{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,10,12]],"date-time":"2025-10-12T03:52:53Z","timestamp":1760241173297,"version":"build-2065373602"},"reference-count":39,"publisher":"MDPI AG","issue":"12","license":[{"start":{"date-parts":[[2019,12,11]],"date-time":"2019-12-11T00:00:00Z","timestamp":1576022400000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/creativecommons.org\/licenses\/by\/4.0\/"}],"funder":[{"name":"Ministry of Education and Science of Russia","award":["Government Order no. 2.8172.2017\/8.9 (TUSUR)"],"award-info":[{"award-number":["Government Order no. 2.8172.2017\/8.9 (TUSUR)"]}]}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":["Symmetry"],"abstract":"<jats:p>This article highlights the issue of identifying information security threats to computer networks. The aim of the study is to increase the number of identified threats. Firstly, it was carried out the analysis of computer network models used to identify threats, as well as in approaches to building computer network threat models. The shortcomings that need to be corrected are highlighted. On the basis of the mathematical apparatus of attributive metagraphs, a computer network model is developed that allows to describe the software components of computer networks and all possible connections between them. On the basis of elementary operations on metagraphs, a model of threats to the security of computer network software is developed, which allows compiling lists of threats to the integrity and confidentiality of computer network software. These lists include more threats in comparison with the considered analogues.<\/jats:p>","DOI":"10.3390\/sym11121506","type":"journal-article","created":{"date-parts":[[2019,12,12]],"date-time":"2019-12-12T03:20:16Z","timestamp":1576120816000},"page":"1506","update-policy":"https:\/\/doi.org\/10.3390\/mdpi_crossmark_policy","source":"Crossref","is-referenced-by-count":10,"title":["Model of Threats to Computer Network Software"],"prefix":"10.3390","volume":"11","author":[{"ORCID":"https:\/\/orcid.org\/0000-0002-0916-105X","authenticated-orcid":false,"given":"Aleksey","family":"Novokhrestov","sequence":"first","affiliation":[{"name":"Department of Complex Information Security of Computer Systems, Tomsk State University of Control Systems and Radioelectronics, 40 Lenina Prospect, 634050 Tomsk, Russia"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-3222-9956","authenticated-orcid":false,"given":"Anton","family":"Konev","sequence":"additional","affiliation":[{"name":"Department of Complex Information Security of Computer Systems, Tomsk State University of Control Systems and Radioelectronics, 40 Lenina Prospect, 634050 Tomsk, Russia"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Alexander","family":"Shelupanov","sequence":"additional","affiliation":[{"name":"Department of Complex Information Security of Computer Systems, Tomsk State University of Control Systems and Radioelectronics, 40 Lenina Prospect, 634050 Tomsk, Russia"}],"role":[{"role":"author","vocabulary":"crossref"}]}],"member":"1968","published-online":{"date-parts":[[2019,12,11]]},"reference":[{"key":"ref_1","unstructured":"(2019, October 29). Penetration Testing of Corporate Information Systems: Statistics and Findings, 2019. Available online: https:\/\/www.ptsecurity.com\/ww-en\/analytics\/corp-vulnerabilities-2019."},{"key":"ref_2","unstructured":"Internet Security Threat Report (ISTR) 2019 (2019, October 29). Symantec. Available online: https:\/\/www.symantec.com\/security-center\/threat-report."},{"key":"ref_3","doi-asserted-by":"crossref","first-page":"8182","DOI":"10.1109\/JIOT.2019.2935189","article-title":"IoT: Internet of Threats? A Survey of Practical Security Vulnerabilities in Real IoT Devices","volume":"6","author":"Meneghello","year":"2019","journal-title":"IEEE Internet Things J."},{"key":"ref_4","doi-asserted-by":"crossref","unstructured":"Abdulghani, H.A., Nijdam, N.A., Collen, A., and Konstantas, D. (2019). A Study on Security and Privacy Guidelines, Countermeasures, Threats: IoT Data at Rest Perspective. Symmetry, 11.","DOI":"10.3390\/sym11060774"},{"key":"ref_5","doi-asserted-by":"crossref","first-page":"283","DOI":"10.30534\/ijeter\/2019\/11792019","article-title":"Threat model for IoT systems on the example of openUNB protocol","volume":"7","author":"Shelupanov","year":"2019","journal-title":"Int. J. Emerg. Trends Eng. Res."