Quarterly journal published in SPbPU
and edited by prof. Dmitry Zegzhda
Peter the Great St. Petersburg Polytechnic University
Institute of computer sciences and technologies
information security of computer systems
Information Security Problems. Computer Systems
Published since 1999.
ISSN 2071-8217
  • 2024 year
    • № 1 2024
      • RESEARCH, MONITORING AND OPTIMIZATION OF AUTOMATED TECHNOLOGICAL PROCESSES AND PRODUCTIONS CONTROL SYSTEMS
        M. O. Zaid Alkilani, I. V. Mashkina Ufa University of Science and Technology
        DEVELOPMENT OF ATTACK SCENARIOS FOR ASSESSING THREATS RELATED TO INFORMATION SECURITY BREACH IN INDUSTRIAL NETWORKS

        Annotation:

        The article considers the possibility of using EPC notations to build scenarios of information security (InfoSec) threats in the automated process control system (ICS). In accordance with regulatory and legal documents, if there is a scenario of an InfoSec threat, it is recognized as relevant to the information system and is included in the InfoSec threat model to justify the choice of measures and means of information protection. The methodology of building scenarios of threat realization in the form of EPC models is proposed. The construction of EPC models of attack scenarios on industrial network infrastructure components is based on the establishment of possible objects of impact taking into account the architecture of the ICS, identification of possible vulnerabilities of infrastructure components and means of protection on the way to the threat’s implementation, determination of possible tactics and techniques, threats, lists of which are presented in methodological documents. The results of the development of several scenario models of computer attacks on the enterprise infrastructure, including an attack over wireless channel of communication with the field level are presented.

        Keywords:

        industrial control system ICS, EPC threat, scenario diagram, target of the threat, information security, tactics, techniques, information security threats
        Pages 96–109
        I. A. Sikarev, V. M. Abramov, K. S. Prostakevich, A. L. Abramova, A. O. Semidelova Russian State Hydrometeorological University
        INFOCOMMUNICATION INSTRUMENTARIUM FOR NATURAL RISK MANAGEMENT WHILE NAVIGATION OF AUTONOMOUS VESSELS IN ARCTIC UNDER CLIMATE CHANGE

        Annotation:

        There are presented development results of info-telecommunication instrumentarium for natural risk management while commercial use of autonomous vessels in the Arctic and Subarctic, including Northern Sea Route and higher latitudes. Toolkit was developed using Foresight technologies, the methods of database designing within online technologies. Research results have a high scientific novelty and can be used by various players, including educational organizations while formation of Master's programs. Online platform Researchgate was used for preliminary discussion and data exchange while research.

        Keywords:

        infocommunication systems, natural risk management, autonomous vessels, Arctic
        Pages 110–120
      • SOFTWARE SECURITY
        D. O. Markin, I. A. Saitov Academy of Federal Guard Service of Russia
        MODELING OF EMBEDED SOFTWARE FOR HARDWARE PLATFORMS BASED ON PROCESSORS WITH ARM ARCHITECTURE USING THE FEATURES OF POTENTIALLY DANGEROUS FUNCTIONAL OBJECTS

        Annotation:

        The article presents the results of the binary code analysis of the embedded software for hardware platforms based on processors with ARM architecture (trustlets) for the presence of potential hidden channels expressed in the form of potentially dangerous functional objects. The descriptive model of the trustlet has been developed based on the binary trustlet code analysis. The model allows to identify quantitative and qualitative indicators describing the presence of potentially dangerous functional objects in the trustlet code. These indicators allows to rank the trustlets according to the vulnerabilities criticality levels. It is advisable to use the ranking results for searching hidden channels in the embedded software carried out during certification tests of information security tools.

        Keywords:

        trustlet, potentially dangerous functional object, vulnerabilities, ARM
        Pages 121–133
        N. N. Samarin Research Institute "Kvant"
        A MODEL FOR FINDING ERRORS IN SOFTWARE USING SPOT-BASED FUZZING

        Annotation:

        This article highlights the most essential properties of software for searching for errors in it by the method of spot-based fuzzing. A generalized set-theoretic model of software is formulated, its invariant form is presented and its adequacy, universality and consistency are proved.

        Keywords:

        information security, software, error detection, mathematical modelling, symbolic execution, fuzzing
        Pages 134–141
      • MACHINE LEARNING AND KNOWLEDGE CONTROL SYSTEMS
        A. A. Muryleva, M. O. Kalinin, D. S. Lavrova Peter the Great St. Petersburg Polytechnic University
        PROTECTION OF THE MACHINE LEARNING MODELS FROM THE TRAINING DATA MEMBERSHIP INFERENCE

        Annotation:

        The paper reviews the problem of protecting machine learning models from the security threat of violating data confidentiality, which implements membership inference in the training datasets. A method for protective noising of the training dataset is proposed. It has been experimentally shown that Gaussian noising of training dataset with scale of 0.2 is the simplest and most effective approach to protect machine learning models from the training data extraction. Compared to alternative techniques, the proposed method is easy to implement, universal for different types of target models, and allows reducing the effectiveness of attack by up to 26 % points.

