{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,9,30]],"date-time":"2025-09-30T00:08:37Z","timestamp":1759190917402,"version":"3.44.0"},"reference-count":25,"publisher":"MDPI AG","issue":"10","license":[{"start":{"date-parts":[[2025,9,27]],"date-time":"2025-09-27T00:00:00Z","timestamp":1758931200000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/creativecommons.org\/licenses\/by\/4.0\/"}],"content-domain":{"domain":["www.mdpi.com"],"crossmark-restriction":true},"short-container-title":["Symmetry"],"abstract":"<jats:p>The formation of strategies and tactics of destructive impact (DI) at the stages of complex computer attacks (CCAs) largely depends on the content of intelligence data obtained by the intruder about the attacked elements of distributed information systems (DISs). This study analyzes scientific papers, methodologies and standards in the field of assessing the indicators of awareness of the intruder about the objects of DI and symmetrical indicators of intelligence security of the elements of the DIS. It was revealed that the aspects of changing the quantitative and qualitative characteristics of intelligence data (ID) at the stages of CCA, as well as their impact on the possibilities of using certain types of simple computer attacks (SKAs), are poorly studied and insufficiently systematized. This paper uses technologies for modeling the process of an intruder obtaining ID based on the application of the methodology of black, grey and white boxes and the theory of fuzzy sets. This allowed us to identify the relationship between certain arrays of ID and the possibilities of applying certain types of SCA end-structure arrays of ID according to the levels of identifying objects of DI, and to create a scale of intruder awareness symmetrical to the scale of intelligence protection of the elements of the DIS. Experiments were conducted to verify the practical applicability of the developed models and techniques, showing positive results that make it possible to identify vulnerable objects, tactics and techniques of the intruder in advance. The result of this study is the development of an intruder awareness scale, which includes five levels of his knowledge about the attacked system, estimated by numerical intervals and characterized by linguistic terms. Each awareness level corresponds to one CCA stage: primary ID collection, penetration and legalization, privilege escalation, distribution and DI. Awareness levels have corresponding typical ID lists that can be potentially available after conducting the corresponding type of SCA. Typical ID lists are classified according to the following DI levels: network, hardware, system, application and user level. For each awareness level, the method of obtaining the ID by the intruder is specified. These research results represent a scientific contribution. The practical contribution is the application of the developed scale for information security (IS) incident management. It allows for a proactive assessment of DIS security against CCAs\u2014modeling the real DIS structure and various CCA scenarios. During an incident, upon detection of a certain CCA stage, it allows for identifying data on DIS elements potentially known by the intruder and eliminating further development of the incident. The results of this study can also be used for training IS specialists in network security, risk assessment and IS incident management.