Quarterly journal published in SPbPU
and edited by prof. Peter Zegzhda
Peter the Great St. Petersburg Polytechnic University
Institute of computer sciences and technologies
information security of computer systems
Information Security Problems. Computer Systems
Published since 1999.
ISSN 2071-8217
  • 2019 year
  • 2018 year
    • №4 2018
      • INFORMATION SECURITY APPLICATION

        Lokhvitsky V.A.,

        Khomonenko A.D.,

        Bolshakov M.A.

        ON THE BUILDING OF CYBERVISOR OF THE INTELLECTUAL MONITORING SYSTEM AND MANAGEMENT OF THE CENTERS OF DISTRIBUTED DATA PROCESSING

        Annotation:

        The proposed cyber vizor architecture of a distributed data processing center (DPC). The concept of building a cyber visor is based on three components: modeling the data center operation process, monitoring the performance and cyber security characteristics, decision support in developing control actions to increase the efficiency of the computational process. A conceptual model of the architecture of an intelligent cyber visor with compensation for the degradation of the computation process is proposed. The characteristic of virtual infrastructure management is substantiated and the functions of the cyber visor are indicated.

        Keywords:

        Cyber visor, data center, modeling, efficiency, information security, monitoring
        Pages 9-13

        Zegzhda P.D., Aleksandrova E.B., Lavrova D.S., Shtyrkina A.A.

        NETWORK ANOMALIES DETECTION BASED ON DISCRETE WAVELET TRANSFORM AND CHANGEPOINT DETECTION

        Annotation:

        This paper proposes an approach for network anomalies detection based on discrete wavelet transform of time series formed by parameters of network traffic and on changepoint detection.

        Keywords:

        discrete wavelet transform, time series, changepoint detection, network attacks, anomaly
        Pages 14-21

        Poltavtseva M.A., Zaitseva E.A.

        AUTOMATED LEARNING METHOD OF DECISION SUPPORT SYSTEM fOR INFORMATION SYSTEMS SECURITY ANALYSIS

        Annotation:

        The article describes the method of analytical systems training for security assessment and penetration testing. The analysis systems based on the approach to the precedents description "bag of objects" are considered. The authors present approaches to updating the knowledge base and propose a method based on the merger of such precedents with the possibility of adding new one and automatic assessment of the properties significance. The results of experimental testing of the proposed method are presented.

        Keywords:

        training of intelligent systems, knowledge bases, intelligent security systems, case analysis, decision support systems, penetration testing
        Pages 22-32

        Semenov N.A., Poltavtsev A.A.

        SECURE DATA ARCHITECTURES ON CLOUD-BASED SYSTEMS

        Annotation:

        The article analyzes the security of modern data architectures implemented on the cloud platform. The features of modern cloud data architectures, their impact on security and specific methods of protection are given. The issues of coordination of security policies and fundamental conflicts in data processing, typical for this subject area, are considered separately.

        Keywords:

        cloud computing, data architecture, information security, data processing security, data storage security
        Pages 33-43

        Anisimova E.S., Anikin I.V.

        BIOMETRIC SYSTEM FOR RECOGNITION OF HUMAN HANDWRITTEN SIGNATURES BASED ON FUZZY SETS AND FUZZY LOGIC

        Annotation:

        We have proposed a features and biometric system for handwritten signatures recognition based on fuzzy sets. This approach allows to formalize the blurred nature of the signature and increase the accuracy of recognition. To build a pattern we use the potential method which works even with a small amount of training samples.

        Keywords:

        biometric system, handwritten signature, fuzzy sets
        Pages 44-54

        G.P. Akimova, A.Yu. Danilenko, M.A. Pashkin, E.V. Pashkina,

        A.A. Podrabinovich, I.V. Tumanova

        SECURITY OF INFORMATION SYSTEMS DEVELOPED WITH THE USE OF BLOCKCHAIN TECHNOLOGY

        Annotation:

        The features of the construction of automated information systems using elements of the blockchain technology, as well as a number of issues related to information security in this case are considered. The advantages and disadvantages of using the blockchain for several possible applications are given: real estate registries, medical information, DNS servers, cryptographic key certificate registries.

        Keywords:

        blockchain, information security, automated information systems, means of information protection.
        Pages 55-61
      • APPLIED CRYPTOGRAPHY

        Alexander Baranov, Petr Baranov

        MESSAGE CONTROL SUM ERROR PROBABILITY ASSESSMENT

        Annotation:

        The paper examines probability-theoretic models of information distortion at message level. We research control sum distribution segments that are typical for network protocols like TCP. As an addition operation we use both bitwise coordinate addition and addition of numbers in binary code with carry. Control sum error probability for asymptotic assessments provided distortion probability is low are deduced for described distortion models. These assessments could be relevant for large lengths of message segments.

        Keywords:

        information security, TCP, CRC, control sum, error probability, message segment.
        Pages 62-67

        Shakurskiy M.V., Kozlovskiy V.N.

        SELECTION OF KEY IN INVARIANT TWO-COMPONENT STEGANOGRAPHIC SYSTEMS WITH MULTIPLICATIVE ALGORITHM OF CONSTRAIN OF EMBEDDED SIGNALS.

        Annotation:

        An important task of designing a steganographic system is the selection of a key. The main requirement for the key is to ensure consistently high sensitivity of the system to the key variation and minimum change in this sensitivity during the formation of the container.The article provides an analysis of the invariant two-component steganographic system in terms of sensitivity to variations in various parameters and values of embedded signals.

        Keywords:

        two-component steganographic system, invariance to masking signal, steganographic container, key
        Pages 68-73

        E.B. Aleksandrova, E.N. Shkorkina

        SYSTEM OF QUANTUM CRYPTOGRAPHIC KEYS DISTRIBUTION TO transportation INFRASTRUCTURE USERS

        Annotation:

        Supporting systems that deliver keys to users are required for cryptographic protocols work. Using of quantum systems as a supplier of cryptographic keys for devices of intelligent transport systems is proposed. The possibility of using isogeny-based protocols for transferring quantum keys is discussed.

        Keywords:

        quantum key distribution, intelligent transportation system, isogeny.
        Pages 74-77
      • SPECIAL IT

        Anisimov V. G.,Zegzhda P. D.,

        Anisimov E. G., Saurenko T.N.

