Quarterly journal published in SPbPU
and edited by prof. Dmitry Zegzhda
Peter the Great St. Petersburg Polytechnic University
Institute of computer sciences and technologies
information security of computer systems
Information Security Problems. Computer Systems
Published since 1999.
ISSN 2071-8217
  • 2024 year
    • № 1 2024
      • INFORMATION SECURITY APPLICATION
        D. E. Vilkhovsky Dostoevsky Omsk State University
        STEGANALYTICAL MODULЕ FOR INSERT DETECTION IN LOW STEGO-PAYLOAD IMAGES

        Annotation:

        The paper describes a business-logic and results of the stegoanalysis software, a stegoanalytical module based on the algorithms developed by the author for image steganalysis, which enables to detect embeddings even with low stego-payload (10–25 % of the total). The solution is aimed at improving the enterprise information security by detecting media files (images) containing embeddings and preventing unauthorized transfer of such files or viewing and extracting the received hidden message as well as preventing the installation of malware, the module of which is embedded in the image with the steganography. The software package works with embeddings by the Koch – Zhao method and LSB-replacement methods.

        Keywords:

        steganalysis, steganographic analysis, stegocontainer analysis, LSB-insert detection, DCT-insert detection, Koch – Zhao method
        Pages 9–17
        A. Yu. Garkushev, A. V. Lipis, I. L. Karpova, A. A. Shalkovskaya, A. F. Suprun Petersburg State Marine Technical University, Lomonosov Moscow State University, Peter the Great St. Petersburg Polytechnic University
        ASSESSMENT OF THE COMPETENCE OF THE INTELLIGENT INFORMATION SECURITY MANAGEMENT SYSTEM

        Annotation:

        The article is devoted to the development of tools for evaluating intelligent information security management systems in enterprises. The proposed methodology is based on a combination of entropy approaches to assessing the quality of information and a priori assessment of competence in terms of balancing the efficiency and validity of decisions made. The proposed mathematical model can be used for a priori evaluation of information security decision support systems.

        Keywords:

        competence, validity, intelligent system, communication, an aggregated model
        Pages 18–27
        D. A. Moskvin, E. M. Orel, A. A. Lyashenko Peter the Great St. Petersburg Polytechnic University
        PRESENTATION OF GRAPH-BASED MODEL FOR USE IN AUTOMATED SECURITY ANALYSIS SYSTEMS

        Annotation:

        This paper presents a mathematical graph-based model for use in automated security analysis systems. The model allows to link information about the system obtained by a specialist in the process of security analysis with a set of attack scenarios in which it may be involved. Executing each scenario results in new portion of data, that describes some system component and contributes to the expansion of the attack graph.

        Keywords:

        attack graph, graph-based model, security analysis, attack scenarios, heterogenic systems, security assessment, penetration testing
        Pages 28–35
      • NETWORK AND TELECOMMUNICATION SECURITY
        E. Yu. Pavlenko Peter the Great St. Petersburg Polytechnic University
        CYBER RESILIENCE OF SELF-ORGANIZING CYBER-PHYSICAL SYSTEMS

        Annotation:

        Security criteria for self-organizing cyber-physical systems are proposed, taking into account their specificity, which consists in the need to ensure correct functioning, even under conditions of destructive information impacts, and information security. The solution of the problem is complicated by the presence of both local goals of the system components capable of self-organization and the global goal of the entire system. The paper systematizes security threats for self-organizing cyber-physical systems taking into account their specifics. We propose three security criteria – graph and two entropy criteria, the combined use of which will allow us to detect attacking influences aimed at both disabling the system and obtaining the possibility of stealthy control of the system in accordance with the attacker's goals.

        Keywords:

        cybersecurity, self-organizing systems, multi-agent system, intelligence, entropy, target function
        Pages 36–49
        А. А. Kornienko, S. V. Kornienko, N. S. Razzhivin Emperor Alexander I St. Petersburg State Transport University
        PROTECTION AGAINST UNAUTHORIZED ACCESS TO MOBILE DEVICES WHEN APPLYING OF THE BYOD CONCEPT

        Annotation:

        The article analyzes the problems of using of mobile devices when applying of the BYOD concept. An adapted methodology for assessing information security threats is proposed. In addition to the traditional approach of building a security system in the information system, a software tool for monitoring unauthorized access has been developed and tested.

