Annotation:This work presents the research of using machine learning methods to detect malicious installation files, specifically trojan droppers and downloaders, and installers with extraneous functionality. A comparative analysis of some classification methods of machine learning is presented: the naive bayes classifier, the random forest and the C4.5 algorithms. The classification was carried out using the Weka software in accordance with the methods under consideration. Significant attributes of executable files are defined, which give positive results in the classification of legitimate installers and trojans.
Keywords:malware, installation files, trojans, droppers, machine learning, naive bayes classifier, random forest, C4.5 algorithms.
Annotation:The paper proposes a method of preprocessing fragments of binary code for the task of detection their similarity using machine learning algorithms. The method is based on analysis of pseudocode, which is retrieved from decompilation process. The pseudocode is preprocessed with usage of attributed abstract syntax trees. Evaluation of the method indicates its efficiency in binary code similarity detection task due to semantic vectors used for abstract syntax tree modification.
Keywords:code clones, syntactic similarity, semantic similarity, binary code similarity, abstract syntax tree, pseudocode.
Annotation:The protection of infocommunication systems includes a wide number of information security means. There is a possibility of bypassing some of them by an intruder, thus breaking the assumed security script of the information protection system. The methods of monitoring the correct sequence of the use of information security means in the infocommunication system are proposed. The proposed methods make it possible to grow up the degree of security of infocommunication systems by confirming the fact of the use of all means and ways of information protection proposed by the architect of the information protection system.
Keywords:information protection, computing systems, information security means, pattern of secure access, information security, methods of monitoring, security pattern.
Annotation:This paper presents the results of the architecture stability analysis of messaging systems with a decentralized node structure Briar and Bridgefy. Developed mathematical models of target systems describe protocols for generating keys, establishing a connection and transferring data between system users. The key features of the architecture of messaging systems with a decentralized nodal structure are highlighted. The main classes of threats to target systems are determined.
Keywords:decentralized systems, network degradation, mesh-messengers, Briar, Bridgefy.
Annotation:The article discusses the encryption security of the Bitcoin Core cryptocurrency wallet. Particular attention is paid to aspects of the practical implementation of cryptographic algorithms when encrypting the wallet.dat file with a password. The practical strongness to brute-force attacks using parallel computing on the GPU is also considered. It was found that Bitcoin Core did not implement an encryption key change for private keys. This implementation makes it possible to re-attack the wallet without knowing the new password, if it has already been compromised before. The changes to encryption algorithms that complicate the password brute force attacks on the GPU are also proposed.
Keywords:bitcoin core cryptocurrency wallet, cryptocurrency wallet encryption, encryption key change, bitcoin core wallet attack, brute force attack on GPU.
Annotation:An analysis of the requirements of guiding documents for ensuring the security of critical information infrastructure facilities has been carried out. A classification of information security tools of the firewall class with a description of each, their implementation scenario and a generalized network diagram, taking into account the application of these solutions in the field of information security, are presented. A comparative analysis of existing firewalling solutions is made, followed by conclusions about using some of them to protect critical information infrastructure facilities. A solution is offered to develop the functionality of a new generation firewall.
Keywords:threats, firewall, next generation firewall, critical information infrastructure.
Annotation:An integrated approach to the maintenance of the cyber resiliency of cyber-physical systems represented as a network of functional nodes has been proposed. Based on the analysis of the graph of functional dependencies and the graph of attacks, this approach makes it possible to detect compromised nodes and rebuild the functional network of the system, moving the compromised nodes to an isolated virtual network similar to the one actually attacked, and then adapt the functional sequence of nodes that implement the technological process, thereby preventing the development of a cyber threat. The experimental results have demonstrated the correct operation of the proposed solution and the formation of an adequate counteraction to the intruders.
Keywords:attack graph, cyber resiliency, cyber-physical system, functional dependencies graph, functional infrastructure, virtual isolated network.
Annotation:This paper proposes an approach to assess the cyber resilience of mobile networks, based on the assessment of the probability that the network remains coherent under conditions of random movement of its nodes. The approach is aimed at countering the mobile network-specific attacks of hijacking and impersonation of one or more nodes, so that the network loses the ability to perform its target function.
Keywords:mobile networks, network connectivity, probability of node movement, hijacking attacks, impersonation attacks.
