Annotation:

The paper presents an analysis of existing methods for software vulnerabilities detection. A problem of faulty paths in interprocedural code graph representation is presented. This problem hinders application of graph deep learning models to code analysis tasks. A method based on an ensemble of algorithms for code graph analysis is presented to overcome the problem of faulty paths. The method performs gradual reduction of analyzed code fragments size for effective application of algorithms with high time complexity. A prototype of vulnerability detection system for .NET software based on the proposed method is presented. The prototype is evaluated using NIST SARD database and software with considerable codebase size.

Keywords:

software vulnerabilities detection, logical vulnerabilities, static code analysis, graph theory, deep learning.

Pages 148-158

Annotation:

A method for detecting network attacks on web applications using a neural network based on LSTM is presented. The process of extracting the necessary information from traffic before submitting it to an artificial neural network (ANN) is presented. This process of preprocessing HTTP traffic allows you to select key fragments, which are subsequently vectorized for proper processing in the ANN. The ANN architecture is defined, including the necessary layers, for the multiclassification of HTTP traffic and the detection of network attacks on web applications.

Keywords:

firewall, web-applications, network attacks.

Pages 159-172

Annotation:

The paper proposes a digital signature scheme that expands the functionality of the GOST 34.10-2018 and allows delegating signing capability to a trusted person (proxy signer). A classification of proxy signatures has been developed; the selected delegation scheme was modified to prevent misuse by a proxy signer. The correctness of the scheme was shown, the analysis of compliance with security requirements was carried out. The results of software implementation testing are presented.

Keywords:

digital signature, proxy signature, GOST 34.102018, elliptic curves.

Pages 173-182

Annotation:

Isogeny graphs of supersingular elliptic curves are one of perspective mathematical structures for post-quantum cryptography algorithms. However, recently published attack on the SIDH protocol [1] demonstrates that isogeny graphs require a more detailed study when they are used in real protocols. In this paper, we analyze the structure of isogeny graphs of degree D > 3 and consider a set of nodes of a special kind to which the attack [7] on path recovery in the graph is applicable.

Keywords:

post-quantum cryptography, isogeny graphs.

Pages 183-193

Annotation:

The features of wireless self-organizing networks and their routing mechanisms are analyzed. The classification of attacks on this type of networks is presented. Groups of methods used to ensure the security of self-organizing networks are highlighted. The analysis of representatives of each group of methods is performed, their advantages and disadvantages are singled out. The purpose and direction of further research is formulated.

Keywords:

information security, wireless ad-hoc networks.

Pages 13-24

Annotation:

The paper is devoted to the topic of detecting cyber-physical systems (CPS) attacks that affect the parameters of the functioning of devices. The potential consequences of cyber attacks on the CPS, as well as the corresponding changes in the modeling graph, are considered. A method for detecting cyberattacks based on the graph Fourier transform and the gradient boosting algorithm is proposed. The method makes it possible to detect a non-standard change in the operation parameters of devices and evaluate its criticality from the point of view of the centrality of a group of modeling vertices.

Keywords:

cyber-physical systems, graph theory, graph signal processing.

Pages 25-33

Annotation:

The paper presents an analysis of existing methods for detecting artificially synthesized content and proposes a proprietary architecture for DeepFake's hybrid detection system based on searching original content. The study tests and compares the effectiveness of detection methods in two different cases. In the first case, records for training and testing samples are used from the same dataset; in the second case, testing is performed using a black-box method using records from different datasets. As a result, it is concluded that there are shortcomings in the existing methods and a hybrid DeepFake detection system architecture is proposed.

Keywords:

DeepFake detection, generative adversarial networks, artificially synthesized content, deep learning.

Pages 34-44

Annotation:

In this article, various approaches to the definition of the concept of the metaverse are investigated, and a proper, most universal one is proposed. The threats are analyzed and the requirements for the information security of the metaverse are highlighted. Its main components and features of their use are investigated. The applicability of various access control models to ensure effective security management of the metaverse has been evaluated.

Keywords:

metaverse, metaverse security, metaverse model.

Pages 45-53

Annotation:

This paper describes an approach to early detection of network attacks using weight agnostic neural networks. The choice of the type of neural networks is due to the specificity of their architecture that provides high processing speed and performance, which is significant in solving the problem of early attack detection. Experimental studies have demonstrated the effectiveness of the proposed approach based on a combination of multiple regression for feature selection of the training sample and weight agnostic neural networks. The accuracy of attack detection is comparable to the best results in the field with a significant time gain.

Keywords:

network attacks, weight agnostic neural networks, multiple regression, machine learning.

