Multi-criteria security assessment of control and diagnostic data on the technological processes

. A mathematical model of the dynamics of changes in the state of security indicators of control and diagnostic data on the technological process is proposed. It is constructed using Markov chains and takes into account the probabilistic-temporal mechanism for changing the state of data protection indicators of this class. Based on this model, a methodological approach has been developed for multi-criteria assessment of the security of control and diagnostic data on the technological process. The approach is based on the analysis of current deviations of the values of data protection indicators from the requirements for them, takes into account and eliminates the uncertainty of the initial diagnostic information. The proposed methodological approach also allows one to take into account transients that affect security when introducing control over the structure, parameters and modes of collection and processing of control and diagnostic data about the technological process in various conditions. for of this class


Introduction
The key problem of optimal control of a complex technological process (TP) is the timely receipt by the automated control system (ACS) of reliable and undistorted control and diagnostic data on the state of the parameters of this process in dynamics [1,2].
Various production technologies, using many different tools and equipment, collect and analyze large amounts of information characterizing the results of control measurements and diagnostics [1][2][3][4]. The accuracy and reliability of this information certainly affects the effectiveness of TP management. At the same time, this data is subject to threats that could violate their availability, integrity and confidentiality. That is why in the world so much attention is paid to data protection about various technological processes [5][6][7]. This is the key to the rational functioning of modern complex technological and cyber-physical systems, including systems of the "smart production" type.
One of the traditional methodological tools for making decisions on the effective management of this type of data protection, for analyzing the level of their security, is the methodology for assessing the security of diagnostic and control data about the technological process. The results of this analysis allow one to quickly introduce adequate control actions aimed at searching, detecting and countering the security threats of control and diagnostic information (CDI). Assessing the level of information security of complex systems, processes and data arrays, including the security of control and diagnostic data on the technological process, requires a large amount of knowledge about the processes of their collection, storage and processing. This knowledge can be expressed quantitatively, on the basis of measurements (formalized), or can be experimental (obtained on the basis of models) and expert-based. As part of the TP management, there is always uncertainty associated with the source data necessary for both the intelligent analysis of the CDI itself and the analysis of its security. This is all the more relevant now, with modern security threats and algorithms of aggressive computer penetration into TP, when complex multistep attacks and the "introduction" of false data into CDI are possible from the different categories of intruders [8,9]. The first and main stage of the methodology for analyzing the security of complex systems and data arrays is always the stage of modeling the behavior of security indicators in dynamics. At the same time, to model the change of states of the security indicators of systems and data using the processing of uncertain knowledge, the probability-temporal models of changing the values of these indicators in the state space are increasingly used. An additional element in the models of this class is their use in conjunction with algorithms for eliminating the uncertainty of knowledge about these states.
The feasibility and relevance of solving such problems is obvious. Based on the model of this type, it is possible to use these methods in cooperation with each other and to carry out a multi-criteria assessment of the security of the control and diagnostic data, taking into account the uncertainty. In addition, it is possible to automatically "accumulate" knowledge about CDI security and make optimal decisions to counter threats CDI on the TP, based on the accumulated knowledge and the results of data security analysis of this class.

Relevant works
Many works have been devoted to the development of analytical models and methodological approaches to assessing the security of complex technical systems and data arrays. There are a number of particular methods for evaluating the effectiveness of protection, storage and analytical processing of information [10][11][12][13][14][15][16][17][18][19][20][21]. These works have a number of advantages, but the use of the models proposed in them to develop a method for multi-criteria assessment of the security of TP diagnostic and control data is inappropriate. The main causes for this inappropriateness are as follows: (1) the need to take into account transients inherent in various states of CDI security indicators and the requirements for security analysis [10][11][12]. This forces one to formulate not only a vector, but also a multi-criteria problem of assessing the security of TP diagnostic and control data; (2) the models and methods proposed in these works do not take into account the unique properties and specific modern technologies of collecting, processing and storing the TP control and diagnostic data, do not take into account the features of CDI security indicators that need to be evaluated [13][14][15]; (3) in fact, there are no dynamic models and analysis methods in dynamics; the assessment of the security of systems and data is designed for analysis either in a static mode or under local stationary conditions [16][17][18].
In addition, in a number of works [19][20][21], the authors were forced to use (within the techniques of data protection efficiency analysis) the multi-dimensional joint probability densities of the values of security indicators. But this requires the collection and processing of a large amount of statistical data, which is not always possible within the real TP. All this emphasizes the urgency of the tasks of developing existing techniques and searching for new mathematical methods for assessing the security of the TP diagnostic and control data within the framework of a probabilistic approach. In other words, a methodological approach is needed to reduce the dimensionality of the task of multi-criteria dynamic assessment of CDI security that allows one to quickly analyze the effectiveness of security mechanisms for control and diagnostic data from the point of view of optimal process control.