        MODEL AND METHOD OF OPTIMIZING COMPUTATIONAL PROCESSES IN COMPUTATIONAL SYSTEMS WITH PARALLEL ARCHITECTURE

        Annotation:

        The article proposes a model and method for optimizing computing processes in computing systems with a parallel architecture. The construction of the model consists in dividing computer programs for solving problems into relatively independent elements (blocks) and representing the information dependence of the blocks in the form of corresponding oriented graphs. The organization of the computational process in this case consists in the dynamic distribution of the resources of the computing system for implementing the operations of each of the blocks. As an indicator of the effectiveness of this process, the time taken to implement the operations of all blocks of the programs under consideration (the time to solve the corresponding tasks) was taken. The goal of optimization is to shorten the time as much as possible. To form an optimal resource allocation, a method based on the branch and bound procedure is proposed.

        Keywords:

        computer, computing system with parallel architecture, organization of computing process, optimization, model, method
        Pages 78-85

        Gasyuk D.P., Belov A.S.

        Trakhinin E.L.

        SCIENTIFIC AND METHODICAL APPROACH ON ESTIMATION SURVIVABILITY OF COMPUTER SYSTEMS IN CONDITIONS EXTERNAL SPECIAL PROGRAM AND TECHNICAL INFLUENCES

        Annotation:

        In article scientific and methodical approach which application will allow to formulate reasonable option of creation of computer systems in the conditions of external special program and technical influences taking into account requirements for survivability imposed to it is considered.

        Keywords:

        Survivability, computer system, special program and technical influence
        Pages 86-90

        S.G. Magomedov, V.P. Los

        INCREASING THE EFFICIENCY OF MICROPROCESSORS IN ACCESS CONTROL SYSTEMS

        Annotation:

        This paper is devoted to the problem of improving the performance of microprocessors used in access control systems. The requirements are described, and a set of commands is proposed, that are necessary for efficient design of microprocessors working on the basis of the residue number system for the purpose of monitoring and access control. The proposed approach is aimed at improving the efficiency of microprocessor operation as part of the access control system.

        Keywords:

        microprocessors; access control and management; data processing; data conversion; secure transmission channel; synchronization
        Pages 91-97

        A. Konoplev, I. Pankov, A. Chernov

        INTEGRITY CONTROL METHOD FOR UEFI BIOS

        Annotation:

        The article presents researching results of methods for integrity control and protection against the modification of the UEFI BIOS firmware in modern Intel-based computers. Disadvantages of such methods are highlighted, which make difficult to provide the necessary level of the UEFI BIOS protection. The requirement for integrity control of UEFI BIOS is shown. An approach that allows providing a trusted computing environment based on modern Intel-based computers is proposed.

        Keywords:

        integrity control, trusted executable environment, embedded software, UEFI BIOS, Intel ME.
        Pages 98-104

        U.V.Vedernikov, A.U. Garkushev , I.L. Karpova,G.M. Prutkov,

        A.F. Suprun

        NORMALIZATION OF DIVERSE INDICATORS OF QUALITY OF THE MULTILEVEL COMPLEX OF MANAGEMENT TAKING INTO ACCOUNT REQUIREMENTS OF INFORMATION SECURITY

        Annotation:

        Article is devoted to further development of the scientific and methodical device of design and modernization of difficult hierarchical managing directors of the systems functioning in the conditions of active counteraction from competitors. The example shows the possibility of reasonable accounting of requirements of information security when choosing the current configuration of a multilevel complex of management.

        Keywords:

        normalization, indicators of information security, choice of option.
        Pages 105-113

        S.V. Lapshin

        Sukhoparov M.E., I.S. Lebedev, A.I. Spivak

        PROCESSING TEXT MESSAGES ININFORMATION SECURITY MONITORING SYSTEMSIN INFORMATION AND TELECOMMUNICATION SYSTEMS

        Annotation:

        The approach to the preprocessing of natural language texts of messages in monitoring systems based on naive Bayesian classifier is considered. The problem of classification of messages is formulated. The model of natural language describing semantic-syntactic relations of constructions is given. The construction of a feature space containing semantic-syntactic relations for the context filtering base is shown. An approach to the calculation of the construction class of several interrelated words is outlined.

        Keywords:

        DLP-systems, preliminary processing of messages, classification of texts.
        Pages 114-119

        M.V. Gofman, A.A. Kornienko, A.P. Gluhov

        A POSITIONING METHOD BASED ON DIGITAL AUDIO WATERMARKING

        Annotation:

        The article presents a method for determining the location of a mobile node in a three-dimensional space, in the case where there is no synchronization in time between the mobile node and the reference nodes. Positioning is performed based on the differences in the arrival time of signals from the reference nodes to the mobile node. The proposed method of positioning does not impose any restrictions on the configuration of the relative location of reference nodes in the space of the room. The positioning method is an analytical method for solving a system of three equations of branches of hyperbolas. The use of only the differences in the arrival times of signals makes it possible to use the method of locating the mobile node proposed in the article, even in cases where it is impossible, inadmissible or disrupted direct transmission of signals in the direction from the mobile node to the reference nodes.

        Keywords:

        (Russian) позиционирование, определение местонахождения, цифровое маркирование, цифровое маркирование аудиосигналов, аудиосигнал.
        Pages 120-129
      • INFORMATION SECURITY CYBER-PHYSIC SYSTEMS

        ZegzhdaD.P., Pavlenko E.Y.

        ENSURING THE SUSTAINABILITY OF CYBERPHYSICAL SYSTEMS FUNCTIONING BASED ON DYNAMIC RECONFIGURATION

        Annotation:

        Authors propose a model for reconfiguring cyber-physical systems, which describes both controlling and destructive effects. A method for assessing sustainability of cyber-physical systems to computer attacks based on ability to reconfigure is proposed. Examples of scenarios for reconfiguring cyber-physical systems to ensure stable operation have been developed. The results of experimental studies showing the effectiveness of the proposed approach are presented.

        Keywords:

        sustainability of functioning; cyber-sustainability; cyber-physical system; homeostasis; information security
        Pages 130-139

        Aleksandrova E.B., Yarmak A.V.

        ANALYSIS OF APPROACHES TO PROVIDING SECURE INTERACTION IN LARGE-SCALE INDUSTRIAL SYSTEMS

        Annotation:

        The specificity of the task of providing security in large-scale industrial systems is investigated, and the requirements for group authentication schemes with this specificity are determined. The analysis of approaches to the organization of the secure interaction of the nodes based on the mechanism of group authentication is carried out. The prospects for the use of group authentication methods in large-scale industrial systems are considered.

