Annotation:
The purpose of the study is to formally formulate the problem of artificial immunization of complex technical systems to ensure their security against cyber threats. The work draws an analogy between human immunity and the security functions of modern technical systems. A mathematical model of a technical system that describes how the system's immunity counteracts various cyberattacks was developed. The immunization problem is formulated to minimize the number of infected objects in the system and maximize the number of cured objects among the infected ones.Keywords:
immunization, innate immunity, adaptive immunity, cyber-attack.Annotation:
Currently, social information services (SIS) have become one of the important sources of information and allow any user to distribute information without restrictions, which makes it difficult to determine the degree of reliability of information. Revealing unreliable facts from the news using artificial intelligence methods is a difficult problem. To solve this problem, it is necessary to apply several existing models with the calculation of the reality parameter and recognition accuracy, as well as to develop a new algorithm for detecting fake news. The use of effective tools for identifying false information in the SIS and the corresponding algorithm is considered in support and decision-making systems, when determining the degree of information reliability.Keywords:
open sources of information, social information services, false information, reality parameter.Annotation:
This paper presents a new approach for protecting user data of mobile phones. It combines multi-factor authentication, secret sharing, visual cryptography, steganography and uses built-in secure modules of the Android operating system. The proposed protocol ensures privacy of user data even if the mobile phone and its associated storage server are compromised.Keywords:
authentication and key establishment protocol, wireless sensor network, key pre-distribution.Annotation:
This article discusses the security of recommendation systems with collaborative filtering from manipulation attacks. The most common types of attacks are analyzed and identified. A modified method for detecting manipulation attacks on recommendation systems with collaborative filtering is proposed. Experimental testing and comparison of the effectiveness of the modified method with other relevant methods were carried out.Keywords:
recommendation systems, collaborative filtering, shilling attack detection.Annotation:
Any organization, processing personal data of citizens of the European Union is obliged to comply with the requirements of GDPR (General Data Protection Regulation). However, the regulations do not contain information about how to comply with these requirements in practice. The international standard ISO 27701 solves this problem because it contains specific controls to fulfill requirements specified above. In the course of the research, the standard was analyzed and there were made up recommendations that can be applied to all types and sizes of organizations, including public and private companies, government entities and non-profit organizations that process personal data of citizens of the European Union.Keywords:
personal data, controls, requirements, GDPR.Annotation:
The article is devoted to finding rational ways to improve the culture of digital security among future shipbuilders. An objective methodology for the formation of educational content based on the achievements of the theory of multi-parameter choice and the construction of a tuple of preferences when making complex cybernetic decisions is considered. An example of the choice of digital security training technology for students of shipbuilding profile (Saint Petersburg State Maritime Technical University) was considered.Keywords:
digital security, distance learning, safety culture.Annotation:
The paper proposes a method for detecting source code fragments similarity using attribute abstract syntax trees and machine learning algorithms. The advantages of the method are determined based on a comparative analysis of existing approaches of detecting code clones. For approaches, which use AST, it is possible to increase the efficiency of detecting similar source code fragments by detecting semantic clones with usage of method proposed.Keywords:
code clones, syntactic similarity, semantic similarity, open-source software.Annotation:
One of the approaches to form a cryptographically secure encryption range is the use of linear recurrent feedback registers based on primitive polynomials. The operational possibility of choosing the appropriate polynomial can provide the required degree of stability of the algorithm used. At present, primitive polynomials are known for sufficiently large powers, but usually these are the so-called sparse polynomials. To improve cryptographic strength, it is necessary to be able to quickly form new primitive polynomials of given degrees, which is the subject of this study.Keywords:
primitive polynomials, m-sequence, decimation, primitive root.Annotation:
The problem of automating the determination of daily water consumption by continuously measured levels and discrete measurements of water flow using flow curves, which are the simplest characteristic of the capacity of the riverbed (and floodplain) and are widely used in river flow accounting and hydraulic calculations, is considered. Conclusions are made about the optimal analytical representation of the flow curve and the possibilities of constructing a universal model of hydrometric flow accounting.Keywords:
water flow, measured levels, flow curves, profiles, interpolation, approximation, model.Annotation:
The problems of hydrological support of water transport in the territories of Siberia and the Far East of the Russian Federation are considered. The requirements for operational information on the levels of water bodies, on a sharp change in water content, on channel deformations, on the ice situation and forecasts of these phenomena are analyzed. Attention is drawn to the need to use new modern information technologies.Keywords:
water transport, hydrological support, riverbed processes, hydrological regime, information technologies.Annotation:
The article is devoted to a method for evaluating the effectiveness of the use of a group of unmanned aerial vehicles when they perform aerial photography tasks. The approach is based on the principles of a «virtual squad» and assumes decentralized management and adaptive redistribution of roles in unpredictable situations.Keywords:
group of unmanned aerial vehicles, virtual squad, unified flight task.Annotation:
An analysis of existing methods that provide the detection of evasion attacks in the machine learning systems is presented. An experimental comparison of these methods has been performed. The Uncertainty method is the most universal one, but its accuracy in detecting SGM, MS, BA evasion attacks is lower than that of other methods, and it is difficult to determine such values of the uncertainty boundary for adversarial samples that would allow more accurate detection of evasions. A new hybrid method has been proposed and discussed, which is a two-stage verification of input data, supplemented by input data pre-processing. In the proposed method, the threshold of uncertainty for adversarial samples has become distinct and quickly computable. The hybrid method allows detecting OOD attacks with 80% accuracy, and SGM, MS, BA attacks with 93% accuracy.Keywords:
evasion attacks, evasion attack detection, hybrid method, machine learning, adversarial samples, ODIN, Uncertainty.Annotation:
The paper proposes an approach to detection of Distributed Denial of Service (DDoS) attacks using a modular neural network, which is a series of connected neural networks that solve the problem step by step. The task of DDoS attack detection is decomposed into three interrelated subtasks: detection of anomalous network traffic, detection of DDoS attack traffic and identification of the type of realized DDoS attack, which is especially important due to the tendency of implementing multi-vector DDoS attacks. The results of experimental studies on the quality of performance of the constructed modular neural network confirmed the effectiveness of the proposed approach.Keywords:
DDoS attacks, modular neural network, decomposition, machine learning.Annotation:
Considered adversarial attacks on systems of artificial neural networks for image recognition. To increase the security of image recognition systems from adversarial attacks (avoidance attacks), the use of auto-encoders is proposed. Various attacks are considered and software prototypes of autoencoders of fully connected and convolutional architectures are developed as a means of protection against evasion attacks. The possibility of using the developed prototypes as a basis for designing autoencoders for more complex architectures is substantiated.Keywords:
image recognition system, adversarial attack, evasion attack, autoencoder.Annotation:
The article deals with the problem of finding a region of interest for biometric identification based on the pattern of palm veins. An image segmentation method based on the use of convolutional neural networks to search for an area of interest is proposed. The work of this method is compared with methods that use the features of a binarized image, in particular, with the method of searching for local minimums and searching for the minimum threshold value.Keywords:
biometrics, vein pattern, area of interest, segmentation, neural network.Annotation:
The criteria related to the construction of mathematical models of quality indicators for further investigation of the effectiveness of the functioning of information security systems, taking into account destructive influences, are considered. Geometric interpretations of the criteria of three classes are presented. The distinctive features of the concepts «quality indicator» and «quality assessment criterion» are revealed. A mathematical description of each of the criteria under consideration is given.Keywords:
quality assessment criterion, quality indicator, efficiency, information security system.Annotation:
The article discusses the encryption security of the Bitcoin Core cryptocurrency wallet. Particular attention is paid to aspects of the practical implementation of cryptographic algorithms when encrypting the wallet.dat file with a password. The practical strongness to brute-force attacks using parallel computing on the GPU is also considered. It was found that Bitcoin Core did not implement an encryption key change for private keys. This implementation makes it possible to re-attack the wallet without knowing the new password, if it has already been compromised before. The changes to encryption algorithms that complicate the password brute force attacks on the GPU are also proposed.Keywords:
bitcoin core cryptocurrency wallet, cryptocurrency wallet encryption, encryption key change, bitcoin core wallet attack, brute force attack on GPU.Annotation:
An analysis of the requirements of guiding documents for ensuring the security of critical information infrastructure facilities has been carried out. A classification of information security tools of the firewall class with a description of each, their implementation scenario and a generalized network diagram, taking into account the application of these solutions in the field of information security, are presented. A comparative analysis of existing firewalling solutions is made, followed by conclusions about using some of them to protect critical information infrastructure facilities. A solution is offered to develop the functionality of a new generation firewall.Keywords:
threats, firewall, next generation firewall, critical information infrastructure.Annotation:
An integrated approach to the maintenance of the cyber resiliency of cyber-physical systems represented as a network of functional nodes has been proposed. Based on the analysis of the graph of functional dependencies and the graph of attacks, this approach makes it possible to detect compromised nodes and rebuild the functional network of the system, moving the compromised nodes to an isolated virtual network similar to the one actually attacked, and then adapt the functional sequence of nodes that implement the technological process, thereby preventing the development of a cyber threat. The experimental results have demonstrated the correct operation of the proposed solution and the formation of an adequate counteraction to the intruders.Keywords:
attack graph, cyber resiliency, cyber-physical system, functional dependencies graph, functional infrastructure, virtual isolated network.Annotation:
This paper proposes an approach to assess the cyber resilience of mobile networks, based on the assessment of the probability that the network remains coherent under conditions of random movement of its nodes. The approach is aimed at countering the mobile network-specific attacks of hijacking and impersonation of one or more nodes, so that the network loses the ability to perform its target function.Keywords:
mobile networks, network connectivity, probability of node movement, hijacking attacks, impersonation attacks.Annotation:
The paper investigates the problem of detecting network anomalies in the processing of data streams in industrial systems. The network anomaly is understood as the malicious signature and the current context: the network environment and topology, routing parameters and node characteristics. As a result of the study, it was proposed to use a neocortex model that supports the memory mechanism to detect network anomalies.Keywords:
hierarchical temporary memory, artificial intelligence, contextual anomalies, machine learning, neocortex, industrial internet of thighs, network traffic, HTM.Annotation:
The structure and main properties of a generalized cyber-physical system are investigated. Threats of information security and main approaches to ensure the cybersecurity of these systems are analyzed. The method of assessing the degree of compromise of a generalized cyber-physical system, based on the analysis of indicators of compromise is presented.Keywords:
cyber-physical system, cybersecurity, graph theory, indicator of compromise, Industry 4.0, TCP / IP model.Annotation:
This paper discusses the problem of detecting network anomalies caused by computer attacks in industrial Internet of Things networks. To detect anomalies, a new method has been developed using the technology of hierarchical temporary memory, which is based on the innovative neocortex model. An experimental study of the developed anomaly detection method based on the HTM model demonstrated the superiority of the developed solution over the LSTM-based analogue. The developed prototype of the anomaly detection system provides continuous online unsupervised learning, takes into account the current network context, and also applies the accumulated experience by supporting the memory mechanism.Keywords:
hierarchical temporary memory, artificial intelligence, computer attacks, neocortex, online learning, sparse distributed representations, network traffic, HTM.Annotation:
The paper proposed approach to estimation the resilience of cyber-physical systems, as well as a method for their reconfiguration to neutralize the negative effects of structural attacks. The proposed method is applied to systems modeled by graphs, each vertex of which is associated with attributes - types of devices. The functioning of such systems is determined by the path on the graph, passing through the vertices of a given type. The reconfiguration method based on the graph artificial neural network (ANN) aims at increasing the number of working paths without the need to add new edges. The ANN model was trained on a synthetic dataset composed of random graphs whose vertex types were specified according to the mediation centrality metric.Keywords:
cyber-physical systems, graph theory, graph artificial neural network.Annotation:
Approaches related to solving the inverse problem of investigating the effectiveness of purposeful technical systems are considered. The classification of the tasks of the study of the effectiveness of the operation conducted by the military-technical system is given. A formal and informal approach to solving the task is outlined. The criteria of suitability for evaluating the effectiveness of the operation carried out by a purposeful technical system are formulated. Three statements of the problem of synthesis of the object under study are formulated.Keywords:
synthesis, functioning process, efficiency, military-technical system.Annotation:
The article reviews the use of artificial neural networks to ensure the navigational safety of navigation of an autonomous unmanned vessel.Keywords:
unmanned vessel, navigation, neural networks, information theory, modeling, e-navigation, navigation safety, geoinformation.Annotation:
The paper proposes a multi-agent reinforcement learning technology for intrusion detection in the Internet of Things. Three models of a multi-agent intrusion detection system have been implemented – a decentralized system, a system with the transmission of forecasts, a system with the transmission of observations. The obtained experimental results have been compared with the open intrusion detection system Suricata. It has been demonstrated that the proposed architectures of multi-agent systems are free from the weaknesses found in the usual solutions.Keywords:
agent, decentralized system, internet of things, greedy algorithm, cybersecurity, machine learning, multi-agent reinforcement learning, intrusion detection, observation data transferring, prediction data transferring, DQN.Annotation:
When considering digital systems for transmitting information in real time, in most cases, the transmission of information in blocks with a given delay time is implied. In this case, the delay determines the size of the sampling window. The article deals with the issues of masking an embedded message into an uncom-pressed audio signal with a variable size of the sample being processed.Keywords:
steganography, sound, masking of information, two-component steganographic system, real time system.Annotation:
The features of information campaigns, the principles of dissemination of information campaigns in social networks are considered. Groups of methods for detecting information campaigns are analyzed and identified. The problems of existing approaches are highlighted. A group of methods based on the detection of coordination is considered. The article proposes an algorithm for detecting influence campaigns implemented by a botnet in a social network using the algorithm bee colony.Keywords:
social networks, influence campaign, botnet.Annotation:
A comprehensive cybersecurity risk assessment is a complex multi-level task involving technical, software, external and human factors. As part of the development of a predictive model for assessing cybersecurity risks, characterization of the human factor is necessary to understand how the actions of information security specialists affect the risk of developing cybersecurity threats. The article discusses the concept of "reliability" in relation to the human factor in the cybersecurity system. It has two main components: innate characteristics, which are part of the personality, and situational characteristics, which are outside the personality. The use of reliability as a Human Factors parameter in a comprehensive cybersecurity risk assessment will also depend on an understanding of how different mental models and behavioral responses affect the level of trust placed in an information security professional and the biases that affect the ability to provide such trust.Keywords:
information security, cyber security model, information system reliability, human factor, cyber defense.Annotation:
This work presents the research of using machine learning methods to detect malicious installation files, specifically trojan droppers and downloaders, and installers with extraneous functionality. A comparative analysis of some classification methods of machine learning is presented: the naive bayes classifier, the random forest and the C4.5 algorithms. The classification was carried out using the Weka software in accordance with the methods under consideration. Significant attributes of executable files are defined, which give positive results in the classification of legitimate installers and trojans.Keywords:
malware, installation files, trojans, droppers, machine learning, naive bayes classifier, random forest, C4.5 algorithms.Annotation:
The paper proposes a method of preprocessing fragments of binary code for the task of detection their similarity using machine learning algorithms. The method is based on analysis of pseudocode, which is retrieved from decompilation process. The pseudocode is preprocessed with usage of attributed abstract syntax trees. Evaluation of the method indicates its efficiency in binary code similarity detection task due to semantic vectors used for abstract syntax tree modification.Keywords:
code clones, syntactic similarity, semantic similarity, binary code similarity, abstract syntax tree, pseudocode.Annotation:
The protection of infocommunication systems includes a wide number of information security means. There is a possibility of bypassing some of them by an intruder, thus breaking the assumed security script of the information protection system. The methods of monitoring the correct sequence of the use of information security means in the infocommunication system are proposed. The proposed methods make it possible to grow up the degree of security of infocommunication systems by confirming the fact of the use of all means and ways of information protection proposed by the architect of the information protection system.Keywords:
information protection, computing systems, information security means, pattern of secure access, information security, methods of monitoring, security pattern.Annotation:
This paper presents the results of the architecture stability analysis of messaging systems with a decentralized node structure Briar and Bridgefy. Developed mathematical models of target systems describe protocols for generating keys, establishing a connection and transferring data between system users. The key features of the architecture of messaging systems with a decentralized nodal structure are highlighted. The main classes of threats to target systems are determined.Keywords:
decentralized systems, network degradation, mesh-messengers, Briar, Bridgefy.Annotation:
Purpose. An important problem in the intelligent processing of syslog data is the existence of datasets containing records with multiple class label associations. A dataset suitable for classification typically contains a set of features and an associated set of class labels. The goal of classification is a trained model capable of assigning an appropriate class to an unknown object (records in "historical data"). The solution to this problem is associated with an exponential growth of label combinations that must be taken into account, as well as the computational costs of training data-mining models. The problem of multi-label classes in relation to computer network (CN) is currently insufficiently studied. The aim of the study is to formalize the problem of multivalued classification of experimental data (binary or multiclass) using the example of CN system log entries and to demonstrate its applicability to information security problems. Novelty. The novelty of the study lies in illustrating the presence of multi-labeled class labels in the analysis of syslog entries generated by CN. It is shown that this feature is inherent in most CNs, which are subject to boundary requirements for several indicators (attributes) of a predetermined Service Level Objectives. In case of occurrence of anomalous states for several attributes at once, an increase in the number of labels is a prerequisite for the occurrence of a rare anomalous state (system anomaly) CN at the current time. Results. It is shown that the problem of ambiguity of system log class labels is relevant for the analysis of the availability and integrity of information circulating in the CN. It is shown that the ambiguity of class labels manifests itself not only in the occurrence of several CN states at the current time, but also in the implicit multi-valued mapping of known CN attributes to these states. It is shown that with unambiguous learning, the label returned by such algorithms is a scalar value, and the resulting one-label classifiers label the data with loss of information. The multi-valued approach operates with labels assets (or vectors), and the resulting multi-valued classifier can assign several labels to CN states at once, which increases the classification accuracy. The significance of the secondary attributes of "historical data", which determine the quality of a multivalued classification, is shown. Practical relevance. Multi-labeled system log class labels are relevant in the areas of diagnosing malfunctions of CS hardware components, detecting attacks, detecting suspicious network activity, and other information security tasks.Keywords:
computer networks; multi-labeled classification; multiclass classification; information security.Annotation:
The description of the developed linguistic application for the recognition of ancient Egyptian hieroglyphs is given. The main methods for creating and training a neural network are considered and a method suitable for the successful operation of the algorithm for recognizing ancient Egyptian hieroglyphs is determined. Based on the analysis of tools for solving the problem, the method of learning with a teacher and the convolutional type of neural network were chosen as optimal for image recognition with the ReLu activation function. In the future, the proposed neural network will find application in the development of a dictionary with a character recognition function.Keywords:
ancient Egyptian hieroglyphs recognition, Gardiner code, convolutional neural network, classification, application.Annotation:
The team of authors has developed algorithms and compiled a program code for processing large arrays of meteorological data in order to determine the maximum snow cover with specific dates.Keywords:
meteorology, arrays, program code, snow cover, data processing.Annotation:
In order to guarantee effective information security of an organization, a systematic and comprehensive approach is necessary. One of the most effective tools for obtaining an independent and objective assessment of organizations' security against information security risks and threats and evaluating the level of organization IS provision is the internal information security audit. Nowadays, more and more additional requirements are imposed to the methods of ensuring and conducting IS audit. Having analyzed the scientific literature, training manuals and articles in the field of information security, a method based on the risk-oriented approach is developed. The risk management theory and the internal audit methodology built on its basis should become the tools for conducting the audit. Information security audit based on the risk-oriented approach will make it possible to assess the security of the organization, identify risks, create and (or) adjust the plan of measures to minimize them, improve the interaction of departments responsible for control and risk management.Keywords:
information security audit, risk-oriented approach, risk matrix, information security threats, security level.Annotation:
Improving the quality indicators of information security state identification of individual segments of cyber-physical systems is associated with the processing of large information arrays. We propose a method for improving quality indicators when solving problems of information security state identification. Its implementation is based on the formation of individual segments of the sample. The analysis of properties of these segments makes it possible to select and assign algorithms having the best quality indicators on the current segment. The segmentation of the data sample is considered. Experimental values of the quality index for the proposed method for different classifiers on individual segments and the whole sample are given on the example of real dataset data.Keywords:
information security, machine learning, data set, data segmentation, data sampling.Annotation:
This work contains a study of the problem of using steganographic algorithms by attackers to hide and exchange illegal data. The paper formulates the relevance of the problem by analyzing of the cases of using steganography in attacks on computer systems and based on the development trend of controlled Internet, supported by the legal framework. An analysis of methods for hiding data and their subsequent exchange on public Internet resources is presented through a review of the works of researchers in this area, the main tools used by attackers are identified and described. As an analysis of counteraction methods, a comparative description of use of the artificial intelligence technologies in the field of steganoanalysis is presented, the most promising and applicable for the tasks of automatic analysis of content posted on public Internet resources are identified. In the conclusion provisions of the work, the process of exchanging hidden data by malefactors using the model of EPC notation. The directions and tasks of steganoanalysis are highlighted, the solution of which will allow further development of a unified system for protecting public Internet resources, prospects for the use of new steganographic algorithms, such as hiding in the blockchain, source code are presented. resources and placement of content with the presence of physical attachments of information.Keywords:
steganography, steganoanalysis, hidden data exchange, intruder models, artificial intelligence in steganoanalysis, machine learning, neural networks, natural language processing, blockchain, static code analysis.Annotation:
The article analyzes the existing approaches to evaluating and accounting for the software composition analysis, including open source projects. The analysis of existing frameworks for evaluating software development processes is carried out, including from the point of view of information security. Considered typical risks of using open source components with open licenses. The possibility of evaluating development processes to identify threats to information security in open source projects was noted, as well as the need to automate such a process in order to ensure the efficiency of dependency management in projects using open components as dependencies.Keywords:
software composition analysis, open-source, software development processes maturity.Annotation:
This article systematizes modern methods of searching for errors in software. For each method, a brief description and advantages and disadvantages are considered. On the basis of the analysis the most perspective methods from the point of view of the task of automating the process of searching errors in the software are distinguished.Keywords:
information security, software, error detection, static analysis, dynamic analysis, symbolic execution, fuzzing.Annotation:
A model of the system of ranking indicators of compromise for active counteraction to directed attacks is proposed, which allows pre-detecting threats and planning measures to eliminate them before their manifestation. Also an important aspect is the development of tools and methods for assessing sources of information on the level of trust to collect the necessary data in the investigation of incidents. Based on the proposed models, an information system for ranking indicators of compromise has been developed, which allows minimizing the possibility of violating confidentiality, integrity and availability of information, as well as compromising data in the system.Keywords:
information security, information protection, indicators of compromise, modeling methods, information system.Annotation:
The observed increase in the number of threats in the field of information security of society and the state creates the need for their timely identification. The paper proposes a combined approach to identifying and categorizing agents that have the greatest impact on users in social networks, which consists in combining and consistently applying existing methods. A simulation model of information dissemination was created and tested, which made it possible to simulate the process of information interaction between participants of the Internet information and telecommunications network and the influence of malicious agents on them. The results of the experiment show that changing the configuration of the agency network of influence and increasing the psychological protection of users to destructive effects allows you to reduce the scale of distribution of negative content.Keywords:
social graph analysis, dynamics of information flows, social network, manipulation of public opinion.Annotation:
The purpose of this work is to increase the security of the network infrastructure. A network infrastructure model has been developed, an access control method based on the elimination of excessive network connectivity between subjects and objects of access has been proposed and evaluated, the directions of its development have been described. The method can be used for network segmentation.Keywords:
information security, access control, network infrastructure, firewall.Annotation:
A description of immunization approaches for cyber-physical systems based on hierarchical and peer-to-peer network topology is presented. A systematic analysis of existing immunization methods based on graph theory, theoretical formalization, and experiment is performed. The approach showed sufficient efficiency of artificial immunization using global strategies for cyber-physical systems based on hierarchical network infrastructure.Keywords:
cybersecurity, artificial immunization, cyberphysical systems, graph theory, network topology.Annotation:
Algorithms for solving the direct and inverse problems of investigating the effectiveness of the functioning of the information security system have been developed and presented. The task of investigating the effectiveness of the operation is formulated. The characteristics of the sensitivity of the study of the effectiveness of the operation are considered. The characteristics of the influence of the parameters of the information security system model and its functioning process on the efficiency of the operation are described, namely: influence coefficient, instability coefficient, control potential, optimization potential.Keywords:
analysis, effectiveness, sensitivity function, information security system.Annotation:
Balance models of management and planning of processes of production of final products at enterprises are considered. Diagrams of the assembly of products based on the input -output method of Vasily Leontiev are given. According to the diagrams, according to the Gozint theorem, matrices of direct and complete needs are formed, according to which, according to the proposed algorithm, the required parts and assemblies are evaluated for the production of various products as a final product. A method of encryption and decryption is proposed for the transmission of messages in digital format containing calculated data and technological schemes that are confidential. Examples of performing digital operations are given.Keywords:
balance model, Gozint diagram, matrices of direct and full needs, plan, algorithm, confidential message, encryption, message extraction.Annotation:
The article proposes a set of indicators that can be used to assess the quality of a specialist in the information security service of an industrial enterprise, as well as to assess the quality of its functioning in the process of work. Formula dependencies for calculating stochastic indicators are given, which allow to obtain some objective estimates of the subjective influence of the human factor on the safe functioning of information systems of industrial measures.Keywords:
quality indicators, information security, information system.Annotation:
The paper discusses a methodological approach to constructing models and algorithms for decision support when justifying the rational composition of a system for ensuring information security of a corporate computer network. In this case, the problem under consideration is represented in the form of a discrete mathematical programming model. A special feature of the model is the ability to take into account a wide variety of destructive impacts on a computer network and methods of protecting it. The generality of the model is also ensured by taking into account the possible nonlinear nature of the function reflecting the specific goals of creating an information security system. To solve the problem, a generalized algorithm has been developed that takes into account the features of the model. The general nature of the requirements for the parameters of the model and algorithm allows, on their basis, to form a fairly wide range of decision support techniques when justifying the rational composition of the information security system for specific variants of corporate computer networks and the conditions of their functioning.Keywords:
corporate computer network, information security system, system composition formation model, algorithm.Annotation:
Offers an analysis of modern protocols and approaches in cyber threat intelligence. The classification of CTI information was given, also the area of applicability for each class was estimated. The classification of CTI protocols and standards was presented with the mapping to CTI levels. An assessment of applicability to describe each CTI level was addressed to each class of protocols and standards. The main conclusion is that further study of the available standards in this area will determine the necessary set of requirements to the process of CTI information sharing, which will allow to face threats more effectively and reduce potential risks.Keywords:
information security threats, cyber threat intelligence, CTI level, exchange protocols.Annotation:
As a result of the analysis of known methods for ensuring data integrity, it was found that in conditions of continuous growth in the volume and value of information processed and stored in information automated systems for various purposes, the main disadvantage is the high redundancy of control information, leading to an increase in the load on the data warehouses of the systems in question and, as a consequence, a reduction in their resources. A method of ensuring data integrity based on combinational coding is considered, taking into account the analysis of the value of the protected information, and the results of its research related to the possibility of reducing the amount of introduced redundancy when using, in particular, Reed-Solomon codes are presented.Keywords:
information protection, data integrity, data integrity monitoring and recovery, memory capacity, Reed-Solomon codes, combination codes.Annotation:
The article proposes a model for steganographic embedding of data into a stream of messages using error-correcting coding. Embedded data is disguised as interference in the information channel. The inline message extraction is based on the error correcting code detection procedure for corrupted bits. The robustness of the scheme is based on the inability to obtain complete information about the embedding by the analyst. The model is universal and can be implemented in any network protocol that uses error-correcting codes.Keywords:
network steganography, error-correcting codes, hidden information channels.Annotation:
A method of responding to targeted attacks is developed, which is based on the idea of detecting and responding to targeted attacks at the stage of their implementation. The adequacy of application of the developed method in practice is demonstrated.Keywords:
information security, information security event, information security incident, information security monitoring, computer attack, SIEM-system, correlation.Annotation:
The article proposes an approach to the analysis of open source projects for exposure to the risks of a sudden change in the nature of project development associated with external reasons of po-litical or economic personal interest of individuals involved in the development. The aim of the work is an attempt to offer representative features that allow us to highlight the development bias in open source projects at early stages. For this purpose, groups of features are identified: com-munity characteristics, characteristics of the development process and characteristics of the pro-ject code base.Keywords:
software composition analysis, open-source, software development processes evaluation.Annotation:
The paper proposes a method for detecting malicious executable files by analyzing disassembled code. This method is based on static analysis of assembler instructions of executable files using a special neural network model, the architecture of which is also presented in this paper. In addition, through several different metrics, the effectiveness of the method has been demonstrated, showing a significant reduction of the second-order error compared to other state-of-the-art methods. The results obtained can be used as a basis for designing static malware analysis systems.Keywords:
detection of malicious software, static analysis, machine learning, deep neural networks, disassembled code analysis, transformer, BERT.Annotation:
The description of the developed neural network attack detection algorithm is given, the peculiarity of which is the possibility of launching two parallel processes: searching for the optimal model of an artificial neural network and normalizing the training sample data. It is shown that the choice of the artificial neural network architecture is carried out taking into account the loss function for a limited set of attack classes. The use of libraries (frameworks) TensorFlow and Keras Tuner for the software implementation of the attack detection algorithm is shown. The description of the experiment on choosing the architecture of the neural network and its training is given. The accuracy obtained in experiments reaches 94-98% for different classes of attacks.Keywords:
attack detection system, artificial neural network, classification, dataset, architecture optimization, training, loss function.Annotation:
With the rapid development of edge computing and the increasing number of connected devices, the article addresses the pressing issue of data integrity. It examines the current problem and focuses on the utilization of blockchain technology, which offers unique opportunities for addressing this challenge. The article provides a brief overview of existing methods and proposes a method for ensuring integrity based on blockchain technology. It suggests utilizing the Hot Stuff consensus algorithm in the presence of multiple active nodes, ensuring efficient operation and system scalability. Special attention is given to the utilization of a secondary blockchain based on Ethereum to enhance security and establish checkpoints in large blockchain networks. This facilitates the work of edge servers and enables users to verify data integrity on-demand using smart contracts. New approaches to ensuring data integrity and leveraging blockchain technology also can be used in different implementations of Internet of things.Keywords:
blockchain, edge computing, data integrity, security.Annotation:
This paper presents developed model of information security threats for messaging systems with decentralized node structure. Information flows are considered, the diagram of states information in the process of interaction within the decentralized messaging system is developed. The presented security threats correspond to the FSTEC BDU classification and are also categorized by layers of the Open Systems Interoperability Reference Model. For each of the above threats, the ways of their realization were consideredand the possible source of the threat was described.Keywords:
threat model, decentralized systems, information flows, state diagram.Annotation:
The proposed oblivious signature scheme 1-out-of-n messages based on the difficulty of finding isogenies between supersingular elliptic curves is a variety of Schnorr’s signature. The signature time of 10 messages takes 42,2 seconds. The signature scheme is aimed at solving problems related to maintaining privacy on the Internet.Keywords:
digital signature, oblivious signature scheme, isogeny based cryptography.Annotation:
This paper is devoted to the problem of modeling data and processes in big data systems including polystorages and other heterogeneous components of information processing. At present, approaches to harmonization of polystorages data models are proposed in this research area. Various proposed methods are considered in this paper, but these solutions are not suitable for use in information security problems directly. The authors formulate requirements for modeling of the considered objects for solving security problems and formulate a level approach to modeling based on the general concept of poly-storage security within the framework of the consistency approach. The paper presents an original systematization of data models of modern poly-storages and DBMS in their composition, taking into account the used mathematical apparatus. A new methodology of three-level modeling of data and processes in the object of protection is proposed, the bases of models for all levels of data representation are formulated. The results of the work lay the foundation for the complex representation of data and processes in solving the problems of security and analyzing the security of big data systems.Keywords:
information security, Big Data, heterogeneous data processing systems, set theory, graph theory, category theory.Annotation:
Within the framework of increasing the efficiency of new spheres and directions of development of society, the state pays attention to robotization on a modern domestic basis in order to implement import substitution. One of the urgent problems is the combination of the concepts of a collective of algorithms, a collective of automata, a collective of robots and artificial intelligence. A special role is played by the possibilities of cybernetic research of multicore neural network automata in order to build more complex automata, robots and the behavior of a team of robots based on them. The purpose of this article is to demonstrate the possibilities of a set–theoretic approach of a cybernetic approach to artificial, complex natural objects and systems on this basis and to create a conceptual model for the selection and joint simultaneous design of hardware and software of neural network automata based on a unified study of the processes of parallelization of a collective of algorithms in the form of explicit and implicit clustering. As a result, the authors analyze, show and propose variants of the collective structures of algorithms for ensuring cybersecurity and protection against threats in the form of a hierarchy of security practices. The method of analysis and selection of the best architecture of a multicore neural network collective of an automaton and a robot collective based on automata implemented on a chip is proposed. An expert system based on VLSI 1879VM8YA (NM6408) with a developed user interface is being implemented.Keywords:
multiple-theoretic approach, team of algorithms, cybernetic research, team of robots, conceptual model, hardware and software design, explicit and implicit clustering, cybersecurity, threat protection, expert system, NM Card tool module, user interface.Annotation:
This paper presents adversarial attacks on machine learning algorithms in intrusion detection systems. Some examples of existing intrusion detection systems are examined. Existing approaches to detecting these attacks are considered. Requirements have been formed to improve the stability of machine learning algorithms. Two approaches are proposed for detecting adversarial attacks on machine learning algorithms, the first of which is based on a multi-class classifier and a honeypot system, and the second approach uses a combination of a multi-class and a binary classifier. The proposed approaches can be used in further research aimed at detecting adversarial attacks on machine learning algorithms.Keywords:
intrusion detection system, machine learning, adversarial attack, honeypot system, evasion attack, poisoning attack, model extraction attack, binary classifier, multi-class classifier.Annotation:
The paper analyzes relevant sources in the field of implementing modern adversarial attacks against a network intrusion detection system with an analyzer based on machine learning methods. The process of building such a system is summarized; common errors made by developers at each stage, which can be exploited by attackers when implementing various attacks, are indicated. A classification of adversarial attacks against machine learning models is given, and the most well-known adversarial attacks against neural networks and ensembles of decision trees are analyzed. The existing limitations in the use of adversarial attacks against intrusion detection models of the “random forest” type are noted; poisoning and evasion attacks against the object of study are implemented in practice. Possible defense strategies are considered, and the effectiveness of the most common method, adversarial learning, is experimentally assessed. It is concluded that there are no guarantees to ensure the robustness of the used machine learning model to adversarial attacks and there is a need to search for protective strategies that provide such guarantees.Keywords:
network intrusion detection system, adversarial attack, machine learning, network traffic.Annotation:
The features of wireless self-organizing networks and their routing mechanisms are analyzed. The classification of attacks on this type of networks is presented. Groups of methods used to ensure the security of self-organizing networks are highlighted. The analysis of representatives of each group of methods is performed, their advantages and disadvantages are singled out. The purpose and direction of further research is formulated.Keywords:
information security, wireless ad-hoc networks.Annotation:
The paper is devoted to the topic of detecting cyber-physical systems (CPS) attacks that affect the parameters of the functioning of devices. The potential consequences of cyber attacks on the CPS, as well as the corresponding changes in the modeling graph, are considered. A method for detecting cyberattacks based on the graph Fourier transform and the gradient boosting algorithm is proposed. The method makes it possible to detect a non-standard change in the operation parameters of devices and evaluate its criticality from the point of view of the centrality of a group of modeling vertices.Keywords:
cyber-physical systems, graph theory, graph signal processing.Annotation:
The paper presents an analysis of existing methods for detecting artificially synthesized content and proposes a proprietary architecture for DeepFake's hybrid detection system based on searching original content. The study tests and compares the effectiveness of detection methods in two different cases. In the first case, records for training and testing samples are used from the same dataset; in the second case, testing is performed using a black-box method using records from different datasets. As a result, it is concluded that there are shortcomings in the existing methods and a hybrid DeepFake detection system architecture is proposed.Keywords:
DeepFake detection, generative adversarial networks, artificially synthesized content, deep learning.Annotation:
In this article, various approaches to the definition of the concept of the metaverse are investigated, and a proper, most universal one is proposed. The threats are analyzed and the requirements for the information security of the metaverse are highlighted. Its main components and features of their use are investigated. The applicability of various access control models to ensure effective security management of the metaverse has been evaluated.Keywords:
metaverse, metaverse security, metaverse model.Annotation:
This paper describes an approach to early detection of network attacks using weight agnostic neural networks. The choice of the type of neural networks is due to the specificity of their architecture that provides high processing speed and performance, which is significant in solving the problem of early attack detection. Experimental studies have demonstrated the effectiveness of the proposed approach based on a combination of multiple regression for feature selection of the training sample and weight agnostic neural networks. The accuracy of attack detection is comparable to the best results in the field with a significant time gain.Keywords:
network attacks, weight agnostic neural networks, multiple regression, machine learning.Annotation:
This paper is about the task of automating the analysis of access control in big data management systems by modeling security policies. The paper analyzes modern methods of access control in this class of systems, defines the requirements and selects the most promising one to describe the security policy within the framework of the developed solution. The task of modeling security policies in big data management systems is set. The architecture, main components and generalized algorithm of the software framework for its solution are presented. The results of experimental validation are also presented, the advantages and disadvantages of the framework are evaluated and the ways of its further development are proposed.Keywords:
big data security, big data management systems, access control, attribute access control, security policy, security policy modeling.Annotation:
This paper presents the developed method for detecting anomalies in network traffic, which is based on the technology of hierarchical temporary memory. To evaluate the effectiveness of the proposed solution, a new data set was generated containing information about legitimate and malicious network sessions. As a result of experimental studies, it was found that the use of a hierarchy of features and support for the memory mechanism make it possible to reveal hidden patterns in the analyzed chains of network requests to web resources with high accuracy.Keywords:
network traffic analysis, web resource security, hierarchical temporary memory, anomaly detection, network attacks.Annotation:
Considered methods of counteraction attack data poisoning type learning neural network and compiled a model of the attacker, according to which a classification of the considered methods. The classification obtained as a result of the study can be used in further research, the ultimate goal of which is to increase the level of unification and automation of data processing and protection methods.Keywords:
information security, machine learning, data processing, data poisoning, learning quality.Annotation:
The paper is devoted to the problem of ensuring the confidentiality of models in machine learning systems. The aim of the work is to ensure the confidentiality of proprietary models of machine learning systems. In the course of the work we analyzed attacks aimed at violating the confidentiality of models of machine learning systems, as well as ways to protect against this type of attacks, as a result of which the problem of protection against such attacks is set as a search for anomalies in the input data. We propose a way to detect anomalies in the input data based on statistical data, taking into account the resumption of the attack under a different account of the attacker. The obtained results can be used as a basis for designing components of machine learning defense systems.Keywords:
information security, artificial intelligence, artificial intelligence security, attacks on machine learning systems, privacy, model privacy, behavioral analysis.Annotation:
The article contains formalized techniques of data poisoning attacks are presented in the form of a set-theoretic model, considering the levels at which poisoning can be carried out. The division of attacks according to levels allows further consideration of each type of poisoning attack to prevent or minimize the consequences of data contamination specific to each level. The model obtained because of the study can be used in further research, the goal of which is to increase the level of unification and automation of data processing and protection methods.Keywords:
cybersecurity, data poisoning, data cleaning, heterogeneous data, set-theoretic attack model.Annotation:
The threat of extraction of the machine learning models is considered. Most of the modern approaches to the prevention of machine learning models extraction are based on the use of the protective noising mechanism. The main disadvantage of this protective method is the decrease in the accuracy of the outputs generated by the protected model. The paper states the requirements for methods for protecting machine learning models against extraction and presents a new method, which supplements noise with a distillation stage. It has been experimentally shown that the developed method ensures the resistance of machine learning models to extraction while maintaining the quality of their results by transforming the protected models to other, the simplified, but equivalent, models.Keywords:
machine learning security, model distillation, noising, soft label, degree of security, accuracy of results, model extraction threat.Annotation:
In the context of the deep penetration of information technologies and services into people's lives, the issues of control over recommendation systems (hereinafter - RS), which are actively used by social networks and Internet applications for personalized selection and ranking of content for users, are becoming increasingly relevant. The concept of RS operation is based on the preliminary collection of various types and degrees of sensitivity data about the user and their subsequent algorithmic processing in order to provide personalized recommendations. Personalized recommendations selected according to certain methods can create different worldviews for the same users, provoke active actions, etc. Thus, there is a need for a tool to assess the susceptibility of RS to the influences that lead to the bias of recommendation algorithms, on behalf of an external observer.Keywords:
recommender systems, unfairness biases, social networks, social network communications, cybersecurity.Annotation:
The assertion about the stability of a linear filter built on the basis of the Neyman-Pearson criterion was verified by performing falsifying experiments. The relationship between the eigenvalues of the interference covariance matrix and their minimum values and network stability was not found.Keywords:
linear filter, single-layer neural network, robustness, Neyman-Pearson criterion.Annotation:
The paper presents an analysis of existing methods for software vulnerabilities detection. A problem of faulty paths in interprocedural code graph representation is presented. This problem hinders application of graph deep learning models to code analysis tasks. A method based on an ensemble of algorithms for code graph analysis is presented to overcome the problem of faulty paths. The method performs gradual reduction of analyzed code fragments size for effective application of algorithms with high time complexity. A prototype of vulnerability detection system for .NET software based on the proposed method is presented. The prototype is evaluated using NIST SARD database and software with considerable codebase size.Keywords:
software vulnerabilities detection, logical vulnerabilities, static code analysis, graph theory, deep learning.Annotation:
A method for detecting network attacks on web applications using a neural network based on LSTM is presented. The process of extracting the necessary information from traffic before submitting it to an artificial neural network (ANN) is presented. This process of preprocessing HTTP traffic allows you to select key fragments, which are subsequently vectorized for proper processing in the ANN. The ANN architecture is defined, including the necessary layers, for the multiclassification of HTTP traffic and the detection of network attacks on web applications.Keywords:
firewall, web-applications, network attacks.Annotation:
The paper proposes a digital signature scheme that expands the functionality of the GOST 34.10-2018 and allows delegating signing capability to a trusted person (proxy signer). A classification of proxy signatures has been developed; the selected delegation scheme was modified to prevent misuse by a proxy signer. The correctness of the scheme was shown, the analysis of compliance with security requirements was carried out. The results of software implementation testing are presented.Keywords:
digital signature, proxy signature, GOST 34.102018, elliptic curves.Annotation:
Isogeny graphs of supersingular elliptic curves are one of perspective mathematical structures for post-quantum cryptography algorithms. However, recently published attack on the SIDH protocol [1] demonstrates that isogeny graphs require a more detailed study when they are used in real protocols. In this paper, we analyze the structure of isogeny graphs of degree D > 3 and consider a set of nodes of a special kind to which the attack [7] on path recovery in the graph is applicable.Keywords:
post-quantum cryptography, isogeny graphs.