Theoretical part
In the paper we propose an approach that aims to develop existing techniques in terms of dynamic multi-criteria security assessment of CDI. This approach, unlike the existing ones, is based not on stationary probabilistic models of CDI on the TP security indicators to be monitored, but on probability-temporal models of these indicators. For this, controlled Markov chains are applied, the dynamics of the change of states in which is described using stochastic equations in finite differences. Analytical models of the process of changing the security states of the TP control and diagnostic data, which based on the mathematical apparatus of controlled Markov chains in the form of difference stochastic equations, are, in fact, probabilistic-temporal models of changing the states of CDI security indicators.
They, unlike the known ones, make it possible to take into account the dynamics of the probabilistic-temporal mechanism for changing the state of CDI security and the correlation of its estimates at the neighboring l-th steps of the TP. Then the probabilistic-temporal model of the process of changing states of a single CDI security indicator (the physical meaning is the deviation w ∆ of a security indicator from the required values within the TP), based on the mathematical apparatus of controlled Markov chains in the form of difference stochastic equations, has the form: where the expression (1) is the equation of state of the process w ∆ at the (l+1)-th step of the TP (in our case, this is the deviation state of some CDI security indicator), 1) -a vector of compensation additives, the elements of which are designed to compensate the non-integer part of equation (2) and are obtained as a result of analysis and correction of the initial excitation noise. The excitation noise is considered as additive white Gaussian noise. Equation (3)  additives. Moreover, in equation (3): -the transposed diagonal block matrix of compensation additives, the elements of which are designed to compensate the integer part in equation (2) -the vector of values of the modified exciting noise that determines the values Q at the (l+1)-th step. The equation for observing the process w ∆ at the (l+1)-th step of the TP (in our case, this is the deviation state of some CDI security indicator) is described by expression (4).
The suggested model is a basis of the methodological approach on the multi-criteria assessment of security of the TP control and diagnostic data. In other words, the use of controlled Markov chains in the form of difference stochastic equations allows one to build the analytical models of functioning and life support of complex technological systems. It also allows one to build the models of ensuring the security of such systems and (or) data arrays collected for optimal management.
These models are formed taking into account the dynamic and probabilistic nature, nonstationarity and uncertainty of the processes of functioning of complex systems [22], their management processes, and the processes of ensuring the security of control and diagnostic data. From the point of view of multi-criteria security assessment of the TP control and diagnostic data, the application of the theory of state variables allows expressing in the form of difference stochastic equations (based on dynamic models of CDI security indicators) both private security processes and the subsystems that implement them within the TPs. That is why the generalized, multi-criteria CDI security indicator can and should include the sub-indicators of protection against computer attacks, against entering unwanted information ("spam"), against copying, intercepting and destroying of CDI, against access by personnel not participating in the TP (unauthorized, illegal use), against legal user errors and others. Account of the diversity of CDI threats and their physical heterogeneity allows one to get the values of the current particular security indicators (PSI) of the TP CDI and the current generalized multi-criteria security indicator (MSI) of the TP control and diagnostic data. They are formulated in the form of a joint probability to meet the requirements of modern production technologies for protection of this class data at the (l+1)-th step of the TP:  are the conditional probabilities of fulfilling the requirements for CDI protection against computer attacks, against entering unwanted information ("spam"), against copying, interception and destruction, and against access by personnel not participating in the TP (unauthorized, illegal use) at (l+1)-th step of the TP, determined under condition that the requirements for the current CDI security ) 1 ( ue + l p -the unconditional probability of meeting the requirements for CDI security considering the legal user errors at the (l+1)th step of the TP.
The conditional and unconditional probabilities of fulfilling the requirements to security indicators, described in equation (5) , respectively. It is important that particular security indicators have the same physical meaning as in [23][24][25], but are developed for the case of a dynamic multi-criteria security assessment of the TP control and diagnostic data.