Pages 54-64

Annotation:

This paper is about the task of automating the analysis of access control in big data management systems by modeling security policies. The paper analyzes modern methods of access control in this class of systems, defines the requirements and selects the most promising one to describe the security policy within the framework of the developed solution. The task of modeling security policies in big data management systems is set. The architecture, main components and generalized algorithm of the software framework for its solution are presented. The results of experimental validation are also presented, the advantages and disadvantages of the framework are evaluated and the ways of its further development are proposed.

Keywords:

big data security, big data management systems, access control, attribute access control, security policy, security policy modeling.

Pages 65-76

Annotation:

This paper presents the developed method for detecting anomalies in network traffic, which is based on the technology of hierarchical temporary memory. To evaluate the effectiveness of the proposed solution, a new data set was generated containing information about legitimate and malicious network sessions. As a result of experimental studies, it was found that the use of a hierarchy of features and support for the memory mechanism make it possible to reveal hidden patterns in the analyzed chains of network requests to web resources with high accuracy.

Keywords:

network traffic analysis, web resource security, hierarchical temporary memory, anomaly detection, network attacks.

Pages 77-85

Annotation:

Considered methods of counteraction attack data poisoning type learning neural network and compiled a model of the attacker, according to which a classification of the considered methods. The classification obtained as a result of the study can be used in further research, the ultimate goal of which is to increase the level of unification and automation of data processing and protection methods.

Keywords:

information security, machine learning, data processing, data poisoning, learning quality.

Pages 86-94

Annotation:

The paper is devoted to the problem of ensuring the confidentiality of models in machine learning systems. The aim of the work is to ensure the confidentiality of proprietary models of machine learning systems. In the course of the work we analyzed attacks aimed at violating the confidentiality of models of machine learning systems, as well as ways to protect against this type of attacks, as a result of which the problem of protection against such attacks is set as a search for anomalies in the input data. We propose a way to detect anomalies in the input data based on statistical data, taking into account the resumption of the attack under a different account of the attacker. The obtained results can be used as a basis for designing components of machine learning defense systems.

Keywords:

information security, artificial intelligence, artificial intelligence security, attacks on machine learning systems, privacy, model privacy, behavioral analysis.

Pages 108-119

Annotation:

The article contains formalized techniques of data poisoning attacks are presented in the form of a set-theoretic model, considering the levels at which poisoning can be carried out. The division of attacks according to levels allows further consideration of each type of poisoning attack to prevent or minimize the consequences of data contamination specific to each level. The model obtained because of the study can be used in further research, the goal of which is to increase the level of unification and automation of data processing and protection methods.

Keywords:

cybersecurity, data poisoning, data cleaning, heterogeneous data, set-theoretic attack model.

Pages 120-129

Annotation:

The threat of extraction of the machine learning models is considered. Most of the modern approaches to the prevention of machine learning models extraction are based on the use of the protective noising mechanism. The main disadvantage of this protective method is the decrease in the accuracy of the outputs generated by the protected model. The paper states the requirements for methods for protecting machine learning models against extraction and presents a new method, which supplements noise with a distillation stage. It has been experimentally shown that the developed method ensures the resistance of machine learning models to extraction while maintaining the quality of their results by transforming the protected models to other, the simplified, but equivalent, models.

Keywords:

machine learning security, model distillation, noising, soft label, degree of security, accuracy of results, model extraction threat.

Pages 95-107

Annotation:

In the context of the deep penetration of information technologies and services into people's lives, the issues of control over recommendation systems (hereinafter - RS), which are actively used by social networks and Internet applications for personalized selection and ranking of content for users, are becoming increasingly relevant. The concept of RS operation is based on the preliminary collection of various types and degrees of sensitivity data about the user and their subsequent algorithmic processing in order to provide personalized recommendations. Personalized recommendations selected according to certain methods can create different worldviews for the same users, provoke active actions, etc. Thus, there is a need for a tool to assess the susceptibility of RS to the influences that lead to the bias of recommendation algorithms, on behalf of an external observer.

Keywords:

recommender systems, unfairness biases, social networks, social network communications, cybersecurity.

Pages 130-138

Annotation:

The assertion about the stability of a linear filter built on the basis of the Neyman-Pearson criterion was verified by performing falsifying experiments. The relationship between the eigenvalues of the interference covariance matrix and their minimum values and network stability was not found.

Keywords:

linear filter, single-layer neural network, robustness, Neyman-Pearson criterion.

Pages 139-144

Annotation:

The protection of infocommunication systems includes a wide number of information security means. There is a possibility of bypassing some of them by an intruder, thus breaking the assumed security script of the information protection system. The methods of monitoring the correct sequence of the use of information security means in the infocommunication system are proposed. The proposed methods make it possible to grow up the degree of security of infocommunication systems by confirming the fact of the use of all means and ways of information protection proposed by the architect of the information protection system.