        Keywords:

        group authentication, large-scale industrial systems
        Pages 140-144
    • №3 2018
      • NETWORK AND TELECOMMUNICATION SECURITY

        Lyskatov I.V., Pilkevich S.V.

        Saint-Petersburg, Mozhaisky Military Space Academy

        DETECTING CYBER THREATS MODEL IN ONLINE MEDIA SOURCES

        Annotation:

        The creation of media source protection model based on new methods of active search, unified investigation and cyber threat response. The process of detecting cyber threats based on methods of search forecasting, interlinked which the cyclic nature of the behavioral activity network resources users.

        Keywords:

        cyber threats, anomaly, forecast, user behavior, intelligence system.
        Pages 9-18

        Lebedev I.V., Karpov I.A., Baranov B.E., Los V.P., Samoletova K.S.

        PREDICTING NEWS POPULARITY IN ONLINE SOCIAL NETWORKS

        Annotation:

        This study describes a previously unknown model for describing the interests of the user has been presented on the sentiment analysis of texts, written by the user in the social network, and it has been applied to the research problem of forecasting the popularity of text messageson the basis of text message analysis, the author's profile of the message and the analysed community.

        Keywords:

        sentiment analysis, social networks, machine learning, popularity forecasting
        Pages 18-25
      • APPLIED CRYPTOGRAPHY

        V.I. Korzhik, Nguyen Kuong, AK Godlevsky

        St. Petersburg State University of Telecommunications named after Professor MA Bonch-Bruevich

        EVALUATION OF STEGOLDCHES FOR STEGOSYSTEMS USING PERSISTENT ENCRYPTION OF EMBEDDED MESSAGES

        Annotation:

        The task is to find secret stego-keys for stegosystems that use the encapsulation of the encoded information in the smallest significant bits, using matrix immersion on Hamming codes, and a stegosystem with an embedding algorithm "HUGO". The solution of the problem is based on testing the pseudo-randomness of extracted messages. The effectiveness of the proposed procedure for finding stegoldches is evaluated.

        Keywords:

        stegosystem, embedding in the smallest significant bits, matrix embedding, Hamming codes, "HUGO" embedding algorithm, pseudo-randomness tests.
        Pages 26-36

        Marshalko G.B., Nikiforova L.O.

        Spoofing attack on EIGenfaces-based biometric identification system

        Annotation:

        We present a spoofing attack on biometric identification scheme, which uses Eigenfaces algorithm for image classification. In this attack we try modify an adversarial image in such a way that it is recognized as a target image while preserving visual similarity to the initial image. Like other similar attacks, we use a variant of hill-climbing attack. We also present experimental results.

        Keywords:

        spoofing attack, Eigenfaces, biometric identification, hill-climbing attack, principal component analysis
        Pages 37-44

        Shenets N.N.

        THE SECURITY INFRASTRUCTURE OF FANET BASED ON SECRET SHARING AND AUTHENTICATED ENCRYPTION

        Annotation:

        This paper presents the results of a study aimed at improving the security of FANET. The FANET threats and existing security protocols are analyzed. A new security infrastructure has been developed based on the use of secret sharing and authenticated encryption. Its efficiency is experimentally proved on the FANET hardware model.

        Keywords:

        secret sharing schemes, authenticated encryption, FANET.
        Pages 45-62

        E.B. Aleksandrova, O.N.Pendrikova

        isogeny graphs for checking SUPERSINGULARITY OF ELLIPTIC CURVES

        Annotation:

        The role of supersingular elliptic curves has increased in recent years in connection with their use in postquantum cryptographic algorithms. The characteristics of elliptic curves and the concepts of graph theory are compared. An algorithm for testing the elliptic curve supersingularity is proposed, investigating the characteristics of its isogeny graph.

        Keywords:

        elliptic curve isogeny, isogeny graph, elliptic curve generation, isogeny volcano.
        Pages 63-69

        Zegzhda P.D., Lavrova D.S., Shtyrkina A.A., Shterenberg S.I.

        PREVENTION OF DOS ATTACKS BY PREDICTING THE CORRELATION VALUES OF NETWORK TRAFFIC

        Annotation:

        Authors propose an approach to preventing network denial of service attacks, which is based on predicting the values of the coefficients of multiple correlation of the discrete wavelet transform coefficients for network traffic parameters.

        Keywords:

        discrete wavelet transform, attack prediction, ARIMA model, DoS attack.
        Pages 70-77

        Vedernikov Uriy, Garkushev Alexander, Karpova Irina, Suprun A. F.

        Formalization of the problem of choosing a variant of structural construction of the information complex for managing a multilevel hierarchical system according to the criterion of information security

        Annotation:

        The article is devoted to the formalization of the formulation of the task of developing control systems operating in conditions of increased requirements for information security, taking into account the factors of active opposition from competitors. Results can serve as a basis for building adequate models of competing systems from the point of view of information safety.

        Keywords:

        hierarchy, information, security, criterion.
        Pages 78-82
      • SPECIAL IT

        S.V. Lapshin

        Saint-Petersburg State University

        Sukhoparov M.E., I.S. Lebedev, A.I. Spivak

        St. Petersburg Institute of Informatics and Automation of the Russian Academy of Sciences (SPIIRAS)

        CLASSIFICATION OF THE PUBLICATIONS IN THE IMPLEMENTATION OF COMPETITIVE INTELLIGENCE IN THE FIELD OF HIGH TECHNOLOGIES

        Annotation:

        In modern conditions, competitive intelligence in the field of high technology involves the use of automatic means of filtering scientific information. The success of these activities and their labor costs directly depend on the quality of automated text analysis tools. The article proposes a method of classification of texts of scientific publications, characterized by the use of logical characteristics of texts, taking into account the hierarchy of concepts in the subject area. It allows more accurate classification for any arbitrarily narrow subject areas, which is important to clarify the results of filtering and reduce labor costs for competitive intelligence.

        Keywords:

        competitive intelligence, technical means of competitive intelligence, classification of texts.
        Pages 83-88

        Doynikova E.V., Fedorchenko A.V., Kotenko I.V.

