Methods of identification of “weak” signs of violations of information security

To ensure information security of information technologies in distributed information computing systems, a metadata mechanism implementing a permit system for establishing connections in a network has previously been proposed. If a host is captured by an adversary, there is a strategy for organizing attacks that are not detected at the traditional metadata level. A number of errors in data that can be generated by an adversary during the implementation of information technology require the construction of cause-and-effect chains preceding the error in order to identify the cause of the error. At the same time, metadata implement a simplified model of cause-and-effect relations when solving problems during implementation of information technology. This model can be used to find the specified errors. The author constructs a synergistic relationship between the solution of the mentioned problem of information security and the work of an experienced system administrator to determine the causes of implicit errors. This relationship allows leveraging the expertise of system administrators to make it easier to find a captured host and some strategies of an adversary to incorporate errors into the implementation of information technology. It also minimizes network reconfiguration requirements to bypass the captured host.