICMetrics to detect abnormal program behaviour on embedded devices. Journal of Systems Architecture, 61(10), 567–575. https://doi.org/10.1016/j.sysarc.2015.07.007
Descargas
Derechos de autor 2023 Revista Colombiana de Computación
Esta obra está bajo una licencia internacional Creative Commons Atribución-NoComercial-CompartirIgual 4.0.