Annotation:
Methodological approach to evaluating the effectiveness of information protection in the information and control subsystem of a complex dynamic system is offered. As a performance indicator it is proposed to use the degree of opportunity implementation driven dynamic system in view of prevention of damage, expressed in the change life cycle management from destructive influences that violates the completeness, integrity, precision, reliability, accessibility and efficiency of processing required for managerial decision-making information.Keywords:
Management of a Complex Dynamic System, Information and Control Subsystem, Information Protection, Efficiency.Annotation:
An approach to detecting computer attacks is proposed, which consists in identifying abnormal network traffic using Tsetlin machine. Experimental studies conducted for various types of network attacks have demonstrated the effectiveness of the proposed approach.Keywords:
Network Attacks, Network Traffic Classification, Tsetlin Machine, Tsetlin Automate.Annotation:
This paper provides an overview of network attacks and vulnerabilities of TCP / IP model. The purpose of this study is to identify the most common types of vulnerabilities for network protocols. So, for example, the ability to change the values of the IP address field to the victim's address is not vulnerability that is not accepted by the protocol specification, but the misuse of flags fragmentation – is a vulnerability.Keywords:
Network Attacks, TCP/IP Model, Vulnerability Search, Network Security.Annotation:
Two methods for cipher modification, which can be used to pre-embed messages are proposed. These modifications preserve the cryptographic resistance of the embedded messages, but violate the pseudo-randomness of cryptograms, which protects stegosystem from detection based on the use of NIST tests. The experimental results on the stegosystem detection efficiency after cipher modification and depending on the embedding rate are also presented.Keywords:
Block Cipher, Stegosystem, Pseudo Randomness, NIST Tests, Deflate Compression Algorithm, Arithmetic Coding.Annotation:
Important task of designing a steganographic system is the selection of a key. The main requirement for the key is to ensure consistently high sensitivity of the system to the key variation and minimum change in this sensitivity during the formation of the container. The paper provides an analysis of the invariant two-component steganographic system in terms of sensitivity to variations in various parameters and values of embedded signals.Keywords:
Two-Component Steganographic System, Invariance to Masking Signal, Steganographic Container, Key Coefficient.Annotation:
A ring signature-based group authentication mechanism with linking-based revocation is proposed. The possibility of using this approach in Smart Grid as an example of industrial Internet of Things systems is discussed.Keywords:
Authentication, Industrial Internet of Things, Ring Signature, Linking-Based Revocation, Lattices.Annotation:
Task relevance of protecting critical facilities is determined. The technological process of designing physical protection systems for critical facilities is considered. For each stage of the design, solvable problems and problems are considered. Based on the analysis, possible directions for solving these problems are proposed.Keywords:
Design of Physical Protection Systems, Critically Important Object.Annotation:
Types of electromagnetic interference affecting the communication channels of an unmanned vessel are described. The interference is classified according to their source, spectral and temporal characteristics. The approach to evaluating the noise immunity characteristics of transponders for unmanned vessels is described.Keywords:
Global Navigation Satellite System, Unmanned Navigation, Automated Vessel Traff Control Systems.Annotation:
Сyber-physical system is considered as an object of information security management. The corresponding threat model from the point of view of the automatic control theory is presented. The characteristics of security monitoring are proposed.Keywords:
Information Security, Cyber-Physical Systems, CFS, Threat Model, Monitoring, Security Management.Annotation:
Use of modern artificial neural networks to detect cyber threats in the networks of the industrial Internet of Things is proposed. The modeling of the industrial system under the influence of cyberattacks has been carried out. As a result of the experiments, the optimal configuration parameters of a recurrent LSTM network with a confirmed number of layers and states were determined.Keywords:
Artificial Intelligence, Cyber Threats, Neural Networks, Industrial Systems, IIoT, LSTM.Annotation:
Problem of detecting the abnormal functioning of «Industry 4.0» devices based on behavioral patterns using acoustic channel information is explored. The possibility of using external systems for monitoring the status of objects under the influence of threats to information security breaches is considered. An experiment was conducted aimed at analyzing the status of «Industry 4.0» devices in normal and abnormal operating modes.Keywords:
Behavioral Patterns, Acoustic Channel, Industry 4.0 Devices, Information Security Monitoring Systems, Signal Analysis.Annotation:
Analysis of feature selection methods of network traffic is provided. A prototype of an attack detection system with a module for network traffic feature selection is developed. The method of network traffic feature selection is proposed. The accuracy and time of detecting network attacks by proposed prototype was assessed.Keywords:
Intrusion Detection System, Networks Attacks Detection, Feature Selection of Network Traffic, Genetic Algorithm.Annotation:
The paper reviews the main trends of modern cars’ infrastructure. It discusses modern attacks, which are possible now due to implementation of V2X and IVI technologies, and the main methods for their detection and prevention are analyzed. Considers their possibility and limitation of addressing the described problem. A set of requirements for the new information security method, suited for new-generation connected cars, is proposed.Keywords:
Vehicle Cyber Security, Mobility-as-a-Service, Automotive, Connected Cars, In-Vehicle Infotainment, Controller Area Network, Intrusion Detection System, Fingerprinting ECU.Annotation:
The article developed an optimization mathematical model and an algorithm for integrating information security measures. As an indicator of the effectiveness of integration in the model, the level of costs for fulfilling the tasks of ensuring information security of the protected object is adopted. In this case, the costs of the development (preparation) of these measures and the costs of their implementation by the information security system are separately taken into account. The optimization algorithm is based on the general principles of the branch and bound method. Its feature is the proposed method for estimating boundaries for alternative branches. The model is universal in nature and can be used to develop methods for supporting the adoption of appropriate management decisions to ensure information security for specific information infrastructures of organizational, technical, social, economic and other objects.Keywords:
information security, a set of measures to ensure information security, optimization, model, algorithmAnnotation:
The paper presents the concept of applying a game theory approach in infrastructure of wireless dynamic networks to counter computer attacks. The applying of this approach will allow to create mechanism for adaptive reconfiguration of network structure in the context of implementation various types of computer attacks and to provide continuous operation of network even in conditions of destructive information impacts.Keywords:
information security, wireless dynamic networks, game theory, network games, network reconfigurationAnnotation:
The article discusses approaches to the recognition of malicious activity in computer networks and the assessment of the security of information systems using attributive metagraphs. The proposed use of the matrix techniques, tactics and methods of computer attack for its modelingKeywords:
computer attack, security assessment, malware, metagraphAnnotation:
Telecommunication devices are becoming one of the critical elements of industrial systems, which makes them an attractive target for potential attackers. A method for detecting anomalies based on local signal spectra using neural networks to evaluate is considered. An experiment was conducted based on the statistics of the loading of the computing device.Keywords:
syn spectra, Industry 4.0 devices, monitoring of telecommunication nodes, signal analysis.Annotation:
A methodology for protecting a quantum-secure communication system based on the implementation of post-quantum cryptographic algorithms at all stages of its work is proposed. The use of authenticated encryption and signcryption schemes reduces the number of keys in quantum-secure system and increases the number of interacting devices.Keywords:
quantum key distribution, authentication encryption, signcryptionAnnotation:
The paper discusses an invariant two-component steganographic system based on linear mixing of two embedded signals with the sound signal of the container, which allows for effective protection of the hidden signal in real time.Keywords:
two-component steganographic system, invariance to masking signal, steganographic container, key coefficient.Annotation:
This paper proposes to use wavelet transform together with clustering of the obtained and converted coefficients for anomaly detection in traffic of backbone networks. The coefficients of the wavelet transform obtained from the parameters of the network packets are checked for the degree of multiple correlation which is used to calculate the mean-square deviation and clusterize the obtained coefficients for detecting the traffic anomalies. The effectiveness of the proposed method is demonstrated by the results of experiments to detect denial of service attacksKeywords:
backbone networks, wavelet-based analysis, multiple correlation, clustering, attack detection, DoS attack.Annotation:
The article considers a theoretical approach, the application of which will allow to assess the vitality of the version of construction of a distributed communication network in conditions of external destructive impacts, taking into account the effective functioning of the management system for the elimination of the consequences of these impacts.Keywords:
Vitality, the distributed communication network, management system.Annotation:
Protecting the water area of port or other important maritime facilities is quite an urgent task. The widespread introduction of uninhabited underwater vehicles for these purposes has become possible due to the fact that they withstand harsh climatic conditions and special loads.The article presented the methods of optimization and identification of optical images in the recognition objects by uninhabited underwater vehicles. A control scheme for the compensation of the input image signal is proposed for optimal identification with communication loops, that allow digital elements to withstand external objects.Keywords:
optimal identification, optical images, recognition problems, underwater vehicles, mathematical modelAnnotation:
The article describes promising methods for the application of unmanned technologies for the development of water transport on the inland waterways of the Russian Federation, as well as information processing methods to increase the information security of the transmission of navigation dataAnnotation:
The work proposes an authentication / authorization system for users with administrative privileges. A mechanism is proposed for enhanced authentication and delegation of authority, which allows the superuser to be excluded by creating separate roles: network administrator, security administrator, virtual infrastructure administrator, process control administrator (automated process control system). The user authentication / authorization system is based on the characteristics of the fourth formant and the frequency of the leading formant of vowels.Keywords:
Biometric image of a person, neural network database of biometric images, characteristics of the fourth formant of the vowel sound, frequency of the leading spectral characteristic formants.Annotation:
The paper reviews the prospects of using domain architecture as a basis for implementing the car network security mechanism, based on the ECU authentication. It contains the analysis of the existing methods of domain formation and proposes a method for a comprehensive assessment of the security classes of car’s components, taking into account, in addition to the functional purpose of the ECU, a list of its interfaces, interaction with other ECUs, the difference between integrity levels of slave devices. Also it proffers a network clustering approach based on combining elements of the one security class into a domain .Keywords:
vehicle cyber security, connected cars, сontroller area network, domain architecture, cluster-tree, integrity level, fingerprinting ECUAnnotation:
The paper comprises problem of data processing for cyberphysical systems security monitoring. It shows the method of modeling and evaluating the system for security monitoring data processing and the principles of an adaptive solution development. An example of an adaptive system for CPS monitoring development and optimization is given.Keywords:
information security, cyberphysical systems, CPS, security monitoring, security management, data processing, Big data.Annotation:
In this paper, we investigated the problem of revealing the unknown structure of artificial neural networks (ANNs) using graph theory. The basic concepts of ANN, typical architectures and the differences between them were considered. In the work, the rationale for the use of the graph theory apparatus for solving the problem of revealing the structure of ANNs was given. Examples of comparing various ANN architectures and types of graphs was given. It is proposed to use the methods of spectral graph theory and graph signal processing as mechanisms for analyzing unknown structure of ANNs.Keywords:
artificial neural network, reverse-engineering of ANNs, deep learning, graph theory, spectral graph theory, signal graphs.Annotation:
This article provides a detailed review with a deep comparison of existing models of information security of cyberphysical systems in the field of the industrial Internet of things, followed by an analysis of ways to solve problems. Alternative approaches to the construction of models and solutions in this area are proposed. The purpose of this study is to systematize, generalize and supplement existing experience in the field of description and solution of information security problems of cyber-physical systems; creation of a unified information base for the subsequent implementation of our own approach to building a model and solving problems in the field of the industrial Internet of things.Keywords:
industrial Internet of things, IIoT, information security models, cyberphysical systems.Annotation:
In the paper the language of data presentation in the task of remote localization of failures and errors in a distributed information and computing system is built. The main idea is to reflect data of sensors on the oriented graph generated by the influence of some components of the distributed information and computing system on others. The main results of the paper are the conditions of unambiguous localization of implicit failures and errors based on information received from sensors, which revealed anomalies of some processes.Keywords:
localization of failures and errors, metadata, remote system administration.Annotation:
The paper considers the issues of automating the process of analyzing the registry of personal information operators to monitor measures taken to protect and increase the level of security information. The methodology for solving the problem of automating information retrieval and field analysis of the register of personal information operators is determined. A block diagram of an information-analytical system for monitoring the implementation of legal requirements in the field of personal data has been developed.Keywords:
personal information, register of personal information operators, information-analytical systemAnnotation:
Purpose of article: Determination of the possibility of using artificial neural networks to assess the probability of implementing information security threats and the software creation. Method: probability of threat realization analysis. Result: the possibility of using artificial neural networks to assess the probability of information security threats is shown. An application has been developed to assess the probability of threat implementationKeywords:
information security threats, probability threats, neural networkAnnotation:
This article examines the issues of building a model of an information system, suitable for further use in the problem of automating penetration testing using methods of reinforcement machine learning. The article defines the basic requirements for such a model, a prototype of the architecture of such a system is proposed.Keywords:
machine learning, reinforcement learning, penetration testing, information system modeling.Annotation:
The present article dwells upon an approach of covert channel detection (C2-channels) on the basis of DNS protocol based on finding specific traffic signatures - beacon-signals which are, in turn, suggestive of malicious software operation (MS). A real DNS-traffic samples analysis followed by approximation with known statistical distribution is conducted. Timing specifications of beacon-signals with different frequency of their sending are simulated and optimal value (upon Neyman–Pearson's criterion) of limit of detectability, that keep to a minimum corresponding false alarm probability, are determinated. The researches will make it possible to improve the presetting process of the Intrusion Detection Systems (IDS) applying statistical methods of network traffic performance analysis.Keywords:
covert channels, DNS, network traffic, the Neyman-Pearson criterion.Annotation:
The paper presents the developed method for a network traffic analyzing based on the global alignment algorithm of Needleman-Wunsch. A prototype of intrusion detection system for the Internet of Things has been designed. The results of our experimental study have shown a promise of the proposed approach.Keywords:
Bioinformatics, Global Alignment, Internet of Things, Intrusion Detection System, Needleman-Wunsch Algorithm, Network Attacks, IoT.Annotation:
This article suggests improving the method of a two-stage system for detecting DDOS attacks in large-scale networks using a mechanism for adapting to constant changes in network load and the level of heterogeneity in large-scale networks. The following parameters are highlighted, which are corrected by the traffic adaptation block: time intervals of network data analysis, the ratio of intersected time Windows, the extracted network parameters themselves, and the level of wavelet transform decomposition.Keywords:
backbone networks, attack detection, DDoS attack, wavelet analysis, adaptation mechanism.Annotation:
This paper considers the NB-Fi protocol that provides secure communication channel between IoT devices and controlling servers. The version of the protocol described in the preliminary national standard of Russian Federation does not provide confidentiality and integrity of transmitted data in the considered adversary model. We propose a modification of the protocol that provides these properties.Keywords:
Internet of Things, cryptography, transport protocol.Annotation:
Two attacks on the random gamming code are given with the calculation of the complexity and reliability.Keywords:
random gamming code, the complexity of the cryptographic method, the reliability of the cryptographic method.Annotation:
Currently, the problem of providing a qualitative analysis of information messages, evaluating publications on the Internet is becoming more relevant than ever. A large number of publications on various events in the world appear on the Internet; the nature of these publications may affect the political and social atmosphere of society. As part of ensuring the safety of the population of the Russian Federation and fulfilling the requirements of regulatory documents, a methodology for the mediaametric analysis of information using machine learning algorithms is proposed. Based on the results of a study of work in this area, the main approaches to media-metric analysis of information are currently identified. The paper proposes an approach for determining the tonality of publications using the Word2Vec model and machine learning algorithms for natural language processing. Based on the proposed approach, a technique is formulated in the paper that takes into account the technical features of the publication source and existing methods of media-metric analysis of information. Using real informational publications, the results of the steps of the method of mediaametric analysis and determining the tonality of messages are presented.Keywords:
media-metric analysis of publications, word cloud, tonality of information messages, data mining, frequency analysis of words, machine learning libraries for Python.Annotation:
This paper examines a timing attack using the example of IoT devices based on the ATmega32 AVR microcontroller. The principle of a timing attack aimed at identifying authentication data is demonstrated.Keywords:
Internet of things, embedded systems, microcontrollers, microcontroller architecture, security hardware.Annotation:
The article deals with the problem of identifying the state of information security by external behavioral features of transport system objects. In this article, as a source of information about the state, side signals from the components of objects that occur during the operation of devices are considered.Keywords:
information security, remote autonomous objects of transport systems, information security system, counteraction to information attacks.Annotation:
The work is devoted to the automated search for vulnerabilities in IoT devices based on the ARM architecture. The problems of using symbolic execution to detect vulnerabilities are investigated. To improve the efficiency of searching for vulnerabilities, an approach based on concolic execution with taint analysis is proposed, which eliminates the problems that arise when using classical symbolic execution.Keywords:
symbolic execution, ARM, taint analysis, The Internet of Things (IoT), cyber-physical system, fuzzingAnnotation:
In this paper, continuing the topic of analyzing approaches to ensuring information security of cyber-physical systems (CPS), a detailed review is given with a deep comparison of existing methods for solving problems that appear during the analysis of mathematical models of CPS in the field of the Industrial Internet of Things, followed by summing up and highlighting additional recommendations for use by the authors. Alternative approaches to the construction of models and solutions in this area are proposed. The purpose of this study is to systematize, generalize, analyze and supplement the existing experience in the field of describing and solving problems of information security of cyber-physical systems; to draw up a general information basis for the subsequent implementation of our own approach to building a model and solving problems in the field of the industrial Internet of things.Keywords:
industrial Internet of things, IIoT, information security models, cyberphysical systems.Annotation:
In the paper, a survey of modern Industrial Internet of Things definitions is proposed. Based on the research the most comprehensive definition is chosed. After that the phenomenon of cyber-resilience is researched in the context of cyber-physical industrial systems. As a result, cybersecurity requirements to the Industrial Internet of Things are proposed. An accomplishment of these requirements will provide cyber-resilience of modern digital manufacturing systems.Keywords:
digital manufacturing, cybersecurity, industry 4.0, industrial internet of things, critical information infrastructure.Annotation:
The paper is devoted to the presentation of the method for solving the problem of localization of the initial cause (root cause) of anomaly in a distributed information and computer system. The main idea of the proposed approach is an approximate estimate of the set of elements of distributed information and computer system containing the cause of the anomaly. To describe the original cause of the anomaly, two algorithms are used: an algorithm that generates a parameter that shows the anomaly and a displaying algorithm. About the first algorithm there is a fragmentary information and reliable information that there is an anomalous transformation in it. The second algorithm is simple and allows you to identify the existence of an anomaly. The anomaly is detected by abnormal values of the parameter whose values these algorithms calculate. Such parameters are called integral. A number of properties of integral parameters and relations of these algorithms have been investigated. Methods for finding the region of the root cause of the anomaly using chains of integral parameters are constructed.Keywords:
Information Security, Root Cause Anomaly Localization, Causal RelationshipsAnnotation:
The classification and comparative analysis of proactive and reactive methods of protection against logical inference in relational DBMS are made. The description of the most used algorithms, their advantages and disadvantages is given. The assessment of information disclosure risks is given.Keywords:
Information Security, Logic Inference, Proactive Methods, Reactive Methods, Perturbed MethodsAnnotation:
There is considered usage of generation synthetic data methods for increasing the dataset and subsequent detection of the accuracy of network attacks on an IoT devices using machine learning methods. The methods of "augmentation" and "generative adversarial network" are used to increase the set of initial data. The IOT Network Intrusion Dataset is used as the initial dataset, which includes network traffic during various attacks (DoS, MiTM, Scan), including attacks from one of the most widespread botnets in the context of the Internet of Things (Mirai botnet).Keywords:
Generative Adversarial Network, Machine Learning, Internet of Things, Cyber-Physical Systems, Intrusion Detection SystemAnnotation:
The paper presents a model that allows, based on the use of simulation models, probability theory and optimization, as well as efficiency theory, operations research and game theory, to assess the security of computer networks from various types of computer attacks. The presented model allows us to obtain quantitative estimates of security, taking into account various goals and strategies for using computer attacks, network topology, and the qualitative and quantitative composition of elements included in the specified network. The approach used in modeling allows to significantly reducing the computational needs of software tools that implement the elements of the model, without losing the reliability of the simulation results.Keywords:
Computer Attacks, Computer NetworksAnnotation:
Technologies for increasing the level of cryptographic protection of information in data processing, storage and transmission systems are considered. The main encryption standards and algorithms are compared. The possibilities of their application in microcontrollers and microprocessor systems on a chip are analyzed. Schemes of devices for implementing encryption algorithms are givenKeywords:
Cryptographic Protection, Information, Data, Algorithm, Controller, Standard, System on a Chip, CryptomoduleAnnotation:
The paper presents an approach to determining the state of information security based on an analysis of the secondary electromagnetic radiation of electronic components. A schematic diagram of the digitization and processing of the frequency and amplitude of signals is presented. The results of the experiment on the removal of the amplitude-frequency characteristics of the secondary EMP are shown. Frequency distribution of signals is given.Keywords:
Information Security, Spurious Emission, Amplitude-Frequency CharacteristicsAnnotation:
The paper develops a method for stable marking of digital audio signals, focused on the transmission of marked audio signals in an airborne audio channel. Particular attention is paid to the development of a method for detecting the presence of a marker in a digital audio signal by an authorized recipient. An algorithm for detecting a marker in a digital audio signal is proposed. The article contains the results of field experiments to assess the noise immunity of the transmission of marked audio signals through an air audio channel.Keywords:
Audio Signal, Steganography, Audio Signal Marking, Airborne Audio Channel, Communication NoiseproofAnnotation:
The urgent task of organizing environmental monitoring of the seaport was considered. The classification of information sources in the environmental monitoring system of the port water area is given. It is shown that it is advisable to use the vessel traffic control radars available in the port, which is justified by economic factors and the possibility of full coverage of the port water area with a radio signal. The energy characteristics of the sea surface sounding by ground radars of the ship traffic control system are considered. The ratios of assessing the quantitative characteristics of the use of radars of the ship traffic control system for detecting inhomogeneities of sea waves caused by oil and other pollution of the water surface are obtained. The graphical dependences of the signal-to-noise ratio are presented, demonstrating the possibilities of using radars of the vessel traffic control system in port waters for environmental monitoring of the sea surface.Keywords:
Port Water Area, Environmental Monitoring, Radar Station, Sea Surface Anomaly DetectionAnnotation:
The paper contains the efficiency analysis results of development different approaches of functional and vulnerability and undeclared software capabilities detection effectiveness in software (trustlets) for trusted execution environment based on TrustZone technology. The work presents also trusted operational systems for computers based on ARM CPU comparative analysis. In addition, the authors describe the classification of vulnerabilities and features of trusted secured operational systems based on ARM CPU. The possibilities of using modern source texts static analysis means for the development of trustlets binary files are considered. The comparative description of truslet`s binary code format is presented. Based on the well-known format of trustlets, an analysis tool based on Python tools, the IDA API and the IDA Pro disassembler is developed. The main ability of developed mean is to study the statistical distribution of instructions in trustlets and determine the probability of vulnerabilities and undeclared software capabilities.Keywords:
Vulnerabilities, Undeclared Capabilities, Trusted Execution Environment, TrustZone, ARM, TrustletAnnotation:
The actual problem of choosing information protection methods for systems such as a smart home is considered. It is shown that the low performance of smart devices does not allow using protection methods that are successfully used in infrastructure communication networks. It is proposed to choose effective ways to protect information in a smart home system based on the characteristics of consumed resources: energy, time, computing power. It is shown the description of the layout that simulates the functions of the smart home system, on which the indicators of consumed resources were measured. The measurement results allow a reasonable approach to the choice of encryption algorithms and ensuring dataKeywords:
Smart Home, Protection of Transmitted Data, Data Package, Consumed Resources, Layout, Experiment, MeasurementAnnotation:
The paper deals with the problem of data-driven modeling industrial cyber-physical systems. The author considers the features of industrial cyber-physical systems from the point of view of their modeling in security monitoring systems. An analysis of modeling methods, including data-driven modeling, is provided. An approach to modeling industrial cyber-physical systems for solving the problem of information security monitoring based on associated graphs is proposed.Keywords:
Information Security, Cybersecurity, Cyber-Physical Systems, CPS, Industrial Cyber-Physical Systems, Security Object Modeling, Data-Diven Modeling, Graph Model, Associated Graphs