Lokhvitsky V.A.,
Khomonenko A.D.,
Bolshakov M.A.
Annotation:
The proposed cyber vizor architecture of a distributed data processing center (DPC). The concept of building a cyber visor is based on three components: modeling the data center operation process, monitoring the performance and cyber security characteristics, decision support in developing control actions to increase the efficiency of the computational process. A conceptual model of the architecture of an intelligent cyber visor with compensation for the degradation of the computation process is proposed. The characteristic of virtual infrastructure management is substantiated and the functions of the cyber visor are indicated.Keywords:
Cyber visor, data center, modeling, efficiency, information security, monitoringZegzhda P.D., Aleksandrova E.B., Lavrova D.S., Shtyrkina A.A.
Annotation:
This paper proposes an approach for network anomalies detection based on discrete wavelet transform of time series formed by parameters of network traffic and on changepoint detection.Keywords:
discrete wavelet transform, time series, changepoint detection, network attacks, anomalyPoltavtseva M.A., Zaitseva E.A.
Annotation:
The article describes the method of analytical systems training for security assessment and penetration testing. The analysis systems based on the approach to the precedents description "bag of objects" are considered. The authors present approaches to updating the knowledge base and propose a method based on the merger of such precedents with the possibility of adding new one and automatic assessment of the properties significance. The results of experimental testing of the proposed method are presented.
Keywords:
training of intelligent systems, knowledge bases, intelligent security systems, case analysis, decision support systems, penetration testingSemenov N.A., Poltavtsev A.A.
Annotation:
The article analyzes the security of modern data architectures implemented on the cloud platform. The features of modern cloud data architectures, their impact on security and specific methods of protection are given. The issues of coordination of security policies and fundamental conflicts in data processing, typical for this subject area, are considered separately.Keywords:
cloud computing, data architecture, information security, data processing security, data storage securityAnisimova E.S., Anikin I.V.
Annotation:
We have proposed a features and biometric system for handwritten signatures recognition based on fuzzy sets. This approach allows to formalize the blurred nature of the signature and increase the accuracy of recognition. To build a pattern we use the potential method which works even with a small amount of training samples.Keywords:
biometric system, handwritten signature, fuzzy setsG.P. Akimova, A.Yu. Danilenko, M.A. Pashkin, E.V. Pashkina,
A.A. Podrabinovich, I.V. Tumanova
Annotation:
The features of the construction of automated information systems using elements of the blockchain technology, as well as a number of issues related to information security in this case are considered. The advantages and disadvantages of using the blockchain for several possible applications are given: real estate registries, medical information, DNS servers, cryptographic key certificate registries.Keywords:
blockchain, information security, automated information systems, means of information protection.Alexander Baranov, Petr Baranov
Annotation:
The paper examines probability-theoretic models of information distortion at message level. We research control sum distribution segments that are typical for network protocols like TCP. As an addition operation we use both bitwise coordinate addition and addition of numbers in binary code with carry. Control sum error probability for asymptotic assessments provided distortion probability is low are deduced for described distortion models. These assessments could be relevant for large lengths of message segments.Keywords:
information security, TCP, CRC, control sum, error probability, message segment.Shakurskiy M.V., Kozlovskiy V.N.
Annotation:
An important task of designing a steganographic system is the selection of a key. The main requirement for the key is to ensure consistently high sensitivity of the system to the key variation and minimum change in this sensitivity during the formation of the container.The article provides an analysis of the invariant two-component steganographic system in terms of sensitivity to variations in various parameters and values of embedded signals.Keywords:
two-component steganographic system, invariance to masking signal, steganographic container, keyE.B. Aleksandrova, E.N. Shkorkina
Annotation:
Supporting systems that deliver keys to users are required for cryptographic protocols work. Using of quantum systems as a supplier of cryptographic keys for devices of intelligent transport systems is proposed. The possibility of using isogeny-based protocols for transferring quantum keys is discussed.Keywords:
quantum key distribution, intelligent transportation system, isogeny.Anisimov V. G.,Zegzhda P. D.,
Anisimov E. G., Saurenko T.N.
