Annotation:

Offers an analysis of modern protocols and approaches in cyber threat intelligence. The classification of CTI information was given, also the area of applicability for each class was estimated. The classification of CTI protocols and standards was presented with the mapping to CTI levels. An assessment of applicability to describe each CTI level was addressed to each class of protocols and standards. The main conclusion is that further study of the available standards in this area will determine the necessary set of requirements to the process of CTI information sharing, which will allow to face threats more effectively and reduce potential risks.

Keywords:

information security threats, cyber threat intelligence, CTI level, exchange protocols.

Annotation:

When considering digital systems for transmitting information in real time, in most cases, the transmission of information in blocks with a given delay time is implied. In this case, the delay determines the size of the sampling window. The article deals with the issues of masking an embedded message into an uncom-pressed audio signal with a variable size of the sample being processed.

Keywords:

steganography, sound, masking of information, two-component steganographic system, real time system.

Annotation:

The features of information campaigns, the principles of dissemination of information campaigns in social networks are considered. Groups of methods for detecting information campaigns are analyzed and identified. The problems of existing approaches are highlighted. A group of methods based on the detection of coordination is considered. The article proposes an algorithm for detecting influence campaigns implemented by a botnet in a social network using the algorithm bee colony.

Keywords:

social networks, influence campaign, botnet.

Annotation:

A comprehensive cybersecurity risk assessment is a complex multi-level task involving technical, software, external and human factors. As part of the development of a predictive model for assessing cybersecurity risks, characterization of the human factor is necessary to understand how the actions of information security specialists affect the risk of developing cybersecurity threats. The article discusses the concept of "reliability" in relation to the human factor in the cybersecurity system. It has two main components: innate characteristics, which are part of the personality, and situational characteristics, which are outside the personality. The use of reliability as a Human Factors parameter in a comprehensive cybersecurity risk assessment will also depend on an understanding of how different mental models and behavioral responses affect the level of trust placed in an information security professional and the biases that affect the ability to provide such trust.

Keywords:

information security, cyber security model, information system reliability, human factor, cyber defense.

Annotation:

This work presents the research of using machine learning methods to detect malicious installation files, specifically trojan droppers and downloaders, and installers with extraneous functionality. A comparative analysis of some classification methods of machine learning is presented: the naive bayes classifier, the random forest and the C4.5 algorithms. The classification was carried out using the Weka software in accordance with the methods under consideration. Significant attributes of executable files are defined, which give positive results in the classification of legitimate installers and trojans.

Keywords:

malware, installation files, trojans, droppers, machine learning, naive bayes classifier, random forest, C4.5 algorithms.

Annotation:

The paper proposes a method of preprocessing fragments of binary code for the task of detection their similarity using machine learning algorithms. The method is based on analysis of pseudocode, which is retrieved from decompilation process. The pseudocode is preprocessed with usage of attributed abstract syntax trees. Evaluation of the method indicates its efficiency in binary code similarity detection task due to semantic vectors used for abstract syntax tree modification.

Keywords:

code clones, syntactic similarity, semantic similarity, binary code similarity, abstract syntax tree, pseudocode.

Annotation:

The protection of infocommunication systems includes a wide number of information security means. There is a possibility of bypassing some of them by an intruder, thus breaking the assumed security script of the information protection system. The methods of monitoring the correct sequence of the use of information security means in the infocommunication system are proposed. The proposed methods make it possible to grow up the degree of security of infocommunication systems by confirming the fact of the use of all means and ways of information protection proposed by the architect of the information protection system.

Keywords:

information protection, computing systems, information security means, pattern of secure access, information security, methods of monitoring, security pattern.

Annotation:

This paper presents the results of the architecture stability analysis of messaging systems with a decentralized node structure Briar and Bridgefy. Developed mathematical models of target systems describe protocols for generating keys, establishing a connection and transferring data between system users. The key features of the architecture of messaging systems with a decentralized nodal structure are highlighted. The main classes of threats to target systems are determined.

Keywords:

decentralized systems, network degradation, mesh-messengers, Briar, Bridgefy.

Annotation:

The article discusses the encryption security of the Bitcoin Core cryptocurrency wallet. Particular attention is paid to aspects of the practical implementation of cryptographic algorithms when encrypting the wallet.dat file with a password. The practical strongness to brute-force attacks using parallel computing on the GPU is also considered. It was found that Bitcoin Core did not implement an encryption key change for private keys. This implementation makes it possible to re-attack the wallet without knowing the new password, if it has already been compromised before. The changes to encryption algorithms that complicate the password brute force attacks on the GPU are also proposed.