        Saint-Petersburg, laboratory of computer security problems, SPIIRAS

        Determination of INFORMATION system weaknesses for Automated Selection of Security Measures

        Annotation:

        The paper considers the task of automation of system weaknesses determination based on the analysis of its vulnerabilities. The authors tested various classification methods for vulnerabilities to map them to the specific class of weaknesses considering values of their properties. The method that resulted in the highest accuracy was selected. The vulnerability metrics that characterize their main properties were selected as classification features. The paper describes source data used for the classification, their preprocessing, and classification results. An interpretation and analysis of the results are provided. The considered task is a stage of the proposed by the authors approach to the automated generation of the required security measures and tools for the specific information system. The determined weaknesses of the analyzed system will be used for the automated specification of the security threats. The required set of response tools and means depends on the determined set of threats. The possibility of practical implementation of the approach follows from the connectivity between open databases of vulnerabilities, weaknesses, and attacks.

        Keywords:

        Vulnerability analysis, weaknesses analysis, data classification, countermeasure selection, information security.
        Pages 89-99
      • SOFTWARE SECURITY

        K. Vasilieva, A. Konoplev

        Peter the Great St.Petersburg Polytechnic University

        UNDECLARED CAPABILITIES REVEALING METHOD FOR EMBEDDED SOFTWARE UEFI BIOS

        Annotation:

        The paper reviews the problem of automatic embedded software UEFI BIOS analysis for undeclared capabilities revealing. It discusses the main features of UEFI BIOS architecture, compares common methods of static and dynamic analysis for software without source code, considers their possibility and limitation of addressing the described problem. There is proposed a method for enhanced automatic revealing undeclared capabilities in embedded software.

        Keywords:

        static analysis, embedded software, UEFI architecture, undeclared capabilities, control flow analysis, value-set analysis
        Pages 100-106

        Pavlenko E. Yu., Ignat’ev G. Yu.

        IDENTIFICATION OF MALWARE ANDROID-APPLICATIONS WITH THE USE OF A convolutional NEURAL NETWORK

        Annotation:

        In this paper authors propose a new deep learning-based approach for detection of malicious Android applications. Novelty of this approach is based on a representation of Android application for a convolutional neural network. In this representation authors construct an RGB image, using a sequence of API calls pairs and protection levels for RGB pixels representation. Proposed approach, as shown by experimental results, is effective and detects malicious Android applications with high accuracy.

        Keywords:

        malicious applications, malware detection, Android operating system, application security analysis, convolutional neural network, Android security
        Pages 107-119

        I. Pankov, A. Konoplev, A. Chernov

        Peter the Great St.Petersburg Polytechnic University

        UNDECLARED CAPABILITIES REVEALING METHOD FOR EMBEDDED SOFTWARE UEFI BIOS

        Annotation:

        The paper provides an overview of the actual attacks on the integrated BIOS and Intel ME software of modern Intel-based computers. The results of analysis of its protection for mainboards of the common manufacturers are presented. Classes of attacks that allow intruder to create program backdoors, the detection of which by traditional methods of searching for undeclared features becomes impossible or extremely difficult are highlighted.

        Keywords:

        trusted executable environment, embedded software, UEFI BIOS, Intel ME, undeclared capabilities, security analysis, vulnerabilities.
        Pages 120-125

        Wang Liangpeng, O. G. Petrosyan, Du Jianming,

        RECOGNITION OF FACES BASED ON THE COEFFICIENTS TREE OF THREE SCALE WAVELET TRANSFORM

        Annotation:

        In this article we proposed a new method for facial recognition in a natural background, based on the coefficients tree of three-scale wavelet transformation and the hidden Markov model (HMM).

        Keywords:

        features of images, coefficient tree, hidden Markov model, accuracy of recognition
        Pages 126-137
    • №2 2018
      • INFORMATION SECURITY ASPECT

        Lavrova D.S., Alekseev I.V., Shtyrkina A.A.

        SECURITY ANALYSIS BASED ON THE CONTROL OF NETWORK TRAFFIC PARAMETERS DEPENDENCIES USING THE DISCRETE WAVELET TRANSFORM

        Annotation:

        In this paper, authors propose to use the mathematical apparatus of wavelet transform to detect attacks in network traffic. Authors apply a discrete wavelet transform to network packets parameters extracted from the traffic and monitor the dependence degree of various parameters of the network packet using the multiple correlation coefficient. The effectiveness of the proposed method is demonstrated by the results of experiments on denial of service attacks detection such as SYN flood.

        Keywords:

        backbone networks, wavelet-based analysis, attack detection, multiple correlation, DoS attack
        Pages 9-15
      • INFORMATION SECURITY APPLICATION

        FadeevaYu.A., Ponachugin A.V.

        IDENTIFYING AN EFFECTIVE SYSTEM FOR MONITORING THE LEAKAGE OF CONFIDENTIAL INFORMATION ON BASIS OF COMPARATIVE ANALYSIS

        Annotation:

        This article identifies the main problems associated with the loss of confidential company data. As a solution to the problem, it was suggested to conduct a comparative analysis of the current certified means of information protection from the state register of FSTEC of Russia. For this purpose, it is proposed to use the optimization method for determining the most effective system, to select the basic requirements imposed by consumers for Data Leak Prevention systems, to identify a system corresponding to the maximum set of possible requirements.

        Keywords:

        informations security means, information security, information system, confidential information, Data Leak Prevention system, NSD, optimization task, comparative analysis
        Pages 16-21

        A.A. Grusho, N.A. Grusho, M.I. Zabezhailo, E.E. Timonina

        PROTECTION OF VALUABLE INFORMATION IN INFORMATION TECHNOLOGIES

        Annotation:

        The paper is devoted to discussion of a possibility of recovery of valuable information in conditions when the malefactor knows results of information transform and transformation itself within some information technology. The model of processed information in the form of the wood is constructed. Ways of protection of valuable information are investigated.

        Keywords:

        information security, valuable information, security of information as a result of transformations
        Pages 22-26

        Demidov R.A., Zegzhda P.D., Kalinin M.O.

        CYBERSECURITY THREATS ANALYSIS FOR DYNAMIC COMMUNICATION NETWORKS USING THE HYBRID NEURAL NETWORK MODEL

        Annotation:

        The paper deals with the problem of cybersecurity threats analysis of control mechanisms in dynamic communication networks (VANET, FANET, MARINET, MANET, WSN). The authors formulate the initial task in the form of neural network-made approximation of the system function of cyberthreat. The neural network model parameters are optimized according to the criterion of likelihood maximization on the training dataset. A hybrid neural network based on recurrent and graph convolutional networks is proposed as an appropriate computational architecture.

