Annotation:

The purpose of the study is to formally formulate the problem of artificial immunization of complex technical systems to ensure their security against cyber threats. The work draws an analogy between human immunity and the security functions of modern technical systems. A mathematical model of a technical system that describes how the system's immunity counteracts various cyberattacks was developed. The immunization problem is formulated to minimize the number of infected objects in the system and maximize the number of cured objects among the infected ones.

Keywords:

immunization, innate immunity, adaptive immunity, cyber-attack.

Pages 09-16

Annotation:

Currently, social information services (SIS) have become one of the important sources of information and allow any user to distribute information without restrictions, which makes it difficult to determine the degree of reliability of information. Revealing unreliable facts from the news using artificial intelligence methods is a difficult problem. To solve this problem, it is necessary to apply several existing models with the calculation of the reality parameter and recognition accuracy, as well as to develop a new algorithm for detecting fake news. The use of effective tools for identifying false information in the SIS and the corresponding algorithm is considered in support and decision-making systems, when determining the degree of information reliability.

Keywords:

open sources of information, social information services, false information, reality parameter.

Pages 17-25

Annotation:

This paper presents a new approach for protecting user data of mobile phones. It combines multi-factor authentication, secret sharing, visual cryptography, steganography and uses built-in secure modules of the Android operating system. The proposed protocol ensures privacy of user data even if the mobile phone and its associated storage server are compromised.

Keywords:

authentication and key establishment protocol, wireless sensor network, key pre-distribution.

Pages 26-36

Annotation:

This article discusses the security of recommendation systems with collaborative filtering from manipulation attacks. The most common types of attacks are analyzed and identified. A modified method for detecting manipulation attacks on recommendation systems with collaborative filtering is proposed. Experimental testing and comparison of the effectiveness of the modified method with other relevant methods were carried out.

Keywords:

recommendation systems, collaborative filtering, shilling attack detection.

Pages 37-45

Annotation:

Any organization, processing personal data of citizens of the European Union is obliged to comply with the requirements of GDPR (General Data Protection Regulation). However, the regulations do not contain information about how to comply with these requirements in practice. The international standard ISO 27701 solves this problem because it contains specific controls to fulfill requirements specified above. In the course of the research, the standard was analyzed and there were made up recommendations that can be applied to all types and sizes of organizations, including public and private companies, government entities and non-profit organizations that process personal data of citizens of the European Union.

Keywords:

personal data, controls, requirements, GDPR.

Pages 46-53

Annotation:

The article is devoted to finding rational ways to improve the culture of digital security among future shipbuilders. An objective methodology for the formation of educational content based on the achievements of the theory of multi-parameter choice and the construction of a tuple of preferences when making complex cybernetic decisions is considered. An example of the choice of digital security training technology for students of shipbuilding profile (Saint Petersburg State Maritime Technical University) was considered.

Keywords:

digital security, distance learning, safety culture.

Pages 54-61

Annotation:

The paper proposes a method for detecting source code fragments similarity using attribute abstract syntax trees and machine learning algorithms. The advantages of the method are determined based on a comparative analysis of existing approaches of detecting code clones. For approaches, which use AST, it is possible to increase the efficiency of detecting similar source code fragments by detecting semantic clones with usage of method proposed.

Keywords:

code clones, syntactic similarity, semantic similarity, open-source software.

Pages 62-71

Annotation:

One of the approaches to form a cryptographically secure encryption range is the use of linear recurrent feedback registers based on primitive polynomials. The operational possibility of choosing the appropriate polynomial can provide the required degree of stability of the algorithm used. At present, primitive polynomials are known for sufficiently large powers, but usually these are the so-called sparse polynomials. To improve cryptographic strength, it is necessary to be able to quickly form new primitive polynomials of given degrees, which is the subject of this study.

Keywords:

primitive polynomials, m-sequence, decimation, primitive root.

Pages 72-78

Annotation:

The problem of automating the determination of daily water consumption by continuously measured levels and discrete measurements of water flow using flow curves, which are the simplest characteristic of the capacity of the riverbed (and floodplain) and are widely used in river flow accounting and hydraulic calculations, is considered. Conclusions are made about the optimal analytical representation of the flow curve and the possibilities of constructing a universal model of hydrometric flow accounting.

Keywords:

water flow, measured levels, flow curves, profiles, interpolation, approximation, model.

