Quarterly journal published in SPbPU
and edited by prof. Dmitry Zegzhda
Peter the Great St. Petersburg Polytechnic University
Institute of computer sciences and technologies
information security of computer systems
Information Security Problems. Computer Systems
Published since 1999.
ISSN 2071-8217
  • 2024 year
    • № 1 2024
      • EDUCATION PROBLEMS
        I. L. Karpova, A. Yu. Garkushev, A. F. Suprun St. Petersburg State Marine Technical University, Peter the Great St. Petersburg Polytechnic University

        Annotation:

        Information is becoming an increasingly valuable asset for companies, so information security management is an integral part of the work of all institutions and enterprises. The professional experience and skills of information security specialists significantly affect the development of the system, audit and management of the information security system. In light of the high rate of receipt of relevant information and rapid changes in the information security system, it is important that future specialists in this field have the ability to analyze information, use it effectively and make accurate forecasts based on this data. The development of reflexive and predictive competencies in practice is possible through the development of the ability to anticipate, which is the mental mechanism underlying forecasting and goal setting. The role of anticipation as a component of reflexive and predictive competencies is considered, as well as methods of its development among information security specialists.

        Keywords:

        information security, cybersecurity, anticipation, reflexive-prognostic competencies, mental regulation, vulnerability
        Pages 168–174
      • INFORMATION SECURITY APPLICATION
        D. E. Vilkhovsky Dostoevsky Omsk State University

        Annotation:

        The paper describes a business-logic and results of the stegoanalysis software, a stegoanalytical module based on the algorithms developed by the author for image steganalysis, which enables to detect embeddings even with low stego-payload (10–25 % of the total). The solution is aimed at improving the enterprise information security by detecting media files (images) containing embeddings and preventing unauthorized transfer of such files or viewing and extracting the received hidden message as well as preventing the installation of malware, the module of which is embedded in the image with the steganography. The software package works with embeddings by the Koch – Zhao method and LSB-replacement methods.

        Keywords:

        steganalysis, steganographic analysis, stegocontainer analysis, LSB-insert detection, DCT-insert detection, Koch – Zhao method
        Pages 9–17
        A. Yu. Garkushev, A. V. Lipis, I. L. Karpova, A. A. Shalkovskaya, A. F. Suprun Petersburg State Marine Technical University, Lomonosov Moscow State University, Peter the Great St. Petersburg Polytechnic University

        Annotation:

        The article is devoted to the development of tools for evaluating intelligent information security management systems in enterprises. The proposed methodology is based on a combination of entropy approaches to assessing the quality of information and a priori assessment of competence in terms of balancing the efficiency and validity of decisions made. The proposed mathematical model can be used for a priori evaluation of information security decision support systems.

        Keywords:

        competence, validity, intelligent system, communication, an aggregated model
        Pages 18–27
        D. A. Moskvin, E. M. Orel, A. A. Lyashenko Peter the Great St. Petersburg Polytechnic University

        Annotation:

        This paper presents a mathematical graph-based model for use in automated security analysis systems. The model allows to link information about the system obtained by a specialist in the process of security analysis with a set of attack scenarios in which it may be involved. Executing each scenario results in new portion of data, that describes some system component and contributes to the expansion of the attack graph.

        Keywords:

        attack graph, graph-based model, security analysis, attack scenarios, heterogenic systems, security assessment, penetration testing
        Pages 28–35
      • NETWORK AND TELECOMMUNICATION SECURITY
        E. Yu. Pavlenko Peter the Great St. Petersburg Polytechnic University

        Annotation:

        Security criteria for self-organizing cyber-physical systems are proposed, taking into account their specificity, which consists in the need to ensure correct functioning, even under conditions of destructive information impacts, and information security. The solution of the problem is complicated by the presence of both local goals of the system components capable of self-organization and the global goal of the entire system. The paper systematizes security threats for self-organizing cyber-physical systems taking into account their specifics. We propose three security criteria – graph and two entropy criteria, the combined use of which will allow us to detect attacking influences aimed at both disabling the system and obtaining the possibility of stealthy control of the system in accordance with the attacker's goals.

        Keywords:

        cybersecurity, self-organizing systems, multi-agent system, intelligence, entropy, target function
        Pages 36–49
        А. А. Kornienko, S. V. Kornienko, N. S. Razzhivin Emperor Alexander I St. Petersburg State Transport University

        Annotation:

        The article analyzes the problems of using of mobile devices when applying of the BYOD concept. An adapted methodology for assessing information security threats is proposed. In addition to the traditional approach of building a security system in the information system, a software tool for monitoring unauthorized access has been developed and tested.

        Keywords:

        BYOD, mobile devices, corporate information system, information security, unauthorized access
        Pages 50–61
        A. S. Kurakin LLC "STC"

        Annotation:

        The article proposes a way to assess the effectiveness of selecting and distributing the goals of a group of unmanned aerial vehicles when they perform aerial photography tasks. Analytical expressions are obtained for resource intensity, performance and efficiency of task execution. Modeling and comparative assessment of the efficiency indicator for various options for the formation and target setting of a group of unmanned aerial vehicles was carried out.

        Keywords:

        group of unmanned aerial vehicles, flight task, efficiency, comparative assessment, aerial photography
        Pages 62–69
        E. Yu. Pavlenko, M. A. Pahomov Peter the Great St. Petersburg Polytechnic University

        Annotation:

        Approaches to self-regulation of networks with adaptive network topology based on graph theory are presented. These approaches are limited to networks whose nodes do not change their position in space, such as peer-to-peer and heterogeneous sensor networks, as well as industrial networks using the example of Smart Grid smart energy consumption networks. A generalized objective function is described for each type of network, conditions for self-regulation are formulated, and the process of self-regulation is formally described.