        Keywords:

        cybersecurity analysis, deep learning, distributed representations, hybrid neural network, routing threats, dynamic network, VANET, MANET, MARINET, MANET, WSN
        Pages 27-32
      • NETWORK AND TELECOMMUNICATION SECURITY

        Usov E.S., Nikolsky A.V., Pavlenko E.Y., Zegzhda D.P.

        ARCHITECTURE OF SECURE CLOUD STORAGE DATA USING INTEL SGX TECHNOLOGY

        Annotation:

        The architecture of cloud storage with Intel SGX technology is proposed. This article presents an approach that allows to protect user data both on the cloud server from attacks from the provider, and on the client PC from various types of malicious software. The developed architecture supports group access to data for several users

         

        Keywords:

        Intel SGX, enclave, encryption, cloud computing, file hosting service
        Pages 34-40

        Zegzhda P.D., Ivanov D.V., Moskvin D.A., Kubrin G.S.

        VANET/MANET-NETWORKS CYBERSECURITY THREATS ANALYSIS

        Annotation:

        In the paper, the threats of cybersecurity for Vehicular Ad-hoc Networks (VANET) are studied. The developed classification of those threats is present.

        Keywords:

        Wireless self-organised networks; Vehicular ad hoc networks, VANET, self-similar graph; cybersecurity threats.
        Pages 41-47

        Zegzhda P.D., Lavrova D.S., Shtyrkina A.A.

        MULTIFRACTAL ANALYSIS OF BACKBONE NETWORK TRAFFIC FOR DENIAL-OF-SERVICE ATTACKS DETECTION

        Annotation:

        Authors propose to use multifractal analysis for anomaly detection in traffic of backbone networks. As security metrics, multifractal spectrum characteristics are used. The effectiveness of proposed approach is confirmed by experimental results on detecting denial-of-service attacks

        Keywords:

        backbone networks, multifractal analysis, attack detection, multifractal spectrum, DoS attack
        Pages 48-58

        Shterenberg S. I., Poltavtseva M. A.

        DISTRIBUTED INTRUSION DETECTION SYSTEM WITH PROTECTION AGAINST INTERNAL INTRUDER

        Annotation:

        Modern distributed information networks protection from external and internal intruders continues to be relevant in connection with the development of data communication and processing technologies. The article describes the model of data processing in a distributed intrusion detection system (DIDS) and the method of using hidden agents to protect against an internal attacker. The distribution of data processing functions between the local DIDS agent and the general data processing node is given. The authors describe the method of hiding the presence of the agent from the user while maintaining its control by the operator.

        Keywords:

        distributed intrusion detection system, protection from internal intruder, hidden monitoring, big data
        Pages 59-68
      • APPLIED CRYPTOGRAPHY

        Mironkin V.O, Chukhno A.B.

        ON ONE GENERALIZATION OF THE BIRTHDAY PROBLEM

        Annotation:

        In this paper a generalization of the classical birthday problem for the case of several independent samples of arbitrary power is considered. Exact and asymptotic expressions describing the probability of the intersection of these samples are obtained.

        Keywords:

        THE BIRTHDAY PROBLEM, ORDERED SAMPLE, COLLISION
        Pages 69-73

        Zegzhda D.P, Moskvin D.A., Myasnikov A.V.

        CYBER RESILIENCE OF DISTRIBUTED STORAGE PROCESSING SYSTEMS WITH APPLICATION OF BLOCKCHAIN TECHNOLOGY

        Annotation:

        This article examines the architecture of modern systems of decentralized data storage and processing, the applicability of blockchain technology in these systems, the existing security threats in comparison with centralized systems and security methods that could eliminate these threats.

        Keywords:

        distributed systems, secure data storage, secure data processing, blockchain
        Pages 74-79

        Aleksandrova E.B., Shtyrkina A.A.

        ELLIPTIC CURVE ISOGENY-BASED DIRECTED SIGNATURE

        Annotation:

        Elliptic curve isogeny-based directed signature is proposed. Only recipient whose public key was used to generate signature can verify this signature. Both signer and verifier control delegating the right of signature verification.

        Keywords:

        isogeny-based cryptography, elliptic curves, directed signature, id-based cryptography, bilinear map
        Pages 80-85
      • TECHNICAL SOLUTION

        A.A.Sikarev, I.A. Sikarev, A.V.Garanin

        TIME-AND-FREQUENCY AND CORRELATION CHARACTERISTICS OF THE FINITE PARALLEL COMPLEX SIGNALS OF AUTOMATED INFORMATION SYSTEMS (AIS) ON THE INLAND WATERWAYS OF THE RUSSIAN FEDERATION

        Annotation:

        Parallel complex signals synthesized from segments of harmonics of multiple frequencies that initial phase takes from binary set G0,π and that have same amplitudes are considered. New quasioptimal phase codes for peak-factor minimization obtained. Code type of frequency and time characteristics dependency two-dimensional auto- and cross-correlation functions of such signals was investigated.

        Keywords:

        phase codes, AIS, complex signals
        Pages 86-92
      • SPECIAL IT

        I.E. Gorbachev, A.M. Suhov , M.A. Eremeev, S.I Smirnov

        THE IMPLEMENTATION OF A SYSTEMATIC APPROACH IN CREATION OF SYSTEM OF INFORMATION SECURITY OF CRITICAL INFORMATION INFRASTRUCTURE TAKING INTO ACCOUNT ECONOMIC FEASIBILITY

        Annotation:

        The article considers the system (complex) approach to the justification of design decisions on the creation of a proactive system of information security of critical information infrastructure. It is proposed that the appearance of the information security system at the stage of its system-aggregative (external) design methodology of the modern theory of the effectiveness of targeted processes.

        Keywords:

        information security system, proactivity, quality score, design solutions.
        Pages 93-110
      • INFORMATION SECURITY CYBER-PHYSIC SYSTEMS

        Kalinin M.O., Lavrova D.S., Yarmak A.V.

