Development of an Analytical Model of the Process of Cybersecurity Protection of Distributed Information Systems of Critical Infrastructure ()
1. Introduction
It is known that the fast development of information technologies and their penetration into all fields of human activities as well as globalization processes happening everywhere in the world, and where as information systems of the whole world are merged into one entity that is called the global information space cyberspace, all these necessitate to provide them with guaranteed protection from negative external impacts.
In the abovementioned cyberspace, due to complex structures and the nature of interaction between elements of complex information systems, analysis of their effective operation by means of traditional methods is not always effective.
As examples of such complex systems can be named information systems of management console in different fields like energy industry, telecommunication and transport nets, credit and financial systems, different information systems designed for state or military use, and they are spatiallyallocated in multicomponent structures called critical infrastructure—CI.
The necessity to settle practical calculations concerning different kinds of possible consequences, undesired cyber impacts on the critical infrastructure—CI, these all demand development of the whole hierarchy of complex mathematical models that are able to describe accurately enough and take into consideration complex impact on the system, both destabilizing factors (like refusals, vulnerability, threats, attacks etc.) and stabilizing ones (like discovery, restauration, elimination, prevention of consequences of cyberincidents, their blocking out, interruption, localization etc.)
Modelling of processes of critical infrastructure operation exposed to different outer impacts and at the same time having within itself means of detection and prevention their consequences, are widely used while providing information security and cybersecurity [1]  [8].
Generally, on the basis of these models, the level of protection of an object is analyzed and criteria of effectiveness for means of protection are chosen, methodology and regulations for cyberincident responses are developed.
2. The Object, Aim and Methods of Investigation
Keeping in mind the urgency of the problem mentioned above, in this article, there has been defined the object, aim and methods of investigation:
The object of investigation: multichannel queueing system whose every channel is multichannel QS with limited queues that contains in its body tools of command, control and restoration of subchannels.
The Purpose of the Research: the development of operation models of information systems of critical infrastructure takes into consideration the presence of intelligent tools of detection, analysis and identification of threats and vulnerabilities with the ability to restore their consequences. The development of the models in question takes into consideration probabilistic nature of events flow happening in ISCI and transferring them between different states of cybersecurity.
Methods of research: there have been used systems analysis methods based on using Theory of Probability, Theory of Reliability and Theory of Queues that enable to describe analytically probabilistic processes of cybersecurity violations in IS of critical infrastructures caused by realization of cyberthreats that can cause extreme situations in them and processes of restoration or elimination of their consequences.
The idea of research conducted in this work is to create an analytical model for evaluating of cybersecurity level of complex information systems that enables to estimate the quality of their work by defining values of main characteristics of effective operation in case of different values of input parameters and by means of their comparative analysis to provide choices of the best variants of such systems as in the process of project development as well as for the organization of the processes of their rational exploitation.
Precondition to this particular work have been researches conducted in the works [9]  [14] where special role of modelling in security provision of ISCI is justified, there are also discussed possible types of vulnerabilities taking place in them, there is given classification of threats, methodological concepts for neutralizing those threats on the basis of complex of measures for security and stable functioning of objects and subjects of ISCI from extreme situations caused by these impacts.
This research was also preceded by the author’s articles concerning the developments of analytical and simulation models of complex technical systems regarded as multichannel queueing systems, published in the works [15]  [20].
3. Statement of the Problem
The pictures given below show schematic diagrams of the following objects substituting investigated ISCI:
 Multichannel queuing system with limited queue taken as the basis of every channel considered as unified complicated QS with the illustration of its corresponding state transition graph (Figure 1).
 Investigated multichannel QS, whose every channel is presented as QS given on Figure 1, with the tools of immediate queue discipline, enhanced with the tools of command and control of channels, as well as tools of restoration and elimination of consequences of cyberimpacts (Figure 2).
The aim of this investigation is creation of mathematical model connecting input parameters and output characteristics of the investigated system and providing with ability to oversee their interdependence in the modelling process.
4. The Parameters of the Investigated System
In reference to the parameters of the structure of the information system in question, the following assumptions are made:
 Cyber threats are being divided in the system according to the status: detected and sent for restoration; detected but waiting for restoration (in the virtual queue).
Figure 1. Block diagram of a multichannel Queuing system with a limited queue.