        Keywords:

        information security, self-regulation, graph theory, objective function, network with adaptive topology
        Pages 70–79
        M. Yu. Fedosenko ITMO University

        Annotation:

        This work contains a description of the stage of practical management of information security risks of a web resource as a result of its use as a medium and communication channel for steganographic information exchange. The possibility of using steganography on public Internet resources as a tool for attackers to exchange illegal data and carry out computer attacks has been established based on available research results. As a result, the relevance of developing methods to counter the malicious use of steganographic algorithms has been proven. The paper examines threats to information security when using steganography methods in accordance with the FSTEC IS BDU. Based on these threats, the 4-level model of threats to a web resource from user data has been developed. It including the risks of violating the integrity, accessibility, confidentiality and provisions of 374-FL (amendments to 149-FL “On information, information technologies and information protection"). The 374-FL demonstrated the problem of the inaccessibility of data to check for malicious nature when it is exchanged covertly. Based on the developed model, a practical assessment of the risks of a web resource was carried out using the Microsoft Security Assessment Tool (MSAT), as well as their theoretical assessment matrices FRAP, CRAMM in order to demonstrate the features of using a specific approach in solving the problem of countering a new type of attack. As a result, the necessary measures and components of mitigation were calculated using mathematical programming methods in order to identify the minimum and most optimal quantitative composition of the components of protection against the malicious use of steganography. These measures and components consist of specialists, their competencies, as well as software tools necessary for high-quality protection of a web resource within the framework of the scientific problem under study: the use by an offender of information security technologies when carrying out illegal activities and the further development of counteraction and analysis tools coming to the web resource data.

        Keywords:

        steganography, steganographic attacks, hidden data exchange, information security risk management, Internet, information security threats, FRAP, CRAMM, OCTAVE
        Pages 80–95
      • RESEARCH, MONITORING AND OPTIMIZATION OF AUTOMATED TECHNOLOGICAL PROCESSES AND PRODUCTIONS CONTROL SYSTEMS
        M. O. Zaid Alkilani, I. V. Mashkina Ufa University of Science and Technology

        Annotation:

        The article considers the possibility of using EPC notations to build scenarios of information security (InfoSec) threats in the automated process control system (ICS). In accordance with regulatory and legal documents, if there is a scenario of an InfoSec threat, it is recognized as relevant to the information system and is included in the InfoSec threat model to justify the choice of measures and means of information protection. The methodology of building scenarios of threat realization in the form of EPC models is proposed. The construction of EPC models of attack scenarios on industrial network infrastructure components is based on the establishment of possible objects of impact taking into account the architecture of the ICS, identification of possible vulnerabilities of infrastructure components and means of protection on the way to the threat’s implementation, determination of possible tactics and techniques, threats, lists of which are presented in methodological documents. The results of the development of several scenario models of computer attacks on the enterprise infrastructure, including an attack over wireless channel of communication with the field level are presented.

        Keywords:

        industrial control system ICS, EPC threat, scenario diagram, target of the threat, information security, tactics, techniques, information security threats
        Pages 96–109
        I. A. Sikarev, V. M. Abramov, K. S. Prostakevich, A. L. Abramova, A. O. Semidelova Russian State Hydrometeorological University

        Annotation:

        There are presented development results of info-telecommunication instrumentarium for natural risk management while commercial use of autonomous vessels in the Arctic and Subarctic, including Northern Sea Route and higher latitudes. Toolkit was developed using Foresight technologies, the methods of database designing within online technologies. Research results have a high scientific novelty and can be used by various players, including educational organizations while formation of Master's programs. Online platform Researchgate was used for preliminary discussion and data exchange while research.

        Keywords:

        infocommunication systems, natural risk management, autonomous vessels, Arctic
        Pages 110–120
      • SOFTWARE SECURITY
        D. O. Markin, I. A. Saitov Academy of Federal Guard Service of Russia

        Annotation:

        The article presents the results of the binary code analysis of the embedded software for hardware platforms based on processors with ARM architecture (trustlets) for the presence of potential hidden channels expressed in the form of potentially dangerous functional objects. The descriptive model of the trustlet has been developed based on the binary trustlet code analysis. The model allows to identify quantitative and qualitative indicators describing the presence of potentially dangerous functional objects in the trustlet code. These indicators allows to rank the trustlets according to the vulnerabilities criticality levels. It is advisable to use the ranking results for searching hidden channels in the embedded software carried out during certification tests of information security tools.

        Keywords:

        trustlet, potentially dangerous functional object, vulnerabilities, ARM
        Pages 121–133
        N. N. Samarin Research Institute "Kvant"

        Annotation:

        This article highlights the most essential properties of software for searching for errors in it by the method of spot-based fuzzing. A generalized set-theoretic model of software is formulated, its invariant form is presented and its adequacy, universality and consistency are proved.

        Keywords:

        information security, software, error detection, mathematical modelling, symbolic execution, fuzzing
        Pages 134–141
      • MACHINE LEARNING AND KNOWLEDGE CONTROL SYSTEMS
        A. A. Muryleva, M. O. Kalinin, D. S. Lavrova Peter the Great St. Petersburg Polytechnic University

        Annotation:

        The paper reviews the problem of protecting machine learning models from the security threat of violating data confidentiality, which implements membership inference in the training datasets. A method for protective noising of the training dataset is proposed. It has been experimentally shown that Gaussian noising of training dataset with scale of 0.2 is the simplest and most effective approach to protect machine learning models from the training data extraction. Compared to alternative techniques, the proposed method is easy to implement, universal for different types of target models, and allows reducing the effectiveness of attack by up to 26 % points.

