Quarterly journal published in SPbPU
and edited by prof. Dmitry Zegzhda
Peter the Great St. Petersburg Polytechnic University
Institute of computer sciences and technologies
information security of computer systems
Information Security Problems. Computer Systems
Published since 1999.
ISSN 2071-8217
  • 2024 year
  • 2023 year
  • 2022 year
  • 2021 year
    • №1 2021
      • INFORMATION SECURITY APPLICATION
        M. A. Poltavtseva
        DATA STRUCTURES FORMATION IN ACTIVE SECURITY MONITORING TASKS

        Annotation:

        The trend towards automation of security management processes, including in industrial cyber - physical systems (CPS), has led to a change in the role of information security monitoring from solving the problem of conformity assessment to ensuring timely awareness of security management methods – active monitoring. The work is devoted to the formation of requirements for the subsystem of data collection and processing of information security active monitoring. The author systematizes a number of CPS security management tasks, considers examples of methods for solving them, and identifies data structures that are in demand by these methods.

        Keywords:

        information security, security monitoring, security control, industrial cyber-physical systems, data preparation, data structuring, data engineering
        Pages 9-19
      • NETWORK AND TELECOMMUNICATION SECURITY
        Ageev S.A., Ageeva N.S., Karetnikov V.V., Privalov A.A., Sikarev I.
        ALGORITHM FOR RAPID DETECTION OF TRAFFIC ANOMALIES IN HIGH-SPEED CORPORATE MULTISERVICE COMMUNICATION NETWORKS

        Annotation:

        The article proposes an adaptive heuristic (behavioral) algorithm for detecting traffic anomalies in high-speed corporate multiservice communication networks, functioning in real time. The main results of his research are given. The relevance of this study is determined by the fact that the vast majority of information and network security management processes, as well as risk management processes for implementing their threats in high-speed enterprise multiservice communication networks need to be implemented in close to real-time. The approach proposed in the work is based on the concept of a conditional nonlinear Pareto - optimal filtration by V. S. Pugachev. The essence of this approach is that the traffic parameter is estimated in two stages - at the first stage, the forecast of parameter values is estimated, and at the second stage, with the following parameter observations, their values are corrected. In the proposed method and algorithm, traffic parameter values are predicted in a small sliding window, and adaptation is implemented on the basis of pseudo-gradient procedures, the parameters of which are adjusted using the Tacagi-Sugeno fuzzy inference method. A feature of the developed procedures for evaluating the characteristics of high-speed traffic of multi-service communication networks is that they allow taking into account the dynamics of changes in network traffic parameters. The proposed method and algorithm belong to the class of adaptive methods and algorithms with preliminary training. The average relative error of estimating the estimated traffic parameters does not exceed 10%, which is a sufficient value for the implementation of operational network management tasks. The procedure for detecting abnormal traffic behavior of a high-speed multiservice communication network in operation is implemented based on the Mamdani fuzzy logic output method, in which traffic parameter state intervals are determined based on the security policy received in the network. A study of the proposed method for detecting abnormal behavior of network traffic has shown its high efficiency.

        Keywords:

        pseudogradient algorithm, conditionally nonlinear Pareto - optimal filtering, fuzzy logical Takagi-Sugeno conclusion, fuzzy rule base, fuzzy knowledge base.
        Pages 20-30
        Kubrin G.S., Ivanov D.V.
        DYNAMIC PHISHING WEBSITE DATASET COLLECTION

        Annotation:

        The paper describes a list of deficiencies in the publicly available datasets of phishing websites. A method is proposed that mitigates those deficiencies. A prototype is described and the results which was successfully used to create a dataset of phishing site archives. Created dataset does not contain described deficiencies.

        Keywords:

        Phishing site detection, machine learning, website archiving.
        Pages 31-38
        M. O. Kalinin, V. M. Krundyshev
        ANALYSIS OF ULTRA-HIGH VOLUMES OF NETWORK TRAFFIC BASED ON QUANTUM MACHINE LEARNING

        Annotation:

        This paper presents a method for analyzing network traffic based on the use of quantum machine learning. A method for encoding network traffic in terms of a quantum computer has been developed. The results of experimental studies have shown the superiority of the proposed approach over traditional machine learning methods in detecting network attacks.

        Keywords:

        Network Traffic Analysis, Quantum Computer, Quantum Machine Learning, Qubit, Network Attacks, Intrusion Detection System.
        Pages 39-49
        I.I. Marshev, E.V. Zhukovskiy, E.B. Aleksandrova
        PROTECTION AGAINST COMPETITIVE ATTACKS ON MALICIOUS EXECUTABLE DETECTION METHODS USING MACHINE LEARNING ALGORITHMS

        Annotation:

        Strength of malware detection methods based on machine learning algorithms has been analyzed. Adversarial attack for given methods has been developed. The method of robustness improvement of vulnerability detection methods has been proposed.

        Keywords:

        malware detection, classification, machine learning, adversarial attack, neural network, static analysis.
        Pages 50-54
        V.S. Nefedov, A.A. Kriulin, M.A. Eremeev
        APPROACH TO DETECT MALISCOUS SERVERS ON ANONIMOUS NETWORK TOR BASED ON CLASTERIZATION METHODS

        Annotation:

        The article deals with the issues of ensuring the security of communications on the Internet, anonymous access to network resources. The problem situation is revealed, which consists in increasing the probability of deanonymization of users of the TOR network when using servers under a single administrative management in the same chain. An approach to identifying «hidden groups» of TOR anonymous network servers is proposed by analyzing the frequency of server characteristics and clustering them based on the similarity measure. The conducted research allowed us to identify ways to improve the software of the TOR anonymous network and improve the security of users.

        Keywords:

        information security, computer networks, anonymous communication, anonymous networks, TOR network, clustering.
        Pages 50-54
        Stepanov M. D, Pavlenko E. Y., Lavrova D. S.
        DETECTION OF NETWORK ATTACKS IN SOFTWARE-DEFINED NETWORKS USING THE ISOLATING FOREST ALGORITHM

        Annotation:

        This paper proposes an approach for detecting network attacks in software-defined networks. The specifics of such networks in terms of security are taken into account, and a modified isolating forest algorithm is taken as the basis for the developed approach. The results of experimental studies where the optimal parameters of the isolating forest algorithm and the extended algorithm of the isolating forest are chosen are presented. Based on the results of the studies, a conclusion is made about the effectiveness of the isolating forest for network attack detection in software-defined networks.