        Keywords:

        BYOD, mobile devices, corporate information system, information security, unauthorized access
        Pages 50–61
        A. S. Kurakin LLC "STC"
        THE EVALUATION OF THE EFFECTIVENESS OF THE FUNCTIONING OF A GROUP OF UNMANNED AERIAL VEHICLES WHEN THEY PERFORM AERIAL PHOTOGRAPHY TASKS

        Annotation:

        The article proposes a way to assess the effectiveness of selecting and distributing the goals of a group of unmanned aerial vehicles when they perform aerial photography tasks. Analytical expressions are obtained for resource intensity, performance and efficiency of task execution. Modeling and comparative assessment of the efficiency indicator for various options for the formation and target setting of a group of unmanned aerial vehicles was carried out.

        Keywords:

        group of unmanned aerial vehicles, flight task, efficiency, comparative assessment, aerial photography
        Pages 62–69
        E. Yu. Pavlenko, M. A. Pahomov Peter the Great St. Petersburg Polytechnic University
        GRAPH SELF-REGULATION OF VARIOUS TYPES OF NETWORKS WITH ADAPTIVE TOPOLOGY

        Annotation:

        Approaches to self-regulation of networks with adaptive network topology based on graph theory are presented. These approaches are limited to networks whose nodes do not change their position in space, such as peer-to-peer and heterogeneous sensor networks, as well as industrial networks using the example of Smart Grid smart energy consumption networks. A generalized objective function is described for each type of network, conditions for self-regulation are formulated, and the process of self-regulation is formally described.

        Keywords:

        information security, self-regulation, graph theory, objective function, network with adaptive topology
        Pages 70–79
        M. Yu. Fedosenko ITMO University
        THE SPECIFICS OF SOLVING THE PROBLEM OF INFORMATION SECURITY RISK MANAGEMENT WHEN DEVELOPING METHODS OF PROTECTION AGAINST HIDDEN STEGANOGRAPHIC INFORMATION EXCHANGE ON PUBLIC INTERNET RESOURCES

        Annotation:

        This work contains a description of the stage of practical management of information security risks of a web resource as a result of its use as a medium and communication channel for steganographic information exchange. The possibility of using steganography on public Internet resources as a tool for attackers to exchange illegal data and carry out computer attacks has been established based on available research results. As a result, the relevance of developing methods to counter the malicious use of steganographic algorithms has been proven. The paper examines threats to information security when using steganography methods in accordance with the FSTEC IS BDU. Based on these threats, the 4-level model of threats to a web resource from user data has been developed. It including the risks of violating the integrity, accessibility, confidentiality and provisions of 374-FL (amendments to 149-FL “On information, information technologies and information protection"). The 374-FL demonstrated the problem of the inaccessibility of data to check for malicious nature when it is exchanged covertly. Based on the developed model, a practical assessment of the risks of a web resource was carried out using the Microsoft Security Assessment Tool (MSAT), as well as their theoretical assessment matrices FRAP, CRAMM in order to demonstrate the features of using a specific approach in solving the problem of countering a new type of attack. As a result, the necessary measures and components of mitigation were calculated using mathematical programming methods in order to identify the minimum and most optimal quantitative composition of the components of protection against the malicious use of steganography. These measures and components consist of specialists, their competencies, as well as software tools necessary for high-quality protection of a web resource within the framework of the scientific problem under study: the use by an offender of information security technologies when carrying out illegal activities and the further development of counteraction and analysis tools coming to the web resource data.