Figure 2. The block diagram of the multichannel Queuing System under study, each channel of which is represented in the form of the Queuing System shown in Figure 1.
 a—number of multichannel subsystems comprising the system where
$a=\stackrel{\xaf}{1,N}$ ;
 N—maximum number of subsystems in the information system;

${n}_{r}$ —number of service channels that are being restored in each subsystem where
$r=\stackrel{\leftarrow}{1,n}$ ;

${\lambda}_{r}$ —parameter of Poisson law—intensity of cyberattacks causing failures and other disorders in service channels where
$r=\stackrel{\to}{1,a}$ ;

${m}_{r}$ —the number of places in the queue in the rsubsystem.

${I}_{r}$ —the number of rsubsystems requests being in the service channels.
 Probability processes of restoration of service channels, as well as eliminations of consequences of cyberimpacts are described by exponential law with the parameter
${\mu}_{r}$ , where
$r=\stackrel{\xaf}{1,a}$ ;
 Loading intensity of service channels:
${\rho}_{r}={\lambda}_{r}/{\mu}_{r}$ ;
 Total intensity of cyberthreats upon the system:
$\Lambda ={\displaystyle {\sum}_{r=1}^{a}{\lambda}_{r}}$ ;
 Total intensity of restauration of service channels:
$M={\displaystyle {\sum}_{r=1}^{a}{\mu}_{r}}$ ;
 Total loading of system:
$\rho ={\displaystyle {\sum}_{r=1}^{a}{\rho}_{r}}$ .
5. Indices of Operation Efficiency of the Investigated System
For modelling purposes as main characteristics of operation efficiency of the investigated ISCI, there have been taken characteristics given below whose values are defined by the values of above listed parameters having probabilistic nature.
${p}_{{k}_{r}}^{a}$ —total limitary probabilities of the number of channels exposed to cyberthreats.
${p}_{{n}_{r}+{l}_{r}}^{a}$ —probability of cyberattacks in the system (
${n}_{r}+{l}_{r}$ );
${p}_{query}^{a}$ —total probabilistic number of discovered cyberthreats whose consequences are to be eliminated;
${p}_{failure}^{a}$ —total probability of refusal to restore the consequences of cyberattacks because of overload of restoration system;
${Q}^{a}$ —the total relative service capacity of the restoration system to restore consequences of cyberattacks.
${A}^{a}$ —total absolute service capacity of the restoration system to restore the consequences of cyberattacks;
${L}_{queue}$ —total average number of cyberattack consequences waiting for restoration of the consequences.
${L}_{service}$ —average number of request orders served by QS per time unit.
${L}_{qs}$ —Total average number of cyberincidents being in the process of elimination of their consequences as well as waiting for such process.
6. The Mathematical Model of the Investigated System of Cybersecurity
As a result of the corresponding transformations of functional relationships that describe initial basic model of multichannel QS with unlimited queue, there has been received a new operating model of the investigated system in the form of below given mathematical relationships, which describe interconnection between its input and output parameters.
1) Total limit probability while
${k}_{r}=\stackrel{\xaf}{0,{n}_{r}}$ , where k_{r}—number of channels being cyberattacked, and n_{r}—number of channels in the rsubsystem.
$\begin{array}{l}{p}_{0}^{a}={\displaystyle {\sum}_{r=1}^{a}{p}_{0}^{r}}={\displaystyle {\sum}_{r=1}^{a}[{\displaystyle {\sum}_{k=0}^{n}\left({\rho}_{r}^{k}/{k}_{r}!\right)}+\left({\rho}_{r}^{{n}_{r+1}}/\left({n}_{r}\text{!}\ast \left({n}_{r}{\rho}_{r}\right)\right)\right)}\\ \text{\hspace{0.17em}}\text{\hspace{0.17em}}\text{\hspace{0.17em}}\text{\hspace{0.17em}}\text{\hspace{0.17em}}\text{\hspace{0.17em}}\text{\hspace{0.17em}}\text{\hspace{0.17em}}\text{\hspace{0.17em}}\text{\hspace{0.17em}}\text{\hspace{0.17em}}\text{\hspace{0.17em}}\text{\hspace{0.17em}}\text{\hspace{0.17em}}\text{\hspace{0.17em}}\text{\hspace{0.17em}}\text{\hspace{0.17em}}\text{\hspace{0.17em}}\text{\hspace{0.17em}}\text{\hspace{0.17em}}\ast {\left(1{\left({\rho}_{r}/{n}_{r}\right)}^{{m}_{r}}\right)]}^{1},\text{\hspace{0.17em}}\text{\hspace{0.17em}}{k}_{r}=0,\text{\hspace{0.17em}}\text{\hspace{0.17em}}r=\stackrel{\xaf}{1,a};\end{array}$ (1)
${p}_{{k}_{r}}^{a}={\displaystyle {\sum}_{r=1}^{a}\left({\rho}_{r}^{{k}_{r}}/{k}_{r}\right)\ast {p}_{0}^{r}},\text{\hspace{0.17em}}\text{\hspace{0.17em}}r=\stackrel{\xaf}{1,a},\text{\hspace{0.17em}}\text{\hspace{0.17em}}{k}_{r}=\stackrel{\xaf}{0,{n}_{r}};$ (2)
2) In the system (
${n}_{r}+{l}_{r}$ ) probability of cyberattacks, from them n_{r}—in the process of restauration of ration of consequences, and waiting for such process.