        Keywords:

        noising, machine learning, training set, membership inference, Gaussian noise
        Pages 142–152
        S. G. Fomicheva, O. D. Gayduk St. Petersburg University of Aerospace Instrumentations

        Annotation:

        The paper proposes machine-learning pipelines that allow to automatically generating relevant feature spaces for virus detectors, detect the presence of viral modifications in JS-files and scripts in real time, as well as interpret and visualize the machine solution obtained automatically. It is shown that the best quality metrics will be demonstrated by models of an abstract syntactic tree using binary classifiers based on ensembles of decision tree. The explanation, the solution automatically generated by the virus detector, is demonstrated.

        Keywords:

        virus analysis, machine-learning models, features viral modification, decision trees ensembles, machine solution interpretation
        Pages 153–167
    • № 2 2024
      • INFORMATION SECURITY ASPECTS
        Yu. V. Vedernikov, A. Yu. Garkushev, A. V. Lipis, A. F. Suprun St. Petersburg State Maritime Technical University, Peter the Great St. Petersburg Polytechnic University

        Annotation:

        The article is devoted to the study of the possibility of modernizing the information security management systems of industrial enterprises by applying modern optimization methods. In addition to discrete deterministic values of parameters that reflect the influence of various factors on information security, propose to take into account heterogeneous indicators specified numerically, interval, verbally and using parametric series. A model of implementation in the form of a program that allows you to make an informed choice of the best of the alternatives

        Keywords:

        information security model, optimization, ranking, priority system, preference matrix
        Pages 9-19
        G. A. Markov, V. M. Krundyshev, D. P. Zegzhda Jet Infosystems St. Petersburg Polytechnic University of Peter the Great

        Annotation:

        This paper examines the problem of ensuring information security in industrial Internet of Things systems. The study found that in order to comprehensively protect the information perimeter of an industrial enterprise from external and internal threats, in most cases information security event and incident management systems (SIEM systems) with customized rules for correlating events in the information infrastructure are used. At the same time, there is a need to create a mathematical apparatus that allows one to accurately and objectively assess the effectiveness of the SIEM system. As a result of the study, the problem of preventing information security incidents in industrial Internet of Things systems was formalized based on the developed mathematical model for managing information security events using a continuous-time Markov chain.

        Keywords:

        mathematical model, industrial Internet of things, information security event management, Markov chains, SIEM system
        Pages 20–30
      • INFORMATION SECURITY APPLICATION
        I. S. Lebedev, M. E. Sukhoparov, D. D. Tikhonov Saint Petersburg Federal Research Center of Russian Science Academy Russian State Hydrometeorological University

        Annotation:

        The processing of information sequences using segmentation of input data is proposed, aimed at improving the quality of detection of destructive influences using machine learning models. The basis of the proposed solution is the division of data into segments with different properties of the objects of observation. A method using a multi-level data processing architecture is described, where learning processes are implemented at various levels, the analysis of the achieved values of quality indicators and the assignment of the best models for quality indicators to individual data segments. The proposed method makes it possible to improve the quality indicators for detecting destructive information influences by segmenting and assigning models that have the best performance in individual segments

        Keywords:

        information security, machine learning, data set, data sampling, data segmentation, processing models
        Pages 31–43
        L. Kh. Safiullina, A. R. Kasimova, A. A. Alekseeva Kazan National Research Technological University

        Annotation:

        Currently, it can be argued that in certain areas of information technology, there is a complete replacement of classical computer system user authentication systems based on passwords and tokens with biometric technologies. However, biometric systems are vulnerable to various types of security threats. For example, in them, unlike the same passwords and tokens, templates based on biometrics cannot be replaced in case of compromise. To solve this problem, new protection schemes have been developed. Conventionally, they can be divided into two groups: biometric cryptography and cancelable biometrics. Biometric cryptography methods show average values of errors of the first and second types; experimental work in this area is widely known. Cancelable biometrics can be highly reliable, but there is not much experimental data on them. This paper presents a comparative analysis of the reliability of existing methods. It is shown that among the static biometric parameters the greatest interest is the iris, and among the dynamic ones – the keyboard stroke. However, using these methods, like others, has its own difficulties and risks

        Keywords:

        identification, authentication, biometrics, template, biometric cryptography, cancelable biometrics
        Pages 44–56
        A. I. Sergadeeva, D. S. Lavrova, E. B. Aleksandrova Peter the Great St. Petersburg Polytechnic University

        Annotation:

        The paper proposes the generative adversarial network approach to improve the robustness of the steganographic method against modern stegoanalyzers. The approach is based on the joint operation of generative adversarial network, pixel importance map and least significant bit replacement method. The results of experimental studies confirmed the effectiveness of the proposed approach

        Keywords:

        generative adversarial networks, steganography, steganography method, steganalysis, machine learning
        Pages 57–65
      • RESEARCH, MONITORING AND OPTIMIZATION OF AUTOMATED TECHNOLOGICAL PROCESSES AND PRODUCTIONS CONTROL SYSTEMS
        S. O. Baryshnikov, A. A. Shnurenko, V. V. Sakharov, I. A. Sikarev, V. M. Abramov Admiral Makarov State University of Maritime and Inland Shipping, ZAO “Kanonersky Ship Repair Plant”, Russian State Hydrometeorological University

