Description: Vulnerabilities and attacks on state information resources, which are processed with the help of information and telecommunication systems for determine a variety of parameters when assessing the security of state information resources are considered. The violations in the use of electronic computing facilities, telecommunication systems and computer networks are considered. The general structure of the attack implementation is presented. The interrelation between such characteristics of information security: information threats, vulnerabilities of the state information resources processing system, attacks on the information and telecommunication system is shown. The vulnerabilities of information and telecommunication systems for processing state information resources and attacks on state information resources processing systems are analysed. Modern databases (CVE, NVD, X-Force, OSVDB and others) that contain a detailed description of vulnerabilities and attacks are considered. A classification of attacks and the parameters of these attacks are presented. Attack strategies, their main phases and features are described. Requirements for methods and systems for detecting attacks are described. It was determined that the realization of threats to state information resources is carried out using a variety of multidirectional attacks using vulnerabilities of information and telecommunication systems. It was proposed to determine the set of parameters in assessing the security of state information resources processed by means of information and telecommunication systems, to ensure the functioning of attack detection systems and vulnerability determination taking into account the requirements for attack detection methods, data parameters and characteristic features of modern attack detection systems.
Keywords: state information resources, information and telecommunication systems, attacks on state information resources, phases of attacks, classification of attacks, vulnerabilities
1. Buryachok, V.L. (2013), “Osnovy formuvannya derzhavnoyi systemy kibernetychnoyi bezpeky” [Basis for the formation of the state system of cybernetic security], NAU, Kyiv, 432 p.
2. Mehed, D., Tkach, Yu., Bazilevich, V., Guriev, V. and Usov, Y. (2018), “Analiz vrazlyvostey korporatyvnykh informatsiynykh system” [Analysis of corporate information systems vulnerability], Ukrainian Information Security Research Journal, Vol. 20(1), pp. 61-66. https://doi.org/10.18372/2410-7840.20.12453.
3. Grishchuk, R., Okhrimchuk, V. and Akhtyrtseva, V. (2016), “Dzherela pervynnykh danykh dlya rozroblennya shabloniv potentsiyno nebezpechnykh kiberatak” [Sources of primary data for developing templates for potentially dangerous cyber attacks], Ukrainian Information Security Research Journal,Vol. 18(1), pp. 21-29.
4. Yakoviv, I. (2017), “Informatsiyno-telekomunikatsiyna systema, kontseptualʹna modelʹ kiberprostoru i kiberbezpeka” [Information-telecommunication system, conceptual model of cyberspace and cybersecurity], Information Technology and Security, Vol. 5, No. 2 , pp. 134-144.
5. Korpanʹ, YA. (2015), “Klasyfikatsiya zahroz informatsiyniy bezpetsi v komp'yuternykh systemakh pry viddaleniy obrobtsi danykh” [Classification of information security threats to computer systems for remote data processing], Data Recording, Storage & Processing,Vol. 17(2), pp. 39-46.
6. Trush, O. and Khakhlyuk, O. (2013), “Tsilisnistʹ informatsiyi v informatsiyno-telekomunikatsiynykh systemakh spetsialʹnoho pryznachennya: zahrozy ta metody zakhystu” [Target information in informational and telecommunication systems special purpose: threats and protection methods], Modern Information Security, Vol. 3, pp. 31-35.
7. The official site of Common Vulnerabilities and Exposure (2019), Common Vulnerabilities and Exposures, available at: www.cve.mitre.org.
8. The official site of National Vulnerabilities Database, available at: www.nvd.nist.gov.
9. The official site of United States Computer Emergency Readiness Team, available at: www.us-cert.gov.
10. The official site of X-Force, available at: www.xforce.iss.net.
11. The official site of Secuni, available at: www.secunia.com.
12. The official site of BugTraq, available at: www.securityfocus.com.
13. The official site of Open Source Vulnerabilities Data Base, available at: www.osvdb.org.
14. The official site of KDD Cup 1999 Data, available at: www.kdd.ics.uci.edu/databases/kddcup99/kddcup99.
15. The official site of The MITRE Corporation, available at: www.attack.mitre.org.