Pages 79-87

Annotation:

The problems of hydrological support of water transport in the territories of Siberia and the Far East of the Russian Federation are considered. The requirements for operational information on the levels of water bodies, on a sharp change in water content, on channel deformations, on the ice situation and forecasts of these phenomena are analyzed. Attention is drawn to the need to use new modern information technologies.

Keywords:

water transport, hydrological support, riverbed processes, hydrological regime, information technologies.

Pages 88-95

Annotation:

The article is devoted to a method for evaluating the effectiveness of the use of a group of unmanned aerial vehicles when they perform aerial photography tasks. The approach is based on the principles of a «virtual squad» and assumes decentralized management and adaptive redistribution of roles in unpredictable situations.

Keywords:

group of unmanned aerial vehicles, virtual squad, unified flight task.

Pages 96-103

Annotation:

An analysis of existing methods that provide the detection of evasion attacks in the machine learning systems is presented. An experimental comparison of these methods has been performed. The Uncertainty method is the most universal one, but its accuracy in detecting SGM, MS, BA evasion attacks is lower than that of other methods, and it is difficult to determine such values of the uncertainty boundary for adversarial samples that would allow more accurate detection of evasions. A new hybrid method has been proposed and discussed, which is a two-stage verification of input data, supplemented by input data pre-processing. In the proposed method, the threshold of uncertainty for adversarial samples has become distinct and quickly computable. The hybrid method allows detecting OOD attacks with 80% accuracy, and SGM, MS, BA attacks with 93% accuracy.

Keywords:

evasion attacks, evasion attack detection, hybrid method, machine learning, adversarial samples, ODIN, Uncertainty.

Pages 104-110

Annotation:

The paper proposes an approach to detection of Distributed Denial of Service (DDoS) attacks using a modular neural network, which is a series of connected neural networks that solve the problem step by step. The task of DDoS attack detection is decomposed into three interrelated subtasks: detection of anomalous network traffic, detection of DDoS attack traffic and identification of the type of realized DDoS attack, which is especially important due to the tendency of implementing multi-vector DDoS attacks. The results of experimental studies on the quality of performance of the constructed modular neural network confirmed the effectiveness of the proposed approach.

Keywords:

DDoS attacks, modular neural network, decomposition, machine learning.

Pages 111-118

Annotation:

Considered adversarial attacks on systems of artificial neural networks for image recognition. To increase the security of image recognition systems from adversarial attacks (avoidance attacks), the use of auto-encoders is proposed. Various attacks are considered and software prototypes of autoencoders of fully connected and convolutional architectures are developed as a means of protection against evasion attacks. The possibility of using the developed prototypes as a basis for designing autoencoders for more complex architectures is substantiated.

Keywords:

image recognition system, adversarial attack, evasion attack, autoencoder.

Pages 119-127

Annotation:

The article deals with the problem of finding a region of interest for biometric identification based on the pattern of palm veins. An image segmentation method based on the use of convolutional neural networks to search for an area of interest is proposed. The work of this method is compared with methods that use the features of a binarized image, in particular, with the method of searching for local minimums and searching for the minimum threshold value.

Keywords:

biometrics, vein pattern, area of interest, segmentation, neural network.

Pages 128-138

Annotation:

The criteria related to the construction of mathematical models of quality indicators for further investigation of the effectiveness of the functioning of information security systems, taking into account destructive influences, are considered. Geometric interpretations of the criteria of three classes are presented. The distinctive features of the concepts «quality indicator» and «quality assessment criterion» are revealed. A mathematical description of each of the criteria under consideration is given.

Keywords:

quality assessment criterion, quality indicator, efficiency, information security system.

Pages 139-147

Annotation:

The article reviews the use of artificial neural networks to ensure the navigational safety of navigation of an autonomous unmanned vessel.

Keywords:

unmanned vessel, navigation, neural networks, information theory, modeling, e-navigation, navigation safety, geoinformation.

Annotation:

The paper proposes a multi-agent reinforcement learning technology for intrusion detection in the Internet of Things. Three models of a multi-agent intrusion detection system have been implemented – a decentralized system, a system with the transmission of forecasts, a system with the transmission of observations. The obtained experimental results have been compared with the open intrusion detection system Suricata. It has been demonstrated that the proposed architectures of multi-agent systems are free from the weaknesses found in the usual solutions.

