METHOD FOR SYNTHESIS OF A SCALABLE ARCHITECTURE OF A DISTRIBUTED CS, RESISTANT TO SOCIAL ENGINEERING ATTACKS

Abstract

 Social engineering continues to be one of the most dangerous classes of threats for modern distributed IT systems, where event processing, resource access, and protection mechanisms are performed on a large number of heterogeneous nodes. The growth of the scale of architectures, the emergence of multi-channel interaction scenarios, remote users, and a high level of dynamism create challenges for the synthesis of systems that are able to maintain resistance to social engineering attacks. The study proposes methods and tools for the synthesis of distributed systems focused on ensuring structural, behavioral, and functional resistance to such attacks.

The basis of the approach is the use of a population multi-agent mean-field model, which allows considering a large number of nodes as a coordinated system of local detectors interacting through an aggregated state space. This makes it possible to describe the impact of attacks not on individual components, but on the entire distributed system as a whole, and to evaluate its response through integrated risk and resilience indicators. The study forms a generalized model of a distributed system, defines the roles of different types of nodes, protections and interaction channels, and also describes the methodology for architecture synthesis, which includes the classification of local actions, coordination mechanisms and evaluation criteria.

Special attention is paid to the integration of protective measures - deception components, multifactor authentication, filtering and segmentation mechanisms - into the structure of a distributed system. Methods for optimizing the distribution of these measures at different levels of the architecture are proposed in accordance with the dynamics of the mean field and target requirements for stability. An iterative approach to architecture synthesis is developed, which combines the adaptation of local node strategies with the tuning of global system parameters.

The results demonstrate that the use of the mean field concept allows to ensure scalability of solutions, consistency of node behavior, and also to increase the ability of a distributed system to counteract social engineering attacks in conditions of uncertainty and high variability of scenarios. The methodology can be used for the design, improvement and engineering synthesis of real distributed IT architectures operating in critical environments.