Geekly Articles each Day
📜 ⬆️ ⬇️

Methods of choosing the topic of the thesis in the specialty "Information Security"



In the last article, I promised to talk about my approach to the formation of the Master's and / or PhD thesis on information security.

A few years ago, I was approached by a 4th year student of the specialty "Integrated Protection of Information Systems" with a request to help formulate the topic of her graduation work. Like, the supervisor has set the task to come up with the theme of the diploma. We talked in detail about his life plans and began to select a topic. This will be further discussed ...

Initial data


The ultimate professional goal of the student was to obtain a scientific degree and teaching. The initial level of education was at the level of an average “typical” student of a regional university, so there was no talk about any profound mathematical, physical or IT topics. In addition, it was stated the desire to build a defense of his thesis on the basis of the graduate work of a specialist.
')

Training


The situation was favorable: 4 course, a lot of time - you can solve the problem systematically, without haste.
I interviewed several "young" candidates of science for a degree, pitfalls and obstacles, as well as requirements for the content of the dissertation. According to the results of the information received, it was decided to decide on the topic of the thesis, and to deduce the topic of the diploma from it.

Shaping the theme


  1. In the first step, we, in 4 hands, collected books on the theory of scientific work. After reviewing the content and looking through these books, I chose one with the most systematic approach to the presentation and a description of all stages of the study. The student was instructed to study it carefully.
  2. After that, an instruction was given, using the HAC website ( Link ) to find all the information security tips within a radius of 1000 km from our city. There were 4 of them operating at that time (they were massively closed for renewal).
  3. The next step was a survey of friends about the "cost" of protection in them. Here one advice was discarded, since I wanted to do everything honestly, and there was nothing to pay.
  4. Then there was the task of finding successful recent defenses on the remaining tips and abstracts to them. At this stage, another advice was eliminated - no defense materials were found at all. As a result, a list of topics of protected works was generated.
  5. One of the sections of the thesis, as a rule, is the justification of relevance. I decided to build this branch from the documents of the Security Council of the Russian Federation ( Link ). From there, selected all the topics on which it was possible to write a work.
  6. Another element of protection is the "introduction" of the result of scientific work. At that moment, I remembered that one of the Russian producers of information security tools was conducting a constant selection of scientific works and was providing grants for their development (at that time up to 200 thousand rubles). In addition, if the work turns out to be worthwhile, its implementation into real mass means of information protection is possible. Plus, there is a safety net for the case of not developed teaching career. After downloading the topics of the proposed research, I chose those that matched the previously selected topics.
  7. Then the specialty passport ( Reference ) was studied - another formal requirement when writing a thesis. I chose the methods described above from the available topics corresponding to the previous two lists.
  8. The following work lay entirely on me: it was necessary to formulate specific topics discussed in the information security community, at conferences and seminars, adding to them the problems that had to be encountered in practice. It turned out another list.
  9. Additionally, in the list of topics of protected works, on the basis of abstracts, keywords were added that briefly described their idea.
  10. Another step was the selection of topics from various scientific theories, such as, for example, George Akerlof's “analysis of markets with asymmetric information” already mentioned in the previous post, or Cournot model from game theory, etc. The task is very voluminous and superficial search did not give a visible finished result (unfortunately, Heinrich Saulovich Altshuller is no longer with us and his registers of methods / methods / ideas no one else is). To reduce the search range, an attempt was made to select the “Nobel Prizes” for several years in order to try to apply the thoughts set forth there to technical problems. But, the student failed to pick up materials, he was already beginning to "burn out" and this stage was missed.
  11. The next step was the convolution of all the collected information and its visualization. For this purpose, all the above lists were hanged on one marker board and their joint analysis began. As a result, a list of keywords was formed, from which both from the designer, based on the lists themselves, it was possible to put the topic together:


The very formula of the topic consisted of answers to three or four questions: “what”, “what”, “with what” and “where / what”.

It looked like this:



Lists in docx format and zip archive

Example 1:
what: assessment of indicators;
what: real security;
with what: with the help of Shewhart maps;
where / what: banking systems.
Total: assessment of indicators of real security of banking systems using Shewhart cards

Example 2:
what: monitoring and evaluation;
what: criteria for network attacks;
using what: - where / what: in information systems.
Total: monitoring and evaluation of criteria for network attacks on information systems

The resulting topics corresponded exactly to all previous criteria, and it remained only to reformulate them more harmoniously, for example, as “Detection and Evaluation of Network Attack Parameters” for the second example.

Last step


Thus, the theme of the work was formulated. But a logical question followed: “What to do next?”
Therefore, taking into account the need for publications in peer-reviewed journals of the Higher Attestation Commission, a generalized initial work plan was drawn up:
  1. Search for approaches to measurements.
  2. Collection of information on methods, their classification.
  3. Identify their shortcomings.
  4. Own method. Description.
  5. Own method. Criteria and indicators.
  6. Own method. Evaluation method.
  7. Experiment.

In paragraphs 2 through 7, the materials received were proposed to be prepared and arranged as articles in WAC publications.
Under the theme of final work, it was proposed to execute and draw up 6 steps of the plan, having considered 1-2 methods on 2 and 3 steps, and 1-2 criteria on step 5. Further support of the student, and then the graduate student, in theory was to be carried out by the supervisor and we broke up with the student.

Time spent


All our work took about a month and a half in total and in total about five of my full working days.

Verification of the approach


The most interesting thing is that just the other day I saw that the aforementioned SZI manufacturer received a patent, on the basis of that very competition. It became interesting to me, it would have turned out to get to the essence of this patent at my approach.
The name of the patent: "A method for detecting computer attacks on a networked computer system." The description ( Reference ) reveals the essence of the invention, which, in my opinion, completely repeats the topic of Example 2, and the description of the prototypes, their shortcomings, the proposal for their improvement, the choice of criteria, the experimental verification correspond to the intended research plan.

Stage "Collection of information about methods, their classification"


I will share one more case that lies in the outline of the story. After a year and a half, after the events described, my colleague and I set up an experiment - we tried to move along the developed plan further. The topic was formulated in the described way, the dates of the reporting poles according to plan are scheduled. And at the literature selection stage, it turned out that:

At a turning point, the “graduate student” understands why it takes several years of uninterrupted work to write this candidate's work: there is no way to passively and actively collect and process literature.
For the “visibility” of the final result, we jumped over and performed from 3 to 7 steps (without registration in the form of finished articles), but the return to step 2 did not change the situation. Since our experiment, apart from interest, was not motivated by anything, we froze it, having nevertheless obtained good experience in working with literature, compiling a library of sources, selecting application software, overcoming methodological and other problems (at the same time they even found a “bug” in the book accounting program, which the developer was unable to eliminate). In fact, there was only a tedious, monotonous task of accumulating and processing the collected material.

Conclusion


I would like to draw attention to the objective (in) ability of the student to clearly formulate the task (topic of work), due to his lack of practical experience in the specialty, and the key role in this mentor. Teachers often distance themselves from the methodical work and give the students to rewrite the already many times the protected work, which does not contribute to the formation of the latter's independence, responsibility and professionalism.
I remind you that any materials and ideas published here can be used without restrictions and references to the source.

Topics of the following articles:


Source: https://habr.com/ru/post/285842/

More articles:


All Articles