        Keywords:

        steganography, steganographic attacks, hidden data exchange, information security risk management, Internet, information security threats, FRAP, CRAMM, OCTAVE
        Pages 80–95
      • RESEARCH, MONITORING AND OPTIMIZATION OF AUTOMATED TECHNOLOGICAL PROCESSES AND PRODUCTIONS CONTROL SYSTEMS
        M. O. Zaid Alkilani, I. V. Mashkina Ufa University of Science and Technology
        DEVELOPMENT OF ATTACK SCENARIOS FOR ASSESSING THREATS RELATED TO INFORMATION SECURITY BREACH IN INDUSTRIAL NETWORKS

        Annotation:

        The article considers the possibility of using EPC notations to build scenarios of information security (InfoSec) threats in the automated process control system (ICS). In accordance with regulatory and legal documents, if there is a scenario of an InfoSec threat, it is recognized as relevant to the information system and is included in the InfoSec threat model to justify the choice of measures and means of information protection. The methodology of building scenarios of threat realization in the form of EPC models is proposed. The construction of EPC models of attack scenarios on industrial network infrastructure components is based on the establishment of possible objects of impact taking into account the architecture of the ICS, identification of possible vulnerabilities of infrastructure components and means of protection on the way to the threat’s implementation, determination of possible tactics and techniques, threats, lists of which are presented in methodological documents. The results of the development of several scenario models of computer attacks on the enterprise infrastructure, including an attack over wireless channel of communication with the field level are presented.

        Keywords:

        industrial control system ICS, EPC threat, scenario diagram, target of the threat, information security, tactics, techniques, information security threats
        Pages 96–109
        I. A. Sikarev, V. M. Abramov, K. S. Prostakevich, A. L. Abramova, A. O. Semidelova Russian State Hydrometeorological University
        INFOCOMMUNICATION INSTRUMENTARIUM FOR NATURAL RISK MANAGEMENT WHILE NAVIGATION OF AUTONOMOUS VESSELS IN ARCTIC UNDER CLIMATE CHANGE

        Annotation:

        There are presented development results of info-telecommunication instrumentarium for natural risk management while commercial use of autonomous vessels in the Arctic and Subarctic, including Northern Sea Route and higher latitudes. Toolkit was developed using Foresight technologies, the methods of database designing within online technologies. Research results have a high scientific novelty and can be used by various players, including educational organizations while formation of Master's programs. Online platform Researchgate was used for preliminary discussion and data exchange while research.

        Keywords:

        infocommunication systems, natural risk management, autonomous vessels, Arctic
        Pages 110–120
      • SOFTWARE SECURITY
        D. O. Markin, I. A. Saitov Academy of Federal Guard Service of Russia
        MODELING OF EMBEDED SOFTWARE FOR HARDWARE PLATFORMS BASED ON PROCESSORS WITH ARM ARCHITECTURE USING THE FEATURES OF POTENTIALLY DANGEROUS FUNCTIONAL OBJECTS

        Annotation:

        The article presents the results of the binary code analysis of the embedded software for hardware platforms based on processors with ARM architecture (trustlets) for the presence of potential hidden channels expressed in the form of potentially dangerous functional objects. The descriptive model of the trustlet has been developed based on the binary trustlet code analysis. The model allows to identify quantitative and qualitative indicators describing the presence of potentially dangerous functional objects in the trustlet code. These indicators allows to rank the trustlets according to the vulnerabilities criticality levels. It is advisable to use the ranking results for searching hidden channels in the embedded software carried out during certification tests of information security tools.

        Keywords:

        trustlet, potentially dangerous functional object, vulnerabilities, ARM
        Pages 121–133
        N. N. Samarin Research Institute "Kvant"
        A MODEL FOR FINDING ERRORS IN SOFTWARE USING SPOT-BASED FUZZING

        Annotation:

        This article highlights the most essential properties of software for searching for errors in it by the method of spot-based fuzzing. A generalized set-theoretic model of software is formulated, its invariant form is presented and its adequacy, universality and consistency are proved.