Annotation:
The article proposes a model and method for optimizing computing processes in computing systems with a parallel architecture. The construction of the model consists in dividing computer programs for solving problems into relatively independent elements (blocks) and representing the information dependence of the blocks in the form of corresponding oriented graphs. The organization of the computational process in this case consists in the dynamic distribution of the resources of the computing system for implementing the operations of each of the blocks. As an indicator of the effectiveness of this process, the time taken to implement the operations of all blocks of the programs under consideration (the time to solve the corresponding tasks) was taken. The goal of optimization is to shorten the time as much as possible. To form an optimal resource allocation, a method based on the branch and bound procedure is proposed.Keywords:
computer, computing system with parallel architecture, organization of computing process, optimization, model, methodGasyuk D.P., Belov A.S.
Trakhinin E.L.
Annotation:
In article scientific and methodical approach which application will allow to formulate reasonable option of creation of computer systems in the conditions of external special program and technical influences taking into account requirements for survivability imposed to it is considered.Keywords:
Survivability, computer system, special program and technical influenceS.G. Magomedov, V.P. Los
Annotation:
This paper is devoted to the problem of improving the performance of microprocessors used in access control systems. The requirements are described, and a set of commands is proposed, that are necessary for efficient design of microprocessors working on the basis of the residue number system for the purpose of monitoring and access control. The proposed approach is aimed at improving the efficiency of microprocessor operation as part of the access control system.Keywords:
microprocessors; access control and management; data processing; data conversion; secure transmission channel; synchronizationA. Konoplev, I. Pankov, A. Chernov
Annotation:
The article presents researching results of methods for integrity control and protection against the modification of the UEFI BIOS firmware in modern Intel-based computers. Disadvantages of such methods are highlighted, which make difficult to provide the necessary level of the UEFI BIOS protection. The requirement for integrity control of UEFI BIOS is shown. An approach that allows providing a trusted computing environment based on modern Intel-based computers is proposed.Keywords:
integrity control, trusted executable environment, embedded software, UEFI BIOS, Intel ME.U.V.Vedernikov, A.U. Garkushev , I.L. Karpova,G.M. Prutkov,
A.F. Suprun
Annotation:
Article is devoted to further development of the scientific and methodical device of design and modernization of difficult hierarchical managing directors of the systems functioning in the conditions of active counteraction from competitors. The example shows the possibility of reasonable accounting of requirements of information security when choosing the current configuration of a multilevel complex of management.Keywords:
normalization, indicators of information security, choice of option.Sukhoparov M.E., I.S. Lebedev, A.I. Spivak
Annotation:
The approach to the preprocessing of natural language texts of messages in monitoring systems based on naive Bayesian classifier is considered. The problem of classification of messages is formulated. The model of natural language describing semantic-syntactic relations of constructions is given. The construction of a feature space containing semantic-syntactic relations for the context filtering base is shown. An approach to the calculation of the construction class of several interrelated words is outlined.Keywords:
DLP-systems, preliminary processing of messages, classification of texts.M.V. Gofman, A.A. Kornienko, A.P. Gluhov
Annotation:
The article presents a method for determining the location of a mobile node in a three-dimensional space, in the case where there is no synchronization in time between the mobile node and the reference nodes. Positioning is performed based on the differences in the arrival time of signals from the reference nodes to the mobile node. The proposed method of positioning does not impose any restrictions on the configuration of the relative location of reference nodes in the space of the room. The positioning method is an analytical method for solving a system of three equations of branches of hyperbolas. The use of only the differences in the arrival times of signals makes it possible to use the method of locating the mobile node proposed in the article, even in cases where it is impossible, inadmissible or disrupted direct transmission of signals in the direction from the mobile node to the reference nodes.Keywords:
(Russian) позиционирование, определение местонахождения, цифровое маркирование, цифровое маркирование аудиосигналов, аудиосигнал.ZegzhdaD.P., Pavlenko E.Y.
Annotation:
Authors propose a model for reconfiguring cyber-physical systems, which describes both controlling and destructive effects. A method for assessing sustainability of cyber-physical systems to computer attacks based on ability to reconfigure is proposed. Examples of scenarios for reconfiguring cyber-physical systems to ensure stable operation have been developed. The results of experimental studies showing the effectiveness of the proposed approach are presented.Keywords:
sustainability of functioning; cyber-sustainability; cyber-physical system; homeostasis; information securityAleksandrova E.B., Yarmak A.V.
Annotation:
The specificity of the task of providing security in large-scale industrial systems is investigated, and the requirements for group authentication schemes with this specificity are determined. The analysis of approaches to the organization of the secure interaction of the nodes based on the mechanism of group authentication is carried out. The prospects for the use of group authentication methods in large-scale industrial systems are considered.Keywords:
group authentication, large-scale industrial systemsLyskatov I.V., Pilkevich S.V.
