Analysis of Cyber Security Threats of the Printing Enterprise
DOI:
https://doi.org/10.13052/jcsm2245-1439.123.8Keywords:
FCM, ICS, Cyber Security, printing company, cognitive modeling cognitive map, technological processAbstract
The topic of scientific works on the implementation of modern technologies and systems of automated management of the enterprise, its resources and technical means is analyzed, and the insufficient completeness of research on the features of the integrated approach to the design and deployment of innovative means of production order support. Based on the determined factors of the operation of the enterprise in the latest conditions of the fourth industrial revolution, directions for the formation of strategies for the introduction of the elements of Industry 4.0 in modern printing enterprises, as well as information protection systems, are determined with electronic document circulation. The mechanisms of decision of tasks of management informative risks considered in complex control system by printeries in the conditions of vagueness and at co-operation of elements of control system between itself. The necessity of using a web portal for the formation of printing orders is substantiate, the main components are define and the levels of access to them described. The paper examines the use of classic and gray fuzzy cognitive maps to solve the problem of cyber security risk assessment of the intelligent management system of a printing enterprise. It is demonstrate that the average estimate of local risk, which is formed using an ensemble of two heterogeneous fuzzy cognitive maps, decreases compared to the use of individual cognitive maps. In order tî better, highlight the results of the research, an example of the application of the proposed methodology for assessing the risks of ensuring the integrity of telemetric information in the industrial network of the intelligent technological process management system of a printing enterprise given, with the continuity of the technological process of manufacturing printing products. In addition to the classic FCM, the paradigms of two variants of the FCM extension were also use in the study, namely, the gray FCM, which used to solve the problem of assessing cyber security risks of intelligent management systems of printing enterprises. An analysis of the possibility of building FCM ensembles to increase the effectiveness of risk assessment using several options for formalizing the expert’s knowledge and experience performed. A fragment of the enterprise management system was consider and an analysis of possible directions of attacks on the printing enterprise by malicious software was perform. These are attacks such as replacing the executable files of server and ARM software, overwriting PLC projects during system operation, and refusing to service the equipment. Based on the formed list of attack vectors and the consequences of their implementation, the task of analyzing the risks of cyber security of a printing enterprise, taking into account the impact on the system of possible internal threats, was considered, using the cognitive modeling apparatus as a modeling tool. The scenario of cognitive modeling of the influence of an internal criminal who exploits the vulnerabilities of the software and hardware components of the control system using the given variants of FCM construction is considered. The average assessment of local risks, which formed using an ensemble of cognitive maps, is better from the point of view of dispersion of assessments of the state of target concepts than the use of individual FCMs. The spread of estimates of the state of ensemble concepts is smaller than the spread of estimates of their gray values using the GFCM, on average by 1.4–1.8 times, which indicates a decrease in the influence of the subjectivity factor on the results of risk assessment. The performed scenario modeling showed that the use of the specified means of protection and organizational measures allows reducing the assessment of local risks by 12–18%, which is a significant indicator. This technique allows obtaining a qualitative and quantitative assessment of risk indicators, taking into account the entire set of objective and subjective factors of uncertainty.
Downloads
References
T. Liu, J. Tian, J. Wang et al., “Integrated security threats and defense of cyber-physical systems,” Acta Automatica Sinica, vol. 45, no. 1, pp. 5–24, 2019.
Ge Guo, W. Zhang, and B. Zhou, “Preface to the column “theory, method and application of cyber-physical system,” Control and Decision, vol. 34, no. 11, pp. 2273–2276, 2019.
Zahra, S. W., Arshad, A., Nadeem, M., Riaz, S., Dutta, A. K., Alzaid, Z., Almotairi, S. (2022). Development of security rules and mechanisms to protect data from assaults. Applied Sciences (Switzerland), 12(24) doi: 10.3390/app122412578.
Sabat, V., Sikora, L., Durnyak, B., Fedevych, O., and Lysa, N. (2022). Information technologies of active control of complex hierarchical systems under threats and information attacks. Paper presented at the CEUR Workshop Proceedings, 3156, 305–318.