        Keywords:

        information security, software, error detection, mathematical modelling, symbolic execution, fuzzing
        Pages 134–141
      • MACHINE LEARNING AND KNOWLEDGE CONTROL SYSTEMS
        A. A. Muryleva, M. O. Kalinin, D. S. Lavrova Peter the Great St. Petersburg Polytechnic University
        PROTECTION OF THE MACHINE LEARNING MODELS FROM THE TRAINING DATA MEMBERSHIP INFERENCE

        Annotation:

        The paper reviews the problem of protecting machine learning models from the security threat of violating data confidentiality, which implements membership inference in the training datasets. A method for protective noising of the training dataset is proposed. It has been experimentally shown that Gaussian noising of training dataset with scale of 0.2 is the simplest and most effective approach to protect machine learning models from the training data extraction. Compared to alternative techniques, the proposed method is easy to implement, universal for different types of target models, and allows reducing the effectiveness of attack by up to 26 % points.

        Keywords:

        noising, machine learning, training set, membership inference, Gaussian noise
        Pages 142–152
        S. G. Fomicheva, O. D. Gayduk St. Petersburg University of Aerospace Instrumentations
        INTELLIGENT MECHANISMS FOR EXTRACTING FEATURES OF FILE MODIFICATION IN DYNAMIC VIRUS ANALYSIS

        Annotation:

        The paper proposes machine-learning pipelines that allow to automatically generating relevant feature spaces for virus detectors, detect the presence of viral modifications in JS-files and scripts in real time, as well as interpret and visualize the machine solution obtained automatically. It is shown that the best quality metrics will be demonstrated by models of an abstract syntactic tree using binary classifiers based on ensembles of decision tree. The explanation, the solution automatically generated by the virus detector, is demonstrated.

        Keywords:

        virus analysis, machine-learning models, features viral modification, decision trees ensembles, machine solution interpretation
        Pages 153–167
      • EDUCATION PROBLEMS
        I. L. Karpova, A. Yu. Garkushev, A. F. Suprun St. Petersburg State Marine Technical University, Peter the Great St. Petersburg Polytechnic University
        DEVELOPMENT OF REFLEXIVE AND PREDICTIVE COMPETENCIES OF INFORMATION SECURITY SPECIALISTS AS A FACTOR IN IMPROVING THE QUALITY OF PROFESSIONAL EDUCATION

        Annotation:

        Information is becoming an increasingly valuable asset for companies, so information security management is an integral part of the work of all institutions and enterprises. The professional experience and skills of information security specialists significantly affect the development of the system, audit and management of the information security system. In light of the high rate of receipt of relevant information and rapid changes in the information security system, it is important that future specialists in this field have the ability to analyze information, use it effectively and make accurate forecasts based on this data. The development of reflexive and predictive competencies in practice is possible through the development of the ability to anticipate, which is the mental mechanism underlying forecasting and goal setting. The role of anticipation as a component of reflexive and predictive competencies is considered, as well as methods of its development among information security specialists.

        Keywords:

        information security, cybersecurity, anticipation, reflexive-prognostic competencies, mental regulation, vulnerability
        Pages 168–174
    • № 2 2024
      • INFORMATION SECURITY ASPECTS
        Yu. V. Vedernikov, A. Yu. Garkushev, A. V. Lipis, A. F. Suprun St. Petersburg State Maritime Technical University, Peter the Great St. Petersburg Polytechnic University
        RECONFIGURATION OF THE SYSTEM DEVELOPMENT MODEL INFORMATION SECURITY MANAGEMENT: INTERACTION OF BASE MODULES WITH THE OPERATOR

        Annotation:

        The article is devoted to the study of the possibility of modernizing the information security management systems of industrial enterprises by applying modern optimization methods. In addition to discrete deterministic values of parameters that reflect the influence of various factors on information security, propose to take into account heterogeneous indicators specified numerically, interval, verbally and using parametric series. A model of implementation in the form of a program that allows you to make an informed choice of the best of the alternatives

        Keywords:

        information security model, optimization, ranking, priority system, preference matrix
        Pages 9-19
        G. A. Markov, V. M. Krundyshev, D. P. Zegzhda Jet Infosystems St. Petersburg Polytechnic University of Peter the Great
        MATHEMATICAL MODEL OF INFORMATION SECURITY EVENT MANAGEMENT USING MARKOV CHAIN IN INDUSTRIAL SYSTEMS

