№ 4
2024 year
Annotation:
This paper examines methods for attaching malicious software (malware) to various levels of security rings of modern processors based on the x86_64 architecture. The article discusses all levels of rings from 3 (user) to –3 (level of the control engine). In addition, for each level, the capabilities of malware are defined, which is attached to the corresponding ring. Correlating the capabilities and levels of rings makes it possible in the future to develop criteria according to which it will be possible to identify malicious software operating on a personal computer. As a result of the analysis, it was established that the methods of attachment for different rings differ, and malicious activity can only be detected from levels lower than the malware located, which imposes a number of requirements on a unified method for its detection.Keywords:
cybersecurity, malware analysis, security rings, methods of attaching malwareAnnotation:
This article presents a method for detecting and eliminating floating vulnerabilities in mobile applications at the final stage of development. The nature of such vulnerabilities is analyzed and existing methods of their detection and neutralization are considered. The developed method is based on analyzing the state of the application at different points in time and comparing it with the reference state. It includes fixing the initial state, discrete analysis of its changes, detection and identification of vulnerabilities, their elimination. The main area of application of the method is to ensure the security of mobile applications at late stages of development and in the process of final testing. The conclusions of the article emphasize the importance of early detection of floating vulnerabilities to ensure a high level of information security of the final (final) software productKeywords:
floating vulnerabilities, mobile applications, program testing, state estimation, information securityAnnotation:
Identification of graphical subsystems with parallel-conveyor organization of calculations as a means of detection of subscriber terminals in information-telecommunication networksKeywords:
identification, graphical subsystem, JavaScript, web browserAnnotation:
Existing approaches to building systems for active auditing of IoT devices are investigated. A sustainable approach to auditing IoT devices using fault-tolerant distribution is proposed. A comparative analysis of algorithms for achieving consensus in distributed systems and means of implementing active auditing is carried outKeywords:
audit, Censys, distributed computing, information security, information technology, Internet of Things, Nmap, port scanner, Raft, ShodanAnnotation:
Protection methods against TLS covert storage channels using the Random and SessionID fields of the ClientHello message are proposed. Protection means have been developed using the proposed protection methods: a module for IDS/IPS Suricata that filters TLS packets depending on the SessionID contents, and a proxy server that reformats packets transmitted to the communication environment. A comparative analysis of the implemented protection means was carried out from the point of view of their impact on the communication channel bandwidth and their effectiveness in the secret information transfer countering. The developed protection means are applicable for integration into existing protection systems against network covert channels. Recommendations on the use of proposed protection means depending on the desired level of security are givenKeywords:
secret information, ClientHello message, Random, SessionID field, proxy server, filtering meanAnnotation:
The article considers the corporate portal on the Incomand platform as a single access point to the information system of Digital Technologies 1520 LLC to ensure automation and systematization of implemented business processes in order to improve work efficiency and organize convenient access for employees to all information assets, including confidential information. To increase the level of security of information processed and stored in the organization, a software tool for managing the role model of access control for employees of the organization has been developed and implemented, which significantly complements the standard security model of the corporate portalKeywords:
corporate information system, corporate portal, role model of access control, information protectionAnnotation:
Two new approaches to key pre-distribution based on an ideal additive homomorphic secret sharing scheme were proposed in [1]. However, it was not possible to prove their security against insider attacks in the general case. In this paper, a simple method for distributing shares based on Shamir’s secret sharing scheme corresponding to the first approach in [1] is proposed and analyzed. Namely, the following problem is solved: it is necessary to distribute 2n shares among n participants in such a way that each participant keeps two shares, and any pair of participants corresponds to a (3,4)-threshold scheme, where the common threshold can be arbitrary. Note that such a problem is solved for the first time in the theory of secret sharing. Unfortunately, the analysis showed that the key agreement protocol based on the proposed technique of shares pre-distribution is not resistant to insider attacks. A general necessary condition for the security of the key agreement protocol in the inside adversary model is obtainedKeywords:
key pre-distribution, Shamir’s secret sharing scheme, key agreement protocol, adversary model, lightweight cryptographyAnnotation:
Automation of the approximate method for estimating active power flows in an electric network with three buses according to specified parameters in nodes using an incomplete conductivity matrix and the implementation of calculations in the CVX format. is considered. The method is based on the fact that the active resistances of the power transmission lines in the electrical circuit are significantly less than the reactive ones, which makes it possible to obtain a simple relationship between the power in the nodes and the angles, which establishes the connection of the parameters of the nodes using a non-invertible conductivity matrix. CVX is a calculation format that allows you to introduce various constraints, including current density in lines, parametric changes, external perturbations, etc. The results of estimates of active power flows for possible variants of the node “zeroing” scheme by minimizing the Euclidean norm are presented. The practical application of the proposed method is determined by the need to quickly assess the volume of purchases in the electricity marketsKeywords:
power grid, power flows, approximate estimation method, conductivity matrix, incomplete matrix rank, CVX technologies, Euclidean norm, computational structureAnnotation:
The paper reviews the problem of ensuring the security of a global model in the federated learning systems. The proposed protection method, based on data verification using a trusted group of nodes, ensures that only correct updates are considered during the aggregation of the global model. As a result of experimental study, it is demonstrated that the developed method ensures high speed of identification and isolation of adversarial clients implementing label substitution and noise impositionKeywords:
artificial intelligence security, model security, noise imposition, trust model, label substitution, federated learningAnnotation:
To formulate optimization tasks in the Electronic Policy Document Management System, an enterprise can be presented as a set of departments performing certain functions. At large enterprises there is a constant exchange between the individual departments of the enterprise, between the document databases of departments. The paper examines solutions to several document database- related problems. Here, first of all, we consider the problem of choosing a model capable of setting the relationship between the query execution time and the amounts of documents, grouping of policy documents according to their sources of creation and evaluation of the advantages that this grouping can offer. An experimental table showing the relationship between data size and query execution time is given to solve the problems set. The least squares method is used to select linear or hyperbolic models used in this table. The closeness of the model of this relationship to a linear dependence is used in evaluating the advantages of partitioning the database into natural groups. It is known that policy document databases store documents of local or international importance that are created and recommended for implementation by local or international organizations. To improve the work, the documents in the database can be grouped by the degree of their importance, by the date of entry into the system, by the organizations that created the document. The paper presents a method of grouping policy documents by the source of their creation. Some numerical characteristics indicating the advantages of this grouping are givenKeywords:
policy document database, data source, query time, amount of information, additional delays, mean-square difference, linear model, hyperbolic model, natural division№ 3
2024 year
Annotation:
The paper examines the performance indicators of automatic machine learning platforms when they function in standard and confidential modes using the example of a nonlinear multidimensional regression. A general protocol of distributed machine learning trusted in the sense of security is proposed. It is shown that within the framework of confidential virtualization, when optimizing the architecture of machine learning pipelines and hyperparameters, the best quality indicators of generated pipelines for multidimensional regressors and speed characteristics are demonstrated by solutions based on Auto Sklearn compared with Azure AutoML, which is explained by different learning strategies. The results of the experiments are presentedKeywords:
automatic machine learning, confidential computing, confidential virtual machines, optimization of the architecture of the machine-learning model, hyperparametersAnnotation:
The most vulnerable nodes of any information system are those that depend on the human factor. Such nodes, for example, include user electronic computers (PCs), which are susceptible to attacks using malicious software (malware). Modern malware detection tools can effectively identify known instances, but their effectiveness for zero-day threats is at a suboptimal level. One of the potential ways to identify malware is a method based on behavioral analysis and analysis of their activity on a personal computer, but its creation requires systematization of known information about the activity of various types of malwares. This scientific work systematizes malicious software to determine the types of activity they exhibit to use the resulting system to create a method for identifying malware based on behavioral analysisKeywords:
information security, malicious software, systematization, malware activityAnnotation:
This article describes an approach to creating target characters based on LLM agents. Agents use personal memory to access biographical and personal data assigned to them. In order to increase the integrity of the characters being created, a short life biography is generated based on the initial target data, corresponding to the original set and enriching the reactions of the agents. The personal traits inherited by agents are formulated on the basis of descriptive information of MBTI types, and the paper presents a study of the correspondence of characters to their target personality typeKeywords:
LLM, social simulation, personalization, social modeling, cyberpsychologyAnnotation:
This paper presents the main probability-theoretic models describing a wide class of physical random number generators and allowing us to propose general approaches to their synthesis and analysisKeywords:
physical random number generator, stochastic process, scheme of instantaneous value, scheme of intervals, scheme of excursion, optimal interpolation problemAnnotation:
The article proposes a new approach to the application of the well-known method of indicator functions, which used to simulate the detection and neutralization of suspicious information objects in the information environment of an industrial enterprise, as well as to simulate a security system during operation. Formula dependencies are given for calculation of stochastic indicators, allowing some objective estimates of values of time parameters and their impact on safe functioning of information systemsKeywords:
indicator function, information security, information system, neutralization, identification of the objectAnnotation:
Mathematical models of information system defense against information security threats are proposed based on the classical model of the struggle between two adversaries – the Lanchester model. Using the method of constructing systems of differential equations with a given set of invariants – first integrals, a deterministic model with invariant control and a stochastic model with Viner perturbations and a model with software control with probability 1 have been constructed. The behavior of the systems has been evaluated by means of mathematical modeling in MathCad. Behavior of the constructed models depending on initial conditions is considered. The existence of the stochastic model of information system protection against information security threats protected with probability 1 is establishedKeywords:
mathematical model, Lanchester model, information security, deterministic model of information protection, stochastic model of information protection, invariant control, program control with probability 1Annotation:
The article deals with the task of the security assessing of big data systems. The authors define the main features of big data systems as an object of security assessment and analyze the known methods of assessment, including methodologies for assessing the security of information systems. Based on the results obtained, a new method of assessment is proposed, taking into account such factors as the state of the access control system in the considered heterogeneous systems and the number of privileged users. A mathematical formalization of the assessment is proposed, the main stages of its implementation are described, and a test case is presentedKeywords:
information security, Big Data, heterogeneous data processing systems, security assessmentAnnotation:
The current task of obtaining evidentiary information as a direction for the development of digital forensics is considered. The procedure for collecting evidentiary information from computer storage devices is given, including the basic requirements for collecting evidence, its safety and ensuring integrity. An overview of methods for obtaining evidentiary information from a computer is given, among which an accessible and effective method is highlighted using Open Source software to form a snapshot of RAM. The results of an experiment to study the possibility of obtaining and analyzing a snapshot of a computer’s RAM using Open Source tools are presented and approximate information is determined that can be obtained when using them in the interests of computer technical expertiseKeywords:
digital forensics, evidentiary information obtained from a computer, the procedure for collecting evidentiary information, methods for obtaining evidentiary information, an experiment on obtaining evidentiary information from a computerAnnotation:
The article discusses the application of the distributed ledger technology to secure information systems of the smart city. The authors identified the limitations of existing solutions in this area and considered the main directions for the development of distributed ledger technology, ensuring successful integration into the smart city ecosystemKeywords:
smart city, internet of things, distributed ledger technology, information securityAnnotation:
In the interests of sound planning for the modernization of information security systems, approaches to constructing methods for assessing the possibility of developing and introducing within the planned time frame innovations necessary for the timely detection, prevention and elimination of the consequences of information security threats are considered. As an indicator for assessing this possibility, it is proposed to use the probability of modernizing the information security system over a certain specified period of time. To quantify this indicator, approaches based on a generalization of Chebyshev’s inequality and the principle of stochastic dominance are proposedKeywords:
information security system, modernization planning, assessing the likelihood of meeting the deadlines for introducing innovationsAnnotation:
The paper evaluates the effectiveness of a group of unmanned aerial vehicles in performing aerial photography tasks in solving heterogeneous tasks and various payload variants. The modeling of options for equipping the elements of the group when performing various tasks is carried out. The integral indicator is defined as a combination of particular performance indicators, efficiency and resource intensity. The relationship between task options and payload options has been established. Numerical modeling of combinations of group equipment options and task options is carried outKeywords:
efficiency, resource intensity, integral indicator, group of unmanned aerial vehicles, flight task, efficiency, comparative assessment, aerial photographyAnnotation:
An approach to investigating the states of complex industrial networks with adaptive topology using network motifs – statistically significant subgraphs of a larger graph – is proposed. The analysis presented addresses the ability of network motifs to characterize system performance and the possibility of their application to short-, medium-, and long-term prediction of system states. Using the Smart Grid network structure as an example, a directed graph is modeled, in which the most common motifs are searched, several attack scenarios on network nodes are simulated and a network state prediction is built. The results of experimental studies confirmed the correctness and validity of the application of this mathematical apparatus for the set tasksKeywords:
dynamic graph, network motive, target function, network with adaptive topology, forecastingArticles are being accepted in № 3 (60) 2024.
Detailed information on the rules of registration and the process of submitting an article.