Annotation:The paper investigates the problem of detecting network anomalies in the processing of data streams in industrial systems. The network anomaly is understood as the malicious signature and the current context: the network environment and topology, routing parameters and node characteristics. As a result of the study, it was proposed to use a neocortex model that supports the memory mechanism to detect network anomalies.
Keywords:hierarchical temporary memory, artificial intelligence, contextual anomalies, machine learning, neocortex, industrial internet of thighs, network traffic, HTM.
Annotation:The structure and main properties of a generalized cyber-physical system are investigated. Threats of information security and main approaches to ensure the cybersecurity of these systems are analyzed. The method of assessing the degree of compromise of a generalized cyber-physical system, based on the analysis of indicators of compromise is presented.
Keywords:cyber-physical system, cybersecurity, graph theory, indicator of compromise, Industry 4.0, TCP / IP model.
Annotation:This paper discusses the problem of detecting network anomalies caused by computer attacks in industrial Internet of Things networks. To detect anomalies, a new method has been developed using the technology of hierarchical temporary memory, which is based on the innovative neocortex model. An experimental study of the developed anomaly detection method based on the HTM model demonstrated the superiority of the developed solution over the LSTM-based analogue. The developed prototype of the anomaly detection system provides continuous online unsupervised learning, takes into account the current network context, and also applies the accumulated experience by supporting the memory mechanism.
Keywords:hierarchical temporary memory, artificial intelligence, computer attacks, neocortex, online learning, sparse distributed representations, network traffic, HTM.
Annotation:The paper proposed approach to estimation the resilience of cyber-physical systems, as well as a method for their reconfiguration to neutralize the negative effects of structural attacks. The proposed method is applied to systems modeled by graphs, each vertex of which is associated with attributes - types of devices. The functioning of such systems is determined by the path on the graph, passing through the vertices of a given type. The reconfiguration method based on the graph artificial neural network (ANN) aims at increasing the number of working paths without the need to add new edges. The ANN model was trained on a synthetic dataset composed of random graphs whose vertex types were specified according to the mediation centrality metric.
Keywords:cyber-physical systems, graph theory, graph artificial neural network.
Annotation:Approaches related to solving the inverse problem of investigating the effectiveness of purposeful technical systems are considered. The classification of the tasks of the study of the effectiveness of the operation conducted by the military-technical system is given. A formal and informal approach to solving the task is outlined. The criteria of suitability for evaluating the effectiveness of the operation carried out by a purposeful technical system are formulated. Three statements of the problem of synthesis of the object under study are formulated.
Keywords:synthesis, functioning process, efficiency, military-technical system.
Annotation:The article reviews the use of artificial neural networks to ensure the navigational safety of navigation of an autonomous unmanned vessel.
Keywords:unmanned vessel, navigation, neural networks, information theory, modeling, e-navigation, navigation safety, geoinformation.
Annotation:The paper proposes a multi-agent reinforcement learning technology for intrusion detection in the Internet of Things. Three models of a multi-agent intrusion detection system have been implemented – a decentralized system, a system with the transmission of forecasts, a system with the transmission of observations. The obtained experimental results have been compared with the open intrusion detection system Suricata. It has been demonstrated that the proposed architectures of multi-agent systems are free from the weaknesses found in the usual solutions.
Keywords:agent, decentralized system, internet of things, greedy algorithm, cybersecurity, machine learning, multi-agent reinforcement learning, intrusion detection, observation data transferring, prediction data transferring, DQN.
Annotation:When considering digital systems for transmitting information in real time, in most cases, the transmission of information in blocks with a given delay time is implied. In this case, the delay determines the size of the sampling window. The article deals with the issues of masking an embedded message into an uncom-pressed audio signal with a variable size of the sample being processed.
Keywords:steganography, sound, masking of information, two-component steganographic system, real time system.
Annotation:The features of information campaigns, the principles of dissemination of information campaigns in social networks are considered. Groups of methods for detecting information campaigns are analyzed and identified. The problems of existing approaches are highlighted. A group of methods based on the detection of coordination is considered. The article proposes an algorithm for detecting influence campaigns implemented by a botnet in a social network using the algorithm bee colony.
Keywords:social networks, influence campaign, botnet.