        Keywords:

        noising, machine learning, training set, membership inference, Gaussian noise
        Pages 142–152
        S. G. Fomicheva, O. D. Gayduk St. Petersburg University of Aerospace Instrumentations
        INTELLIGENT MECHANISMS FOR EXTRACTING FEATURES OF FILE MODIFICATION IN DYNAMIC VIRUS ANALYSIS

        Annotation:

        The paper proposes machine-learning pipelines that allow to automatically generating relevant feature spaces for virus detectors, detect the presence of viral modifications in JS-files and scripts in real time, as well as interpret and visualize the machine solution obtained automatically. It is shown that the best quality metrics will be demonstrated by models of an abstract syntactic tree using binary classifiers based on ensembles of decision tree. The explanation, the solution automatically generated by the virus detector, is demonstrated.

        Keywords:

        virus analysis, machine-learning models, features viral modification, decision trees ensembles, machine solution interpretation
        Pages 153–167
      • EDUCATION PROBLEMS
        I. L. Karpova, A. Yu. Garkushev, A. F. Suprun St. Petersburg State Marine Technical University, Peter the Great St. Petersburg Polytechnic University
        DEVELOPMENT OF REFLEXIVE AND PREDICTIVE COMPETENCIES OF INFORMATION SECURITY SPECIALISTS AS A FACTOR IN IMPROVING THE QUALITY OF PROFESSIONAL EDUCATION

        Annotation:

        Information is becoming an increasingly valuable asset for companies, so information security management is an integral part of the work of all institutions and enterprises. The professional experience and skills of information security specialists significantly affect the development of the system, audit and management of the information security system. In light of the high rate of receipt of relevant information and rapid changes in the information security system, it is important that future specialists in this field have the ability to analyze information, use it effectively and make accurate forecasts based on this data. The development of reflexive and predictive competencies in practice is possible through the development of the ability to anticipate, which is the mental mechanism underlying forecasting and goal setting. The role of anticipation as a component of reflexive and predictive competencies is considered, as well as methods of its development among information security specialists.

        Keywords:

        information security, cybersecurity, anticipation, reflexive-prognostic competencies, mental regulation, vulnerability
        Pages 168–174
      • INFORMATION SECURITY APPLICATION
        D. E. Vilkhovsky Dostoevsky Omsk State University
        STEGANALYTICAL MODULЕ FOR INSERT DETECTION IN LOW STEGO-PAYLOAD IMAGES

        Annotation:

        The paper describes a business-logic and results of the stegoanalysis software, a stegoanalytical module based on the algorithms developed by the author for image steganalysis, which enables to detect embeddings even with low stego-payload (10–25 % of the total). The solution is aimed at improving the enterprise information security by detecting media files (images) containing embeddings and preventing unauthorized transfer of such files or viewing and extracting the received hidden message as well as preventing the installation of malware, the module of which is embedded in the image with the steganography. The software package works with embeddings by the Koch – Zhao method and LSB-replacement methods.

        Keywords:

        steganalysis, steganographic analysis, stegocontainer analysis, LSB-insert detection, DCT-insert detection, Koch – Zhao method
        Pages 9–17
        A. Yu. Garkushev, A. V. Lipis, I. L. Karpova, A. A. Shalkovskaya, A. F. Suprun Petersburg State Marine Technical University, Lomonosov Moscow State University, Peter the Great St. Petersburg Polytechnic University
        ASSESSMENT OF THE COMPETENCE OF THE INTELLIGENT INFORMATION SECURITY MANAGEMENT SYSTEM

        Annotation:

        The article is devoted to the development of tools for evaluating intelligent information security management systems in enterprises. The proposed methodology is based on a combination of entropy approaches to assessing the quality of information and a priori assessment of competence in terms of balancing the efficiency and validity of decisions made. The proposed mathematical model can be used for a priori evaluation of information security decision support systems.

        Keywords:

        competence, validity, intelligent system, communication, an aggregated model
        Pages 18–27
        D. A. Moskvin, E. M. Orel, A. A. Lyashenko Peter the Great St. Petersburg Polytechnic University
        PRESENTATION OF GRAPH-BASED MODEL FOR USE IN AUTOMATED SECURITY ANALYSIS SYSTEMS

        Annotation:

        This paper presents a mathematical graph-based model for use in automated security analysis systems. The model allows to link information about the system obtained by a specialist in the process of security analysis with a set of attack scenarios in which it may be involved. Executing each scenario results in new portion of data, that describes some system component and contributes to the expansion of the attack graph.

        Keywords:

        attack graph, graph-based model, security analysis, attack scenarios, heterogenic systems, security assessment, penetration testing
        Pages 28–35
      • NETWORK AND TELECOMMUNICATION SECURITY
        E. Yu. Pavlenko Peter the Great St. Petersburg Polytechnic University
        CYBER RESILIENCE OF SELF-ORGANIZING CYBER-PHYSICAL SYSTEMS

        Annotation:

        Security criteria for self-organizing cyber-physical systems are proposed, taking into account their specificity, which consists in the need to ensure correct functioning, even under conditions of destructive information impacts, and information security. The solution of the problem is complicated by the presence of both local goals of the system components capable of self-organization and the global goal of the entire system. The paper systematizes security threats for self-organizing cyber-physical systems taking into account their specifics. We propose three security criteria – graph and two entropy criteria, the combined use of which will allow us to detect attacking influences aimed at both disabling the system and obtaining the possibility of stealthy control of the system in accordance with the attacker's goals.