<\/jats:p>","DOI":"10.3390\/sym17101604","type":"journal-article","created":{"date-parts":[[2025,9,29]],"date-time":"2025-09-29T10:49:34Z","timestamp":1759142974000},"page":"1604","update-policy":"https:\/\/doi.org\/10.3390\/mdpi_crossmark_policy","source":"Crossref","is-referenced-by-count":0,"title":["Models and Methods for Assessing Intruder\u2019s Awareness of Attacked Objects"],"prefix":"10.3390","volume":"17","author":[{"ORCID":"https:\/\/orcid.org\/0000-0002-8083-6822","authenticated-orcid":false,"given":"Vladimir V.","family":"Baranov","sequence":"first","affiliation":[{"name":"Department of \u201cInformation Security\u201d, M.I. Platov South Russian State Polytechnic University, 346428 Novocherkassk, Russia"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Alexander A.","family":"Shelupanov","sequence":"additional","affiliation":[{"name":"Department of \u201cIntegrated Information Security of Electronic Computing Systems\u201d, Tomsk State University of Control Systems and Radioelectronics (TUSUR), 634050 Tomsk, Russia"}],"role":[{"role":"author","vocabulary":"crossref"}]}],"member":"1968","published-online":{"date-parts":[[2025,9,27]]},"reference":[{"key":"ref_1","unstructured":"(2025, April 18). CAPEC (Common Attack Pattern Enumeration and Classification)\u2013A Standard for Describing Attack Classes and Their Hierarchical Relationships, a Catalog of Known Cyberattacks. Available online: https:\/\/capec.mitre.org."},{"key":"ref_2","unstructured":"(2025, July 25). MITRE ATT&CK Matrix\u2013Formal Description of Techniques and Tactics for Implementing Cyber-Attacks. Available online: https:\/\/attack.mitre.org\/."},{"key":"ref_3","doi-asserted-by":"crossref","first-page":"4","DOI":"10.63180\/jcsra.thestap.2025.3.2","article-title":"Adversarial attack detection in industrial control systems using LSTM-based intrusion detection and black-box defense strategies","volume":"2025","author":"Almedires","year":"2025","journal-title":"J. Cyber Secur. Risk Audit."},{"key":"ref_4","doi-asserted-by":"crossref","unstructured":"Wei, Y., and Wu, F. (2022). Self-adaptive intrusion detection model based on Bi-LSTM-CRF using historical access logs. Proceedings on Advances in Natural Computing, Fuzzy Systems, and Knowledge Discovery: Proceedings of the ICNC-FSKD 2021 Conference 17, Springer International Publishing.","DOI":"10.1007\/978-3-030-89698-0_20"},{"key":"ref_5","doi-asserted-by":"crossref","first-page":"28","DOI":"10.1080\/23742917.2024.2312671","article-title":"Cyber diplomacy: Defining the opportunities for cybersecurity and risks from Artificial Intelligence, IoT, Blockchains, and Quantum Computing","volume":"9","author":"Radanliev","year":"2024","journal-title":"J. Cyber Secur. Technol."},{"key":"ref_6","doi-asserted-by":"crossref","first-page":"4","DOI":"10.1186\/s40543-024-00416-6","article-title":"Artificial intelligence and quantum cryptography","volume":"15","author":"Radanliev","year":"2024","journal-title":"J. Anal. Sci. Technol."},{"key":"ref_7","doi-asserted-by":"crossref","unstructured":"Alshuaibi, A., Arshad, M.W., and Maayah, M. (2025). A hybrid genetic algorithm and hidden markov model-based hashing technique for robust data security. J. Cyber Secur. Risk Audit., 42\u201356.","DOI":"10.63180\/jcsra.thestap.2025.3.6"},{"key":"ref_8","unstructured":"Al-Shaer, R., Ahmed, M., and Al-Shaer, E. (2017, January 13\u201317). Statistical Learning of APT TTP Chains from MITRE ATT&CK. Proceedings of the RSA Conference 2017, San Francisco, CA, USA. Available online: https:\/\/www.researchgate.net\/publication\/351452885_Assessing_MITRE_ATTCK_Risk_Using_a_Cyber-Security_Culture_Framework."},{"key":"ref_9","unstructured":"Skabtsov, N. (2018). Information Systems Security Audit, Peter. Available online: https:\/\/books.yandex.ru\/books\/T54pW6oL\/read-online."},{"key":"ref_10","first-page":"5","article-title":"Methods and tools for modeling attacks in large computer networks: The state of the problem","volume":"22","author":"Kotenko","year":"2012","journal-title":"SPIIRAN"},{"key":"ref_11","first-page":"88","article-title":"Models and methods for assessing the destructive impact of violators on elements of distributed information systems","volume":"25","author":"Baranov","year":"2024","journal-title":"Rep. Tomsk. State Univ. Control. Syst. Radio Electronics"},{"key":"ref_12","doi-asserted-by":"crossref","unstructured":"Baranov, V.V., and Shelupanov, A.A. (2022). Cognitive model for assessing the security of information systems for various purposes. Symmetry, 14.","DOI":"10.3390\/sym14122631"},{"key":"ref_13","unstructured":"Avezova, Y., and Badaev, A. (2025, June 02). In the Sights of APT Groups: Kill Chain of Eight Steps. Habr. Available online: https:\/\/habr.com\/ru\/companies\/pt\/articles\/802697\/."