        Annotation:

        This paper examines the problem of ensuring information security in industrial Internet of Things systems. The study found that in order to comprehensively protect the information perimeter of an industrial enterprise from external and internal threats, in most cases information security event and incident management systems (SIEM systems) with customized rules for correlating events in the information infrastructure are used. At the same time, there is a need to create a mathematical apparatus that allows one to accurately and objectively assess the effectiveness of the SIEM system. As a result of the study, the problem of preventing information security incidents in industrial Internet of Things systems was formalized based on the developed mathematical model for managing information security events using a continuous-time Markov chain.

        Keywords:

        mathematical model, industrial Internet of things, information security event management, Markov chains, SIEM system
        Pages 20–30
      • INFORMATION SECURITY APPLICATION
        I. S. Lebedev, M. E. Sukhoparov, D. D. Tikhonov Saint Petersburg Federal Research Center of Russian Science Academy Russian State Hydrometeorological University
        QUALITY IMPROVEMENT OF INFORMATION SECURITY EVENTS IDENTIFICATION THROUGH INPUT DATA SPLITTING

        Annotation:

        The processing of information sequences using segmentation of input data is proposed, aimed at improving the quality of detection of destructive influences using machine learning models. The basis of the proposed solution is the division of data into segments with different properties of the objects of observation. A method using a multi-level data processing architecture is described, where learning processes are implemented at various levels, the analysis of the achieved values of quality indicators and the assignment of the best models for quality indicators to individual data segments. The proposed method makes it possible to improve the quality indicators for detecting destructive information influences by segmenting and assigning models that have the best performance in individual segments

        Keywords:

        information security, machine learning, data set, data sampling, data segmentation, processing models
        Pages 31–43
        L. Kh. Safiullina, A. R. Kasimova, A. A. Alekseeva Kazan National Research Technological University
        ANALYSIS OF THE RELIABILITY OF STORING TEMPLATES WHEN INTRODUCING MODERN BIOMETRIC TECHNOLOGIES INTO INFORMATION SECURITY SYSTEMS

        Annotation:

        Currently, it can be argued that in certain areas of information technology, there is a complete replacement of classical computer system user authentication systems based on passwords and tokens with biometric technologies. However, biometric systems are vulnerable to various types of security threats. For example, in them, unlike the same passwords and tokens, templates based on biometrics cannot be replaced in case of compromise. To solve this problem, new protection schemes have been developed. Conventionally, they can be divided into two groups: biometric cryptography and cancelable biometrics. Biometric cryptography methods show average values of errors of the first and second types; experimental work in this area is widely known. Cancelable biometrics can be highly reliable, but there is not much experimental data on them. This paper presents a comparative analysis of the reliability of existing methods. It is shown that among the static biometric parameters the greatest interest is the iris, and among the dynamic ones – the keyboard stroke. However, using these methods, like others, has its own difficulties and risks

        Keywords:

        identification, authentication, biometrics, template, biometric cryptography, cancelable biometrics
        Pages 44–56
        A. I. Sergadeeva, D. S. Lavrova, E. B. Aleksandrova Peter the Great St. Petersburg Polytechnic University
        COUNTERING STEGANALYSIS BASED ON GENERATIVE ADVERSARIAL NETWORKS

        Annotation:

        The paper proposes the generative adversarial network approach to improve the robustness of the steganographic method against modern stegoanalyzers. The approach is based on the joint operation of generative adversarial network, pixel importance map and least significant bit replacement method. The results of experimental studies confirmed the effectiveness of the proposed approach

