Annotation:

The article deals with the problem of updating indicators of compromise in the field of information security. One of the key difficulties is the growing number of false positives, which slows down the process of incident investigation. To solve this problem, we propose a model for assessing the relevance of indicators of compromise, the purpose of which is to optimise their use. The developed model takes into account various parameters, such as the indicator obsolescence rate, the level of trust in the source, the frequency of detection, the proportion of false positives, the consideration of information from open sources, and the type of malicious activity. The model reduces the number of false positives and improves the efficiency of incident monitoring.

Keywords:

indicator of compromise, relevance, assessment model, relevance dynamics, information security

Pages 9–20

Annotation:

The paper is devoted to an approach to counter threats of privacy violations in federated learning. The approach is based on optimization methods to transform the weights of local neural network models and create new weights for transmission to the joint gradient descent node, which, in turn, allows to prevent the interception of local model weights by an attacker. Experimental studies have confirmed the effectiveness of the developed approach

Keywords:

federated learning, neural network models, optimization methods, gradient descent

Pages 21–29

Annotation:

This article examines the problem of the "black box" in artificial intelligence systems, focusing on the role of explanation (revealing cause-and-effect relationships) and interpretation (adapting meaning for the audience) in the context of machine learning. The philosophical foundations of these concepts are presented, along with an overview of modern methods in explainable AI (XAI). The article emphasizes the need to develop common perspectives on the issues of "explainability" and "interpretability" as they apply to machine learning models and the solutions they generate.

Keywords:

artificial intelligence, explanation, interpretation, understanding, XAI

Pages 30–42

Annotation:

Modern large language models possess impressive capabilities but remain vulnerable to various attacks that can manipulate their responses, lead to leakage of confidential data, or bypass restrictions. This paper focuses on the analysis of prompt injection attacks, which allow bypassing model constraints, extracting hidden data, or forcing the model to follow malicious instructions.

Keywords:

large language models, artificial intelligence, adversarial attacks, defense methods, model output manipulation

Pages 43–58

Annotation:

The problem of protecting machine learning models used in intrusion detection systems from adversarial attacks is considered. Possible methods of protection against adversarial samples based on data anomaly detectors and an autoencoder are analyzed. The results of an experimental study of protective mechanisms that demonstrated high efficiency in detecting distorting data using a Random Forest model are presented.

Keywords:

adversarial attack, machine learning security, adversarial sample detection, machine learning, intrusion detection system, Random Forest

Pages 59–68

Annotation:

The article addresses the problem of detecting potentially malicious activity in CI/CD pipelines during the build process through the analysis of runner behavior. The limitations of existing pipeline security tools related to threat detection during build execution are identified, as well as promising approaches to detecting mali-cious activity. A way for detecting potentially malicious activity in pipelines using the eBPF technology for collecting and analyzing runner behavior has been pro-posed. The accuracy of the detection is evaluated using a dataset that contains im-plementations of malicious scenarios related to build process compromise. The re-sults obtained can be used to implement protection tools for CI systems and con-tribute to research in CI/CD pipelines security.

Keywords:

CI/CD pipelines, DevSecOps, malicious activity, anomaly detection, eBPF, behavioral analysis, syscalls

Pages 69–82

Annotation:

The article is devoted to the development of an approach to identifying vulnerable code using adaptation methods for pre-trained reinforcement machine learning models. A training methodology is presented that includes stages of model adaptation using data from various domains, which ensures high generalization ability of the algorithms. Experimental results have shown the effectiveness of the proposed approach on the popular CWEFix code analysis dataset. The developed approach helps to improve the quality of vulnerability detection and reduce the level of false positives, which makes it a useful tool for ensuring software security.

Keywords:

code vulnerabilities, machine learning, reinforcement learning, software analysis, information security

Pages 83–96

Annotation:

This work investigates approaches for constructing post-quantum digital signature schemes. Contemporary methods for enhancing the security of protocols based on elliptic curve isogenies are analyzed. Multi-signature scheme based on the problem of finding isogenies between supersingular curves with participant authentication is developed. The efficiency and security of the proposed scheme are proved.

Keywords:

group signature, supersingular elliptic curves, postquantum cryptography, masking

Pages 97–105

Annotation:

In this paper, we solve the following problem. For a group of n participants, we need to distribute two shares to each of them in such a way that each pair of par-ticipants forms a (3, 4)-threshold access structure. In other words, each pair of participants can find some secret using any 3 out of the 4 shares they have. Ob-viously, this problem has a trivial solution: to share the same secret between eve-ryone using a (3, 2n)-threshold secret sharing scheme. However, of theoretical and practical interest is the case when each pair of participants recovers a secret different from the others. In particular, the solution to this problem is necessary for the key agreement protocol proposed in [1]. In this paper, we find a complete solution to considered problem for Shamir's secret sharing scheme. In addition, non-interactive methods for randomizing the key agreement protocol from [1] are studied. Unfortunately, it turns out that they do not enhance the security of this protocol.

Keywords:

key pre-distribution, Shamir’s secret sharing scheme, key agreement protocol, perfectness, threshold cryptography

Pages 106–120

Annotation:

Considered issues of automation for measuring information archiving received from the OTT PARSIVEL laser disdrometer in form of messages with .dat format. It is shown that .dat format is not convenient for archiving in databases. As a result of performed research, methodology and toolkit was developed for automating the conversion of source messages for subsequent archiving in databases, taking into account the specifics of the SQL query language.

Keywords:

automation, archiving, databases, disdrometer, autonomous surface vessels

Pages 155–163

Annotation:

The article considers a network monitoring system for the security of a data transmission network operating under computer influences. One of the most urgent tasks in these conditions is the development of mechanisms for evaluating the effectiveness of network monitoring of data transmission network security from computer influences. A mathematical model and methodology are proposed, where the fundamental difference from the existing ones is a new approach to monitoring the security status of data transmission network elements from computer influences.

Keywords:

data transmission network, network security monitoring, computer impacts, efficiency assessment

Pages 121–131

Annotation:

The features of the functioning of mobile self-organizing networks are considered. Models of node interaction in these networks are analyzed, taking into account protection against network attacks, and their advantages and disadvantages are highlighted. A model of node interaction in a mobile self-organizing network is proposed, considering protection against active network attacks based on early attack detection. Early detection of network attacks is achieved by predicting network parameters and further analyzing them using machine learning methods. A trust model is also used to exclude malicious nodes from the network.

Keywords:

information security, ad-hoc networks, model of node interaction, intrusion detection systems

Pages 132–144

Annotation:

The task of protecting nodes of a blockchain system from security threats of user deanonymization, access restriction, and imposition of false data about the blockchain state is considered. A method of anonymizing the network traffic between nodes of a blockchain system based on garlic routing, supporting integration with consensus mechanism, has been proposed. As a result of experimental study, it is demonstrated that the presented method allows increasing the safety of blockchain systems applied in large-scale network infrastructures.

Keywords:

deanonymization, blockchain, distributed ledger, network traffic, smart city, garlic routing

Pages 145–154