},{"key":"ref_14","doi-asserted-by":"crossref","unstructured":"Ang, S., Huy, S., and Janarthanan, M. (2025). Utilizing IDS and IPS to improve cybersecurity monitoring process. J. Cyber Secur. Risk Audit., 77\u201388.","DOI":"10.63180\/jcsra.thestap.2025.3.10"},{"key":"ref_15","unstructured":"(2025, June 08). ISSAF-Information System Security Assesment Framework. Available online: http:\/\/www.oissg.org\/issaf02\/issaf0.1-5.pdf."},{"key":"ref_16","unstructured":"Orrey, K. (2025, June 08). Penetration Test Framework. Vulnerability Assessment. Available online: https:\/\/www.secureinfo.eu\/data\/files\/docs\/Framework_-_Penetration_Test.html."},{"key":"ref_17","unstructured":"(2025, June 09). PTES\u2013The Penetration Testing Execution Standard. Available online: http:\/\/www.pentest-standard.org\/index.php\/Main_Page."},{"key":"ref_18","unstructured":"(2025, June 12). Technical Guide to Information Security Testing and Assessment, Available online: https:\/\/nvlpubs.nist.gov\/nistpubs\/Legacy\/SP\/nistspecialpublication800-115.pdf."},{"key":"ref_19","doi-asserted-by":"crossref","first-page":"12","DOI":"10.63180\/jcsra.thestap.2025.2.2","article-title":"Analyzing cybersecurity risks and threats in IT infrastructure based on NIST framework","volume":"2025","author":"Aljumaiah","year":"2025","journal-title":"J. Cyber Secur. Risk Audit."},{"key":"ref_20","unstructured":"Beizer, B. (2004). Black box testing. Technologies of Functional Testing of Software and Systems, Peter. Available online: https:\/\/djvu.online\/file\/UlGilEprxDkPy."},{"key":"ref_21","unstructured":"Binder, R. (2000). Testing Object-Oriented Systems, Publisher Addison-Wesley Publishing Company Inc. Available online: http:\/\/kagowyje.blog.free.fr\/index.php?post\/2016\/10\/22\/Testing-Object-Oriented-Systems%3A-Models%2C-Patterns%2C-and-Tools-pdf."},{"key":"ref_22","doi-asserted-by":"crossref","unstructured":"Ammann, P., and Offutt, J. (2008). An Introduction to Software Testing, University Press. Available online: https:\/\/assets.cambridge.org\/97805218\/80381\/frontmatter\/9780521880381_frontmatter.pdf.","DOI":"10.1017\/CBO9780511809163"},{"key":"ref_23","unstructured":"Zadeh, L. (1976). The Concept of a Linguistic Variable and Its Application to Making Approximate Decisions, Mir. Translated from English."},{"key":"ref_24","unstructured":"Sapkina, N.V. (2025, June 12). Properties of Operations on Fuzzy Numbers. Bulletin of the VSU. Series: System Analysis and Information Technology. Available online: https:\/\/www.elibrary.ru\/download\/elibrary_20156009_60491464.pdf."},{"key":"ref_25","first-page":"542","article-title":"Information security risk assessment in industry information system based on fuzzy set theory and artificial neural network","volume":"23","author":"Asfha","year":"2024","journal-title":"Inform. Autom."}],"container-title":["Symmetry"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/www.mdpi.com\/2073-8994\/17\/10\/1604\/pdf","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,9,29]],"date-time":"2025-09-29T11:20:55Z","timestamp":1759144855000},"score":1,"resource":{"primary":{"URL":"https:\/\/www.mdpi.com\/2073-8994\/17\/10\/1604"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2025,9,27]]},"references-count":25,"journal-issue":{"issue":"10","published-online":{"date-parts":[[2025,10]]}},"alternative-id":["sym17101604"],"URL":"https:\/\/doi.org\/10.3390\/sym17101604","relation":{},"ISSN":["2073-8994"],"issn-type":[{"value":"2073-8994","type":"electronic"}],"subject":[],"published":{"date-parts":[[2025,9,27]]}}}