The most important task of the theory and practice of information security is to analyze the process of functioning of the subsystem for responding to computer incidents and eliminating the consequences of computer attacks of the information protection system of automated special-purpose systems under the influence of computer attacks by an attacker on the protected information resource, service or network, which involves modeling the response process. A generalized model of the process of eliminating the consequences of computer attacks and responding to computer incidents is presented in the form of a directed graph, where the vertices correspond to the states of the subsystem, and the arcs correspond to transitions from state to state. The description of the subsystem functioning in the state space allows you to simulate the process of responding to computer incidents and eliminating the consequences of computer attacks, evaluating generalized indicators of the time spent by the subsystem in various states and promptly manage the response process by changing the controlled parameters of the model. The model takes into account many types of computer attacks and many strategies for managing information security tools in the process of eliminating the consequences of computer attacks, is the theoretical basis for the development of a methodological apparatus for analyzing, evaluating and prioritizing the processing of computer incidents, as well as the study of issues of dynamic management of the subsystem of responding to computer incidents in order to increase the efficiency of its functioning. The use of the proposed model makes it possible to apply both empirical values of the implementation time of the response and counteraction subprocesses obtained as a result of measurements or modeling, and the theoretical basis for modeling the counteraction of information security tools to computer attacks of various types.

Keywords: automated special purpose system, simulation, information security system, information security tools, computer incident, computer attack, system status

A model that implements a method for assessing the security of a special purpose automated information system is considered in the article. The model takes into account both the intensity of the load on the system and the number of channels as a means of protecting information from DDoS attacks based on the combination of theoretical and empirical approaches to assessing security of special purpose automated information system. The transition from a theoretical model using empirical states and continuous time to a discrete time model is applied to build a new model. The purpose of the work is to develop a model that implements a method for assessing the security of a special purpose automated information system against DDoS attacks based on a theoretical-empirical approach to modeling information protection means against DDoS attacks.The following tasks are solved in the article: analysis of known models that implement the method for assessing the security of special purpose automated information system from DDoS attacks; the model which implements a method for assessing the security of special purpose automated information system based on a theoretical-empirical approach to modeling information protection against DDoS attacks is being developed. The use of the new model makes it possible to apply both empirical values obtained as a result of measurements or modeling, and a theoretical basis for modeling information protection means under the influence of DDoS attacks, taking into account their characteristics, which will be reflected by the income function and the choice of the optimal mode of functioning of the special purpose automated information system in discrete moments in time. When synthesizing the models presented in the article, the lack of the static nature of the assessment of the security of the special purpose automated information system was eliminated, the intensity of computer attacks such as DDoS, which dynamically changes both the parameters evaluating the means of protection and the probability of the system being in critical states, was taken into account.

Keywords: automated system, modeling, security assessment, queuing system, probabilistic assessment, DDoS attack