        Keywords:

        generative adversarial networks, steganography, steganography method, steganalysis, machine learning
        Pages 57–65
      • RESEARCH, MONITORING AND OPTIMIZATION OF AUTOMATED TECHNOLOGICAL PROCESSES AND PRODUCTIONS CONTROL SYSTEMS
        S. O. Baryshnikov, A. A. Shnurenko, V. V. Sakharov, I. A. Sikarev, V. M. Abramov Admiral Makarov State University of Maritime and Inland Shipping, ZAO “Kanonersky Ship Repair Plant”, Russian State Hydrometeorological University
        AUTOMATION OF SHIP REPAIR MANAGEMENT

        Annotation:

        Tools development results for automating ship repair management processes are presented. It is indicated, that development of adequate and stable model and the choice of algorithms for its use are of key importance, their correctness is shown

        Keywords:

        automation, management, ship repair, model
        Pages 66–72
        K. V. Egorova, S. S. Sokolov, N. B. Glebov, K. P. Goloskokov Admiral Makarov State University of Maritime and Inland Shipping
        AUTOMATED SYSTEM FOR MONITORING AND PREDICTING THE SPREAD OF OIL SPILLS IN AQUATIC ENVIRONMENT USING A GROUP OF UAVS

        Annotation:

        This article is dedicated to studying the spreading of oil spills in the aquatic environment and developing a corresponding monitoring system using a group of unmanned aerial vehicles. To effectively control and prevent the spread of oil spills in water bodies, the process of comprehensive monitoring and forecasting needs to be automated. The foundation of such an automated system lies in mathematical models that enable the assessment of spill parameters, prediction of its trajectory, and determination of strategies to prevent and mitigate associated issues. The automation of monitoring and forecasting allows for continuous observation of the state of water resources and swift response to potential oil leaks. With the help of specialized sensors, unmanned aerial vehicles, and other technical means, it is possible to monitor changes in water conditions, detect the presence of oil spills, and determine their sizes. By possessing the ability to promptly respond to spills, the system ensures proper containment of leaks and minimization of negative environmental impact, as well as enables the development of strategies to prevent similar incidents in the future

        Keywords:

        oil spills, water environment, unmanned aerial vehicles, automation, monitoring system, forecasting, environmental protection
        Pages 73–83
      • CRITICAL INFORMATION INFRASTRUCTURE SECURITY
        G. D. Gavva, M. O. Kalinin Peter the Great St. Petersburg Polytechnic University
        ENSURING THE CONNECTIVITY AND FUNCTIONAL INTEGRITY OF WIRELESS RECONFIGURABLE NETWORKS BY REBUILDING THE TOPOLOGY USING AN IMPROVED METHOD OF NETWORK GAME

        Annotation:

        A comparative analysis of methods for protecting reconfigurable wireless networks that implement topology re-building was carried out, which made it possible to determine the network game method as the most promising in solving the task of maintaining the network connectivity and functional integrity. Managing the network topology when using the basic network game method is characterized by overloading the channels of the control node and excessive sensitivity to changes in network connections. In this research, the basic method is extended with the criterion of the maximal possible path length, which allows reducing the number of network reconfigurations when there is a short route between nodes passing through existing connections. It is experimentally shown that the improved method provides protective online restructuring of a network with lower topology rebuilding costs

        Keywords:

        wireless reconfigurable network, gaming approach, network game, reconfiguration, path length, functional integrity
        Pages 84–94
        M. A. Pahomov, E. Yu. Pavlenko Peter the Great St. Petersburg Polytechnic University
        ENSURING INFORMATION SECURITY OF VANETS BASED ON EARLY DETECTION OF MALICIOUS NODES

        Annotation:

        The features of VANETs are considered. An approach to ensuring the information security of VANETs is proposed, the distinctive feature of which is the early detection of malicious activity of network nodes. To achieve early detection of malicious activity, the parameters of VANETs are presented as a time series, after which their future values are predicted and anomalies are searched by using machine learning methods. The proposed approach makes it possible to improve the safety of intelligent transport systems

        Keywords:

        information security, VANET, time series prediction, attacks prevention
        Pages 95–103
        F. H. Pashayev, J. I. Zeynalov, H. T. Najafov The Ministry of Science and Education of the Republic of Azerbaijan, Institute of Control Systems, Nakhchivan State Universty, ”Nakhchivan” University
        CREATION OF SOFTWARE TECHNICAL TOOLS TO PROTECT TECHNOLOGICAL PROCESSES FROM INTERNET THREATS