${p}_{{n}_{r}+{l}_{r}}^{a}={\displaystyle {\sum}_{r=1}^{a}\left({\rho}_{r}^{{n}_{r}+{l}_{r}}/\left({n}_{r}^{{l}_{r}}\ast {n}_{r}!\right)\right){p}_{0}^{r}},\text{\hspace{0.17em}}\text{\hspace{0.17em}}r=\stackrel{\xaf}{1,a},\text{\hspace{0.17em}}\text{\hspace{0.17em}}{n}_{r}\le {l}_{r}\le {m}_{r};$ (3)
3) Total probable number of detected cyberattacks whose consequences have to be eliminated.
$\begin{array}{l}{p}_{query}^{a}={\displaystyle {\sum}_{r=1}^{a}{\displaystyle {\sum}_{l=0}^{{n}_{r}+{m}_{r}1}{p}_{{n}_{r}+1}^{r}}}\\ ={\displaystyle {\sum}_{r=1}^{a}{\displaystyle {\sum}_{l=0}^{{n}_{r}+{m}_{r}1}\left({\rho}^{{n}_{r}}/{n}_{r}!\right)}}\ast \left(\left(1{\left({\rho}_{r}/{n}_{r}\right)}^{{m}_{r}}\right)/\left(1{\rho}_{r}/{n}_{r}\right)\right)\ast {p}_{0}^{r},\text{\hspace{0.17em}}\text{\hspace{0.17em}}r=\stackrel{\xaf}{1,a};\end{array}$ (4)
4) Total probability of refusals of consequences resulted by cyberattacks because of overloading of the restauration system.
${p}_{failure}^{a}={\displaystyle {\sum}_{r=1}^{a}{p}_{{n}_{r}+{m}_{r}}^{r}}={\displaystyle {\sum}_{r=1}^{a}\frac{{\rho}^{{n}_{r}+{m}_{r}}}{{n}_{r}^{{m}_{r}}*{n}_{r}!}}\ast {p}_{0}^{r},\text{\hspace{0.17em}}\text{\hspace{0.17em}}{k}_{r}={n}_{r}+{m}_{r},\text{\hspace{0.17em}}\text{\hspace{0.17em}}r=\stackrel{\xaf}{1,a};$ (5)
5) Total relative zeroerror capacity of restoration system of after cyberattacks.
${Q}^{a}={p}_{service}^{a}=1{p}_{failure}^{a}={\displaystyle {\sum}_{r=1}^{a}\left(1{\rho}^{{n}_{r}+{m}_{r}}/{n}_{r}^{{m}_{r}}\ast {n}_{r}!\ast {p}_{0}^{r}\right)}\text{\hspace{0.05em}}\text{\hspace{0.05em}},\text{\hspace{0.17em}}\text{\hspace{0.17em}}r=\stackrel{\xaf}{1,a};$ (6)
6) Total absolute throughout capacity of the restoration system after cyberattacks.
${A}^{a}={\displaystyle {\sum}_{r=1}^{a}{\lambda}_{r}\ast {Q}^{r}}={\displaystyle {\sum}_{r=1}^{a}{\lambda}_{r}}\ast \left(1\left({\rho}^{{n}_{r}+{m}_{r}}/{n}_{r}^{{m}_{r}}\ast {n}_{r}!\right)\right)\ast {p}_{0}^{r},\text{\hspace{0.17em}}\text{\hspace{0.17em}}r=\stackrel{\xaf}{1,a};$ (7)
7) Total average number of consequences of cyberattacks waiting for restauration.