Keywords:

bitcoin core cryptocurrency wallet, cryptocurrency wallet encryption, encryption key change, bitcoin core wallet attack, brute force attack on GPU.

Annotation:

An analysis of the requirements of guiding documents for ensuring the security of critical information infrastructure facilities has been carried out. A classification of information security tools of the firewall class with a description of each, their implementation scenario and a generalized network diagram, taking into account the application of these solutions in the field of information security, are presented. A comparative analysis of existing firewalling solutions is made, followed by conclusions about using some of them to protect critical information infrastructure facilities. A solution is offered to develop the functionality of a new generation firewall.

Keywords:

threats, firewall, next generation firewall, critical information infrastructure.

Annotation:

An integrated approach to the maintenance of the cyber resiliency of cyber-physical systems represented as a network of functional nodes has been proposed. Based on the analysis of the graph of functional dependencies and the graph of attacks, this approach makes it possible to detect compromised nodes and rebuild the functional network of the system, moving the compromised nodes to an isolated virtual network similar to the one actually attacked, and then adapt the functional sequence of nodes that implement the technological process, thereby preventing the development of a cyber threat. The experimental results have demonstrated the correct operation of the proposed solution and the formation of an adequate counteraction to the intruders.

Keywords:

attack graph, cyber resiliency, cyber-physical system, functional dependencies graph, functional infrastructure, virtual isolated network.

Annotation:

This paper proposes an approach to assess the cyber resilience of mobile networks, based on the assessment of the probability that the network remains coherent under conditions of random movement of its nodes. The approach is aimed at countering the mobile network-specific attacks of hijacking and impersonation of one or more nodes, so that the network loses the ability to perform its target function.

Keywords:

mobile networks, network connectivity, probability of node movement, hijacking attacks, impersonation attacks.

Annotation:

The paper investigates the problem of detecting network anomalies in the processing of data streams in industrial systems. The network anomaly is understood as the malicious signature and the current context: the network environment and topology, routing parameters and node characteristics. As a result of the study, it was proposed to use a neocortex model that supports the memory mechanism to detect network anomalies.

Keywords:

hierarchical temporary memory, artificial intelligence, contextual anomalies, machine learning, neocortex, industrial internet of thighs, network traffic, HTM.

Annotation:

The structure and main properties of a generalized cyber-physical system are investigated. Threats of information security and main approaches to ensure the cybersecurity of these systems are analyzed. The method of assessing the degree of compromise of a generalized cyber-physical system, based on the analysis of indicators of compromise is presented.

Keywords:

cyber-physical system, cybersecurity, graph theory, indicator of compromise, Industry 4.0, TCP / IP model.

Annotation:

This paper discusses the problem of detecting network anomalies caused by computer attacks in industrial Internet of Things networks. To detect anomalies, a new method has been developed using the technology of hierarchical temporary memory, which is based on the innovative neocortex model. An experimental study of the developed anomaly detection method based on the HTM model demonstrated the superiority of the developed solution over the LSTM-based analogue. The developed prototype of the anomaly detection system provides continuous online unsupervised learning, takes into account the current network context, and also applies the accumulated experience by supporting the memory mechanism.

Keywords:

hierarchical temporary memory, artificial intelligence, computer attacks, neocortex, online learning, sparse distributed representations, network traffic, HTM.

Annotation:

Approaches related to solving the inverse problem of investigating the effectiveness of purposeful technical systems are considered. The classification of the tasks of the study of the effectiveness of the operation conducted by the military-technical system is given. A formal and informal approach to solving the task is outlined. The criteria of suitability for evaluating the effectiveness of the operation carried out by a purposeful technical system are formulated. Three statements of the problem of synthesis of the object under study are formulated.

Keywords:

synthesis, functioning process, efficiency, military-technical system.

Annotation:

The article reviews the use of artificial neural networks to ensure the navigational safety of navigation of an autonomous unmanned vessel.

Keywords:

unmanned vessel, navigation, neural networks, information theory, modeling, e-navigation, navigation safety, geoinformation.

Annotation:

The paper proposes a multi-agent reinforcement learning technology for intrusion detection in the Internet of Things. Three models of a multi-agent intrusion detection system have been implemented – a decentralized system, a system with the transmission of forecasts, a system with the transmission of observations. The obtained experimental results have been compared with the open intrusion detection system Suricata. It has been demonstrated that the proposed architectures of multi-agent systems are free from the weaknesses found in the usual solutions.

Keywords:

agent, decentralized system, internet of things, greedy algorithm, cybersecurity, machine learning, multi-agent reinforcement learning, intrusion detection, observation data transferring, prediction data transferring, DQN.