        Annotation:

        It is known that the rapid development of technological computer networks and SCADA systems has necessarily accelerated the process of integration between these networks and global Internet networks. As a result, the solution of many issues of technological and production processes has been simplified and opportunities have been created for remote control of the enterprise staff and operational staff. However, this situation has also created new threats previously non-existent to the above-mentioned monitoring, diagnostic and management systems. Targeted attacks are organized by specific specialized groups, hackers and, in some cases, government agencies on the Internet for specific industrial enterprises. Those who organize cyber attacks on technological process control systems, over time, improve their methods and tools, increase their professional level. They carefully study the objects they will attack and identify vulnerabilities in the software of the object management systems. Developed set of technical means is based on the application of STM32F4XX type controllers and LPT ports of computers. The article provides connection diagrams and assembly methods of technical means. These technical means and the exchange protocols created can act as a bridge between the global Internet and technological corporate computer networks. The article presents simple algorithms of protocols and working program fragments. Fragments of the program are given in the C programming language and in the DELPHI programming system. The developed software acts as a filter bridge between the global Internet and TKKŞ. Data exchange between these two networks is carried out by creating non-standard protocols using STM32F4XX controllers and LPT ports

        Keywords:

        Internet attacks, technological computer networks, telemechanical systems, malware, random attacks, STM32F4XX controller, LPT port
        Pages 104–116
      • APPLIED CRYPTOGRAPHY
        M. R. Salihov ITMO University
        A MODEL OF A DISTRIBUTED STORAGE SYSTEM FOR PRIVATE KEYS OF CRYPTO WALLETS

        Annotation:

        With the development of Web3 technologies, the third generation of the Internet has become one of the most promising areas. It involves the use of decentralized, transparent and user-oriented applications. However, many Web3 projects do not pay due attention to security, which can lead to serious consequences. Even a small error in the code can make the system vulnerable, opening access to intruders. Because of this, the industry faces frequent security breaches that threaten users and undermine trust in new technologies. One of the main problems of Web3 is the management of private keys. This is a critical aspect of security, which is directly related to the protection of digital assets and personal information of users. The risk of loss or theft of the private key can lead to irreparable consequences, since in case of loss there is no way to restore or reset the key. This article discusses various ways to store the private key of a cryptographic wallet to ensure security. For example, a key can be divided into parts and stored encrypted on hardware media, or the whole encrypted key can be stored on secure media. Quantitative data were calculated using Shamir’s scheme.

        Keywords:

        key management, encryption, secret sharing, cryptography, distributed storage system
        Pages 117–129
      • SOFTWARE SECURITY
        N. N. Samarin Research Institute “Kvant”
        A METHOD FOR FINDING ERRORS IN PROGRAM CODE BASED ON IN-MEMORY FUZZING

        Annotation:

        The paper proposes a method of searching for errors in software based on “in-memory” code phasing. Within the framework of the method, special fragments called “points” are selected in the software code, and these “points” are subjected to phasing testing in isolation from the rest of the program code. A practical example of using the method is presented, as a result of which a memory corruption error was detected in the code

        Keywords:

        information security, software, error detection, mathematical modelling, symbolic execution, fuzzing
        Pages 130–137
        P. A. Teplyuk, A. G. Yakunin Altai State Technical University
        IDENTIFYING SECURITY FLAWS IN THE LINUX KERNEL USING SYSTEM CALL FUZZING

        Annotation:

        The development of operating systems built on the basis of the Linux kernel contributes to the wider use of Linux distributions as the basis of system software in information systems for various purposes, incl. being objects of critical information infrastructure. The goal of the work is to analyze the available approaches and tools for fuzzing system calls of the Linux kernel, as well as experimental fuzzing testing of some current versions of the kernel, aimed at increasing the overall security of the Linux kernel. Theoretical analysis was used to evaluate and compare existing types of Linux kernel-level vulnerabilities, as well as approaches to kernel fuzzing. An empirical research method was also used, which involved identifying defects and vulnerabilities in a certain configuration of the Linux kernel using fuzzing testing Analyzed critical vulnerabilities at the kernel level, approaches to fuzzing, including system calls, and an experimental study was conducted using the syzkaller fuzzer, which identified defects and vulnerabilities in the Linux kernel versions 4.9 and 5.4, incl. memory use-after-free vulnerability. This area of research requires further development in order to detect new vulnerabilities in current kernel versions

        Keywords:

        operating system kernel, security threats, vulnerabilities, fuzzing, attack surface, syzkaller
        Pages 138–151
      • MACHINE LEARNING AND KNOWLEDGE CONTROL SYSTEMS
        G. A. Zhemelev Peter the Great St. Petersburg Polytechnic University
        AUTOMATIC SYNTHESIS OF 3D GAS TURBINE BLADES SHAPES USING MACHINE LEARNING

        Annotation:

        The paper addresses the problem of 3D-representations and automatic synthesis of gas turbine blades shapes. First, we implemented a parametric method of descriptor-based representation using Bernstein polynomials and generalized it to produce controllable 3D-shapes. Then, we proposed a method of automatic synthesis of 3D-shapes based on the use of generative ML models for aerodynamic profiles. This method helps to reduce the number of geometric design variables used in the optimization of the aerodynamic shape of blades. Moreover, it enables automatic synthesis of 3D-shapes with representation independent of shapes level of detail. Its implementation is based on generative-adversarial network BézierGAN and makes it possible to produce arbitrary sized datasets of 3D blades having aerodynamic shapes. Finally, by interpreting and visualizing the generator’s latent space, we observed the subset of latent variables that has the most importance for rapid prototyping of gas turbine blades

        Keywords:

        gas turbine blade, dataset, 3D object representation, machine learning, generative-adversarial network, Bézier curves, Bernstein polynomials
        Pages 152–168
        O. A. Izotova, D. S. Lavrova Peter the Great St. Petersburg Polytechnic University
        DETECTION OF ARTIFICIALLY SYNTHESIZED AUDIO FILES USING GRAPH NEURAL NETWORKS

        Annotation:

        This paper describes a study of the problem of generalizing multimodal data in the detection of artificially synthesized audio files. As a solution to the stated problem, a method is proposed which combines simultaneous analysis of audio file characteristics with its semantic component presented in the form of text. The approach is based on graph neural networks and algorithmic approaches involving the analysis of keywords and text sentiment. The conducted experimental studies confirmed the validity and efficiency of the proposed approach

        Keywords:

        deepfake, graph neural networks, artificially synthesized audio file, text analysis
        Pages 169–177
        E. M. Tolgorenko, E. A. Zubkov, T. D. Ovasapyan Peter the Great St. Petersburg Polytechnic University
        AUTHORSHIP IDENTIFICATION AND VERIFICATION USING MACHINE AND DEEP LEARNING METHODS

        Annotation:

        The article presents research aimed at analyzing methods of text authorship identification and verification. The methods of transforming texts into vector representations and determining authorship through text classification are investigated. A dataset is formed, on which the investigated methods are tested, after which conclusions about their effectiveness are drawn. Further research directions are also proposed

        Keywords:

        authorship verification, authorship identification, classification, deep learning methods, machine learning, N-gram, TF-IDF, PCA
        Pages 178–193
  • 2023 year
  • 2022 year
  • 2021 year
  • 2020 year
  • 2019 year
  • 2018 year
  • 2017 year
  • 2016 year
  • 2015 year
  • 2014 year
  • 2013 year
  • 2012 year
  • 2011 year
  • 2010 year
  • 2009 year
  • 2008 year
  • 2007 year
  • 2006 year
  • 2005 year
  • 2004 year
  • 2003 year
  • 2002 year
  • 2001 year
  • 2000 year
  • 1999 year