},{"key":"ref_6","doi-asserted-by":"crossref","first-page":"238","DOI":"10.1016\/j.ins.2019.09.061","article-title":"Designing privacy-aware internet of things applications","volume":"512","author":"Perera","year":"2019","journal-title":"Inf. Sci."},{"key":"ref_7","first-page":"34","article-title":"Approach to creation protected information model","volume":"25","author":"Konev","year":"2012","journal-title":"Proc. TUSUR Univ."},{"key":"ref_8","doi-asserted-by":"crossref","first-page":"215","DOI":"10.1016\/j.ijinfomgt.2015.11.009","article-title":"Information security management needs more holistic approach: A literature review","volume":"36","author":"Zahoor","year":"2016","journal-title":"Int. J. Inf. Manag."},{"key":"ref_9","doi-asserted-by":"crossref","unstructured":"Shelupanov, A., Evsyutin, O., Konev, A., Kostyuchenko, E., Kruchinin, D., and Nikiforov, D. (2019). Information Security Methods\u2014Modern Research Directions. Symmetry, 11.","DOI":"10.3390\/sym11020150"},{"key":"ref_10","unstructured":"Shostack, A. (2014). Threat Modeling: Designing for Security, John Wiley & Sons."},{"key":"ref_11","unstructured":"(2019, October 29). The STRIDE Threat Model. Available online: https:\/\/docs.microsoft.com\/en-us\/previous-versions\/commerce-server\/ee823878(v=cs.20)."},{"key":"ref_12","doi-asserted-by":"crossref","unstructured":"Gupta, B., Agrawal, D., and Yamaguchi, S. (2016). Threat classification: State of art. Handbook of Research on Modern Cryptographic Solutions for Computer and Cyber Security, IGI Global.","DOI":"10.4018\/978-1-5225-0105-3"},{"key":"ref_13","doi-asserted-by":"crossref","first-page":"53","DOI":"10.1016\/j.cose.2019.03.010","article-title":"Threat modeling\u2014A systematic literature review","volume":"84","author":"Wenjun","year":"2019","journal-title":"Comput. Secur."},{"key":"ref_14","unstructured":"Tang, J., Wang, D., Ming, L., and Li, X. (2019, October 29). A Scalable Architecture for Classifying Network Security Threats. Available online: http:\/\/papersub.academicpub.org\/Global\/DownloadService.aspx?ID=2514."},{"key":"ref_15","doi-asserted-by":"crossref","unstructured":"Pan, J., and Zhuang, Y. (2017). PMCAP: A Threat Model of Process Memory Data on the Windows Operating System. Secur. Commun. Netw.","DOI":"10.1155\/2017\/4621587"},{"key":"ref_16","doi-asserted-by":"crossref","unstructured":"Ferrag, M.A., Maglaras, L.A., Janicke, H., Jiang, J., and Shu, L. (2017). Authentication Protocols for Internet of Things: A Comprehensive Survey. Secur. Commun. Netw., 2017.","DOI":"10.1155\/2017\/6562953"},{"key":"ref_17","doi-asserted-by":"crossref","unstructured":"Liu, F., and Li, T. (2018). A Clustering K-Anonymity Privacy-Preserving Method for Wearable IoT Devices. Secur. Commun. Netw., 2018.","DOI":"10.1155\/2018\/4945152"},{"key":"ref_18","doi-asserted-by":"crossref","unstructured":"Wagner, T.D., Palomar, E., Mahbub, K., and Abdallah, A.E. (2017). Relevance Filtering for Shared Cyber Threat Intelligence (Short Paper). Information Security Practice and Experience, Springer.","DOI":"10.1007\/978-3-319-72359-4_35"},{"key":"ref_19","first-page":"18","article-title":"Creation of the adaptive cyber threat detection system on the basis of fuzzy feature clustering","volume":"2","author":"Lakhno","year":"2016","journal-title":"East. Eur. J. Enterp. Technol."},{"key":"ref_20","unstructured":"Bodeau, D.J., and McCollum, C.D. (2018). System-of-Systems Threat Model, The Homeland Security Systems Engineering and Development Institute (HSSEDI) MITRE."},{"key":"ref_21","doi-asserted-by":"crossref","first-page":"627","DOI":"10.1016\/j.procs.2017.08.314","article-title":"Towards Composable Threat Assessment for Medical IoT (MIoT)","volume":"113","author":"Darwisha","year":"2017","journal-title":"Procedia Comput. Sci."},{"key":"ref_22","doi-asserted-by":"crossref","unstructured":"Wu, Z., and Wei, Q. (2017). Quantitative Analysis of the Security of Software-Defined Network Controller Using Threat\/Effort Model. Math. Probl. Eng., 2017.","DOI":"10.1155\/2017\/8740217"},{"key":"ref_23","doi-asserted-by":"crossref","unstructured":"Azad, M.A., Bag, S., Perera, C., Barhamgi, M., and Hao, F. (2019). Authentic-Caller: Self-enforcing Authentication in a Next Generation Network. IEEE Trans. Ind. Inform.","DOI":"10.1109\/TII.2019.2941724"},{"key":"ref_24","doi-asserted-by":"crossref","first-page":"489","DOI":"10.1016\/j.procs.2014.05.452","article-title":"Classification of Security Threats in Information Systems","volume":"32","author":"Jouini","year":"2014","journal-title":"Procedia Comput. Sci."