Methodological part
The content and physical meaning of the stages of the suggested methodological approach should be formulated in more detail.
Obtaining the current probabilistic-temporal PSI is an important distinguishing feature (in addition to reducing the dimension of the analysis task) of the proposed methodological approach. The essence of obtaining the PSIs is to integrate the current one-dimensional probability densities of the values of the security indicators. They are formed on the basis of estimated values of the numerical characteristics of the CDI security indicators considering computer attacks, entering unwanted information ("spam"), copying, interception and destruction, illegal personnel access and legal user errors.
At the same time, the assessment of a specific PSI of CDI is supposed to be carried out using optimal filtering algorithms (Kalman filter) of the observed components of this security indicator. Estimated values of a specific PSI are used to form the current probability density of the values of this indicator, followed by integration of the obtained density over threshold values. As a result, in accordance with the expression (5), the obtained PSIs are convolved into the stepwise MSI values of CDI. Let us formulate in detail the essence of the stages of the methodological approach to multi-criteria assessment of the TP control and diagnostic data security:   (9) VI. Obtaining the estimated value of the MSI at the (l+1)-th step of the TP in accordance with the equation (5)

Results and discussion
The recurrent form of representation of the PSI and MSI allows one to get their estimate in real time. Figure 1 shows an example of the results (obtained by modeling and the computational experiment) of a step-by-step calculation of estimated values of the PSIs. It represents the graphics of the dependencies of the estimated values of the probability of satisfying the requirements to the deviations of various PSIs on the TP step for various security threats. Obtaining the real-time estimated values allows one to increase the efficiency of the CDI security management cycle within the TP [22][23][24][25].
In addition, the transition from the stationary analytical models of security indicators to the models based on Markov chains made it possible to investigate the transients in the dynamics of changing the level of security of the TP control and diagnostic data as a whole.
The proposed methodological approach can be used to solve the problems of direct dynamic multi-criteria security assessment of the TP diagnostic and diagnostic data as a whole, as well as to solve the inverse problem, i.e. the justification of CDI security requirements, optimization of algorithms for ensuring of this class data security in different realizations of the technological process.

Conclusion
The paper suggested the mathematical model of the process of changing the states of CDI security indicators based on Markov chains. The model serves as the basis of the methodological approach (methodology) for multi-criteria assessment of the security of the TP diagnostic and control data. It considers the elimination of the uncertainty of the source data and takes into account the probabilistic-temporal mechanism for changing the security state of the technological process in dynamics. The paper described the stages of the methodological approach (methodology) of multi-criteria (vector) assessment of the effectiveness of this class data protection. This methodology is based on the analysis of the current deviations of the values of the CDI security indicators from the requirements for them are.
This approach can be useful for technical and design bodies responsible for the development of information security systems for technological processes. It allows one to analyze the contribution to the security of such processes of new technical principles for constructing algorithms, tools and complexes for detecting and countering CDI threats.
In addition, this methodological approach can find its application in the development of an investment plan in the industrial and financial sector, which is responsible for realizing content security control and management systems necessary to implement modern "smart" high-tech industries.
New, promising areas for the further development of the CDI security assessment methodology are related to creating the methods for optimal management of this class data protection. The proposed methodological approach is not "closed", it suggests the possibility of supplementing and expanding the list of security indicators studied (different in class and physical sense). It can be the basis of a vector dynamic analysis of security of any other information (data) for any technological processes as well as complex information-analytical and computing systems. In addition, a multi-criteria assessment of the security of diagnostic and diagnostic data can be implemented in the interests of operational security policy management structures of promising technological and cyberphysical systems such as "smart city", "smart healthcare", "smart transport" and others.