        Keywords:

        cybersecurity, self-organizing systems, multi-agent system, intelligence, entropy, target function
        Pages 36–49
        А. А. Kornienko, S. V. Kornienko, N. S. Razzhivin Emperor Alexander I St. Petersburg State Transport University
        PROTECTION AGAINST UNAUTHORIZED ACCESS TO MOBILE DEVICES WHEN APPLYING OF THE BYOD CONCEPT

        Annotation:

        The article analyzes the problems of using of mobile devices when applying of the BYOD concept. An adapted methodology for assessing information security threats is proposed. In addition to the traditional approach of building a security system in the information system, a software tool for monitoring unauthorized access has been developed and tested.

        Keywords:

        BYOD, mobile devices, corporate information system, information security, unauthorized access
        Pages 50–61
        A. S. Kurakin LLC "STC"
        THE EVALUATION OF THE EFFECTIVENESS OF THE FUNCTIONING OF A GROUP OF UNMANNED AERIAL VEHICLES WHEN THEY PERFORM AERIAL PHOTOGRAPHY TASKS

        Annotation:

        The article proposes a way to assess the effectiveness of selecting and distributing the goals of a group of unmanned aerial vehicles when they perform aerial photography tasks. Analytical expressions are obtained for resource intensity, performance and efficiency of task execution. Modeling and comparative assessment of the efficiency indicator for various options for the formation and target setting of a group of unmanned aerial vehicles was carried out.

        Keywords:

        group of unmanned aerial vehicles, flight task, efficiency, comparative assessment, aerial photography
        Pages 62–69
        E. Yu. Pavlenko, M. A. Pahomov Peter the Great St. Petersburg Polytechnic University
        GRAPH SELF-REGULATION OF VARIOUS TYPES OF NETWORKS WITH ADAPTIVE TOPOLOGY

        Annotation:

        Approaches to self-regulation of networks with adaptive network topology based on graph theory are presented. These approaches are limited to networks whose nodes do not change their position in space, such as peer-to-peer and heterogeneous sensor networks, as well as industrial networks using the example of Smart Grid smart energy consumption networks. A generalized objective function is described for each type of network, conditions for self-regulation are formulated, and the process of self-regulation is formally described.

        Keywords:

        information security, self-regulation, graph theory, objective function, network with adaptive topology
        Pages 70–79
        M. Yu. Fedosenko ITMO University
        THE SPECIFICS OF SOLVING THE PROBLEM OF INFORMATION SECURITY RISK MANAGEMENT WHEN DEVELOPING METHODS OF PROTECTION AGAINST HIDDEN STEGANOGRAPHIC INFORMATION EXCHANGE ON PUBLIC INTERNET RESOURCES

        Annotation:

        This work contains a description of the stage of practical management of information security risks of a web resource as a result of its use as a medium and communication channel for steganographic information exchange. The possibility of using steganography on public Internet resources as a tool for attackers to exchange illegal data and carry out computer attacks has been established based on available research results. As a result, the relevance of developing methods to counter the malicious use of steganographic algorithms has been proven. The paper examines threats to information security when using steganography methods in accordance with the FSTEC IS BDU. Based on these threats, the 4-level model of threats to a web resource from user data has been developed. It including the risks of violating the integrity, accessibility, confidentiality and provisions of 374-FL (amendments to 149-FL “On information, information technologies and information protection"). The 374-FL demonstrated the problem of the inaccessibility of data to check for malicious nature when it is exchanged covertly. Based on the developed model, a practical assessment of the risks of a web resource was carried out using the Microsoft Security Assessment Tool (MSAT), as well as their theoretical assessment matrices FRAP, CRAMM in order to demonstrate the features of using a specific approach in solving the problem of countering a new type of attack. As a result, the necessary measures and components of mitigation were calculated using mathematical programming methods in order to identify the minimum and most optimal quantitative composition of the components of protection against the malicious use of steganography. These measures and components consist of specialists, their competencies, as well as software tools necessary for high-quality protection of a web resource within the framework of the scientific problem under study: the use by an offender of information security technologies when carrying out illegal activities and the further development of counteraction and analysis tools coming to the web resource data.

        Keywords:

        steganography, steganographic attacks, hidden data exchange, information security risk management, Internet, information security threats, FRAP, CRAMM, OCTAVE
        Pages 80–95
  • 2023 year
  • 2022 year
  • 2021 year
  • 2020 year
  • 2019 year
  • 2018 year
  • 2017 year
  • 2016 year
  • 2015 year
  • 2014 year
  • 2013 year
  • 2012 year
  • 2011 year
  • 2010 year
  • 2009 year
  • 2008 year
  • 2007 year
  • 2006 year
  • 2005 year
  • 2004 year
  • 2003 year
  • 2002 year
  • 2001 year
  • 2000 year
  • 1999 year