Annotation:A comprehensive cybersecurity risk assessment is a complex multi-level task involving technical, software, external and human factors. As part of the development of a predictive model for assessing cybersecurity risks, characterization of the human factor is necessary to understand how the actions of information security specialists affect the risk of developing cybersecurity threats. The article discusses the concept of "reliability" in relation to the human factor in the cybersecurity system. It has two main components: innate characteristics, which are part of the personality, and situational characteristics, which are outside the personality. The use of reliability as a Human Factors parameter in a comprehensive cybersecurity risk assessment will also depend on an understanding of how different mental models and behavioral responses affect the level of trust placed in an information security professional and the biases that affect the ability to provide such trust.
Keywords:information security, cyber security model, information system reliability, human factor, cyber defense.
Annotation:Considered methods of counteraction attack data poisoning type learning neural network and compiled a model of the attacker, according to which a classification of the considered methods. The classification obtained as a result of the study can be used in further research, the ultimate goal of which is to increase the level of unification and automation of data processing and protection methods.
Keywords:information security, machine learning, data processing, data poisoning, learning quality.
Annotation:The paper is devoted to the problem of ensuring the confidentiality of models in machine learning systems. The aim of the work is to ensure the confidentiality of proprietary models of machine learning systems. In the course of the work we analyzed attacks aimed at violating the confidentiality of models of machine learning systems, as well as ways to protect against this type of attacks, as a result of which the problem of protection against such attacks is set as a search for anomalies in the input data. We propose a way to detect anomalies in the input data based on statistical data, taking into account the resumption of the attack under a different account of the attacker. The obtained results can be used as a basis for designing components of machine learning defense systems.
Keywords:information security, artificial intelligence, artificial intelligence security, attacks on machine learning systems, privacy, model privacy, behavioral analysis.
Annotation:The article contains formalized techniques of data poisoning attacks are presented in the form of a set-theoretic model, considering the levels at which poisoning can be carried out. The division of attacks according to levels allows further consideration of each type of poisoning attack to prevent or minimize the consequences of data contamination specific to each level. The model obtained because of the study can be used in further research, the goal of which is to increase the level of unification and automation of data processing and protection methods.
Keywords:cybersecurity, data poisoning, data cleaning, heterogeneous data, set-theoretic attack model.
Annotation:The threat of extraction of the machine learning models is considered. Most of the modern approaches to the prevention of machine learning models extraction are based on the use of the protective noising mechanism. The main disadvantage of this protective method is the decrease in the accuracy of the outputs generated by the protected model. The paper states the requirements for methods for protecting machine learning models against extraction and presents a new method, which supplements noise with a distillation stage. It has been experimentally shown that the developed method ensures the resistance of machine learning models to extraction while maintaining the quality of their results by transforming the protected models to other, the simplified, but equivalent, models.
Keywords:machine learning security, model distillation, noising, soft label, degree of security, accuracy of results, model extraction threat.
Annotation:In the context of the deep penetration of information technologies and services into people's lives, the issues of control over recommendation systems (hereinafter - RS), which are actively used by social networks and Internet applications for personalized selection and ranking of content for users, are becoming increasingly relevant. The concept of RS operation is based on the preliminary collection of various types and degrees of sensitivity data about the user and their subsequent algorithmic processing in order to provide personalized recommendations. Personalized recommendations selected according to certain methods can create different worldviews for the same users, provoke active actions, etc. Thus, there is a need for a tool to assess the susceptibility of RS to the influences that lead to the bias of recommendation algorithms, on behalf of an external observer.
Keywords:recommender systems, unfairness biases, social networks, social network communications, cybersecurity.
Annotation:The assertion about the stability of a linear filter built on the basis of the Neyman-Pearson criterion was verified by performing falsifying experiments. The relationship between the eigenvalues of the interference covariance matrix and their minimum values and network stability was not found.
Keywords:linear filter, single-layer neural network, robustness, Neyman-Pearson criterion.
Annotation:The paper presents an analysis of existing methods for software vulnerabilities detection. A problem of faulty paths in interprocedural code graph representation is presented. This problem hinders application of graph deep learning models to code analysis tasks. A method based on an ensemble of algorithms for code graph analysis is presented to overcome the problem of faulty paths. The method performs gradual reduction of analyzed code fragments size for effective application of algorithms with high time complexity. A prototype of vulnerability detection system for .NET software based on the proposed method is presented. The prototype is evaluated using NIST SARD database and software with considerable codebase size.