Keywords:

information protection, computing systems, information security means, pattern of secure access, information security, methods of monitoring, security pattern.

Pages 61-72

Annotation:

This paper presents the results of the architecture stability analysis of messaging systems with a decentralized node structure Briar and Bridgefy. Developed mathematical models of target systems describe protocols for generating keys, establishing a connection and transferring data between system users. The key features of the architecture of messaging systems with a decentralized nodal structure are highlighted. The main classes of threats to target systems are determined.

Keywords:

decentralized systems, network degradation, mesh-messengers, Briar, Bridgefy.

Pages 73-81

Annotation:

The article discusses the encryption security of the Bitcoin Core cryptocurrency wallet. Particular attention is paid to aspects of the practical implementation of cryptographic algorithms when encrypting the wallet.dat file with a password. The practical strongness to brute-force attacks using parallel computing on the GPU is also considered. It was found that Bitcoin Core did not implement an encryption key change for private keys. This implementation makes it possible to re-attack the wallet without knowing the new password, if it has already been compromised before. The changes to encryption algorithms that complicate the password brute force attacks on the GPU are also proposed.

Keywords:

bitcoin core cryptocurrency wallet, cryptocurrency wallet encryption, encryption key change, bitcoin core wallet attack, brute force attack on GPU.

Pages 82-91

Annotation:

An analysis of the requirements of guiding documents for ensuring the security of critical information infrastructure facilities has been carried out. A classification of information security tools of the firewall class with a description of each, their implementation scenario and a generalized network diagram, taking into account the application of these solutions in the field of information security, are presented. A comparative analysis of existing firewalling solutions is made, followed by conclusions about using some of them to protect critical information infrastructure facilities. A solution is offered to develop the functionality of a new generation firewall.

Keywords:

threats, firewall, next generation firewall, critical information infrastructure.

Pages 92-106

Annotation:

An integrated approach to the maintenance of the cyber resiliency of cyber-physical systems represented as a network of functional nodes has been proposed. Based on the analysis of the graph of functional dependencies and the graph of attacks, this approach makes it possible to detect compromised nodes and rebuild the functional network of the system, moving the compromised nodes to an isolated virtual network similar to the one actually attacked, and then adapt the functional sequence of nodes that implement the technological process, thereby preventing the development of a cyber threat. The experimental results have demonstrated the correct operation of the proposed solution and the formation of an adequate counteraction to the intruders.

Keywords:

attack graph, cyber resiliency, cyber-physical system, functional dependencies graph, functional infrastructure, virtual isolated network.

Pages 107-122

Annotation:

This paper proposes an approach to assess the cyber resilience of mobile networks, based on the assessment of the probability that the network remains coherent under conditions of random movement of its nodes. The approach is aimed at countering the mobile network-specific attacks of hijacking and impersonation of one or more nodes, so that the network loses the ability to perform its target function.

Keywords:

mobile networks, network connectivity, probability of node movement, hijacking attacks, impersonation attacks.

Pages 123-139

Annotation:

The paper investigates the problem of detecting network anomalies in the processing of data streams in industrial systems. The network anomaly is understood as the malicious signature and the current context: the network environment and topology, routing parameters and node characteristics. As a result of the study, it was proposed to use a neocortex model that supports the memory mechanism to detect network anomalies.

Keywords:

hierarchical temporary memory, artificial intelligence, contextual anomalies, machine learning, neocortex, industrial internet of thighs, network traffic, HTM.

Pages 140-149

Annotation:

The structure and main properties of a generalized cyber-physical system are investigated. Threats of information security and main approaches to ensure the cybersecurity of these systems are analyzed. The method of assessing the degree of compromise of a generalized cyber-physical system, based on the analysis of indicators of compromise is presented.

Keywords:

cyber-physical system, cybersecurity, graph theory, indicator of compromise, Industry 4.0, TCP / IP model.

Pages 150-162

Annotation:

This paper discusses the problem of detecting network anomalies caused by computer attacks in industrial Internet of Things networks. To detect anomalies, a new method has been developed using the technology of hierarchical temporary memory, which is based on the innovative neocortex model. An experimental study of the developed anomaly detection method based on the HTM model demonstrated the superiority of the developed solution over the LSTM-based analogue. The developed prototype of the anomaly detection system provides continuous online unsupervised learning, takes into account the current network context, and also applies the accumulated experience by supporting the memory mechanism.

Keywords:

hierarchical temporary memory, artificial intelligence, computer attacks, neocortex, online learning, sparse distributed representations, network traffic, HTM.