$\begin{array}{l}{L}_{queue}={\displaystyle {\sum}_{r=1}^{a}{\displaystyle {\sum}_{i=1}^{m}\left({\rho}^{{n}_{r+1}}/{n}_{r}\ast {n}_{r}!\right)}}\\ \text{\hspace{0.05em}}\ast \left(\left(1{\left({\rho}_{r}/{n}_{r}\right)}^{{m}_{r}}\ast \left[1+{m}_{r}\left(1{\rho}_{r}/{n}_{r}\right)\right]\right)/{\left(1{\rho}_{r}/{n}_{r}\right)}^{2}\right)\ast {p}_{0}^{r},\text{\hspace{0.17em}}\text{\hspace{0.17em}}r=\stackrel{\xaf}{1,a};\end{array}$ (8)
8) Average number of service requests being served by QS per unit time.
${L}_{service}^{a}={\displaystyle {\sum}_{r=1}^{a}{A}^{r}/{\mu}_{r}}={\displaystyle {\sum}_{r=1}^{a}\rho \ast \left(1\left({\rho}^{{n}_{r}+{m}_{r}}/{n}_{r}^{{m}_{r}}\ast {n}_{r}!\right)\right)\ast {p}_{0}^{r}},\text{\hspace{0.17em}}\text{\hspace{0.17em}}r=\left(1,a\right);$ (9)
9) Total average number of cyberincidents being in the process of eliminations of their consequences as well as waiting for such process.
${L}_{qs}^{a}={L}_{queue}^{a}+{L}_{service}^{a}$ (10)
7. The Novelty of Investigation
The specific feature of the model described in the article is an attitude towards the problem that enables to develop most generalized, enlarged and scaling software model of the cybersecurity protection system, as it was said above, that is presented as a complex system consisting of certain number of multichannel subsystems of queueing service with unlimited queue exposed to different types of cyberimpacts which cause undesired consequences in the service channels.
The research has been conducted according to the assumption that all the channels of the information system in question, in its composition, along with the devices directly performing technological processes, contain complex intelligence system of command, control and protection from consequences of corresponding types of cyberimpacts, and it provides with:
1) Constant monitoring aiming at detection, identification and registration of different disorders of system operation, happening as a result of ordinary causes (such as failures and restorations), as well as the result of cyberimpacts of different types that disturb entity, confidence and availability.
2) Initiating the processes of restoration of the failed devices and elimination of consequences of any probable cyberimpacts, performing by programs or tools in corresponding equipment presupposed in the service channels.
3) Possibility of information system being under joint impact of different types of cyberthreats including unauthorized access request, viruses, spam, remote login, phishing, DoS/DDoS—attacks etc. happening at random according to the familiar laws of probability distribution.
4) Presence of restoration means, corresponding to their purposes, characteristics and abilities, in the given channel presupposed cyberimpacts, as well as equipment of command for restoration of the failed service channels and elimination of consequences of cyberimpacts that assure effective operation of information system.
8. Results and Discussion
Тhis article summarizes some of the results of research in the field of reliability and security of complex technical systems, with the aim of applying them to the study of cybersecurity problems of Information Systems of Critical Infrastructures. The results of the work contribute to the development of theoretical foundations for assessing the state of cybersecurity in order to ensure the effectiveness of their functioning in the context of cyber threats.
9. Conclusions
In the article, in accordance with the stated objectives, the following problems are solved:
 A new analytical model has been developed for the estimation of the level of cybersecurity protection of information systems, considered as complex queueing systems exposed to cyberattacks of different nature.
 As a basis of modelling of the cybersecurity system in question there has been chosen Multichannel Queuing System with unlimited queue that is well known and is widely applied in practice.
There has been made a generalization and it presupposes consideration of the abovementioned system as a constituent part of a subsystem that is a part of more generalized, enlarged and scaling system that is an aggregation of several, similar to the above described, subsystems.
 There have been received new analytical relationships reflecting dependence of values of input parameters and output characteristics of generalized, enlarged and scaling system describing its work as operation of queueing system in the conditions of cyberimpacts.
 On the basis of received new analytical relationships for different characteristics of the given generalized model, it is possible to develop software model enabling to conduct simulation work of described generalized QS under the influence of cyberattacks and evaluating different scenarios of system operation taking into consideration its specific features.