Saint-Petersburg, Mozhaisky Military Space Academy
Annotation:
The creation of media source protection model based on new methods of active search, unified investigation and cyber threat response. The process of detecting cyber threats based on methods of search forecasting, interlinked which the cyclic nature of the behavioral activity network resources users.
Keywords:
cyber threats, anomaly, forecast, user behavior, intelligence system.Lebedev I.V., Karpov I.A., Baranov B.E., Los V.P., Samoletova K.S.
Annotation:
This study describes a previously unknown model for describing the interests of the user has been presented on the sentiment analysis of texts, written by the user in the social network, and it has been applied to the research problem of forecasting the popularity of text messageson the basis of text message analysis, the author's profile of the message and the analysed community.
Keywords:
sentiment analysis, social networks, machine learning, popularity forecastingV.I. Korzhik, Nguyen Kuong, AK Godlevsky
St. Petersburg State University of Telecommunications named after Professor MA Bonch-Bruevich
Annotation:
The task is to find secret stego-keys for stegosystems that use the encapsulation of the encoded information in the smallest significant bits, using matrix immersion on Hamming codes, and a stegosystem with an embedding algorithm "HUGO". The solution of the problem is based on testing the pseudo-randomness of extracted messages. The effectiveness of the proposed procedure for finding stegoldches is evaluated.
Keywords:
stegosystem, embedding in the smallest significant bits, matrix embedding, Hamming codes, "HUGO" embedding algorithm, pseudo-randomness tests.Marshalko G.B., Nikiforova L.O.
Annotation:
We present a spoofing attack on biometric identification scheme, which uses Eigenfaces algorithm for image classification. In this attack we try modify an adversarial image in such a way that it is recognized as a target image while preserving visual similarity to the initial image. Like other similar attacks, we use a variant of hill-climbing attack. We also present experimental results.
Keywords:
spoofing attack, Eigenfaces, biometric identification, hill-climbing attack, principal component analysisShenets N.N.
Annotation:
This paper presents the results of a study aimed at improving the security of FANET. The FANET threats and existing security protocols are analyzed. A new security infrastructure has been developed based on the use of secret sharing and authenticated encryption. Its efficiency is experimentally proved on the FANET hardware model.
Keywords:
secret sharing schemes, authenticated encryption, FANET.E.B. Aleksandrova, O.N.Pendrikova
Annotation:
The role of supersingular elliptic curves has increased in recent years in connection with their use in postquantum cryptographic algorithms. The characteristics of elliptic curves and the concepts of graph theory are compared. An algorithm for testing the elliptic curve supersingularity is proposed, investigating the characteristics of its isogeny graph.Keywords:
elliptic curve isogeny, isogeny graph, elliptic curve generation, isogeny volcano.Zegzhda P.D., Lavrova D.S., Shtyrkina A.A., Shterenberg S.I.
Annotation:
Authors propose an approach to preventing network denial of service attacks, which is based on predicting the values of the coefficients of multiple correlation of the discrete wavelet transform coefficients for network traffic parameters.Keywords:
discrete wavelet transform, attack prediction, ARIMA model, DoS attack.Vedernikov Uriy, Garkushev Alexander, Karpova Irina, Suprun A. F.
Annotation:
The article is devoted to the formalization of the formulation of the task of developing control systems operating in conditions of increased requirements for information security, taking into account the factors of active opposition from competitors. Results can serve as a basis for building adequate models of competing systems from the point of view of information safety.
Keywords:
hierarchy, information, security, criterion.S.V. Lapshin
Saint-Petersburg State University
Sukhoparov M.E., I.S. Lebedev, A.I. Spivak
St. Petersburg Institute of Informatics and Automation of the Russian Academy of Sciences (SPIIRAS)
Annotation:
In modern conditions, competitive intelligence in the field of high technology involves the use of automatic means of filtering scientific information. The success of these activities and their labor costs directly depend on the quality of automated text analysis tools. The article proposes a method of classification of texts of scientific publications, characterized by the use of logical characteristics of texts, taking into account the hierarchy of concepts in the subject area. It allows more accurate classification for any arbitrarily narrow subject areas, which is important to clarify the results of filtering and reduce labor costs for competitive intelligence.
Keywords:
competitive intelligence, technical means of competitive intelligence, classification of texts.Doynikova E.V., Fedorchenko A.V., Kotenko I.V.