},{"key":"ref_25","doi-asserted-by":"crossref","unstructured":"Alhebaishi, N., Wang, L., Jajodia, S., and Singhal, A. (2016). Threat Modeling for Cloud Data Center Infrastructures. International Symposium on Foundations and Practice of Security, Springer.","DOI":"10.1007\/978-3-319-51966-1_20"},{"key":"ref_26","doi-asserted-by":"crossref","unstructured":"Johnson, P., Vernotte, A., Ekstedt, M., and Lagerstr\u00f6m, R. (September, January 31). pwnPr3d: An Attack-Graph-Driven Probabilistic Threat-Modeling Approach. Proceedings of the 2016 11th International Conference on Availability, Reliability and Security (ARES), Salzburg, Austria.","DOI":"10.1109\/ARES.2016.77"},{"key":"ref_27","doi-asserted-by":"crossref","first-page":"S3","DOI":"10.1016\/j.diin.2015.05.002","article-title":"Graph-theoretic characterization of cyber-threat infrastructures","volume":"14","author":"Boukhtouta","year":"2015","journal-title":"Digit. Investig."},{"key":"ref_28","doi-asserted-by":"crossref","unstructured":"Luh, R., Temper, M., Tjoa, S., and Schrittwieser, S. (2018, January 22\u201324). APT RPG: Design of a Gamified Attacker\/Defender Meta Model. Proceedings of the 4th International Conference on Information Systems Security and Privacy (ICISSP 2018), Madeira, Portugal.","DOI":"10.5220\/0006717805260537"},{"key":"ref_29","unstructured":"(2019, October 29). MITRE ATT&CK Matrix. Available online: https:\/\/attack.mitre.org\/."},{"key":"ref_30","unstructured":"(2019, October 29). Information Security Threat Databank. (In Russian)."},{"key":"ref_31","doi-asserted-by":"crossref","first-page":"463","DOI":"10.1109\/TSE.1983.234782","article-title":"Interconnection of Local Computer Networks: Modeling and Optimization Problems","volume":"9","author":"Bernard","year":"1983","journal-title":"IEEE Trans. Softw. Eng."},{"key":"ref_32","doi-asserted-by":"crossref","first-page":"287","DOI":"10.3103\/S0005105510060038","article-title":"Problems and prospects of modeling computer information networks. A review","volume":"44","author":"Dudin","year":"2010","journal-title":"Autom. Doc. Math. Linguist."},{"key":"ref_33","doi-asserted-by":"crossref","unstructured":"Ansari, Y.E., Myr, A.E., and Omari, L. (2017). Deterministic and Stochastic Study for an Infected Computer Network Model Powered by a System of Antivirus Programs. Discret. Dyn. Nat. Soc., 2017.","DOI":"10.1155\/2017\/3540278"},{"key":"ref_34","doi-asserted-by":"crossref","first-page":"12","DOI":"10.14445\/22312803\/IJCTT-V26P103","article-title":"A Multilayer Model of Computer Networks","volume":"26","author":"Shchurov","year":"2015","journal-title":"Int. J. Comput. Trends Technol."},{"key":"ref_35","first-page":"201","article-title":"A Trusted Model of Complex Computer Networks","volume":"3","author":"Shchurov","year":"2016","journal-title":"J. ICT Stand."},{"key":"ref_36","doi-asserted-by":"crossref","first-page":"727","DOI":"10.3103\/S0146411615080106","article-title":"Adaptive reflexivity threat protection","volume":"49","author":"Lavrova","year":"2015","journal-title":"Autom. Control Comput. Sci."},{"key":"ref_37","unstructured":"Basu, A., and Blanning, R.W. (2007). Metagraphs and Their Applications, Springer."},{"key":"ref_38","doi-asserted-by":"crossref","first-page":"060015","DOI":"10.1063\/1.4964595","article-title":"Mathematical model of threats to information systems","volume":"1772","author":"Novokhrestov","year":"2016","journal-title":"AIP Conf. Proc."},{"key":"ref_39","doi-asserted-by":"crossref","first-page":"111","DOI":"10.21293\/1818-0442-2016-19-3-111-114","article-title":"Model of threats to automatic system for commercial accounting of power consumption","volume":"19","author":"Novokhrestov","year":"2016","journal-title":"Proc. TUSUR Univ."}],"container-title":["Symmetry"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/www.mdpi.com\/2073-8994\/11\/12\/1506\/pdf","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,10,11]],"date-time":"2025-10-11T13:41:31Z","timestamp":1760190091000},"score":1,"resource":{"primary":{"URL":"https:\/\/www.mdpi.com\/2073-8994\/11\/12\/1506"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2019,12,11]]},"references-count":39,"journal-issue":{"issue":"12","published-online":{"date-parts":[[2019,12]]}},"alternative-id":["sym11121506"],"URL":"https:\/\/doi.org\/10.3390\/sym11121506","relation":{},"ISSN":["2073-8994"],"issn-type":[{"type":"electronic","value":"2073-8994"}],"subject":[],"published":{"date-parts":[[2019,12,11]]}}}