        Keywords:

        software-defined network, network attacks, isolation forest algorithm, extended isolation forest algorithm, software-defined network, networks attack detection
        Pages 62-78
        Zavadskii E.V., Ivanov D.V.
        COUNTERING INFORMATION THREATS USING HONEYPOT SYSTEMS BASED ON THE GRAPH OF POTENTIAL ATTACKS

        Annotation:

        In this paper, we propose a method for dynamic resource management of a Honeypot-system based on a graph of potential attacks to enable the deployment of a virtual network infrastructure of any scale, according to which a virtual network infrastructure in conditions of limited computing resources changes its configuration, adapting to the actions of an attacker.

        Keywords:

        Network infrastructure, hybrid honeypot-system, deception, potential attack graph
        Pages 79-85
      • APPLIED CRYPTOGRAPHY
        Shenets N. N, Petushkov A. S.
        NEW REGULAR SLIDING WINDOW ALGORITHMS FOR ELLIPTIC CURVE SCALAR POINT MULTIPLICATION

        Annotation:

        Simple side-channel attacks on the implementation of elliptic curve scalar point multiplication algorithms are considered. New regular sliding window algorithms for calculating multiple points are proposed. Their optimal parameters are evaluated. The efficiency of the proposed algorithms is investigated.

        Keywords:

        side-channel attack, elliptic curve scalar point multiplication, regular algorithm, sliding window algorithm.
        Pages 86-95
      • SPECIAL IT
        P. D. Zegzhda, V. G. Anisimov, E. G. Anisimov, T. N. Saurenko
        EFFICIENCY OF COMPUTER NETWORK FUNCTIONING IN THE CONDITIONS OF MALICIOUS INFORMATION INFLUENCES

        Annotation:

        The article proposes a model for predicting the dynamics of a generalized indicator of the efficiency of the functioning of a corporate computer network in conditions of harmful information influences. The model is based on the representation of its dynamics in the form of a function of the level of performance of the corporate network at each moment of time from the specified interval. In this case, the level of network operability is determined by the operability of its elements and is described by an appropriate system of differential equations that take into account harmful effects and the process of eliminating their consequences. For these equations, under some simplifying conditions, analytical solutions are constructed, which greatly facilitates the process of forecasting the dynamics of the generalized efficiency indicator under consideration.

        Keywords:

        corporate computer network, functioning, harmful information impacts, generalized efficiency indicator, dynamics, forecast, model.
        Pages 96-101
        Gryzunov V.V.
        CONCEPTUAL MODEL OF ADAPTIVE CONTROL OF GEOINFORMATION SYSTEM UNDER CONDITIONS OF DESTABILIZATION

        Annotation:

        A conceptual model of a geoinformation system operating under conditions of destabilization is proposed. Destabilizing factors are of a deterministic, stochastic and non-stochastic nature. The geographic information system is considered as a control object with a variable structure, the problem of adaptation to destabilization is formulated.

        Keywords:

        geographic information system, destabilizing factors, information security.
        Pages 102-108
      • INFORMATION SECURITY CYBER-PHYSIC SYSTEMS
        A. D. Fatin, E. Yu. Pavlenko
        USING THE NEAT-HYPERCUBE MECHANISM FOR CYBERATTACK DETECTION IN IoT

        Annotation:

        In this paper, we consider a method for detecting abnormal behavior in the operation of cyber-physical systems, the Internet of Things (IoT) and distributed control systems using the prediction and analysis of multidimensional time series using neuroevolutionary algorithms based on the development of the hypercube substrate. The method is based on identifying deviations between the current values of the state of the cyber-physical system and the predicted results. The results of studies of the described method are presented, demonstrating the correctness and accuracy of this approach.

        Keywords:

        information security, cyber-physical systems, IoT, Hypercube, NEAT, neuroevolution, multivariate timeset.
        Pages 109-116
        Vasileva K. V., Lavrova D.S.
        ANOMALY DETECTION IN CYBER-PHYSICAL SYSTEMS USING GRAPH NEURAL NETWORKS

        Annotation:

        The paper proposes the application of convolutional graph neural networks to detect anomalies in cyber-physical systems, developed a graph model reflecting the dynamics of changes in the state of devices, presented an algorithm for data preprocessing, which provides the formation of the graph based on the studied sample of telemetry values. The optimal parameters of the neural network were established experimentally, the applicability and effectiveness of the proposed model for detecting anomalies in cyber-physical systems were shown, and the ability of the model to detect and distinguish between classes of attacks was confirmed.

        Keywords:

        graph neural networks; cyber-physical system; anomaly detection; convolutional neural networks; information security; telemetric data analysis
        Pages 117-130
        A.D. Dakhnovich, D. A. Moskvin, D. P. Zegzhda
        Security through obscurity in Industrial Internet of Things

        Annotation:

        One of the major problems in the Industrial Internet of Things (IIoT) cybersecurity is to provide availability of operation processes, in the other words, “cyber sustainability”. The survey describes actual IIoT network-level cybersecurity issues that could be mitigated by appliance of “Security through obscurity” approach on the very edge of IIoT cybersecurity. In the end, authors try to evaluate cybersecurity of IIoT systems through an anonymity measure. Thus, availability and anonymity terms are tried to be connected.

        Keywords:

        Digital Manufacturing, Cybersecurity, Industry 4.0, Industrial Internet of Things, Critical Information Infrastructure
        Pages 131-137
    • № 2 2021
      • SECURE OPERATING SYSTEMS AND TRUSTED ENVIRONMENT
        Stasyev D.O. Dolgoprudny, Moscow Institute of Physics and Technology (National Research University)
        DEVELOPMENT AND JUSTIFICATION OF PROPOSALS FOR CENTRALIZED INTEGRITY CONTROL OF KVM-BASED VIRTUAL MACHINES COMPONENTS ON THE OPENSTACK PLATFORM

        Annotation:

        To mitigate the risks, it is necessary to create additional systems for monitoring the integrity of the OpenStack-based virtual infrastructure. The work examines the architecture of OpenStack, a study of the life cycle of a virtual machine is carried out to determine the OpenStack components (and their parts) for which it is necessary to ensure integrity control.

