M. A. Poltavtseva
Annotation:The trend towards automation of security management processes, including in industrial cyber - physical systems (CPS), has led to a change in the role of information security monitoring from solving the problem of conformity assessment to ensuring timely awareness of security management methods – active monitoring. The work is devoted to the formation of requirements for the subsystem of data collection and processing of information security active monitoring. The author systematizes a number of CPS security management tasks, considers examples of methods for solving them, and identifies data structures that are in demand by these methods.
Keywords:information security, security monitoring, security control, industrial cyber-physical systems, data preparation, data structuring, data engineering
Ageev S.A., Ageeva N.S., Karetnikov V.V., Privalov A.A., Sikarev I.
Annotation:The article proposes an adaptive heuristic (behavioral) algorithm for detecting traffic anomalies in high-speed corporate multiservice communication networks, functioning in real time. The main results of his research are given. The relevance of this study is determined by the fact that the vast majority of information and network security management processes, as well as risk management processes for implementing their threats in high-speed enterprise multiservice communication networks need to be implemented in close to real-time. The approach proposed in the work is based on the concept of a conditional nonlinear Pareto - optimal filtration by V. S. Pugachev. The essence of this approach is that the traffic parameter is estimated in two stages - at the first stage, the forecast of parameter values is estimated, and at the second stage, with the following parameter observations, their values are corrected. In the proposed method and algorithm, traffic parameter values are predicted in a small sliding window, and adaptation is implemented on the basis of pseudo-gradient procedures, the parameters of which are adjusted using the Tacagi-Sugeno fuzzy inference method. A feature of the developed procedures for evaluating the characteristics of high-speed traffic of multi-service communication networks is that they allow taking into account the dynamics of changes in network traffic parameters. The proposed method and algorithm belong to the class of adaptive methods and algorithms with preliminary training. The average relative error of estimating the estimated traffic parameters does not exceed 10%, which is a sufficient value for the implementation of operational network management tasks. The procedure for detecting abnormal traffic behavior of a high-speed multiservice communication network in operation is implemented based on the Mamdani fuzzy logic output method, in which traffic parameter state intervals are determined based on the security policy received in the network. A study of the proposed method for detecting abnormal behavior of network traffic has shown its high efficiency.
Keywords:pseudogradient algorithm, conditionally nonlinear Pareto - optimal filtering, fuzzy logical Takagi-Sugeno conclusion, fuzzy rule base, fuzzy knowledge base.
Kubrin G.S., Ivanov D.V.
Annotation:The paper describes a list of deficiencies in the publicly available datasets of phishing websites. A method is proposed that mitigates those deficiencies. A prototype is described and the results which was successfully used to create a dataset of phishing site archives. Created dataset does not contain described deficiencies.
Keywords:Phishing site detection, machine learning, website archiving.
M. O. Kalinin, V. M. Krundyshev
Annotation:This paper presents a method for analyzing network traffic based on the use of quantum machine learning. A method for encoding network traffic in terms of a quantum computer has been developed. The results of experimental studies have shown the superiority of the proposed approach over traditional machine learning methods in detecting network attacks.
Keywords:Network Traffic Analysis, Quantum Computer, Quantum Machine Learning, Qubit, Network Attacks, Intrusion Detection System.
I.I. Marshev, E.V. Zhukovskiy, E.B. Aleksandrova
Annotation:Strength of malware detection methods based on machine learning algorithms has been analyzed. Adversarial attack for given methods has been developed. The method of robustness improvement of vulnerability detection methods has been proposed.
Keywords:malware detection, classification, machine learning, adversarial attack, neural network, static analysis.
V.S. Nefedov, A.A. Kriulin, M.A. Eremeev
Annotation:The article deals with the issues of ensuring the security of communications on the Internet, anonymous access to network resources. The problem situation is revealed, which consists in increasing the probability of deanonymization of users of the TOR network when using servers under a single administrative management in the same chain. An approach to identifying «hidden groups» of TOR anonymous network servers is proposed by analyzing the frequency of server characteristics and clustering them based on the similarity measure. The conducted research allowed us to identify ways to improve the software of the TOR anonymous network and improve the security of users.