Keywords:software vulnerabilities detection, logical vulnerabilities, static code analysis, graph theory, deep learning.
Annotation:A method for detecting network attacks on web applications using a neural network based on LSTM is presented. The process of extracting the necessary information from traffic before submitting it to an artificial neural network (ANN) is presented. This process of preprocessing HTTP traffic allows you to select key fragments, which are subsequently vectorized for proper processing in the ANN. The ANN architecture is defined, including the necessary layers, for the multiclassification of HTTP traffic and the detection of network attacks on web applications.
Keywords:firewall, web-applications, network attacks.
Annotation:The paper proposes a digital signature scheme that expands the functionality of the GOST 34.10-2018 and allows delegating signing capability to a trusted person (proxy signer). A classification of proxy signatures has been developed; the selected delegation scheme was modified to prevent misuse by a proxy signer. The correctness of the scheme was shown, the analysis of compliance with security requirements was carried out. The results of software implementation testing are presented.
Keywords:digital signature, proxy signature, GOST 34.102018, elliptic curves.
Annotation:Isogeny graphs of supersingular elliptic curves are one of perspective mathematical structures for post-quantum cryptography algorithms. However, recently published attack on the SIDH protocol  demonstrates that isogeny graphs require a more detailed study when they are used in real protocols. In this paper, we analyze the structure of isogeny graphs of degree D > 3 and consider a set of nodes of a special kind to which the attack  on path recovery in the graph is applicable.
Keywords:post-quantum cryptography, isogeny graphs.
Annotation:The features of wireless self-organizing networks and their routing mechanisms are analyzed. The classification of attacks on this type of networks is presented. Groups of methods used to ensure the security of self-organizing networks are highlighted. The analysis of representatives of each group of methods is performed, their advantages and disadvantages are singled out. The purpose and direction of further research is formulated.
Keywords:information security, wireless ad-hoc networks.
Annotation:The paper is devoted to the topic of detecting cyber-physical systems (CPS) attacks that affect the parameters of the functioning of devices. The potential consequences of cyber attacks on the CPS, as well as the corresponding changes in the modeling graph, are considered. A method for detecting cyberattacks based on the graph Fourier transform and the gradient boosting algorithm is proposed. The method makes it possible to detect a non-standard change in the operation parameters of devices and evaluate its criticality from the point of view of the centrality of a group of modeling vertices.
Keywords:cyber-physical systems, graph theory, graph signal processing.
Annotation:The paper presents an analysis of existing methods for detecting artificially synthesized content and proposes a proprietary architecture for DeepFake's hybrid detection system based on searching original content. The study tests and compares the effectiveness of detection methods in two different cases. In the first case, records for training and testing samples are used from the same dataset; in the second case, testing is performed using a black-box method using records from different datasets. As a result, it is concluded that there are shortcomings in the existing methods and a hybrid DeepFake detection system architecture is proposed.
Keywords:DeepFake detection, generative adversarial networks, artificially synthesized content, deep learning.
Annotation:In this article, various approaches to the definition of the concept of the metaverse are investigated, and a proper, most universal one is proposed. The threats are analyzed and the requirements for the information security of the metaverse are highlighted. Its main components and features of their use are investigated. The applicability of various access control models to ensure effective security management of the metaverse has been evaluated.
Keywords:metaverse, metaverse security, metaverse model.
Annotation:This paper describes an approach to early detection of network attacks using weight agnostic neural networks. The choice of the type of neural networks is due to the specificity of their architecture that provides high processing speed and performance, which is significant in solving the problem of early attack detection. Experimental studies have demonstrated the effectiveness of the proposed approach based on a combination of multiple regression for feature selection of the training sample and weight agnostic neural networks. The accuracy of attack detection is comparable to the best results in the field with a significant time gain.
Keywords:network attacks, weight agnostic neural networks, multiple regression, machine learning.