        Keywords:

        Virtualization, hypervisor, OpenStack, virtual machine, integrity, integrity control, components of virtual machines.
        Pages 9-20
      • NETWORK AND TELECOMMUNICATION SECURITY
        Ivanov M.I., Pavlenko E. Y.
        ANOMALY DETECTION IN CYBER-PHYSICAL SYSTEMS USING GRAPH NEURAL NETWORKS

        Annotation:

        This paper presents a security study of networks with dynamic topology. As a solution to the problem of attack detection, an approach to attack detection in networks with dynamic topology based on adaptive neuro-fuzzy inference system was developed. A software layout of the system that implements the proposed approach has been developed and its effectiveness has been evaluated using various metrics. Experimental results confirmed the validity and effectiveness of the developed approach for attack detection in networks with dynamic topology.

        Keywords:

        dynamic topology networks, attack detection, network security, machine learning, fuzzy logic, neural networks
        Pages 21-40
        Smirnov S. I., Eremeev M. A., Pribylov I. A.
        AN APPROACH TO DETECTING MALICIOUS ACTIONS OF AN ATTACKER BASED ON THE AUTOREGRESSION MODEL IN THE INVESTIGATION OF A CYBER INCIDENT

        Annotation:

        The article presents an approach to detecting malicious actions of an attacker based on the analysis of the Security.evtx event logs of the Windows operating system when investigating an information security incident. The authors experimentally tested the use of the autoregression model (the Change Finder algorithm), on the basis of which malicious activity of domain users in the corporate network was detected.

        Keywords:

        information security incident, APT attack, horizontal movement, Security log Security. evtx, Change Finder algorithm.
        Pages 41-47
        Kulikov D.A., Platonov V.V.
        ADVERSARIAL ATTACKS ON INTRUSION DETECTION SYSTEMS USING LSTM CLASSIFIER

        Annotation:

        This article discusses adversarial attacks on machine learning models and their classification. Methods for assessing the resistance of an LSTM classifier to adversarial attacks are investigated. JSMA and FGSM attacks, chosen due to the portability of adversarial examples between machine learning models, are discussed in detail. An attack of "poisoning" of the LSTM classifier is proposed. Methods of protection against the considered adversarial attacks are formulated.

        Keywords:

        adversarial attack, intrusion detection system, neural network, LSTM.
        Pages 48-56
        E.V. Zavadskii, D.V. Ivanov
        IMPLEMENTATION OF HONEYPOT SYSTEMS BASED ON A GRAPH OF POTENTIAL ATTACKS

        Annotation:

        In this paper, we propose an implementation of a Honeypot system that uses the method of dynamic resource management based on a graph of potential attacks to enable the deployment of a virtual network infrastructure of any scale, and compare its resource consumption with a traditional Honeypot system.

        Keywords:

        Network Infrastructure, Hybrid Honeypot-system, Potential Attack Graph
        Pages 57-64
        V.V. Danilov, V.A. Ovcharov
        SECURITY THREAT MODEL OF THE NETWORK DOMAIN NAME SERVICE WHEN IMPLEMENTING ATTACKING SCENARIOS

        Annotation:

        This paper substantiates a threat model for implementing attacking scenarios on the Domain Name System (DNS) network service, taking into account current vulnerabilities in order to develop measures to ensure information security of a controlled information and telecommunications network (ITCS), namely, timely response to computer information security incidents (IS). The data obtained allows us to more fully describe the profiles of network objects that use the DNS service to identify the states of the monitored infrastructure. The use of this model can expand the capabilities of tools for detecting and preventing intruder attack scenarios.

        Keywords:

        DNS server, DNS query, attacking scenarios, botnet, domain name resolution.
        Pages 65-73
        G. S. Kubrin, D. V. Ivanov
        DEVELOPMENT OF PHISHING SITE CLASSIFICATORS BASED ON DYNAMICALY UPDATED DATASET

        Annotation:

        The paper describes a method of phishing site classification development based on dynamically updated dataset. A prototype of a system for automating model development and modification is described. A classificatory developed using the proposed method is described.

        Keywords:

        phishing site detection, machine learning, web-page feature selection
        Pages 74-81
      • APPLIED CRYPTOGRAPHY
        E.B. Aleksandrova, E.N. Shkorkina, A.Yu. Oblogina
        AUTHENTICATION OF INTELLIGENT ELECTRONIC DEVICES IN IOT NETWORK WITH THE EDGE COMPUTING ARCHITECTURE

        Annotation:

        An authentication protocol for Internet of Things networks based on the edge computing architecture is proposed. The protocol makes it possible to reduce the computational load on resource-constrained devices, while ensuring high resistance to attacks along different vectors and an acceptable execution speed for such networks.

        Keywords:

        Internet of Things, authentication, edge computing, resource-constrained devices
        Pages 82-87
        Kustov V.N., Krasnov A.G.
        Descrete Chaotic Transformations of Hidden Messages to Disguise them as Noise in Steganography Problems

        Annotation:

        Abstract – The authors consider the problem of masking a hidden message in HUGO stegosystems under natural noise in the communication channel using discrete chaotic Arnold cat map and Baker map, which are iterative reversible discrete transformations in highly undetectable HUGO stegosystems. To estimate the level of chaotic state of a hidden message represented by a digital still image, the authors introduce the concept of the chaotic coefficient, which is a numerical indicator of the entropy of the probability of disordered pixels. The authors propose a method for determining the maximum value of the chaotic coefficient corresponding to the maximum chaotic state of the hidden image.

        Keywords:

        chaotic transformation, entropy, Arnold cat map, Baker map, HUGO stegosystem.
        Pages 89-96
      • SPECIAL IT
        Dichenko S.A.
        MULTI-DIMENSIONAL DATA INTEGRITY CONTROL MODEL

        Annotation:

        (Russian) Рассматриваются многомерные системы хранения данных, предназначенные для хранения больших объемов информации, функционирующие в условиях деструктивных воздействий. Представлена модель контроля целостности многомерных массивов данных на основе криптографической пирамиды Паскаля.