Pages 163-172

Annotation:

The paper proposed approach to estimation the resilience of cyber-physical systems, as well as a method for their reconfiguration to neutralize the negative effects of structural attacks. The proposed method is applied to systems modeled by graphs, each vertex of which is associated with attributes - types of devices. The functioning of such systems is determined by the path on the graph, passing through the vertices of a given type. The reconfiguration method based on the graph artificial neural network (ANN) aims at increasing the number of working paths without the need to add new edges. The ANN model was trained on a synthetic dataset composed of random graphs whose vertex types were specified according to the mediation centrality metric.

Keywords:

cyber-physical systems, graph theory, graph artificial neural network.

Pages 173-182

Annotation:

Approaches related to solving the inverse problem of investigating the effectiveness of purposeful technical systems are considered. The classification of the tasks of the study of the effectiveness of the operation conducted by the military-technical system is given. A formal and informal approach to solving the task is outlined. The criteria of suitability for evaluating the effectiveness of the operation carried out by a purposeful technical system are formulated. Three statements of the problem of synthesis of the object under study are formulated.

Keywords:

synthesis, functioning process, efficiency, military-technical system.

Pages 183-190

Annotation:

The article reviews the use of artificial neural networks to ensure the navigational safety of navigation of an autonomous unmanned vessel.

Keywords:

unmanned vessel, navigation, neural networks, information theory, modeling, e-navigation, navigation safety, geoinformation.

Pages 191-201

Annotation:

The paper proposes a multi-agent reinforcement learning technology for intrusion detection in the Internet of Things. Three models of a multi-agent intrusion detection system have been implemented – a decentralized system, a system with the transmission of forecasts, a system with the transmission of observations. The obtained experimental results have been compared with the open intrusion detection system Suricata. It has been demonstrated that the proposed architectures of multi-agent systems are free from the weaknesses found in the usual solutions.

Keywords:

agent, decentralized system, internet of things, greedy algorithm, cybersecurity, machine learning, multi-agent reinforcement learning, intrusion detection, observation data transferring, prediction data transferring, DQN.

Pages 202-211

Annotation:

When considering digital systems for transmitting information in real time, in most cases, the transmission of information in blocks with a given delay time is implied. In this case, the delay determines the size of the sampling window. The article deals with the issues of masking an embedded message into an uncom-pressed audio signal with a variable size of the sample being processed.

Keywords:

steganography, sound, masking of information, two-component steganographic system, real time system.

Pages 09-16

Annotation:

The features of information campaigns, the principles of dissemination of information campaigns in social networks are considered. Groups of methods for detecting information campaigns are analyzed and identified. The problems of existing approaches are highlighted. A group of methods based on the detection of coordination is considered. The article proposes an algorithm for detecting influence campaigns implemented by a botnet in a social network using the algorithm bee colony.

Keywords:

social networks, influence campaign, botnet.

Pages 17-26

Annotation:

A comprehensive cybersecurity risk assessment is a complex multi-level task involving technical, software, external and human factors. As part of the development of a predictive model for assessing cybersecurity risks, characterization of the human factor is necessary to understand how the actions of information security specialists affect the risk of developing cybersecurity threats. The article discusses the concept of "reliability" in relation to the human factor in the cybersecurity system. It has two main components: innate characteristics, which are part of the personality, and situational characteristics, which are outside the personality. The use of reliability as a Human Factors parameter in a comprehensive cybersecurity risk assessment will also depend on an understanding of how different mental models and behavioral responses affect the level of trust placed in an information security professional and the biases that affect the ability to provide such trust.

Keywords:

information security, cyber security model, information system reliability, human factor, cyber defense.

Pages 27-36

Annotation:

This work presents the research of using machine learning methods to detect malicious installation files, specifically trojan droppers and downloaders, and installers with extraneous functionality. A comparative analysis of some classification methods of machine learning is presented: the naive bayes classifier, the random forest and the C4.5 algorithms. The classification was carried out using the Weka software in accordance with the methods under consideration. Significant attributes of executable files are defined, which give positive results in the classification of legitimate installers and trojans.

Keywords:

malware, installation files, trojans, droppers, machine learning, naive bayes classifier, random forest, C4.5 algorithms.

Pages 37-46

Annotation:

The paper proposes a method of preprocessing fragments of binary code for the task of detection their similarity using machine learning algorithms. The method is based on analysis of pseudocode, which is retrieved from decompilation process. The pseudocode is preprocessed with usage of attributed abstract syntax trees. Evaluation of the method indicates its efficiency in binary code similarity detection task due to semantic vectors used for abstract syntax tree modification.

Keywords:

code clones, syntactic similarity, semantic similarity, binary code similarity, abstract syntax tree, pseudocode.

Pages 47-60