        Annotation:

        Tools development results for automating ship repair management processes are presented. It is indicated, that development of adequate and stable model and the choice of algorithms for its use are of key importance, their correctness is shown

        Keywords:

        automation, management, ship repair, model
        Pages 66–72
        K. V. Egorova, S. S. Sokolov, N. B. Glebov, K. P. Goloskokov Admiral Makarov State University of Maritime and Inland Shipping

        Annotation:

        This article is dedicated to studying the spreading of oil spills in the aquatic environment and developing a corresponding monitoring system using a group of unmanned aerial vehicles. To effectively control and prevent the spread of oil spills in water bodies, the process of comprehensive monitoring and forecasting needs to be automated. The foundation of such an automated system lies in mathematical models that enable the assessment of spill parameters, prediction of its trajectory, and determination of strategies to prevent and mitigate associated issues. The automation of monitoring and forecasting allows for continuous observation of the state of water resources and swift response to potential oil leaks. With the help of specialized sensors, unmanned aerial vehicles, and other technical means, it is possible to monitor changes in water conditions, detect the presence of oil spills, and determine their sizes. By possessing the ability to promptly respond to spills, the system ensures proper containment of leaks and minimization of negative environmental impact, as well as enables the development of strategies to prevent similar incidents in the future

        Keywords:

        oil spills, water environment, unmanned aerial vehicles, automation, monitoring system, forecasting, environmental protection
        Pages 73–83
      • CRITICAL INFORMATION INFRASTRUCTURE SECURITY
        G. D. Gavva, M. O. Kalinin Peter the Great St. Petersburg Polytechnic University

        Annotation:

        A comparative analysis of methods for protecting reconfigurable wireless networks that implement topology re-building was carried out, which made it possible to determine the network game method as the most promising in solving the task of maintaining the network connectivity and functional integrity. Managing the network topology when using the basic network game method is characterized by overloading the channels of the control node and excessive sensitivity to changes in network connections. In this research, the basic method is extended with the criterion of the maximal possible path length, which allows reducing the number of network reconfigurations when there is a short route between nodes passing through existing connections. It is experimentally shown that the improved method provides protective online restructuring of a network with lower topology rebuilding costs

        Keywords:

        wireless reconfigurable network, gaming approach, network game, reconfiguration, path length, functional integrity
        Pages 84–94
        M. A. Pahomov, E. Yu. Pavlenko Peter the Great St. Petersburg Polytechnic University

        Annotation:

        The features of VANETs are considered. An approach to ensuring the information security of VANETs is proposed, the distinctive feature of which is the early detection of malicious activity of network nodes. To achieve early detection of malicious activity, the parameters of VANETs are presented as a time series, after which their future values are predicted and anomalies are searched by using machine learning methods. The proposed approach makes it possible to improve the safety of intelligent transport systems

        Keywords:

        information security, VANET, time series prediction, attacks prevention
        Pages 95–103
        F. H. Pashayev, J. I. Zeynalov, H. T. Najafov The Ministry of Science and Education of the Republic of Azerbaijan, Institute of Control Systems, Nakhchivan State Universty, ”Nakhchivan” University

        Annotation:

        It is known that the rapid development of technological computer networks and SCADA systems has necessarily accelerated the process of integration between these networks and global Internet networks. As a result, the solution of many issues of technological and production processes has been simplified and opportunities have been created for remote control of the enterprise staff and operational staff. However, this situation has also created new threats previously non-existent to the above-mentioned monitoring, diagnostic and management systems. Targeted attacks are organized by specific specialized groups, hackers and, in some cases, government agencies on the Internet for specific industrial enterprises. Those who organize cyber attacks on technological process control systems, over time, improve their methods and tools, increase their professional level. They carefully study the objects they will attack and identify vulnerabilities in the software of the object management systems. Developed set of technical means is based on the application of STM32F4XX type controllers and LPT ports of computers. The article provides connection diagrams and assembly methods of technical means. These technical means and the exchange protocols created can act as a bridge between the global Internet and technological corporate computer networks. The article presents simple algorithms of protocols and working program fragments. Fragments of the program are given in the C programming language and in the DELPHI programming system. The developed software acts as a filter bridge between the global Internet and TKKŞ. Data exchange between these two networks is carried out by creating non-standard protocols using STM32F4XX controllers and LPT ports

        Keywords:

        Internet attacks, technological computer networks, telemechanical systems, malware, random attacks, STM32F4XX controller, LPT port
        Pages 104–116
      • APPLIED CRYPTOGRAPHY
        M. R. Salihov ITMO University

        Annotation:

        With the development of Web3 technologies, the third generation of the Internet has become one of the most promising areas. It involves the use of decentralized, transparent and user-oriented applications. However, many Web3 projects do not pay due attention to security, which can lead to serious consequences. Even a small error in the code can make the system vulnerable, opening access to intruders. Because of this, the industry faces frequent security breaches that threaten users and undermine trust in new technologies. One of the main problems of Web3 is the management of private keys. This is a critical aspect of security, which is directly related to the protection of digital assets and personal information of users. The risk of loss or theft of the private key can lead to irreparable consequences, since in case of loss there is no way to restore or reset the key. This article discusses various ways to store the private key of a cryptographic wallet to ensure security. For example, a key can be divided into parts and stored encrypted on hardware media, or the whole encrypted key can be stored on secure media. Quantitative data were calculated using Shamir’s scheme.