        Keywords:

        Multi-dimensional data storage systems designed for storing large amounts of information and functioning under destructive influences are considered. A model for controlling the integrity of multi-dimensional data arrays based on Pascal's cryptographic pyramid is presented.
        Pages 97-103
        Tatarnikova T.M., Bogdanov P.Yu., Kraeva E.V.
        PROTECTION AGAINST HID ATTACKS

        Annotation:

        The paper examines the relevance of HID attacks in order to gain access to protected information resources or take control over hardware and software and hardware as part of an automated workplace or peripheral equipment. Presented are devices for implementing devices for carrying out HID attacks in order to demonstrate their capabilities. Based on the results of considering the currently existing hardware and software implementations of HID devices, a comprehensive method proposed for ensuring the security of information systems and individual devices from the considered type of attacks.

        Keywords:

        Human Interface Device, Input-Output device emulation, information security, attack, malicious code
        Pages 104-108
        P. D. Zegzhda, D. P. Zegzhda, V. G. Anisimov, E. G. Anisimov, T. N. Saurenko
        MODEL FOR FORMING THE PROGRAM OF DEVELOPMENT OF THE INFORMATION SECURITY SYSTEM OF THE ORGANIZATION

        Annotation:

        The urgent need for the purposeful development of information security systems in the context of the intensive introduction of digital technologies in the economy and social sphere determines the relevance of improving the methodological apparatus for substantiating appropriate decisions in planning and managing this process. The purpose of this article is to develop a mathematical model and an algorithm for supporting decision-making in the formation of a program for the development of an organization's information security system. At the same time, a generalized structure of the model and an algorithm for solving the problem of forming the optimal version of the program are proposed. Minimization of financial costs is, used as an optimality criterion in the model. Uncertainty inherent in the development of information security systems is, taken into account by setting the intervals of possible costs during the implementation of projects included in the program. To solve the problem, an iterative algorithm is, proposed for the sequential formation of an appropriate version of the program.

        Keywords:

        information security system, optimization of the system development program, model, algorithm.
        Pages 109-117
      • SOFTWARE SECURITY
        R.A. Ognev, E.V. Zhukovskiy, D.P. Zegzhda
        DETECTION MALWARE BASED ON CLUSTERIZATION OF PERFORMED ACTIONS

        Annotation:

        The application of classification algorithms for detecting malicious software is investigated using classes of actions obtained as a result of clustering based on the analysis of sequences of calls to WinAPI-functions as features. The application of the following classification algorithms is considered: gradient boosting, adaptive boosting, linear regression, and the forest case. The quality assessment was carried out using the accuracy metrics, F1-measure, the area under the ROC curve, as well as taking into account the training time.

        Keywords:

        classification, clustering, malicious software, malicious behavior, machine learning, behavioral analysis, dynamic analysis, computer security
        Pages 118-126
      • INFORMATION SECURITY CYBER-PHYSIC SYSTEMS
        M. E. Sukhoparov I. S. Lebedev
        IOT DEVICES ANALYSIS USING ENSEMBLE OF NEURAL NETWORKS TRAINED ON UNBALANCED SAMPLE

        Annotation:

        An approach to identifying anomalous situations in network segments of the Internet of Things based on an ensemble of classifiers is considered. Classifying algorithms are tuned for different types of events and anomalies using training samples of different composition. The use of an ensemble of algorithms makes it possible to increase the accuracy of the results due to collective voting. The experiment performed using three neural networks identical in architecture is described. The results of the assessment were obtained both for each classifier separately and with the use of an ensemble.

        Keywords:

        Ensemble of classifiers, anomaly detection, parasitic traffic, information security.
        Pages 127-134
        T. D. Ovasapyan, V. A. Nikulkin, D. A. Moskvin
        APPLICATION OF HONEYPOT TECHNOLOGY WITH ADAPTIVE BEHAVIOR FOR IOT NETWORKS

        Annotation:

        The article discusses the application of Honeypot technology with adaptive behavior for tracking and analyzing attacks on the Internet of Things networks. The analysis of existing adaptive systems is carried out and the optimal one for building a honeypot is determined. It is proposed to use the Markov decision process as a mathematical apparatus for the adaptive Honeypot system. The resulting honeypot can be used to track XMPP and SSH attacks.

        Keywords:

        Honeypot, Internet of things, adaptive behavior, Markov decision process (MDP)
        Pages 135-144
        Shtyrkina A.A.
        CYBERPHYSICAL SYSTEMS SUSTAINABILITY BASED ON GRAPH THEORY

        Annotation:

        The paper explores an approach to ensuring the sustainability of cyber-physical systems (CPS) based on graph theory. The existing approaches of ensuring the security of CPS are considered. To formalize the problem it is proposed to model the behavior of CPS based on graph theory. Representation of CPS as a graph allows to take into account the structural characteristics of the system under study that change as a result of attacking influences, as well as to produce compensating actions aimed at maintaining the sustainability of functioning.

        Keywords:

        sustainability of functioning; cyber-sustainability; cyber-physical system; information security; graph theory
        Pages 145-150
    • №3 2021
      • NETWORK AND TELECOMMUNICATION SECURITY
        O. A. Izotova, D. S. Lavrova
        FAKE POSTS DETECTION USING GRAPH NEURAL NETWORKS

        Annotation:

        The paper is devoted to the study of graph neural networks as a separate field and the possibility of their application to solve such an urgent cybersecurity problem as the detection of fake posts. The implementation of a proprietary graph neural network model capable of detecting fake posts is presented, and the results of experimental studies demonstrating the effectiveness of using graph neural networks to solve the problem are presented.

        Keywords:

        Information Security, Graph Neural Networks, Fake Posts, Graph Model
        Pages 34-43
      • SOFTWARE SECURITY
        R. A. Abitov, E. Yu. Pavlenko Peter the Great Saint Petersburg Polytechnic University
        IDENTIFICATION OF VULNERABILITIES IN SOFTWARE FOR ARM PROCESSORS USING SYMBOLOGICAL EXECUTION

        Annotation:

        This paper discusses the prospects for using symbolic execution as a basis for identifying vulnerabilities in ARM processors software. An analysis of the shortcomings of the existing methods of binary analysis in comparison with the considered method is given. A method for identifying potentially vulnerable functions or procedures in software for ARM processors is proposed. A method is proposed for checking the reachability of the found potential vulnerabilities, taking into account a large number of conditional jumps, logical branches and input data streams embedded in the software. A method for checking the exploitation of found vulnerabilities based on the analysis of registers and their contents is proposed.

