Architecture of a decision-making system based on incident monitoring


Аuthors

Pilkevich P. V.*, Spevakov A. G.**, Kaluzky I. V.***

Moscow Polytechnic University, 38, Bolshaya Semenovskaya str., Moscow, 107023, Russia

*e-mail: pavel.piksel2012@mail.ru
**e-mail: aspev@yandex.ru
***e-mail: kaluckiy_igor@yandex.ru

Abstract

Within the framework of this article, a new approach to the delivery and deployment of new software elements was proposed, which consists in a preliminary analysis by the monitoring system of all events within the analyzed development iteration in order to make a decision by the monitoring system on whether it is possible to deploy the developed elements in the infrastructure. The analysis of the available technological stacks was carried out, within the framework of which the most suitable one for solving this problem was determined. The performance aspects of the proposed methodology are analyzed and the risks and benefits of its implementation are assessed. The article examines the architecture of the incident monitoring system and decision-making on the deployment of a new productive software version based on the proven security of the deployed development. The scientific novelty lies in the application of a new method of managing the software delivery and development process, which prevents unsafe code elements from entering the target functioning infrastructure. The practical value lies in creating a secure infrastructure for the continuous development and analysis of unsafe development incidents with an integrated monitoring system in it. A comparative analysis of application types was carried out to determine the most relevant groups of programming languages that are prone to leaving confidential information in configuration files, and, as a result, require the creation of special analyzers to suit their specifics. Web applications were chosen as the most vulnerable type of applications for the described threat, since they are susceptible to the presence of configuration files with confidential credentials in them, as well as, in the case of unsafe development, the presence of static variables with confidential information right inside the program code, which causes critical vulnerabilities of such applications. A regression study was conducted, during which a strong correlation was established between the number of web application files and the number of files with potential critical information. The conducted statistical study allows us to conclude that there is one group of programming languages that have the largest number of dangerous files, which makes it most relevant to develop specific analyzers specifically for this group, which includes Java and Ruby languages. Based on the data obtained, a rule for detecting an incident of leaving confidential information for a group of Java and Ruby languages has been developed, taking into account the specifics of web application configurations in these programming languages. Password entry fields, root fields, and data entry fields from administrative accounts are monitored. The developed module was applied to a labeled sample of web application code from open sources grouped by programming language to verify the correctness of detecting the threat of leaving confidential information in the software code as part of the software development cycle.

Keywords:

cybersecurity, software development life cycle, DevSecOps, vulnerability assessment, vulnerability management, SIEM

References

  1. Kokorev D.S., Sidorenko V.G. Improving the process of developing software for intelligent transport systems. Materialy II Mezhdunarodnoi nauchno-prakticheskoi konferentsii Intellektual'nye transportnye sistemy. Moscow: Rossiiskii universitet transporta Publ., 2023. P. 493-499.

  2. Baranovskii A.M., Musienko A.S. Dynamic diagnostic models and method for ensuring the stability of monitoring the technical condition of on-board control systems of aircraft. Trudy MAI. 2024. No. 139. (In Russ.). URL: https://trudymai.ru/eng/published.php?ID=183468

  3. Devitsyna S.N., Pil'kevich P.V. Ensuring the compatibility of technical components when creating an information security incident monitoring system. Voprosy kiberbezopasnosti. 2024. No. 4. (In Russ.). DOI: 10.21681/2311-3456-2024-4-38-44

  4. Shaburov A.S., Borisov V.I. On the application of signature methods of information analysis in SIEM systems. Vestnik UrFO. Bezopasnost' v informatsionnoi sfere. 2015. No. 3 (17). P. 23-27. (In Russ.)

  5. Fedorchenko A.V. et al. Analysis of methods of correlation of security events in SIEM systems. Trudy SPIIRAN. 2016. Vol. 4, No. 47. P. 5-27. (In Russ.). DOI: https://doi.org/10.15622/sp.47.1

  6. Krasil'nikova E.V., Maiorova E.V., Sokolovskaya S.A. On ensuring information security of a digital software development service within the framework of AGILE methodology. Vserossiiskaya nauchno-prakticheskaya konferentsiya «Innovatsionnye tekhnologii i voprosy obespecheniya bezopasnosti real'noi ekonomiki». Saint-Petersburg: Sankt-Peterburgskii gosudarstvennyi ekonomicheskii universitet Publ., 2020. P. 287-296.