Avsentev, O. S., Drovnikova, I. G., Zastrozhnov, I. I., Popov, A. D., and Rogozin, E. A. (2018). Control techniques of information resource protection of electronic document management system. SPIIRAS Proceedings, 2(57), 188–210. doi: 10.15622/sp.57.8.
Sabat V. I., Matsyuk V. V., Musiyovska M. M., Kanevska N. I. 2020. Development of a system for managing access to documents in ASDO for printing publishers. Proceedings. No. 2 (60). pp. 68–74.
Shepita P. I. 2019. Information model of a dynamic web service of an intelligent management system. Computer technologies of printing. No. 2 (42). pp. 73–80.
Shepita P. I. 2018. Synthesis of an information model of intelligent management of printing production based on artificial neural networks. Modeling and information technologies. No. 85. pp. 192–196.
Sabat V. I., Shepita P. I. 2018. Functional model of the protection system of the automated document management system. Modeling and information technologies. No. 84. pp. 190–195.
Weng, M., and Weng, D. 2021. Discuss the Accounting Information Risks and Preventive Measures Based on Big Data. In 2021 2nd International Conference on Modern Education Management, Innovation and Entrepreneurship and Social Science (MEMIESS 2021) (pp. 110–114). Atlantis Press.
Gao, J. 2022. Analysis of enterprise financial accounting information management from the perspective of big data. International Journal of Science and Research (IJSR), 11(5), 1272–1276.
Imanbayev, A., Tynymbayev, S., Odarchenko, R., Gnatyuk, S., Berdibayev, R., Baikenov, A., and Kaniyeva, N. (2022). Research of machine learning algorithms for the development of intrusion detection systems in 5G mobile networks and beyond. Sensors, 22(24) doi: 10.3390/s22249957.
Apruzzese, G., Colajanni, M., Ferretti, L., Guido, A., and Marchetti, M. 2018. On the effectiveness of machine and deep learning for cyber security. In 2018 10th international conference on cyber Conflict (CyCon) (pp. 371–390). IEEE.
Wickramasinghe, C. S., Marino, D. L., Amarasinghe, K., and Manic, M. 2018. Generalization of deep learning for cyber-physical system security: A survey. In IECON 2018 – 44th Annual Conference of the IEEE Industrial Electronics Society (pp. 745–751). IEEE.
Tkachuk, R. L., Sikora, L. S., Lysa, N. K., Tupychak, L. L., Talanchuk, R. R., Fedyna, B. I., and Fedevich, Y. O. 2021. Information and cognitive technologies for assessing the situation in automated control systems under the influence of obstacles and failure factors. Computer technologies of printing. 2021. No. 1 (45). pp. 110–130.
Fujs, D., Miheliè, A., and Vrhovec, S. L. 2019. The power of interpretation: Qualitative methods in cybersecurity research. In Proceedings of the 14th International Conference on Availability, Reliability and Security (pp. 1–10).
Torbacki, W. 2021. A hybrid MCDM model combining DANP and PROMETHEE II methods for the assessment of cybersecurity in industry 4.0. Sustainability, 13(16), 8833.
Bhamare, D., Zolanvari, M., Erbad, A., Jain, R., Khan, K., and Meskin, N. 2020. Cybersecurity for industrial control systems: A survey. Computers & security, 89, 101677.
Stylios, C. D., Bourgani, E., and Georgopoulos, V. C. 2020. Impact and applications of fuzzy cognitive map methodologies. In Beyond traditional probabilistic data processing techniques: Interval, fuzzy etc. Methods and their applications (pp. 229–246). Springer, Cham.
Osoba O.A., Kosko B. 2017. Fuzzy cognitive maps of public support for insurgency and terrorism // The Journal of Defense Modeling and Simulation. Vol. 14. No. 1. pp. 17–32. DOI: 10.1177/1548512916680779.