        Keywords:

        Software Cybersecurity, Binary Analysis, Symbolic Execution, Symbolic Modeling, Symbolic Computation, Vulnerability Search Methods.
        Pages 9-15
        A. V. Kozachok, V. I. Kozachok, A. A. Spirin Russian Federation Security Guard Service Federal Academy
        ENCRYPTED FILES DETECTION ALGORITHM

        Annotation:

        Since 2010 there is an increase in leaks of confidential information due to the fault of an internal violator, despite the availability of a wide range of means for detecting and preventing information leaks. One of the possible channels leakage is transmission of information in encrypted form, since existing leak detection tools use signature methods of data classification. The article presents an algorithm for detecting encrypted data based on a statistical model of pseudorandom sequences. The proposed algorithm allows classifying encrypted and compressed data with an accuracy of 0.97.

        Keywords:

        Data Analysis, Classification of Encrypted and Compressed Data, Machine Learning, Binary Data Analysis, Pseudorandom Sequences
        Pages 16-26
        A. A. Kriulin, M. A. Eremeev, V. S. Nefedov Russian Technological University — MIREA
        MALWARE DETECTION APPROACH BASED ON THE DETECTION OF ABNORMAL NETWORK TRAFFIC USING MACHINE LEARNING ALGORITHMS

        Annotation:

        The article considers a possibility of using machine learning technologies to detect network connections of malicious programs based on the detection of anomalies. The classification of network connections of malicious software is carried out based on statistical signs during data transmission that occur at the transport and network levels of the OSI model. It is proposed to use machine learning technologies to assess the probability of detecting malware based on their network activity.

        Keywords:

        Machine Learning Algorithms, Malware, Intrusion Detection Tools, Network Activity.
        Pages 27-33
      • APPLIED CRYPTOGRAPHY
        V. N. Kustov, A. G. Krasnov Saint Petersburg State University of Railway Transport of the Emperor Alexander I
        NOISE-TOLERANT CODING AND HIGHLY UNDETECTABLE STEGOSYSTEMS — IS THE ALLIANCE SUCCESSFUL?

        Annotation:

        The article deals with the problem of masking hidden messages under natural noise in highly undetectable stegosystems ±1HUGO and ⊕HUGO. To ensure high resistance of stegosystems to hacking, a preliminary discrete chaotic transformation of the hidden message is performed according to the Arnold’s cat algorithm. Further, in their research, the authors effectively apply noise-resistant coding for the covering object and stego using a self-orthogonal noise-resistant code. To model the data transmission channel, the model of a binary synchronous communication channel with interference is used. The article also presents the results of simulation modeling, confirming the high resistance of the proposed stegosystems to hacking.

        Keywords:

        ±1HUGO, ⊕HUGO, Self-orthogonal Noise-tolerant Code, Self-orthogonal Code Encoder, Multi-threshold Decoder, Arnold’s cat transform.
        Pages 44-54
        I. R. Fedorov, A. V. Pimenov, G. A. Panin, S. V. Bezzateev ITMO University Saint Petersburg State University of aerospace instrumentation
        BLOCKCHAIN IN5G NETWORKS: PERFOMANCE COMPARISON OF PRIVATE AND PUBLIC BLOCKCHAIN

        Annotation:

        Blockchain provides a set of possibilities to improve security, privacy and service quality in 5G mobile networks. In spite of all advantages, blockchain technology has disadvantages such as low throughput and transactions’ high latency. This paper describes an experiment within which two popular blockchain (private and public) are compared. The main aim of experiment is to verify that private blockchain is available for usage in mobile networks and solve these challenges.

        Keywords:

        Blockchain, 5G Mobile Networks, Private Blockchain, Public Blockchain, BLOCKBENCH, Hyperledger Fabric, Ethereum, Geth.
        Pages 55-62
      • CRITICAL INFORMATION INFRASTRUCTURE SECURITY
        A. A. Grusho, N. A. Grusho, M. I. Zabezhailo, E. E. Timonina
        USING CONTRADICTIONS IN DATA TO SEARCH IMPLICIT FAILURES IN COMPUTER SYSTEMS

        Annotation:

        This paper discusses the problem of detecting implicit failures in distributed information systems. If the hardware or software does not provide enough data to detect a failure, then the system administrator or information security officer has to check each element of the computer system associated with the task. In this work, reducing the search for implicit failures (anomalies) is associated with construction of the hierarchical method for representing knowledge about the system. It is proposed to model information technology in the form of directed acyclic graphs. The concept of contradiction is defined, which is used to find the causes of failures and anomalies. A failure or anomaly in the implementation of the transformation is defined as a contradiction between the input and output data. The paper proposes the approximate method for solving contradiction search problems, based on the assumption that data have probabilistic origin and extraordinary data are unlikely. If the calculation results in a contradiction, then the anomaly occurred in the block under consideration and, using the detailing operation, it is possible to specify the localization of the anomaly inside the block.

        Keywords:

        Information Security, Root Cause and Anomaly Localization, Causal Relationships, Contradictions in Data
        Pages 63-71
        M. V. Pakhomov Moscow Institute of Physics and Technology
        RESEARCH OF UEFI BIOS MECHANISMS FOR ACCESS TO MOTHERBOARD SENSORS FROM THE OPERATING SYSTEM ON THE PLATFORM OF MASS CHIPSETS ON THE EXAMPLE OF TEMPERATURE AND VOLTAGE SENSORS

        Annotation:

        Capturing measurements from motherboard sensors is possible in a variety of environments, but it carries the risk of compromising such data. The safest way to access sensors is to directly access them using UEFI BIOS technologies, bypassing the operating system (OS). This paper examines the mechanisms for accessing motherboard sensors, as well as ways of transferring this information to the OS.