        DEEP LEARNING-BASED APPROACH TO SECURITY THREATS DETECTION IN CYBER PHYSICAL SYSTEMS USING MULTIVARIATE TIME SERIES

        Annotation:

        The paper proposes a method for anomaly detection in the cyber-physical systems using multivariate timeset. The suggested method is based on the application of neural network for predicting timesetvalues and identifying deviations between the predicted value and current data obtained from sensors and actuators. The results of experiments are discussed, which testify to the effectiveness of the proposed solution.

        Keywords:

        information security, cyber-physical systems, neural network, multivariate timeset
        Pages 111-117

        Zegzhda D.P., Pavlenko E.Y.

        SECURITY INDICATORS FOR DIGITAL MANUFACTURING

        Annotation:

        The article describes security indicators specific to digital manufacturing. All the set of indicators is divided into three groups: safety indicators, sustainability indicators and indicators characterizing the ability of the digital manufacturing to homeostasis. Indicators allow to apply them for any type of digital manufacturing systems in order to detect security problems, control stability of their functioning and preserve the ability to self-repair.

        Keywords:

        digital manufacturing, cyber physical systems; security indicators; system sustainability; homeostasis; information security; self-similarity
        Pages 118-136

        Busygin A.G, Konoplev A.S., Zegzhda D.P.

        PRUNING OUTDATED DATA IN BLOCKCHAIN-LIKE DIRECTED ACYCLIC GRAPH APPLIED TO DATA PROTECTION IN HIGHLOAD SYSTEMS

        Annotation:

        The paper analyses solutions of blockchain size problem and their usability for blockchain-like directed acyclic graph of blocks applied to data protection in highload systems. Authors present a method of graph size reduction via storing system state hash in block headers.

        Keywords:

        Blockchain, directed acyclic graph, highload systems.
        Pages 131-136

        Busygin A.G, Konoplev A.S., Zegzhda D.P.

        PROVIDING STABLE FUNCTIONING OF SELF-ORGANIZING CYBER-PHYSICAL SYSTEM VIA ADAPTIVE TOPOLOGY MANAGEMENT METHODS USING BLOCKCHAIN-LIKE DIRECTED ACYCLIC GRAPH

        Annotation:

        The paper analyses protection methods against attacks on ad hoc networks in self-organizing cyber-physical systems. The issues of these methods are identified. Authors propose an adaptive management method for ad hoc network topology. The method is based on a blockchain-like directed acyclic graph which is applied to solve the identified issues.

        Keywords:

        Cyber-physical systems, ad hoc networks, adaptive topology management, blockchain, directed acyclic graph.
        Pages 137-140
    • №1 2018
      • INFORMATION SECURITY ASPECT

        Zegzhda P.D., Ivanov D.V., Moskvin D.A., Ivanov A.A.

        APPLIANCE OF CONTIGUITY SEQUENCES FOR RECOGNITION OF SELF-SIMILAR GRAPHS FOR ASSESSING VANET NETWORKS CYBERSECURITY

        Annotation:

        In the paper, the possibility of applying the theory of self-similar graphs for ensuring Vehicular Ad-hoc Networks (VANET) cybersecurity is considered. Developed for this purpose algorithms for self-similar graphs recognition are mentioned.

        Keywords:

        Wireless self-organised networks; Vehicular ad hoc networks, VANET, self-similar graph; self-similarity.
        Pages 10-26

        Zegzhda P.D., Poltavtseva M.A., Pechenkin A.I., Lavrova D.S., Zaitseva E.A.

        HETEROGENEOUS SEMI-STRUCTURED OBJECTS CASE-BASED REASONING IN INFORMATION SECURITY

        Annotation:

        The article is concerned with the development of decision support systems based on the case-based reasoning (CBR) for the problems of information security. Source data can be described as heterogeneous semi-structured objects and formalized as property vectors. The approach to the CBR database building includes a two-level representation: the level of objects-cases and the level of structure cases. The authors consider a method of cases modeling for preparing a basic data set. Methods of heterogeneous semi-structured objects and second level cases similarity evaluation are offered. The authors present the described methods experimental testing and the architecture of the relevant decision support system.

        Keywords:

        smart security, case-based reasoning, heterogeneous semi-structured objects analysis, case modeling, decision support systems, penetration testing
        Pages 17-31

        Kamennay E.V., Putilova S.E., Shcherbinina I.A.

        OVERVIEW OF METHOD TO SECURING THE CLIENT PART OF WEB APPLICATIONS

        Annotation:

        The client part of modern web applications is constantly becoming more difficult. At the same time, information mechanisms of protection in the client part have to be developed with considering to modern and out-of-date technologies, because it requires compatibility. The article considers modern approaches of protecting the client part of web applications and presents typical techniques for circumventing the limitations of this approach.

        Keywords:

        Web application security, http connection, security policies
        Pages 32-42
      • INFORMATION SECURITY APPLICATION

        Kamennay E.V., Putilova S.E., Shcherbinina I.A.

        OVERVIEW OF METHOD TO SECURING THE CLIENT PART OF WEB APPLICATIONS

        Annotation:

        The client part of modern web applications is constantly becoming more difficult. At the same time, information mechanisms of protection in the client part have to be developed with considering to modern and out-of-date technologies, because it requires compatibility. The article considers modern approaches of protecting the client part of web applications and presents typical techniques for circumventing the limitations of this approach.

        Keywords:

        Web application security, http connection, security policies
        Pages 32-42

        Zegzhda P. D., Anisimov V. G., Anisimov E. G., Saurenko T.N. Suprun A. F.

        MODELS AND METHOD OF SUPPORTING DECISION-MAKING TO ENSURE INFORMATION SECURITY OF INFORMATION-CONTROL SYSTEMS

        Annotation:

        Models and a method of support of decision-making on maintenance of information safety are developed. Modeling is based on the representation of the procedure for forming a solution in the form of a discrete optimization problem. The proposed models and methods are the basis for the creation of specific methodologies for the justification of management decisions on the organization of information protection in information-control systems.

        Keywords:

        information-control system, information protection, decision support, model, optimization
        Pages 43-47

        Belim S.V., Belim S.Yu.

        MANDATORY ACCESS CONTROL IMPLEMENTATION IN THE DISTRIBUTED SYSTEMS

        Annotation:

        In the article mandatory access control implementation in the distributed systems taking into account users hierarchy is considered. Access control is based on the keys preliminary distribution scheme, the similar KDP-scheme. The algorithm of subsets family creation considering users hierarchy is developed.