Saint-Petersburg, laboratory of computer security problems, SPIIRAS
Annotation:
The paper considers the task of automation of system weaknesses determination based on the analysis of its vulnerabilities. The authors tested various classification methods for vulnerabilities to map them to the specific class of weaknesses considering values of their properties. The method that resulted in the highest accuracy was selected. The vulnerability metrics that characterize their main properties were selected as classification features. The paper describes source data used for the classification, their preprocessing, and classification results. An interpretation and analysis of the results are provided. The considered task is a stage of the proposed by the authors approach to the automated generation of the required security measures and tools for the specific information system. The determined weaknesses of the analyzed system will be used for the automated specification of the security threats. The required set of response tools and means depends on the determined set of threats. The possibility of practical implementation of the approach follows from the connectivity between open databases of vulnerabilities, weaknesses, and attacks.
Keywords:
Vulnerability analysis, weaknesses analysis, data classification, countermeasure selection, information security.K. Vasilieva, A. Konoplev
Peter the Great St.Petersburg Polytechnic University
Annotation:
The paper reviews the problem of automatic embedded software UEFI BIOS analysis for undeclared capabilities revealing. It discusses the main features of UEFI BIOS architecture, compares common methods of static and dynamic analysis for software without source code, considers their possibility and limitation of addressing the described problem. There is proposed a method for enhanced automatic revealing undeclared capabilities in embedded software.
Keywords:
static analysis, embedded software, UEFI architecture, undeclared capabilities, control flow analysis, value-set analysisPavlenko E. Yu., Ignat’ev G. Yu.
Annotation:
In this paper authors propose a new deep learning-based approach for detection of malicious Android applications. Novelty of this approach is based on a representation of Android application for a convolutional neural network. In this representation authors construct an RGB image, using a sequence of API calls pairs and protection levels for RGB pixels representation. Proposed approach, as shown by experimental results, is effective and detects malicious Android applications with high accuracy.
Keywords:
malicious applications, malware detection, Android operating system, application security analysis, convolutional neural network, Android securityI. Pankov, A. Konoplev, A. Chernov
Peter the Great St.Petersburg Polytechnic University
Annotation:
The paper provides an overview of the actual attacks on the integrated BIOS and Intel ME software of modern Intel-based computers. The results of analysis of its protection for mainboards of the common manufacturers are presented. Classes of attacks that allow intruder to create program backdoors, the detection of which by traditional methods of searching for undeclared features becomes impossible or extremely difficult are highlighted.
Keywords:
trusted executable environment, embedded software, UEFI BIOS, Intel ME, undeclared capabilities, security analysis, vulnerabilities.Wang Liangpeng, O. G. Petrosyan, Du Jianming,
Annotation:
In this article we proposed a new method for facial recognition in a natural background, based on the coefficients tree of three-scale wavelet transformation and the hidden Markov model (HMM).
Keywords:
features of images, coefficient tree, hidden Markov model, accuracy of recognitionLavrova D.S., Alekseev I.V., Shtyrkina A.A.
Annotation:
In this paper, authors propose to use the mathematical apparatus of wavelet transform to detect attacks in network traffic. Authors apply a discrete wavelet transform to network packets parameters extracted from the traffic and monitor the dependence degree of various parameters of the network packet using the multiple correlation coefficient. The effectiveness of the proposed method is demonstrated by the results of experiments on denial of service attacks detection such as SYN flood.Keywords:
backbone networks, wavelet-based analysis, attack detection, multiple correlation, DoS attackFadeevaYu.A., Ponachugin A.V.
Annotation:
This article identifies the main problems associated with the loss of confidential company data. As a solution to the problem, it was suggested to conduct a comparative analysis of the current certified means of information protection from the state register of FSTEC of Russia. For this purpose, it is proposed to use the optimization method for determining the most effective system, to select the basic requirements imposed by consumers for Data Leak Prevention systems, to identify a system corresponding to the maximum set of possible requirements.
Keywords:
informations security means, information security, information system, confidential information, Data Leak Prevention system, NSD, optimization task, comparative analysisA.A. Grusho, N.A. Grusho, M.I. Zabezhailo, E.E. Timonina
Annotation:
The paper is devoted to discussion of a possibility of recovery of valuable information in conditions when the malefactor knows results of information transform and transformation itself within some information technology. The model of processed information in the form of the wood is constructed. Ways of protection of valuable information are investigated.