Salmeron, J. L., and Palos-Sanchez, P. R. 2019. Uncertainty propagation in fuzzy grey cognitive maps with hebbian-like learning algorithms. IEEE Transactions on Cybernetics, 49(1), 211–220. doi: 10.1109/TCYB.2017.2771387.
Hajek, P., and Prochazka, O. 2016. Interval-valued fuzzy cognitive maps for supporting business decisions. Paper presented at the 2016 IEEE International Conference on Fuzzy Systems, FUZZ-IEEE 2016, 531–536. doi: 10.1109/FUZZ-IEEE.2016.7737732.
Wang, J., Peng, Z., Wang, X., Li, C., and Wu, J. 2020. Deep fuzzy cognitive maps for interpretable multivariate time series prediction. IEEE transactions on fuzzy systems, 29(9), 2647–2660.
Hajek, P., Froelich, W., and Prochazka, O. 2020. Intuitionistic fuzzy grey cognitive maps for forecasting interval-valued time series. Neurocomputing, 400, 173–185. doi: 10.1016/j.neucom.2020.03.013.
Salmeron, J. L. 2015. A fuzzy grey cognitive maps-based intelligent security system. Paper presented at the Proceedings of IEEE International Conference on Grey Systems and Intelligent Services, GSIS, 2015-October 29–32. doi: 10.1109/GSIS.2015.7301813.
Lei, Y., Kong, W., and Ma, J. 2017. Intrusion detection techniques based on improved intuitionistic fuzzy neural networks. International Journal of Innovative Computing and Applications, 8(1), 41–49. doi: 10.1504/IJICA.2017.082496.
Reji, M., Kishore Raja, P. C., Joseph, C., and Baskar, R. 2017. A genetic-fuzzy approach for detection of worm attack in ad-hoc wireless networks. Indian Journal of Public Health Research and Development, 8(4), 1312–1321. doi: 10.5958/0976-5506.2017.00517.4.
Durnyak, B., Lutskiv, M., Shepita, P., and Nechepurenko, V. 2020. Simulation of a combined robust system with a P-fuzzy controller doi: 10.1007/978-3-030-26474-1_39.
Durnyak, B., Lutskiv, M., Petriaszwili, G., and Shepita, P. 2020. Analysis of raster imprints parameters on the basis of models and experimental research. Paper presented at the International Symposium on Graphic Engineering and Design, 379–385. doi: 10.24867/GRID-2020-p42.
Nguyen, D. H., de Leeuw, S., and Dullaert, W. E. 2018. Consumer behaviour and order fulfilment in online retailing: A systematic review. International Journal of Management Reviews, 20(2), 255–276.
Sengupta, J., Ruj, S., and Bit, S. D. 2020. A comprehensive survey on attacks, security issues and blockchain solutions for IoT and IIoT. Journal of Network and Computer Applications, 149, 102481.
Ghobakhloo, M. 2020. Industry 4.0, digitization, and opportunities for sustainability. Journal of cleaner production, 252, 119869.
Deng, L., Sun, H., and Li, C. 2021. JDF-DE: a differential evolution with Jrand number decreasing mechanism and feedback guide technique for global numerical optimization. Applied Intelligence, 51(1), 359–376.
Hoffmann-Walbeck, T. 2018. Smart factory: JDF and XJDF. J. Graph. Eng. Des, 9(1), 5–9.
Faraj, B.M. and Ahmed, F.W., 2019. On the matlab technique by using laplace transform for solving second order ode with initial conditions exactly. Matrix Science Mathematic, 3(2), pp. 08–10.
Jaafar, S.S. and Mahmood, F.M., 2020. Design and Programming of a Micro-controller-Based Solar Tracking System.
Faraj, B. and Mondali, M., 2017. Using difference scheme method for the numerical solution of telegraph partial differential equation. Journal of Garmian University, 4(ICBS Conference), pp. 157–163.
Published
How to Cite
Issue
Section
License
Copyright (c) 2023 Journal of Cyber Security and Mobility
This work is licensed under a Creative Commons Attribution-NonCommercial 4.0 International License.