        Keywords:

        UEFI, BIOS, Motherboard Sensors, Temperature Sensors, Voltage Sensors, Mass Chipsets.
        Pages 72-82
        M. V. Gofman Emperor Alexander I St. Petersburg State Transport University
        NOISPROOF DIGITIAL AUDIO WATERMARKING IN MIMO AUDIO STEGOSYSTEMS

        Annotation:

        The article presents methods of noiseproof combined digital audio watermarking, considering the peculiarities of audio stegosystems using channels with multiple (spatial) input and multiple (spatial) output. Such audio stegosystems include several acoustic speakers (transmitters) and several microphones (receivers), which makes it possible to embed a watermark in the parameters of digital audio signals in the spatial, frequency and time domains. The methods for creating, embedding, and extracting a combined watermark developed in the article are aimed at ensuring a high degree of noiseproof when transmitting a watermarked audio signal through an airborne audio channel at low embedding forces. The method of creating and embedding the combined watermark is based on the transformation of identifying digital information using a synthesized steganographic key into a special sequence and subsequent space-time-frequency coding of the digital audio signal parameters by it. The main attention is paid to the development of a method for detecting and extracting an information bit (extracting) a combined watermark by an authorized receiver in an audio signal transmitted over an airborne audio channel with noise. In this case, it is assumed that the authorized receiver does not know the parameters of the digital audio signal that have been watermarked (blind reception). In the proposed method for extracting a watermark, the decision on its detection is made according to the threshold principle based on the estimation of the peak factor of the kurtosis of the target random variable.

        Keywords:

        Audio Stegosystem, MIMO, Channel with Multiple Input and Multiple Output, Watermarking, Digital Audio Signal, Combined Watermark, Airborne Audio Channel, Noiseproof.
        Pages 83-95
        A. D. Kirov Plekhanov Russian University of Economics
        DEVELOPMENT OF A METRIC MODEL OF INFORMATION EVENTS IN THE INFORMATION SECURITY MANAGEMENT SYSTEM OF ECONOMIC ACTIVITIES

        Annotation:

        The article is devoted to the problem of developing a model of information events metrics in the information security management system (ISMS) of economic entities (EDMS). Based on the analysis of the organization of information security (IS) monitoring in the EDMS and the implementation of IS monitoring processes in the ISMS EDMS, in order to increase the efficiency of ensuring the IS EDMS, measurable indicators (metrics) of information events, as well as tools designed to measure these metrics, are proposed. A model of metrics of information events in the ISMS EDMS is developed, presented in the form of a tree of incident metrics.

        Keywords:

        Information Security, Management System, Information Events, Incident, Model, Metric
        Pages 96-107
      • CYBER-PHYSIC SYSTEMS SECURITY
        T. M. Tatarnikova, I. A. Sikarev, P. Yu. Bogdanov, T. V. Timochkina Sankt-St. Petersburg State Electrotechnical University “LETI” Sankt-St. Petersburg State University of Aerospace Instrumentation Russian State Hydrometeorological University
        AN APPROACH TO DETECTING BOTNET ATTACKS IN THE INTERNET OF THINGS NETWORKS

        Annotation:

        An approach to detecting network attacks based on deep learning methods — autoencoders is proposed. It is shown that training examples can be obtained when connecting IoT devices to the network, as long as the traffic does not carry malicious code. Statistical values and functions extracted from traffic are proposed, on which patterns of behavior of IoT devices are built.

        Keywords:

        Internet of Things, Network Attack, Attack Detection System, Autoencoder, Principal Component Method, Unsupervised Learning.
        Pages 108-117
        M. A. Poltavtseva, A. N. Kharitonova Peter the Great Saint Petersburg Polytechnic University
        MEDICAL CYBER-PHYSICAL SYSTEMS ATTACK SYSTEMATIZATION

        Annotation:

        The computerization of medicine opens up wide opportunities not only for providing assistance, but also for intruders. The violation of digital control of medical devices can lead not only to data leakage, but also to a threat to human health and life. The diversity and specificity of medical cyber-physical devices makes it difficult to protect them and consider the threat landscape. The purpose of this work is to systematize attacks on medical systems. The authors highlight the features of medical cyber-physical systems (MCPS), consider a set of typical attacks. The authors have identified both common attacks for various CPS, and specialized attacks aimed at medical devices and systems. The paper analyzes the existing systematization as well. The authors present a developed new systematization of attacks on a wide range of features, which is distinguished by the completeness and highlighting of all important attack aspects from the point of view of the medical field.

        Keywords:

        Information security, Cyber-physical Systems, Medical Systems, Security Threats, Attacks, Systematization of Attacks, Medical IoTH
        Pages 118-129
        M. E. Sukhoparov, I. S. Lebedev St. Petersburg Federal Research Center of the Russian Academy of Sciences (SPC RAS)
        SEGMENTING DATA SAMPLES FOR INTERNET OF THINGS DEVICES SECURITY STATE ANALYSIS

        Annotation:

        The technique of segmenting data samples in order to improve indicators of the classifying algorithms quality is considered. It takes into account the factors that influence the change in the ranges of values of the target variables. Identifying impacts on current and anticipated situations allows for the segmentation of data samples. As a result, the ranges of the studied variables and outliers are reduced, and noisy data is removed. An experiment performed using a split sample is described. The results of the assessment were obtained for each classifier on the general sample and on the segments.

        Keywords:

        Segmentation of data samples, Detection of anomalies, Parasitic traffic, Information security
        Pages 130-136
        A. D. Fatin, E. Yu. Pavlenko
        APPROACHES TO BUILDING SITUATIONAL CONTROL SYSTEMS FOR CYBERPHYSICAL SYSTEMS OVERVIEW

        Annotation:

        This paper provides a detailed overview of methods and tools for building situational management systems in the field of cyber-physical systems security. Recommendations are given for the construction of finite systems in relation to their areas of application and existing solutions in this area. The purpose of this study is to systematize, summarize, analyze and supplement the existing experience in the field of describing and solving problems of information security of cyber-physical systems; to draw up a general information basis for the subsequent implementation of your own system of situational management of the cyber-physical system.