Keywords:
information security, valuable information, security of information as a result of transformationsDemidov R.A., Zegzhda P.D., Kalinin M.O.
Annotation:
The paper deals with the problem of cybersecurity threats analysis of control mechanisms in dynamic communication networks (VANET, FANET, MARINET, MANET, WSN). The authors formulate the initial task in the form of neural network-made approximation of the system function of cyberthreat. The neural network model parameters are optimized according to the criterion of likelihood maximization on the training dataset. A hybrid neural network based on recurrent and graph convolutional networks is proposed as an appropriate computational architecture.Keywords:
cybersecurity analysis, deep learning, distributed representations, hybrid neural network, routing threats, dynamic network, VANET, MANET, MARINET, MANET, WSNUsov E.S., Nikolsky A.V., Pavlenko E.Y., Zegzhda D.P.
Annotation:
The architecture of cloud storage with Intel SGX technology is proposed. This article presents an approach that allows to protect user data both on the cloud server from attacks from the provider, and on the client PC from various types of malicious software. The developed architecture supports group access to data for several users
Keywords:
Intel SGX, enclave, encryption, cloud computing, file hosting serviceZegzhda P.D., Ivanov D.V., Moskvin D.A., Kubrin G.S.
Annotation:
In the paper, the threats of cybersecurity for Vehicular Ad-hoc Networks (VANET) are studied. The developed classification of those threats is present.
Keywords:
Wireless self-organised networks; Vehicular ad hoc networks, VANET, self-similar graph; cybersecurity threats.Zegzhda P.D., Lavrova D.S., Shtyrkina A.A.
Annotation:
Authors propose to use multifractal analysis for anomaly detection in traffic of backbone networks. As security metrics, multifractal spectrum characteristics are used. The effectiveness of proposed approach is confirmed by experimental results on detecting denial-of-service attacksKeywords:
backbone networks, multifractal analysis, attack detection, multifractal spectrum, DoS attackShterenberg S. I., Poltavtseva M. A.
Annotation:
Modern distributed information networks protection from external and internal intruders continues to be relevant in connection with the development of data communication and processing technologies. The article describes the model of data processing in a distributed intrusion detection system (DIDS) and the method of using hidden agents to protect against an internal attacker. The distribution of data processing functions between the local DIDS agent and the general data processing node is given. The authors describe the method of hiding the presence of the agent from the user while maintaining its control by the operator.
Keywords:
distributed intrusion detection system, protection from internal intruder, hidden monitoring, big dataMironkin V.O, Chukhno A.B.
Annotation:
In this paper a generalization of the classical birthday problem for the case of several independent samples of arbitrary power is considered. Exact and asymptotic expressions describing the probability of the intersection of these samples are obtained.Keywords:
THE BIRTHDAY PROBLEM, ORDERED SAMPLE, COLLISIONZegzhda D.P, Moskvin D.A., Myasnikov A.V.
Annotation:
This article examines the architecture of modern systems of decentralized data storage and processing, the applicability of blockchain technology in these systems, the existing security threats in comparison with centralized systems and security methods that could eliminate these threats.
Keywords:
distributed systems, secure data storage, secure data processing, blockchainAleksandrova E.B., Shtyrkina A.A.
Annotation:
Elliptic curve isogeny-based directed signature is proposed. Only recipient whose public key was used to generate signature can verify this signature. Both signer and verifier control delegating the right of signature verification.Keywords:
isogeny-based cryptography, elliptic curves, directed signature, id-based cryptography, bilinear mapA.A.Sikarev, I.A. Sikarev, A.V.Garanin
Annotation:
Parallel complex signals synthesized from segments of harmonics of multiple frequencies that initial phase takes from binary set G0,π and that have same amplitudes are considered. New quasioptimal phase codes for peak-factor minimization obtained. Code type of frequency and time characteristics dependency two-dimensional auto- and cross-correlation functions of such signals was investigated.
Keywords:
phase codes, AIS, complex signalsI.E. Gorbachev, A.M. Suhov , M.A. Eremeev, S.I Smirnov
Annotation:
The article considers the system (complex) approach to the justification of design decisions on the creation of a proactive system of information security of critical information infrastructure. It is proposed that the appearance of the information security system at the stage of its system-aggregative (external) design methodology of the modern theory of the effectiveness of targeted processes.
Keywords:
information security system, proactivity, quality score, design solutions.Kalinin M.O., Lavrova D.S., Yarmak A.V.