        Keywords:

        key management, encryption, secret sharing, cryptography, distributed storage system
        Pages 117–129
      • SOFTWARE SECURITY
        N. N. Samarin Research Institute “Kvant”

        Annotation:

        The paper proposes a method of searching for errors in software based on “in-memory” code phasing. Within the framework of the method, special fragments called “points” are selected in the software code, and these “points” are subjected to phasing testing in isolation from the rest of the program code. A practical example of using the method is presented, as a result of which a memory corruption error was detected in the code

        Keywords:

        information security, software, error detection, mathematical modelling, symbolic execution, fuzzing
        Pages 130–137
        P. A. Teplyuk, A. G. Yakunin Altai State Technical University

        Annotation:

        The development of operating systems built on the basis of the Linux kernel contributes to the wider use of Linux distributions as the basis of system software in information systems for various purposes, incl. being objects of critical information infrastructure. The goal of the work is to analyze the available approaches and tools for fuzzing system calls of the Linux kernel, as well as experimental fuzzing testing of some current versions of the kernel, aimed at increasing the overall security of the Linux kernel. Theoretical analysis was used to evaluate and compare existing types of Linux kernel-level vulnerabilities, as well as approaches to kernel fuzzing. An empirical research method was also used, which involved identifying defects and vulnerabilities in a certain configuration of the Linux kernel using fuzzing testing Analyzed critical vulnerabilities at the kernel level, approaches to fuzzing, including system calls, and an experimental study was conducted using the syzkaller fuzzer, which identified defects and vulnerabilities in the Linux kernel versions 4.9 and 5.4, incl. memory use-after-free vulnerability. This area of research requires further development in order to detect new vulnerabilities in current kernel versions

        Keywords:

        operating system kernel, security threats, vulnerabilities, fuzzing, attack surface, syzkaller
        Pages 138–151
      • MACHINE LEARNING AND KNOWLEDGE CONTROL SYSTEMS
        G. A. Zhemelev Peter the Great St. Petersburg Polytechnic University

        Annotation:

        The paper addresses the problem of 3D-representations and automatic synthesis of gas turbine blades shapes. First, we implemented a parametric method of descriptor-based representation using Bernstein polynomials and generalized it to produce controllable 3D-shapes. Then, we proposed a method of automatic synthesis of 3D-shapes based on the use of generative ML models for aerodynamic profiles. This method helps to reduce the number of geometric design variables used in the optimization of the aerodynamic shape of blades. Moreover, it enables automatic synthesis of 3D-shapes with representation independent of shapes level of detail. Its implementation is based on generative-adversarial network BézierGAN and makes it possible to produce arbitrary sized datasets of 3D blades having aerodynamic shapes. Finally, by interpreting and visualizing the generator’s latent space, we observed the subset of latent variables that has the most importance for rapid prototyping of gas turbine blades

        Keywords:

        gas turbine blade, dataset, 3D object representation, machine learning, generative-adversarial network, Bézier curves, Bernstein polynomials
        Pages 152–168
        O. A. Izotova, D. S. Lavrova Peter the Great St. Petersburg Polytechnic University

        Annotation:

        This paper describes a study of the problem of generalizing multimodal data in the detection of artificially synthesized audio files. As a solution to the stated problem, a method is proposed which combines simultaneous analysis of audio file characteristics with its semantic component presented in the form of text. The approach is based on graph neural networks and algorithmic approaches involving the analysis of keywords and text sentiment. The conducted experimental studies confirmed the validity and efficiency of the proposed approach

        Keywords:

        deepfake, graph neural networks, artificially synthesized audio file, text analysis
        Pages 169–177
    • Special Issue 2024
      • New generation cyber security technologies
        A. G. Busygin, M. O. Kalinin Peter the Great St. Petersburg Polytechnic University

        Annotation:

        This paper analyzes the security of the common distributed consensus algorithms used in smart city distributed ledgers. There is proposed a concept of smart city distributed ledgers protection, which applies a hybrid distributed consensus protocol based on the joint use of the tangle class algorithm and the proof-of-authority class algorithm, protected by trusted computing and remote attestation technologies. The proposed protocol compensates for the weaknesses and vulnerabilities of the conventional distributed consensus algorithms that are inherent in distributed ledger technology and hinder its widespread use in large-scale smart city systems

        Keywords:

        smart city, distributed ledger technology, security, distributed consensus algorithm
        Pages 10-16
        N. V. Gololobov Peter the Great St. Petersburg Polytechnic University

        Annotation:

        This article presents a formal formulation of the problem of modifying executable code during execution based on morphing used in computer animation. In the course of the research, the need for developing a morphing method for software was substantiated, and the basic principles used in computer animation were adapted for the field of cybersecurity, and vectors for further research in this direction were determined. The results obtained during the adaptation should be used in the design and implementation of the morphing method for executable code

        Keywords:

        cybersecurity, executable file protection, binary morphing, protection against ROP chains
        Pages 17-23
        I. A. Goretsky, D. S. Lavrova Peter the Great St. Petersburg Polytechnic University

        Annotation:

        This paper is devoted to an approach to countering network attacks based on network reconfiguration to exclude the possibility of successful completion of the attack. To implement the approach, it is proposed to use the mechanism of recommender systems that provides both generation of possible network topologies and their ranking. The proposed intelligent recommender system is based on a reinforcement learning algorithm based on the actor – critic model. Experimental studies have confirmed the effectiveness of the developed system

        Keywords:

        reinforcement learning, DDoS, network attack, recommender system
        Pages 24-30
        N. A. Gribkov Peter the Great St. Petersburg Polytechnic University

        Annotation:

        The paper analyzes the syntactic and semantic characteristics used to identify the similarity of binary code fragments, presents the results of analysis on the effectiveness of decompilation techniques and methods for syntactic similarity detection in the context of code clone detection task. Method for searching the code clones is proposed, which includes analyzing both semantic and syntactic features of the binary code snippets. The results of a comparative analysis of the effectiveness of the proposed method are presented

        Keywords:

        syntactic similarity, semantic similarity, pseudocode, binary code search, code reusage
        Pages 31-45
        E. V. Zavadskii, A. V. Bulat Peter the Great St. Petersburg Polytechnic University

        Annotation:

        The current trend of increasing labor productivity and efficien-cy of business processes entails optimization of software development pro-cesses through the use of generative artificial intelligence models trained on various code bases and manual copying of code fragments. Taking into ac-count the growing number of reported vulnerabilities, methods for detecting clones of program code are needed. In this paper, we propose a method for evaluating the similarity of fragments of the program code of binary executable files, which is based on the representation of the code in the form of an FA-AAST tree and the apparatus of graph neural networks. The results obtained during testing on open and closed source software demonstrate the correctness of the proposed method and higher accuracy in comparison with considered solutions

        Keywords:

        code clone, AST, FA-AAST, graph neural network, cyberse-curity
        Pages 46-55
        S. O. Kostin, E. B. Aleksandrova Peter the Great St. Petersburg Polytechnic University

        Annotation:

        The main mathematical mechanism chosen by NIST (National Institute of Standards and Technology) for standardization is the lattice, while the hash function mechanism is an alternative. Unlike isogenies of elliptic curves, these mechanisms use a larger size of both public keys and signatures. Using the example of aggregate signature protocol based on isogenies of elliptic curves, we will show how the masking method can be used to prevent the main attack on this mechanism, while obtaining a smaller signature size. Post-quantum cryptography, aggregate signature, isogenies

        Keywords:

        post-quantum cryptography, multiple signature, isogeny
        Pages 56-64
        G. S. Kubrin, D. P. Zegzhda Peter the Great St. Petersburg Polytechnic University

        Annotation:

        The paper presents a survey of existing software security analysis method and their ability to detect vulnerabilities caused by errors in several software components implemented in different programming languages. A set of three generalized code graph representations is proposed for implementation of software security analysis methods with consideration for interaction between components written in different programming languages. A software security analysis system architecture and a prototype of a system that uses proposed generalized code graph representation was developed. The prototype supports analysis of software components written in PHP, C and .NET based programming languages

        Keywords:

        software vulnerabilities detection, logical vulnerabilities, static code analysis, graph theory, multicomponent software analysis
        Pages 65-75
        E. Yu. Pavlenko Peter the Great St. Petersburg Polytechnic University

        Annotation:

        The paper is devoted to the implementation of intelligent synthesis of cyber-resistant structures. We propose methods that implement the synthesis both at the stage of building a network structure and at the stage of its recovery when an attack or failure occurs. Experimental results confirming the effectiveness of the proposed methods are presented. The architecture of the system for recognizing cyber threats and intelligent synthesis of cyber-resilient network structures is described.

        Keywords:

        functional isomorphism, target function, synthesis, critical nodes
        Pages 76-91
        E. Yu. Pavlenko Peter the Great St. Petersburg Polytechnic University

        Annotation:

        The concept of cyber resilience of complex systems is largely determined by the ability of their network structures to be rebuilt in such a way as to neutralize the impact of an attack already implemented on the system or to make its successful implementation impossible when detected at an early stage. It is proposed to solve the problem of synthesis to ensure cyber resilience of network structures both at the stage of system design (synthesis "from scratch") and at the stage of their operation (synthesis-restructuring). The paper presents modeling of the impact of massive and targeted attacks on the system, considers the constraints on synthesis, and formulates synthesis criteria in terms of graph theory. The obtained theoretical results are the basis for practical construction of cyber-resistant network structures and their rebuilding under attack

        Keywords:

        cyber resilience, target function, synthesis, graph stability, graph integrity
        Pages 92-103
        G. Yu. Paguba, N. V. Sobolev, D. N. Permyakov Peter the Great St. Petersburg Polytechnic University

        Annotation:

        The paper presents a review of software tools for information securi-ty that use hardware virtualization technology on the ARM architecture. For each tool considered, a brief description is provided, along with its advantages and disadvantages. The results of a comparative analysis of the reviewed tools are presented, highlighting the research directions in the field that require the most attention

        Keywords:

        information security, software, virtualization, hypervisor, ARM
        Pages 104-117
        M. A. Pahomov Peter the Great St. Petersburg Polytechnic University

        Annotation:

        The features of ad-hoc network scanning have been studied and methods for its detection have been analyzed. A modification of the hybrid method for detecting scanning from the Internet has been proposed, along with methods for identifying decoy scanning and creating blacklists of subnets to prevent further scanning. The proposed protection methods have been compared with existing counterparts

        Keywords:

        information security, ad-hoc networks, network scanning
        Pages 118-128
        N. V. Polosukhin Peter the Great St. Petersburg Polytechnic University

        Annotation:

        This article proposes a classification of attributes of cybersecurity threats. A statistical study of the descriptive power of an open and closed threat dataset is presented. An expert study of an advanced persistent threat was also conducted using open reports as an example. The completeness of the threat description, as well as the ability of modern tools and protocols to describe such a threat, are assessed. The main conclusion is that current approaches to describing cybersecurity threats have shortcomings that prevent the most effective use of such information in operational activities