Keywords:

agent, decentralized system, internet of things, greedy algorithm, cybersecurity, machine learning, multi-agent reinforcement learning, intrusion detection, observation data transferring, prediction data transferring, DQN.

Annotation:

Offers an analysis of modern protocols and approaches in cyber threat intelligence. The classification of CTI information was given, also the area of applicability for each class was estimated. The classification of CTI protocols and standards was presented with the mapping to CTI levels. An assessment of applicability to describe each CTI level was addressed to each class of protocols and standards. The main conclusion is that further study of the available standards in this area will determine the necessary set of requirements to the process of CTI information sharing, which will allow to face threats more effectively and reduce potential risks.

Keywords:

information security threats, cyber threat intelligence, CTI level, exchange protocols.

Annotation:

When considering digital systems for transmitting information in real time, in most cases, the transmission of information in blocks with a given delay time is implied. In this case, the delay determines the size of the sampling window. The article deals with the issues of masking an embedded message into an uncom-pressed audio signal with a variable size of the sample being processed.

Keywords:

steganography, sound, masking of information, two-component steganographic system, real time system.

Annotation:

The features of information campaigns, the principles of dissemination of information campaigns in social networks are considered. Groups of methods for detecting information campaigns are analyzed and identified. The problems of existing approaches are highlighted. A group of methods based on the detection of coordination is considered. The article proposes an algorithm for detecting influence campaigns implemented by a botnet in a social network using the algorithm bee colony.

Keywords:

social networks, influence campaign, botnet.

Annotation:

A comprehensive cybersecurity risk assessment is a complex multi-level task involving technical, software, external and human factors. As part of the development of a predictive model for assessing cybersecurity risks, characterization of the human factor is necessary to understand how the actions of information security specialists affect the risk of developing cybersecurity threats. The article discusses the concept of "reliability" in relation to the human factor in the cybersecurity system. It has two main components: innate characteristics, which are part of the personality, and situational characteristics, which are outside the personality. The use of reliability as a Human Factors parameter in a comprehensive cybersecurity risk assessment will also depend on an understanding of how different mental models and behavioral responses affect the level of trust placed in an information security professional and the biases that affect the ability to provide such trust.

Keywords:

information security, cyber security model, information system reliability, human factor, cyber defense.

Annotation:

This work presents the research of using machine learning methods to detect malicious installation files, specifically trojan droppers and downloaders, and installers with extraneous functionality. A comparative analysis of some classification methods of machine learning is presented: the naive bayes classifier, the random forest and the C4.5 algorithms. The classification was carried out using the Weka software in accordance with the methods under consideration. Significant attributes of executable files are defined, which give positive results in the classification of legitimate installers and trojans.

Keywords:

malware, installation files, trojans, droppers, machine learning, naive bayes classifier, random forest, C4.5 algorithms.

Annotation:

The paper proposes a method of preprocessing fragments of binary code for the task of detection their similarity using machine learning algorithms. The method is based on analysis of pseudocode, which is retrieved from decompilation process. The pseudocode is preprocessed with usage of attributed abstract syntax trees. Evaluation of the method indicates its efficiency in binary code similarity detection task due to semantic vectors used for abstract syntax tree modification.

Keywords:

code clones, syntactic similarity, semantic similarity, binary code similarity, abstract syntax tree, pseudocode.

Annotation:

The protection of infocommunication systems includes a wide number of information security means. There is a possibility of bypassing some of them by an intruder, thus breaking the assumed security script of the information protection system. The methods of monitoring the correct sequence of the use of information security means in the infocommunication system are proposed. The proposed methods make it possible to grow up the degree of security of infocommunication systems by confirming the fact of the use of all means and ways of information protection proposed by the architect of the information protection system.

Keywords:

information protection, computing systems, information security means, pattern of secure access, information security, methods of monitoring, security pattern.

Annotation:

This paper presents the results of the architecture stability analysis of messaging systems with a decentralized node structure Briar and Bridgefy. Developed mathematical models of target systems describe protocols for generating keys, establishing a connection and transferring data between system users. The key features of the architecture of messaging systems with a decentralized nodal structure are highlighted. The main classes of threats to target systems are determined.

Keywords:

decentralized systems, network degradation, mesh-messengers, Briar, Bridgefy.