Annotation:This paper is about the task of automating the analysis of access control in big data management systems by modeling security policies. The paper analyzes modern methods of access control in this class of systems, defines the requirements and selects the most promising one to describe the security policy within the framework of the developed solution. The task of modeling security policies in big data management systems is set. The architecture, main components and generalized algorithm of the software framework for its solution are presented. The results of experimental validation are also presented, the advantages and disadvantages of the framework are evaluated and the ways of its further development are proposed.
Keywords:big data security, big data management systems, access control, attribute access control, security policy, security policy modeling.
Annotation:This paper presents the developed method for detecting anomalies in network traffic, which is based on the technology of hierarchical temporary memory. To evaluate the effectiveness of the proposed solution, a new data set was generated containing information about legitimate and malicious network sessions. As a result of experimental studies, it was found that the use of a hierarchy of features and support for the memory mechanism make it possible to reveal hidden patterns in the analyzed chains of network requests to web resources with high accuracy.
Keywords:network traffic analysis, web resource security, hierarchical temporary memory, anomaly detection, network attacks.
Annotation:The paper proposes a method for detecting source code fragments similarity using attribute abstract syntax trees and machine learning algorithms. The advantages of the method are determined based on a comparative analysis of existing approaches of detecting code clones. For approaches, which use AST, it is possible to increase the efficiency of detecting similar source code fragments by detecting semantic clones with usage of method proposed.
Keywords:code clones, syntactic similarity, semantic similarity, open-source software.
Annotation:One of the approaches to form a cryptographically secure encryption range is the use of linear recurrent feedback registers based on primitive polynomials. The operational possibility of choosing the appropriate polynomial can provide the required degree of stability of the algorithm used. At present, primitive polynomials are known for sufficiently large powers, but usually these are the so-called sparse polynomials. To improve cryptographic strength, it is necessary to be able to quickly form new primitive polynomials of given degrees, which is the subject of this study.
Keywords:primitive polynomials, m-sequence, decimation, primitive root.
Annotation:The problem of automating the determination of daily water consumption by continuously measured levels and discrete measurements of water flow using flow curves, which are the simplest characteristic of the capacity of the riverbed (and floodplain) and are widely used in river flow accounting and hydraulic calculations, is considered. Conclusions are made about the optimal analytical representation of the flow curve and the possibilities of constructing a universal model of hydrometric flow accounting.
Keywords:water flow, measured levels, flow curves, profiles, interpolation, approximation, model.
Annotation:The problems of hydrological support of water transport in the territories of Siberia and the Far East of the Russian Federation are considered. The requirements for operational information on the levels of water bodies, on a sharp change in water content, on channel deformations, on the ice situation and forecasts of these phenomena are analyzed. Attention is drawn to the need to use new modern information technologies.
Keywords:water transport, hydrological support, riverbed processes, hydrological regime, information technologies.
Annotation:The article is devoted to a method for evaluating the effectiveness of the use of a group of unmanned aerial vehicles when they perform aerial photography tasks. The approach is based on the principles of a «virtual squad» and assumes decentralized management and adaptive redistribution of roles in unpredictable situations.
Keywords:group of unmanned aerial vehicles, virtual squad, unified flight task.
Annotation:An analysis of existing methods that provide the detection of evasion attacks in the machine learning systems is presented. An experimental comparison of these methods has been performed. The Uncertainty method is the most universal one, but its accuracy in detecting SGM, MS, BA evasion attacks is lower than that of other methods, and it is difficult to determine such values of the uncertainty boundary for adversarial samples that would allow more accurate detection of evasions. A new hybrid method has been proposed and discussed, which is a two-stage verification of input data, supplemented by input data pre-processing. In the proposed method, the threshold of uncertainty for adversarial samples has become distinct and quickly computable. The hybrid method allows detecting OOD attacks with 80% accuracy, and SGM, MS, BA attacks with 93% accuracy.
Keywords:evasion attacks, evasion attack detection, hybrid method, machine learning, adversarial samples, ODIN, Uncertainty.
Annotation:The paper proposes an approach to detection of Distributed Denial of Service (DDoS) attacks using a modular neural network, which is a series of connected neural networks that solve the problem step by step. The task of DDoS attack detection is decomposed into three interrelated subtasks: detection of anomalous network traffic, detection of DDoS attack traffic and identification of the type of realized DDoS attack, which is especially important due to the tendency of implementing multi-vector DDoS attacks. The results of experimental studies on the quality of performance of the constructed modular neural network confirmed the effectiveness of the proposed approach.