        Keywords:

        cybersecurity threats, "pyramid of pain", tactics, techniques and procedures, threat description protocols
        Pages 129-145
        M. A. Poltavtseva, A. A. Podorov Peter the Great St. Petersburg Polytechnic University

        Annotation:

        Ensuring consistent access control is one of the key security challenges in heterogeneous Big Data systems. The problem is presented by the large number of data processing tools, information sources and users; heterogeneity of security models; complexity of granular access rules. Analyzing the time factor in this case will improve the consistency and reliability of access differentiation. The aim of the work is to select a methodology and tools for the implementation of temporal logic in the verification processes of access control of Big Data systems. The paper analyzes types of temporal logic and verification methods based on TLA (temporal logic of actions). We propose the use of TAL+ to solve this problem and give an example of the corresponding specification

        Keywords:

        information security, Big Data, heterogeneous data processing systems, access control, verification, temporal logic, TLA+
        Pages 146-156
        N. N. Samarin Research Institute "Kvant"

        Annotation:

        The paper proposes a methodology of searching for errors and undeclared capabilities in software, which is based on: a graph model of software operation, a method of estimating the achievability of basic software blocks, a mechanism of general simulations and a method of point fuzzing which is using this mechanism

        Keywords:

        information security, software, error detection, methodology, symbolic execution, fuzzing
        Pages 157-164
        I. S. Tsurkan, E. V. Malyshev, E. A. Zubkov, D. A. Moskvin Peter the Great St. Petersburg Polytechnic University

        Annotation:

        The paper proposes a method of CAPTCHA generation using adversarial attacks with respect to the image recognition model. The advantages of this method are determined based on comparative analysis of statistical data obtained as a result of the study. The developed method allows increasing the efficiency of counteraction against automatic bypassing of CAPTCHA services due to the use of insecurity of neural network models from malicious influence

        Keywords:

        adversarial attacks, text recognition, denial of service, CAPTCHA services, machine learning, Python
        Pages 165-175
    • № 3 2024
      • SOFTWARE SECURITY
        S. V. Bezzateev, G. A. Zhemelev, S. G. Fomicheva Saint Petersburg State University of Aerospace Instrumentation Peter the Great St. Petersburg Polytechnic University

        Annotation:

        The paper examines the performance indicators of automatic machine learning platforms when they function in standard and confidential modes using the example of a nonlinear multidimensional regression. A general protocol of distributed machine learning trusted in the sense of security is proposed. It is shown that within the framework of confidential virtualization, when optimizing the architecture of machine learning pipelines and hyperparameters, the best quality indicators of generated pipelines for multidimensional regressors and speed characteristics are demonstrated by solutions based on Auto Sklearn compared with Azure AutoML, which is explained by different learning strategies. The results of the experiments are presented

        Keywords:

        automatic machine learning, confidential computing, confidential virtual machines, optimization of the architecture of the machine-learning model, hyperparameters
        Pages 109–126
        N. V. Gololobov Peter the Great St. Petersburg Polytechnic University

        Annotation:

        The most vulnerable nodes of any information system are those that depend on the human factor. Such nodes, for example, include user electronic computers (PCs), which are susceptible to attacks using malicious software (malware). Modern malware detection tools can effectively identify known instances, but their effectiveness for zero-day threats is at a suboptimal level. One of the potential ways to identify malware is a method based on behavioral analysis and analysis of their activity on a personal computer, but its creation requires systematization of known information about the activity of various types of malwares. This scientific work systematizes malicious software to determine the types of activity they exhibit to use the resulting system to create a method for identifying malware based on behavioral analysis

        Keywords:

        information security, malicious software, systematization, malware activity
        Pages 142–154
        V. M. Bogina, K. А. Velichko, A. А. Makeeva, A. D. Dahnovich, D. P. Zegzhda Peter the Great St. Petersburg Polytechnic University

        Annotation:

        This article describes an approach to creating target characters based on LLM agents. Agents use personal memory to access biographical and personal data assigned to them. In order to increase the integrity of the characters being created, a short life biography is generated based on the initial target data, corresponding to the original set and enriching the reactions of the agents. The personal traits inherited by agents are formulated on the basis of descriptive information of MBTI types, and the paper presents a study of the correspondence of characters to their target personality type

        Keywords:

        LLM, social simulation, personalization, social modeling, cyberpsychology
        Pages 127–141
      • INFORMATION SECURITY ASPECTS
        D. S. Bogdanov, A. S. Logachev, V. O. Mironkin National Research University Higher School of Economics TVP Laboratory MIREA – Russian Technological University

        Annotation:

        This paper presents the main probability-theoretic models describing a wide class of physical random number generators and allowing us to propose general approaches to their synthesis and analysis

        Keywords:

        physical random number generator, stochastic process, scheme of instantaneous value, scheme of intervals, scheme of excursion, optimal interpolation problem
        Pages 9–19
        A. Yu. Garkushev, A. V. Vyvolokina, S. I. Fokina, A. F. Suprun St. Petersburg State Marine Technical University St. Petersburg State Polytechnic University of Peter the Great

        Annotation:

        The article proposes a new approach to the application of the well-known method of indicator functions, which used to simulate the detection and neutralization of suspicious information objects in the information environment of an industrial enterprise, as well as to simulate a security system during operation. Formula dependencies are given for calculation of stochastic indicators, allowing some objective estimates of values of time parameters and their impact on safe functioning of information systems

        Keywords:

        indicator function, information security, information system, neutralization, identification of the object
        Pages 20–29
        O. V. Rybkina Far Eastern State Transport University

        Annotation:

        Mathematical models of information system defense against information security threats are proposed based on the classical model of the struggle between two adversaries – the Lanchester model. Using the method of constructing systems of differential equations with a given set of invariants – first integrals, a deterministic model with invariant control and a stochastic model with Viner perturbations and a model with software control with probability 1 have been constructed. The behavior of the systems has been evaluated by means of mathematical modeling in MathCad. Behavior of the constructed models depending on initial conditions is considered. The existence of the stochastic model of information system protection against information security threats protected with probability 1 is established

        Keywords:

        mathematical model, Lanchester model, information security, deterministic model of information protection, stochastic model of information protection, invariant control, program control with probability 1
        Pages 30–39
      • INFORMATION SECURITY APPLICATION
        V. V. Zaitzeva, M. A. Poltavtseva Peter the Great St. Petersburg Polytechnic University

        Annotation:

        The article deals with the task of the security assessing of big data systems. The authors define the main features of big data systems as an object of security assessment and analyze the known methods of assessment, including methodologies for assessing the security of information systems. Based on the results obtained, a new method of assessment is proposed, taking into account such factors as the state of the access control system in the considered heterogeneous systems and the number of privileged users. A mathematical formalization of the assessment is proposed, the main stages of its implementation are described, and a test case is presented

        Keywords:

        information security, Big Data, heterogeneous data processing systems, security assessment
        Pages 40–57
        T. M. Tatarnikova, I. A. Sikarev, D. A. Rychikhin St. Petersburg State University of Aerospace Instrumentation Russian State Hydrometeorological University

        Annotation:

        The current task of obtaining evidentiary information as a direction for the development of digital forensics is considered. The procedure for collecting evidentiary information from computer storage devices is given, including the basic requirements for collecting evidence, its safety and ensuring integrity. An overview of methods for obtaining evidentiary information from a computer is given, among which an accessible and effective method is highlighted using Open Source software to form a snapshot of RAM. The results of an experiment to study the possibility of obtaining and analyzing a snapshot of a computer’s RAM using Open Source tools are presented and approximate information is determined that can be obtained when using them in the interests of computer technical expertise

        Keywords:

        digital forensics, evidentiary information obtained from a computer, the procedure for collecting evidentiary information, methods for obtaining evidentiary information, an experiment on obtaining evidentiary information from a computer
        Pages 58–68
      • CRITICAL INFORMATION INFRASTRUCTURE SECURITY
        A. G. Busygin, M. O. Kalinin Peter the Great St. Petersburg Polytechnic University

        Annotation:

        The article discusses the application of the distributed ledger technology to secure information systems of the smart city. The authors identified the limitations of existing solutions in this area and considered the main directions for the development of distributed ledger technology, ensuring successful integration into the smart city ecosystem

        Keywords:

        smart city, internet of things, distributed ledger technology, information security
        Pages 69–79
        D. P. Zegzhda, A. F. Suprun, E. G. Anisimov, V. G. Anisimov Peter the Great St. Petersburg Polytechnic University Peoples’ Friendship University of Russia named after Patrice Lumumba

        Annotation:

        In the interests of sound planning for the modernization of information security systems, approaches to constructing methods for assessing the possibility of developing and introducing within the planned time frame innovations necessary for the timely detection, prevention and elimination of the consequences of information security threats are considered. As an indicator for assessing this possibility, it is proposed to use the probability of modernizing the information security system over a certain specified period of time. To quantify this indicator, approaches based on a generalization of Chebyshev’s inequality and the principle of stochastic dominance are proposed

        Keywords:

        information security system, modernization planning, assessing the likelihood of meeting the deadlines for introducing innovations
        Pages 80–87
      • CYBER-PHYSIC SYSTEMS SECURITY
        A. S. Kurakin LLС “STC”

        Annotation:

        The paper evaluates the effectiveness of a group of unmanned aerial vehicles in performing aerial photography tasks in solving heterogeneous tasks and various payload variants. The modeling of options for equipping the elements of the group when performing various tasks is carried out. The integral indicator is defined as a combination of particular performance indicators, efficiency and resource intensity. The relationship between task options and payload options has been established. Numerical modeling of combinations of group equipment options and task options is carried out

        Keywords:

        efficiency, resource intensity, integral indicator, group of unmanned aerial vehicles, flight task, efficiency, comparative assessment, aerial photography
        Pages 88–93
        E. Yu. Pavlenko Peter the Great St. Petersburg Polytechnic University

        Annotation:

        An approach to investigating the states of complex industrial networks with adaptive topology using network motifs – statistically significant subgraphs of a larger graph – is proposed. The analysis presented addresses the ability of network motifs to characterize system performance and the possibility of their application to short-, medium-, and long-term prediction of system states. Using the Smart Grid network structure as an example, a directed graph is modeled, in which the most common motifs are searched, several attack scenarios on network nodes are simulated and a network state prediction is built. The results of experimental studies confirmed the correctness and validity of the application of this mathematical apparatus for the set tasks

        Keywords:

        dynamic graph, network motive, target function, network with adaptive topology, forecasting
        Pages 94–108
  • 2023 year
  • 2022 year
  • 2021 year
  • 2020 year
  • 2019 year
  • 2018 year
  • 2017 year
  • 2016 year
  • 2015 year
  • 2014 year
  • 2013 year
  • 2012 year
  • 2011 year
  • 2010 year
  • 2009 year
  • 2008 year
  • 2007 year
  • 2006 year
  • 2005 year
  • 2004 year
  • 2003 year
  • 2002 year
  • 2001 year
  • 2000 year
  • 1999 year