Annotation:
The paper proposes a method for anomaly detection in the cyber-physical systems using multivariate timeset. The suggested method is based on the application of neural network for predicting timesetvalues and identifying deviations between the predicted value and current data obtained from sensors and actuators. The results of experiments are discussed, which testify to the effectiveness of the proposed solution.
Keywords:
information security, cyber-physical systems, neural network, multivariate timesetZegzhda D.P., Pavlenko E.Y.
Annotation:
The article describes security indicators specific to digital manufacturing. All the set of indicators is divided into three groups: safety indicators, sustainability indicators and indicators characterizing the ability of the digital manufacturing to homeostasis. Indicators allow to apply them for any type of digital manufacturing systems in order to detect security problems, control stability of their functioning and preserve the ability to self-repair.
Keywords:
digital manufacturing, cyber physical systems; security indicators; system sustainability; homeostasis; information security; self-similarityBusygin A.G, Konoplev A.S., Zegzhda D.P.
Annotation:
The paper analyses solutions of blockchain size problem and their usability for blockchain-like directed acyclic graph of blocks applied to data protection in highload systems. Authors present a method of graph size reduction via storing system state hash in block headers.Keywords:
Blockchain, directed acyclic graph, highload systems.Busygin A.G, Konoplev A.S., Zegzhda D.P.
Annotation:
The paper analyses protection methods against attacks on ad hoc networks in self-organizing cyber-physical systems. The issues of these methods are identified. Authors propose an adaptive management method for ad hoc network topology. The method is based on a blockchain-like directed acyclic graph which is applied to solve the identified issues.Keywords:
Cyber-physical systems, ad hoc networks, adaptive topology management, blockchain, directed acyclic graph.Zegzhda P.D., Ivanov D.V., Moskvin D.A., Ivanov A.A.
Annotation:
In the paper, the possibility of applying the theory of self-similar graphs for ensuring Vehicular Ad-hoc Networks (VANET) cybersecurity is considered. Developed for this purpose algorithms for self-similar graphs recognition are mentioned.
Keywords:
Wireless self-organised networks; Vehicular ad hoc networks, VANET, self-similar graph; self-similarity.Zegzhda P.D., Poltavtseva M.A., Pechenkin A.I., Lavrova D.S., Zaitseva E.A.
Annotation:
The article is concerned with the development of decision support systems based on the case-based reasoning (CBR) for the problems of information security. Source data can be described as heterogeneous semi-structured objects and formalized as property vectors. The approach to the CBR database building includes a two-level representation: the level of objects-cases and the level of structure cases. The authors consider a method of cases modeling for preparing a basic data set. Methods of heterogeneous semi-structured objects and second level cases similarity evaluation are offered. The authors present the described methods experimental testing and the architecture of the relevant decision support system.
Keywords:
smart security, case-based reasoning, heterogeneous semi-structured objects analysis, case modeling, decision support systems, penetration testingKamennay E.V., Putilova S.E., Shcherbinina I.A.
Annotation:
The client part of modern web applications is constantly becoming more difficult. At the same time, information mechanisms of protection in the client part have to be developed with considering to modern and out-of-date technologies, because it requires compatibility. The article considers modern approaches of protecting the client part of web applications and presents typical techniques for circumventing the limitations of this approach.
Keywords:
Web application security, http connection, security policiesKamennay E.V., Putilova S.E., Shcherbinina I.A.
Annotation:
The client part of modern web applications is constantly becoming more difficult. At the same time, information mechanisms of protection in the client part have to be developed with considering to modern and out-of-date technologies, because it requires compatibility. The article considers modern approaches of protecting the client part of web applications and presents typical techniques for circumventing the limitations of this approach.
Keywords:
Web application security, http connection, security policiesZegzhda P. D., Anisimov V. G., Anisimov E. G., Saurenko T.N. Suprun A. F.
Annotation:
Models and a method of support of decision-making on maintenance of information safety are developed. Modeling is based on the representation of the procedure for forming a solution in the form of a discrete optimization problem. The proposed models and methods are the basis for the creation of specific methodologies for the justification of management decisions on the organization of information protection in information-control systems.
Keywords:
information-control system, information protection, decision support, model, optimizationBelim S.V., Belim S.Yu.
Annotation:
In the article mandatory access control implementation in the distributed systems taking into account users hierarchy is considered. Access control is based on the keys preliminary distribution scheme, the similar KDP-scheme. The algorithm of subsets family creation considering users hierarchy is developed.