        Keywords:

        Information Security, Cyber-Physical Systems, Situational Control, Descriptor Models, RX Codes, Syntagmatic Chains, Graph.
        Pages 137-144
        M. A. Poltavtseva, T. M. Andreeva Peter the Great Saint Petersburg Polytechnic University
        METHODS OF TIME SERIES MULTIDIMENSIONAL AGGREGATION OF STREAMING DATA IN THE CYBER-PHYSICAL SYSTEMS SECURITY MONITORING

        Annotation:

        This work is devoted to the research and development of data aggregation methods in order to increase the performance of detecting attacks in cyber-physical systems (CPS). A special feature of the work is the aggregation of data presented in the form of time series with different periods for methods of prediction and intrusion detection. The article contains requirements for CPS data aggregation, research of new methods of hierarchical and multidimensional aggregation of stream data. The authors propose methods for multi-dimensional data aggregation based on trees and directed graphs and conduct their comparative analysis. For experimental evaluation, the authors developed a prototype of a data aggregation system with hierarchical and multidimensional aggregation systems. The paper contains an assessment of the developed prototype performance and the amount of memory required for each proposed method. The authors propose the application of the developed solutions, indicating the characteristics of the target systems.

        Keywords:

        Cyber Physical Systems (CPS), Multidimensional Aggregation, Data aggregation, Graph theory, Queue tree
        Pages 145-156
    • №4 2021
      • SOFTWARE SECURITY
        Ognev R.A., Zhukovsky E.V., Zegzhda D.P., Kiselev A.N. Peter the Great St.Petersburg Polytechnic University A.F. Mozhaysky Military-Space Academy Russia, St.Petersburg
        IDENTIFICATION OF MALICIOUS EXECUTABLE FILES BASED ON STATIC-DYNAMIC ANALYSIS USING MACHINE LEARNING

        Annotation:

        (Russian) В современных операционных системах для решения различных задач используются исполняемые файлы, которые в свою очередь могут быть как легитимными – выполнять только необходимые действия, так и вредоносными, основной целью которых является выполнение деструктивных действий по отношению к системе. Таким образом, вредоносное программное обеспечение (ВПО) – программа, используемая для осуществления несанкционированного доступа к информации и (или) воздействия на информацию или ресурсы автоматизированной информационной системы. В рамках данной работы решается задача определения типов исполняемых файлов и выявления ВПО.

        Keywords:

        Security systems, detection of malicious software, static-dynamic analysis, parameter feature selection
        Pages 9-25
        Zubkov E.A., Zhukovsky E.V. Peter the Great St.Petersburg Polytechnic University Russia, St.Petersburg
        RESEARCH OF INFORMATION SECURITY PROBLEMS OF HETEROGENEOUS CORPORATE COMPUTER NETWORKS

        Annotation:

        The structure, the functioning principle and the main characteristics of a corporate computer network were investigated. There was analysis of the information security threats which can be used to this type of network, taking into the client-server model of data transmission over communication channels. Finally, there was a comparative analysis of information security audit methods, as well as means of implementing the audit process.

        Keywords:

        Audit, information security, information technologies, corporate computer network, Brutespray, Metasploit, Nmap, OpenVAS.
        Pages 26-38
      • NETWORK AND TELECOMMUNICATION SECURITY
        Lavrova D.S., Strukova N.E Peter the Great St.Petersburg Polytechnic University Russia, St.Petersburg
        PREDICTING NETWORK ATTACKS ON IOT SYSTEMS USING REGRESSION ANALYSIS

        Annotation:

        The aim of the study is to improve the accuracy of IoT network attack detection by applying feature selection methods based on regression models. An analysis of the security problems of IoT systems is presented. The architecture of an intrusion detection system using the considered methods is developed. A software layout that implements the proposed architecture is developed and its effectiveness is evaluated.

        Keywords:

        Internet of Things, intrusion detection system, network attack detection, prediction, significance assessment, feature selection.
        Pages 39-50
      • APPLIED CRYPTOGRAPHY
        Karachanskaya E.V., Romanov A. K. Far Eastern State Transport University Pacific National University Russia, Khabarovsk
        DEVELOPMENT OF A DATA HASHING METHOD BASED ON CELLULAR AUTOMATION AND ITS ADVANTAGES

        Annotation:

        The purpose of this article is to present a method for depersonalizing personal data based on the use of cellular automata. This method is the construction of a hash function with a secret key that performs transformations on a two-dimensional matrix in accordance with the transition rules for two-dimensional cellular automata. A new kind of transition rules for two-dimensional cellular automata related to the Moore neighborhood and the state of the cell is proposed. Additionally, these rules are based on the initial state of the matrix, which avoids the existence of insignificant bits that can lead to collisions. The proposed hashing method can be classified as universal. A computer program "HFCA-2D" is presented, designed not only to automate the process of hashing data using cellular automata, but also containing tools for testing hashing algorithms for speed and the presence of collisions when processing various types and amounts of data, in comparison with SHA algorithms. 256 and SHA-512. The test results showed that the developed data hashing method provides a high level of security and privacy protection.

        Keywords:

        Hashing method, hash function, cellular automaton, pseudonymisation and anonymization of data.
        Pages 51-60
        Shenets N. N. Peter the Great St.Petersburg Polytechnic University Russia, St.Petersburg
        AUTHENTICATION AND KEY ESTABLISHMENT IN WSN BASED ON KEY PRE-DISTRIBUTION

        Annotation:

        In this work a new authentication and key establishment method in WSN is presented. It is based on the modification of Blundo et. al. key distribution protocol.

        Keywords:

        Authentication and Key Establishment Protocol, Wireless Sensor Network, Key Pre-Distribution.
        Pages 61-71
        Shakurskiy M.V. Samara State Technical University (SamGTU), Povolzhskiy State University of Telecommunications and Informatics Russia, Samara
        TWO-COMPONENT REAL-TIME STEANOGRAPHIC SYSTEM OF INFORMATION EMBEDDING IN THE LEAST SIGNIFICANT BITS OF AUDIO SIGNAL

        Annotation:

        The paper discusses steganographic system of embedding two-component container in audio signal in real time. Steganographic system based on two-component container using samples of cover audio object as a source of first steganographic component. This allows obtaining new properties of a steganographic system.