        Keywords:

        (Russian) мандатное разграничение доступа, предварительное распределение ключей, KDP-схема, иерархия пользователей
        Pages mandatory access control, key predistribution, KDP-scheme, users hierarchy

        V.P. Los, G.V. Ross, E.D. Tyshuk

        ABOUT THE USE OF STATISTICAL PROCESSING OF REFERENCE IMAGES IN BIOMETRIC AUTHENTICATION SYSTEMS

        Annotation:

        The article gives an overview of the methods of using statistical methods for processing reference images in the formation of authentication when using a handwritten signature.

        Keywords:

        authentication, handwritten signature, statistical methods.
        Pages 51-56
      • NETWORK AND TELECOMMUNICATION SECURITY

        Markin D. O.

        LOCATION-BASED MOBILE DEVICE SECURITY MODEL IN COMPUTER NETWORKS WITH DIFFERENT SECRECY

        Annotation:

        The article contains the description of Location-based Mobile Device Security Model In Computer Networks With Different Secrecy. The Model is based on classic Bell-LaPadula model, mandatory and role-based access control models. It's offered to introduce new secure properties and definitions allowed to account objectively significant access conditions to secure services to provide information security. Proof of theorem is provided and based on new secure properties and definitions. Justification of model correctness is presented. The author describes also justification of the fact of the inability to make denied information flows from high level security object to lower security one.

        Keywords:

        mobile device, security model, computer network, networks with different security levels.
        Pages 57-67

        Ovasapyan T.D., Moskvin D.A., Kalinin M.O.

        St. Petersburg, Peter the Great St.Petersburg Polytechnic University

        THE APPLICATION OF NEURAL NETWORKS TO DETECT INTERNAL VIOLATORS IN VANET

        Annotation:

        The article considers the security of Vehicular ad hoc networks (VANET) against malicious nodes. The authors of the article analyzed the features of VANETs. They also analyzed threats and identified actual cyber-attacks. The proposed approach aimed at providing protection using radial-basis neural networks that allows detecting malicious nodes on the basis of behavioral indicators.

        Keywords:

        Vehicular ad hoc networks, VANET, Radial Basis Function Neural Network, RBFN, Ad hoc
        Pages 68-73

        V.V. Platonov, P.O. Semenov

        ANOMALY TRAFFIC DETECTION IN DYNAMIC COMPUTER NETWORKS OF MOBILE CONSUMER DEVISES

        Annotation:

        Proposed the adaptive model of intrusion detection system for distributed compute network. The intrusion detection system is based on different data mining methods that allow analyzing a set of network traffic attributes and determining whether network interaction is normal or anomalous. The proposed model of an intrusion detection system makes it possible to protect a range of Internet of things devices.

        Keywords:

        intrusion detection system, distributed computer network, data mining methods, Internet of things.
        Pages 74-81

        M. Kalinin, V. Krundyshev, E. Rezedinova, D. Reshetov

        THE HIERARCHIC SOFTWARE-DEFINED SECURITY CONTROL FOR LARGE SCALE DYNAMIC NETWORKS

        Annotation:

        The paper suggests an approach to building the hierarchical security control system for large scale dynamic communication networks (MANET, VANET, FANET, WSN, etc) using technologies of software-defined networks (SDN) and elastic supercomputing. The experimental results of efficiency evaluation obtained for the proposed approach are presented.

        Keywords:

        security control, dynamic networks, hierarchic architecture, software-defined network, supercomputer, elastic computing, adhoc, SDN, VANET.
        Pages 82-88

        M. O. Kalinin, E. A. Zubkov

        Peter the Great St.Petersburg Polytechnic University

        PROTECTION AGAINST ATTACKS ON DYNAMIC ROUTING IN SELF-ORGANIZING AD-HOC NETWORKS USING SWARM INTELLIGENCE

        Annotation:

        The paper reviews a new technology for detecting the full range of attacks on dynamic routing in self-organizing adhoc networks (MANET, VANET/FANET/MARINET, IoT/IIoT, WSN, mesh networks, M2M networks, etc.). This technology develops the Watchdog method and the P-Secure method by implementing an ant swarm algorithm for building a safe route at the network in which all hosts act as swarm agents for analyzing security of neighboring hosts. An example is given of constructing a safe route in VANET using the proposed ant algorithm.

        Keywords:

        VANET, MANET, black hole attack, grey hole attack, worm hole attack, DoS attack, swarm intelligence, swarm algorithms, Watchdog, P-Secure, routing.
        Pages 89-98
      • APPLIED CRYPTOGRAPHY

        E.B. Aleksandrova, E.N. Shkorkina

        ELLIPTIC CURVE UNDENIABLE SIGNATURE FOR SERVER VERIFICATION IN OUTSOURCE COMPUTATIONS

        Annotation:

        When executing cryptographic outsource computations, not only errors in server calculations are possible, but interaction with malicious computing server may also occur. The undeniable signature protocol adapted for elliptic curve points group is offered. The outsource algorithm of elliptic curve point multiplication is given.

        Keywords:

        lightweight cryptography, FANET, undeniable signature, outsourcing algorithm.
        Pages 97-101

        Il’chenko L.M., Zajcev S.I., Bragina E.K., Egorov I. EH.

        DEVELOPMENT OF THE INFORMATION CUSTOMER CENTER PROTECTION SYSTEM IN THE EXECUTIVE AUTHORITY BODY

        Annotation:

        In the article features of creation of system of protection of the certifying center in the executive authority are considered. The main stages of the establishment of the certifying center are given, with an emphasis on the expected duration of each of the necessary activities. It also compares the information protection certified by the FSTEC of Russia and special cryptographic, on the basis of which an accredited certification center can operate.

        Keywords:

        Certification authority, electronic document management, information security, information security means, cryptographic means of information protection, state information system, information system processing personal data.
        Pages 102-112

        Dali F.A., Mironkin V.O.

        ON THE TREE MODES OF HASH FUNCTIONS

        Annotation:

        Two models of the tree modes of hash functions are introduced. For each model algorithms of computing of the hash code are formulated and their numerical characteristics are obtained. In terms of the constructed models we classify some existing algorithms for parallel hashing and identify some weaknesses of corresponding primitives.