Keywords:
(Russian) мандатное разграничение доступа, предварительное распределение ключей, KDP-схема, иерархия пользователейV.P. Los, G.V. Ross, E.D. Tyshuk
Annotation:
The article gives an overview of the methods of using statistical methods for processing reference images in the formation of authentication when using a handwritten signature.
Keywords:
authentication, handwritten signature, statistical methods.Markin D. O.
Annotation:
The article contains the description of Location-based Mobile Device Security Model In Computer Networks With Different Secrecy. The Model is based on classic Bell-LaPadula model, mandatory and role-based access control models. It's offered to introduce new secure properties and definitions allowed to account objectively significant access conditions to secure services to provide information security. Proof of theorem is provided and based on new secure properties and definitions. Justification of model correctness is presented. The author describes also justification of the fact of the inability to make denied information flows from high level security object to lower security one.
Keywords:
mobile device, security model, computer network, networks with different security levels.Ovasapyan T.D., Moskvin D.A., Kalinin M.O.
St. Petersburg, Peter the Great St.Petersburg Polytechnic University
Annotation:
The article considers the security of Vehicular ad hoc networks (VANET) against malicious nodes. The authors of the article analyzed the features of VANETs. They also analyzed threats and identified actual cyber-attacks. The proposed approach aimed at providing protection using radial-basis neural networks that allows detecting malicious nodes on the basis of behavioral indicators.Keywords:
Vehicular ad hoc networks, VANET, Radial Basis Function Neural Network, RBFN, Ad hocV.V. Platonov, P.O. Semenov
Annotation:
Proposed the adaptive model of intrusion detection system for distributed compute network. The intrusion detection system is based on different data mining methods that allow analyzing a set of network traffic attributes and determining whether network interaction is normal or anomalous. The proposed model of an intrusion detection system makes it possible to protect a range of Internet of things devices.Keywords:
intrusion detection system, distributed computer network, data mining methods, Internet of things.M. Kalinin, V. Krundyshev, E. Rezedinova, D. Reshetov
Annotation:
The paper suggests an approach to building the hierarchical security control system for large scale dynamic communication networks (MANET, VANET, FANET, WSN, etc) using technologies of software-defined networks (SDN) and elastic supercomputing. The experimental results of efficiency evaluation obtained for the proposed approach are presented.
Keywords:
security control, dynamic networks, hierarchic architecture, software-defined network, supercomputer, elastic computing, adhoc, SDN, VANET.M. O. Kalinin, E. A. Zubkov
Peter the Great St.Petersburg Polytechnic University
Annotation:
The paper reviews a new technology for detecting the full range of attacks on dynamic routing in self-organizing adhoc networks (MANET, VANET/FANET/MARINET, IoT/IIoT, WSN, mesh networks, M2M networks, etc.). This technology develops the Watchdog method and the P-Secure method by implementing an ant swarm algorithm for building a safe route at the network in which all hosts act as swarm agents for analyzing security of neighboring hosts. An example is given of constructing a safe route in VANET using the proposed ant algorithm.
Keywords:
VANET, MANET, black hole attack, grey hole attack, worm hole attack, DoS attack, swarm intelligence, swarm algorithms, Watchdog, P-Secure, routing.E.B. Aleksandrova, E.N. Shkorkina
Annotation:
When executing cryptographic outsource computations, not only errors in server calculations are possible, but interaction with malicious computing server may also occur. The undeniable signature protocol adapted for elliptic curve points group is offered. The outsource algorithm of elliptic curve point multiplication is given.
Keywords:
lightweight cryptography, FANET, undeniable signature, outsourcing algorithm.Il'chenko L.M., Zajcev S.I., Bragina E.K., Egorov I. EH.
Annotation:
In the article features of creation of system of protection of the certifying center in the executive authority are considered. The main stages of the establishment of the certifying center are given, with an emphasis on the expected duration of each of the necessary activities. It also compares the information protection certified by the FSTEC of Russia and special cryptographic, on the basis of which an accredited certification center can operate.
Keywords:
Certification authority, electronic document management, information security, information security means, cryptographic means of information protection, state information system, information system processing personal data.Dali F.A., Mironkin V.O.