        Keywords:

        Two-Component Steganographic System, Invariance to Masking Signal, Ste-ganographic Container, Key Coefficient.
        Pages 72-78
      • CRITICAL INFORMATION INFRASTRUCTURE SECURITY
        Gryzunov V.V., Kornienko A.A., Glukharev M.L., Kryukov A.S. Emperor Alexander I St. Petersburg State Transport University Russia, St.Petersburg
        SELECTION OF TRUST MODELS WHEN INTEGRATING DISTRIBUTED INFORMATION SYSTEMS OF CRITICAL APPLICATION

        Annotation:

        Distributed information systems of critical application are integrated with each other, which means that it is necessary to manage the distribution of trust. The article analyzes the features of trust models based on the use of electronic signatures for their applicability in information systems of critical application. The necessary conditions for the existence of a public key infrastructure are formulated and proven. Examples of threats to necessary conditions are given, trust models are selected that are suitable for the integration of information systems of critical application.

        Keywords:

        Information Systems of Critical Application, Information Security, Public Key Infrastructure.
        Pages 79-90
      • CYBER-PHYSIC SYSTEMS SECURITY
        Lavrova D.S. , Pavlenko E.Y., Vasileva K. V. Peter the Great St.Petersburg Polytechnic University Russia, St.Petersburg
        DEVELOPMENT OF A MECHANISM TO CONTROL MESSAGE INTEGRITY ON THE LOCAL NETWORK OF VEHICLES

        Annotation:

        The work focuses on creating a message integrity control method with the ability to authenticate the source of control flow data in a local vehicular network. The implementation of the integrity control mechanism is based on a role-based security model that governs the allocation of subject rights to use authentication modules, and a data authentication scheme that prevents replay and impersonation attacks.

        Keywords:

        Vehicles, Integrity Control, Role Model, Transport Technology Cyber Security.
        Pages 91-100
        Zegzhda D. P., Pavlenko E. Y. Peter the Great St.Petersburg Polytechnic University Russia, St.Petersburg
        ARTIFICIAL IMMUNIZATION IN CYBERSECURITY DUTIES

        Annotation:

        This article proposes an immune-like approach to information security of modern complex systems. This approach is based on the use of immune-like methods to protect critical system nodes from a predetermined set of attacks, and to minimize the success of an attack on the system. The methodological approach is to systematize immunization tasks, tools, and modes to describe how modern systems can resist the proliferation of computer attacks. The main conclusions and recommendations are that using the immunization approach will not only improve the security of systems, but also define principles for building systems that are resistant to cyber attacks.

        Keywords:

        Cybersecurity, Immunisation, Targeted Immunisation, Cyberthreat, Honeypot.
        Pages 101-111
        A.I. Sergadeeva, D.S. Lavrova Peter the Great St.Petersburg Polytechnic University Russia, St.Petersburg
        BANKING FRAUD DETECTION USING GRAPH NEURAL NETWORKS

        Annotation:

        This paper proposes the application of graph neural networks to detect bank fraud. Financial transactions are represented in the form of a graph, and the use of graph neural networks allows the detection of transactions characteristic of fraudulent schemes. Experimental results demonstrate the promise of the proposed approach.

        Keywords:

        Graph Neural Networks, Bank Fraud, Anomaly Detection, Convolutional Neural Networks, Information Security, Financial Data Analysis.
        Pages 112-122
      • RESEARCH, MONITORING AND OPTIMIZATION OF AUTOMATED TECHNOLOGICAL PROCESSES AND PRODUCTIONS CONTROL SYSTEMS
        Shmeleva A.S., Suloeva S.B., Rostova O.V. Peter the Great St.Petersburg Polytechnic University Russia, St.Petersburg
        USE OF AGILE MANAGEMENT TOOLS IN PROJECTS OF INFORMATION SECURITY SYSTEMS IMPLEMENTATION

        Annotation:

        The article discusses the features of project management for the implementation of information security systems, as well as the feasibility of using agile management tools in such projects, in particular, the cyclic implementation model. The requirements for the implemented information security system are developed and justified, specifically: requirements for the organization of the network infrastructure, requirements for the configuration of information infrastructure components, requirements for the documentation being developed, technological and technical-economic requirements. The process of information security system implementation management is described: processes of content, terms, risks and human resources management of the project.

        Keywords:

        Project management, information security systems, agile management tools, cyclic implementation model, risk management.
        Pages 123-136
      • BIG DATA PROCESSING SECURITY
        Grusho A.A., Grusho N.A., Zabezhailo M.I., Timonina E.E. Federal Research Center “Informatics and Control” of the Russian Academy of Sciences Russia, Moscow
        THE PROBLEMS OF TRUST ASSESSMENT IN BIG DATA ANALYSIS

        Annotation:

        The paper examines the problem of evaluation of trust to the results of complex computer analysis of data. The approach of constructing empirical dependencies based on similarity of precedents in the training sample, which has already become classical, is used. The trust approximation is based on simulating training data by random sampling from an unknown distribution. This approach implements approximate causal analysis and have advantages and disadvantages.

        Keywords:

        Information Security, Artificial Intelligence, Causal Relationships, Contradictions in Data.
        Pages 137-143
        Poltavtseva M.A., Torgov V.A. Peter the Great St.Petersburg Polytechnic University Russia, St.Petersburg
        DISTRIBUTED LEDGER TECHNOLOGIES APPLICATION TO AUDIT AND INVESTIGATE INCIDENTS IN BIG DATA PROCESSING SYSTEMS

        Annotation:

        The paper considers the problem of providing auditing of granular transformations in heterogeneous Big Data processing systems. The use of distributed ledger technologies for tracking data fragment transformations is proposed. The authors make a comparison of technologies applicable to solve this problem, provide an analytical and experimental evaluation, recommendations for the application of the study results. In contrast to other similar works, the authors consider the application of various distributed ledger technologies and include the multiplatform requirement for the framework. The proposed framework is universal and can be used in heterogeneous multiplatform big data processing systems.

        Keywords:

        Information security, Big Data, audit, incident investigation, Blockchain, distributed ledger.
        Pages 144-156
  • 2020 year
  • 2019 year
  • 2018 year
  • 2017 year
  • 2016 year
  • 2015 year
  • 2014 year
  • 2013 year
  • 2012 year
  • 2011 year
  • 2010 year
  • 2009 year
  • 2008 year
  • 2007 year
  • 2006 year
  • 2005 year
  • 2004 year
  • 2003 year
  • 2002 year
  • 2001 year
  • 2000 year
  • 1999 year