Keywords:DDoS attacks, modular neural network, decomposition, machine learning.
Annotation:Considered adversarial attacks on systems of artificial neural networks for image recognition. To increase the security of image recognition systems from adversarial attacks (avoidance attacks), the use of auto-encoders is proposed. Various attacks are considered and software prototypes of autoencoders of fully connected and convolutional architectures are developed as a means of protection against evasion attacks. The possibility of using the developed prototypes as a basis for designing autoencoders for more complex architectures is substantiated.
Keywords:image recognition system, adversarial attack, evasion attack, autoencoder.
Annotation:The article deals with the problem of finding a region of interest for biometric identification based on the pattern of palm veins. An image segmentation method based on the use of convolutional neural networks to search for an area of interest is proposed. The work of this method is compared with methods that use the features of a binarized image, in particular, with the method of searching for local minimums and searching for the minimum threshold value.
Keywords:biometrics, vein pattern, area of interest, segmentation, neural network.
Annotation:The criteria related to the construction of mathematical models of quality indicators for further investigation of the effectiveness of the functioning of information security systems, taking into account destructive influences, are considered. Geometric interpretations of the criteria of three classes are presented. The distinctive features of the concepts «quality indicator» and «quality assessment criterion» are revealed. A mathematical description of each of the criteria under consideration is given.
Keywords:quality assessment criterion, quality indicator, efficiency, information security system.
Annotation:The purpose of the study is to formally formulate the problem of artificial immunization of complex technical systems to ensure their security against cyber threats. The work draws an analogy between human immunity and the security functions of modern technical systems. A mathematical model of a technical system that describes how the system's immunity counteracts various cyberattacks was developed. The immunization problem is formulated to minimize the number of infected objects in the system and maximize the number of cured objects among the infected ones.
Keywords:immunization, innate immunity, adaptive immunity, cyber-attack.
Annotation:Currently, social information services (SIS) have become one of the important sources of information and allow any user to distribute information without restrictions, which makes it difficult to determine the degree of reliability of information. Revealing unreliable facts from the news using artificial intelligence methods is a difficult problem. To solve this problem, it is necessary to apply several existing models with the calculation of the reality parameter and recognition accuracy, as well as to develop a new algorithm for detecting fake news. The use of effective tools for identifying false information in the SIS and the corresponding algorithm is considered in support and decision-making systems, when determining the degree of information reliability.
Keywords:open sources of information, social information services, false information, reality parameter.
Annotation:This paper presents a new approach for protecting user data of mobile phones. It combines multi-factor authentication, secret sharing, visual cryptography, steganography and uses built-in secure modules of the Android operating system. The proposed protocol ensures privacy of user data even if the mobile phone and its associated storage server are compromised.
Keywords:authentication and key establishment protocol, wireless sensor network, key pre-distribution.
Annotation:This article discusses the security of recommendation systems with collaborative filtering from manipulation attacks. The most common types of attacks are analyzed and identified. A modified method for detecting manipulation attacks on recommendation systems with collaborative filtering is proposed. Experimental testing and comparison of the effectiveness of the modified method with other relevant methods were carried out.
Keywords:recommendation systems, collaborative filtering, shilling attack detection.
Annotation:Any organization, processing personal data of citizens of the European Union is obliged to comply with the requirements of GDPR (General Data Protection Regulation). However, the regulations do not contain information about how to comply with these requirements in practice. The international standard ISO 27701 solves this problem because it contains specific controls to fulfill requirements specified above. In the course of the research, the standard was analyzed and there were made up recommendations that can be applied to all types and sizes of organizations, including public and private companies, government entities and non-profit organizations that process personal data of citizens of the European Union.
Keywords:personal data, controls, requirements, GDPR.
Annotation:The article is devoted to finding rational ways to improve the culture of digital security among future shipbuilders. An objective methodology for the formation of educational content based on the achievements of the theory of multi-parameter choice and the construction of a tuple of preferences when making complex cybernetic decisions is considered. An example of the choice of digital security training technology for students of shipbuilding profile (Saint Petersburg State Maritime Technical University) was considered.
Keywords:digital security, distance learning, safety culture.