  7. Tuleubaeva A.A., Norkina A.N. Modern problems of information security in software development. Materialy VII Mezhdunarodnoi nauchno-prakticheskoi konferentsii «Ugrozy i riski finansovoi bezopasnosti v kontekste tsifrovoi transformatsii». Moscow: MIFI Publ., 2021. P. 670-676.

  8. Shishkov S.A., Putyato M.M., Makaryan A.S. Development of methods for detecting harmful effects based on correlation analysis of information security events in SIEM systems. Prikaspiiskii zhurnal: upravlenie i vysokie tekhnologii. 2022. No. 3 (59). P. 103-111. (In Russ.)

  9. Maiorova E.V., Sokolovskaya S.A., Chertok A.V. Ensuring information security with a flexible approach to software product development. Tsifrovye tekhnologii obrabotki i zashchity informatsii: sbornik statei. Saint-Petersburg: Sankt-Peterburgskii gosudarstvennyi ekonomicheskii universitet Publ., 2020. P. 83-92.

  10. Dubinskii S.V., Strelkov V.V. Promising research areas aimed at building an integrated flight safety management system. Trudy MAI. 2023. No. 133. (In Russ.). URL: https://trudymai.ru/eng/published.php?ID=177674

  11. Kasatikov N.N., Brekhov O.M., Nikolaeva E.O. Integration of artificial intelligence and the Internet of things for advanced monitoring and optimization of energy facilities in smart cities. Trudy MAI. 2023. No. 131. (In Russ.). URL: https://trudymai.ru/eng/published.php?ID=175929

  12. Kopeika E.A., Verbin A.V. Methodological approach to estimating the probability of failure-free operation of complex technical systems taking into account the characteristics of the control system based on the bayesian belief network. Trudy MAI. 2023. No. 128. (In Russ.). URL: https://trudymai.ru/eng/published.php?ID=171411. DOI: 10.34759/trd-2023-128-22

  13. Zhirov P.V. Analysis of methods for collecting information security events when using information security event monitoring systems using SIEM technologies. Desyataya mezhdunarodnaya nauchno-tekhnicheskaya konferentsiya «Bezopasnye informatsionnye tekhnologii». Moscow: MGTU imeni N.E. Baumana Publ., 2019. P. 135-139.

  14. Mishurin A.O. Promising directions of technology development for information security incident monitoring and response centers. I Mezhvuzovskaya nauchno-prakticheskaya konferentsiya «Informatsionnaya bezopasnost': sovremennaya teoriya i praktika». Omsk: Sibirskii gosudarstvennyi avtomobil'no-dorozhnyi universitet Publ., 2019. P. 89-93.

  15. Sas S., Varenitsa V.V., Markov A.S. Methodological and implementation aspects of the implementation of secure software development processes. Bezopasnost' informatsionnykh tekhnologii. 2023. Vol. 30, No. 2. P. 23-37. (In Russ.)

  16. Bahaa A. et al. Monitoring real time security attacks for IoT systems using DevSecOps: a systematic literature review. Information. 2021. Vol. 12, No. 4. P. 154. DOI: 10.3390/info12040154

  17. Sandu A.K. DevSecOps: Integrating Security into the DevOps Lifecycle for Enhanced Resilience. Technology & Management Review. 2021. Vol. 6, No. 1. P. 1-19.

  18. Cankar M. et al. Security in devsecops: Applying tools and machine learning to verification and monitoring steps. Companion of the 2023 ACM/SPEC International Conference on Performance Engineering. Coimbra, Portugal. 2023. P. 201-205. DOI: 10.1145/3578245.3584943

  19. Prates L. et al. Devsecops metrics. Information Systems: Research, Development, Applications, Education. 12th SIGSAND/PLAIS EuroSymposium 2019, Gdansk, Poland, September 19, 2019. Springer International Publishing, 2019. P. 77-90.

  20. Diaz J. et al. Self-service cybersecurity monitoring as enabler for DevSecOps. Ieee Access. 2019. Vol. 7, P. 100283-100295. DOI: 10.1109/ACCESS.2019.2930000

Download

mai.ru — informational site MAI

Copyright © 2000-2025 by MAI

 Вход