        Keywords:

        hash function, mode, tree, hashing, algorithm, complexity, absorbing phase, squeezing phase, collision, the second preimage
        Pages 113-121

        V. S. Gorbatov, I. Y. Zhukov, O. N. Murashov

        THE SECURITY OF THE KEY SYSTEM OF THE FISCAL INDICATION

        Annotation:

        The paper describes a master-key generation protocol for fiscal signs exchange system. The key is used for generation of a fiscal sign key with authentication of fiscal creation and verification tools installed on a fiscal storage system in a cash register or on-line cash register and fiscal data operator or authorized authority. The protocol was developed in accordance with the Rosstandart recommendations and complies with the development and modernization principles for data protection encryption (cryptographic) means. The protocol was suggested as a national standard draft and is open for public discussion in accordance to the established procedure. The study is based on formulating certain security tasks identical to those used by potential intruders to compromise the protocol. This allows to account for structural features that will ensure further protocol compliance to the target security characteristics. It also guarantees subsequent justification of feature set sufficiency.

        Keywords:

        Fiscal sign, cash register, cryptographic protocol, evaluation of cryptographic properties, security properties
        Pages 122-128
      • TECHNICAL SOLUTION

        A.A.Sikarev, I.A. Sikarev, A.V.Garanin

        INTERFERENCE MARGIN OF INCOHERENT RECEPTION UNDER THE COMPLEX NOISES INFLUENCE TO MONITORING AND COMMUNICATION CHANNELS OF AUTOMATED INFORMATION SYSTEMS ON THE INLAND WATERWAYS OF THE RUSSIAN FEDERATION

        Annotation:

        Interference margin of single incoherent reception algorithms optimal in monitoring and communication channels of automated information systems (AIS) with noises, concentrated interferences under the influence of fluctuation noise, concentrated interference and impulsive interferences is investigated. Expressions for error probabilities are obtained, examples of calculation are given.

        Keywords:

        Interference margin, inland waterways, AIS, fluctuation noise, concentrated interferences, impulsive interferences.
        Pages 129-135
      • SOFTWARE SECURITY

        K.I. Salakhutdinova, I.S. Lebedev, I.E. Krivtsova, Sukhoparov M.E.

        STUDY OF THE EFFECT OF SELECTION FEATURE AND COEFFICIENT (RATIO) IN THE SIGNATURE FORMATION IN THE TASK OF PROGRAM IDENTIFICATION

        Annotation:

        Peculiarities of using different assembler commands are discovered, their collective application to create the final grade of belonging to a certain program. Conclusions for the impact of coefficient (ratio) used in the formation of the unified signature on the identification results are presented.

        Keywords:

        information security, program identification, elf-files, assembler commands
        Pages 136-141

        Demidov R.A, PechenkinA.I., Zegzhda P.D., Kalinin M.O.

        APPLICATION MODEL OF MODERN ARTIFICIAL NEURAL NETWORKS FOR THE SECURITY ANALYSIS OF INFORMATION SYSTEMS

        Annotation:

        The paper deals with the problem of security analysis for software control mechanisms of the modern cyber-physical and industrial information systems, of distributed cyberspaces of VANET, FANET, MARINET, IIoT and WSN. There is proposed a representation of the security threat as the system’s property described by the complex function. As a part of this representation, security analysis method is described in the form of approximation of this function and calculation of its values for specific conditions. The paper considers different approaches to interpolation of this function, and it shows that the most promising option is the use of modern artificial neural networks, especially deep neural network.

        Keywords:

        security analysis, deep learning, distributed representations, artificial neural network, security threat, security
        Pages 142-148
      • INFORMATION SECURITY CYBER-PHYSIC SYSTEMS

        Pavlenko E.Y., Lemets A.A.

        OBTAINING INFORMATION ABOUT USERS OF SOCIAL NETWORKS BASED ON PUBLICLY AVAILABLE INFORMATION WITH DATA MINING TECHNIQUES

        Annotation:

        This article describes the developed approach for obtaining information about social networks' users based on methods of data mining. The hierarchical model for classification of the received data is represented here. This model describes the information extracted from social networks and allows choosing which algorithms should be used for a particular class of information. It is proposed an iterative deep searching method, intellectual analysis and revealing information about account owner identity using the developed algorithms for social graph analysis. The feature of the algorithm is to cluster and further analyze user communities within social graph, identify users on different social networks, analyze text information. The results of testing the proposed method show high accuracy in determining information about owners of social network accounts.

        Keywords:

        data mining; social networks; social graph; social mining; information security; social networks security
        Pages 149-159

        Zegzhda D.P., Pavlenko E.Y.

        Peter the Great St. Petersburg Polytechnic University

        SITUATIONAL MANAGEMENT FOR CYBER-SUSTAINABILITY OF SOFTWARE-DEFINED NETWORKS

        Annotation:

        Proved the viability and efficiency of homeostatic approach implementation to achieving cyber-sustainability based on software defined networking technology. Using of this technology cyber-physical system of "Smart home" was simulated. Authors conducted a number of experiments in which system counteracted to various attacks. As part of the experiment, software-defined network applied three self-adaptation mechanisms that provide cyber-sustainability. Experiments have confirmed that the "Smart home" system, built on the basis of software-defined networks, has retained the stability of its functioning within the framework of destructive actions.

        Keywords:

        software-defined network; situational management; homeostasis; sustainability; information security; self-similarity.
        Pages 160-168

        Dakhnovich A.D., Moskvin D.A., Zegzhda D.P.

        Saint Petersburg, Peter the Great St.Petersburg Polytechnic University

        APPLIANCE OF GARLIC ROUTING TO SECURE NETWORK COMMUNIATIONS IN DIGITAL MANUFACTURING

        Annotation:

        In the paper, specifics of ensuring cybersecurity and weaknesses of existing tools for information security in next-generation digital manufacturing networks are considered. To provide secure communication between digital manufacturing network segments new approach based on garlic routing principals is proposed.

        Keywords:

        digital manufacturing, industrial control systems, information security, cybersecurity, cyber-physical systems, industrial internet of things, garlic routing, network segmentation
        Pages 169-176
  • 2017 year
  • 2016 year
  • 2015 year
  • 2014 year
  • 2013 year
  • 2012 year
  • 2011 year
  • 2010 year
  • 2009 year
  • 2008 year
  • 2007 year
  • 2006 year
  • 2005 year
  • 2004 year
  • 2003 year
  • 2002 year
  • 2001 year
  • 2000 year
  • 1999 year