Annotation:
Two models of the tree modes of hash functions are introduced. For each model algorithms of computing of the hash code are formulated and their numerical characteristics are obtained. In terms of the constructed models we classify some existing algorithms for parallel hashing and identify some weaknesses of corresponding primitives.Keywords:
hash function, mode, tree, hashing, algorithm, complexity, absorbing phase, squeezing phase, collision, the second preimageV. S. Gorbatov, I. Y. Zhukov, O. N. Murashov
Annotation:
The paper describes a master-key generation protocol for fiscal signs exchange system. The key is used for generation of a fiscal sign key with authentication of fiscal creation and verification tools installed on a fiscal storage system in a cash register or on-line cash register and fiscal data operator or authorized authority. The protocol was developed in accordance with the Rosstandart recommendations and complies with the development and modernization principles for data protection encryption (cryptographic) means. The protocol was suggested as a national standard draft and is open for public discussion in accordance to the established procedure. The study is based on formulating certain security tasks identical to those used by potential intruders to compromise the protocol. This allows to account for structural features that will ensure further protocol compliance to the target security characteristics. It also guarantees subsequent justification of feature set sufficiency.
Keywords:
Fiscal sign, cash register, cryptographic protocol, evaluation of cryptographic properties, security propertiesA.A.Sikarev, I.A. Sikarev, A.V.Garanin
Annotation:
Interference margin of single incoherent reception algorithms optimal in monitoring and communication channels of automated information systems (AIS) with noises, concentrated interferences under the influence of fluctuation noise, concentrated interference and impulsive interferences is investigated. Expressions for error probabilities are obtained, examples of calculation are given.Keywords:
Interference margin, inland waterways, AIS, fluctuation noise, concentrated interferences, impulsive interferences.K.I. Salakhutdinova, I.S. Lebedev, I.E. Krivtsova, Sukhoparov M.E.
Annotation:
Peculiarities of using different assembler commands are discovered, their collective application to create the final grade of belonging to a certain program. Conclusions for the impact of coefficient (ratio) used in the formation of the unified signature on the identification results are presented.
Keywords:
information security, program identification, elf-files, assembler commandsDemidov R.A, PechenkinA.I., Zegzhda P.D., Kalinin M.O.
Annotation:
The paper deals with the problem of security analysis for software control mechanisms of the modern cyber-physical and industrial information systems, of distributed cyberspaces of VANET, FANET, MARINET, IIoT and WSN. There is proposed a representation of the security threat as the system’s property described by the complex function. As a part of this representation, security analysis method is described in the form of approximation of this function and calculation of its values for specific conditions. The paper considers different approaches to interpolation of this function, and it shows that the most promising option is the use of modern artificial neural networks, especially deep neural network.
Keywords:
security analysis, deep learning, distributed representations, artificial neural network, security threat, securityPavlenko E.Y., Lemets A.A.
Annotation:
This article describes the developed approach for obtaining information about social networks' users based on methods of data mining. The hierarchical model for classification of the received data is represented here. This model describes the information extracted from social networks and allows choosing which algorithms should be used for a particular class of information. It is proposed an iterative deep searching method, intellectual analysis and revealing information about account owner identity using the developed algorithms for social graph analysis. The feature of the algorithm is to cluster and further analyze user communities within social graph, identify users on different social networks, analyze text information. The results of testing the proposed method show high accuracy in determining information about owners of social network accounts.Keywords:
data mining; social networks; social graph; social mining; information security; social networks securityZegzhda D.P., Pavlenko E.Y.
Peter the Great St. Petersburg Polytechnic University
Annotation:
Proved the viability and efficiency of homeostatic approach implementation to achieving cyber-sustainability based on software defined networking technology. Using of this technology cyber-physical system of "Smart home" was simulated. Authors conducted a number of experiments in which system counteracted to various attacks. As part of the experiment, software-defined network applied three self-adaptation mechanisms that provide cyber-sustainability. Experiments have confirmed that the "Smart home" system, built on the basis of software-defined networks, has retained the stability of its functioning within the framework of destructive actions.Keywords:
software-defined network; situational management; homeostasis; sustainability; information security; self-similarity.Dakhnovich A.D., Moskvin D.A., Zegzhda D.P.
Saint Petersburg, Peter the Great St.Petersburg Polytechnic University
Annotation:
In the paper, specifics of ensuring cybersecurity and weaknesses of existing tools for information security in next-generation digital manufacturing networks are considered. To provide secure communication between digital manufacturing network segments new approach based on garlic routing principals is proposed.Keywords:
digital manufacturing, industrial control systems, information security, cybersecurity, cyber-physical systems, industrial internet of things, garlic routing, network segmentation