Annotation:

The article discusses the encryption security of the Bitcoin Core cryptocurrency wallet. Particular attention is paid to aspects of the practical implementation of cryptographic algorithms when encrypting the wallet.dat file with a password. The practical strongness to brute-force attacks using parallel computing on the GPU is also considered. It was found that Bitcoin Core did not implement an encryption key change for private keys. This implementation makes it possible to re-attack the wallet without knowing the new password, if it has already been compromised before. The changes to encryption algorithms that complicate the password brute force attacks on the GPU are also proposed.

Keywords:

bitcoin core cryptocurrency wallet, cryptocurrency wallet encryption, encryption key change, bitcoin core wallet attack, brute force attack on GPU.

Annotation:

An analysis of the requirements of guiding documents for ensuring the security of critical information infrastructure facilities has been carried out. A classification of information security tools of the firewall class with a description of each, their implementation scenario and a generalized network diagram, taking into account the application of these solutions in the field of information security, are presented. A comparative analysis of existing firewalling solutions is made, followed by conclusions about using some of them to protect critical information infrastructure facilities. A solution is offered to develop the functionality of a new generation firewall.

Keywords:

threats, firewall, next generation firewall, critical information infrastructure.

Annotation:

An integrated approach to the maintenance of the cyber resiliency of cyber-physical systems represented as a network of functional nodes has been proposed. Based on the analysis of the graph of functional dependencies and the graph of attacks, this approach makes it possible to detect compromised nodes and rebuild the functional network of the system, moving the compromised nodes to an isolated virtual network similar to the one actually attacked, and then adapt the functional sequence of nodes that implement the technological process, thereby preventing the development of a cyber threat. The experimental results have demonstrated the correct operation of the proposed solution and the formation of an adequate counteraction to the intruders.

Keywords:

attack graph, cyber resiliency, cyber-physical system, functional dependencies graph, functional infrastructure, virtual isolated network.

Annotation:

This paper proposes an approach to assess the cyber resilience of mobile networks, based on the assessment of the probability that the network remains coherent under conditions of random movement of its nodes. The approach is aimed at countering the mobile network-specific attacks of hijacking and impersonation of one or more nodes, so that the network loses the ability to perform its target function.

Keywords:

mobile networks, network connectivity, probability of node movement, hijacking attacks, impersonation attacks.

Annotation:

The paper investigates the problem of detecting network anomalies in the processing of data streams in industrial systems. The network anomaly is understood as the malicious signature and the current context: the network environment and topology, routing parameters and node characteristics. As a result of the study, it was proposed to use a neocortex model that supports the memory mechanism to detect network anomalies.

Keywords:

hierarchical temporary memory, artificial intelligence, contextual anomalies, machine learning, neocortex, industrial internet of thighs, network traffic, HTM.

Annotation:

The structure and main properties of a generalized cyber-physical system are investigated. Threats of information security and main approaches to ensure the cybersecurity of these systems are analyzed. The method of assessing the degree of compromise of a generalized cyber-physical system, based on the analysis of indicators of compromise is presented.

Keywords:

cyber-physical system, cybersecurity, graph theory, indicator of compromise, Industry 4.0, TCP / IP model.

Annotation:

This paper discusses the problem of detecting network anomalies caused by computer attacks in industrial Internet of Things networks. To detect anomalies, a new method has been developed using the technology of hierarchical temporary memory, which is based on the innovative neocortex model. An experimental study of the developed anomaly detection method based on the HTM model demonstrated the superiority of the developed solution over the LSTM-based analogue. The developed prototype of the anomaly detection system provides continuous online unsupervised learning, takes into account the current network context, and also applies the accumulated experience by supporting the memory mechanism.

Keywords:

hierarchical temporary memory, artificial intelligence, computer attacks, neocortex, online learning, sparse distributed representations, network traffic, HTM.

Annotation:

Approaches related to solving the inverse problem of investigating the effectiveness of purposeful technical systems are considered. The classification of the tasks of the study of the effectiveness of the operation conducted by the military-technical system is given. A formal and informal approach to solving the task is outlined. The criteria of suitability for evaluating the effectiveness of the operation carried out by a purposeful technical system are formulated. Three statements of the problem of synthesis of the object under study are formulated.

Keywords:

synthesis, functioning process, efficiency, military-technical system.