Keywords:information security, computer networks, anonymous communication, anonymous networks, TOR network, clustering.
Stepanov M. D, Pavlenko E. Y., Lavrova D. S.
Annotation:This paper proposes an approach for detecting network attacks in software-defined networks. The specifics of such networks in terms of security are taken into account, and a modified isolating forest algorithm is taken as the basis for the developed approach. The results of experimental studies where the optimal parameters of the isolating forest algorithm and the extended algorithm of the isolating forest are chosen are presented. Based on the results of the studies, a conclusion is made about the effectiveness of the isolating forest for network attack detection in software-defined networks.
Keywords:software-defined network, network attacks, isolation forest algorithm, extended isolation forest algorithm, software-defined network, networks attack detection
Zavadskii E.V., Ivanov D.V.
Annotation:In this paper, we propose a method for dynamic resource management of a Honeypot-system based on a graph of potential attacks to enable the deployment of a virtual network infrastructure of any scale, according to which a virtual network infrastructure in conditions of limited computing resources changes its configuration, adapting to the actions of an attacker.
Keywords:Network infrastructure, hybrid honeypot-system, deception, potential attack graph
Shenets N. N, Petushkov A. S.
Annotation:Simple side-channel attacks on the implementation of elliptic curve scalar point multiplication algorithms are considered. New regular sliding window algorithms for calculating multiple points are proposed. Their optimal parameters are evaluated. The efficiency of the proposed algorithms is investigated.
Keywords:side-channel attack, elliptic curve scalar point multiplication, regular algorithm, sliding window algorithm.
P. D. Zegzhda, V. G. Anisimov, E. G. Anisimov, T. N. Saurenko
Annotation:The article proposes a model for predicting the dynamics of a generalized indicator of the efficiency of the functioning of a corporate computer network in conditions of harmful information influences. The model is based on the representation of its dynamics in the form of a function of the level of performance of the corporate network at each moment of time from the specified interval. In this case, the level of network operability is determined by the operability of its elements and is described by an appropriate system of differential equations that take into account harmful effects and the process of eliminating their consequences. For these equations, under some simplifying conditions, analytical solutions are constructed, which greatly facilitates the process of forecasting the dynamics of the generalized efficiency indicator under consideration.
Keywords:corporate computer network, functioning, harmful information impacts, generalized efficiency indicator, dynamics, forecast, model.
Annotation:A conceptual model of a geoinformation system operating under conditions of destabilization is proposed. Destabilizing factors are of a deterministic, stochastic and non-stochastic nature. The geographic information system is considered as a control object with a variable structure, the problem of adaptation to destabilization is formulated.
Keywords:geographic information system, destabilizing factors, information security.
A. D. Fatin, E. Yu. Pavlenko
Annotation:In this paper, we consider a method for detecting abnormal behavior in the operation of cyber-physical systems, the Internet of Things (IoT) and distributed control systems using the prediction and analysis of multidimensional time series using neuroevolutionary algorithms based on the development of the hypercube substrate. The method is based on identifying deviations between the current values of the state of the cyber-physical system and the predicted results. The results of studies of the described method are presented, demonstrating the correctness and accuracy of this approach.
Keywords:information security, cyber-physical systems, IoT, Hypercube, NEAT, neuroevolution, multivariate timeset.
Vasileva K. V., Lavrova D.S.
Annotation:The paper proposes the application of convolutional graph neural networks to detect anomalies in cyber-physical systems, developed a graph model reflecting the dynamics of changes in the state of devices, presented an algorithm for data preprocessing, which provides the formation of the graph based on the studied sample of telemetry values. The optimal parameters of the neural network were established experimentally, the applicability and effectiveness of the proposed model for detecting anomalies in cyber-physical systems were shown, and the ability of the model to detect and distinguish between classes of attacks was confirmed.
Keywords:graph neural networks; cyber-physical system; anomaly detection; convolutional neural networks; information security; telemetric data analysis
A.D. Dakhnovich, D. A. Moskvin, D. P. Zegzhda
Annotation:One of the major problems in the Industrial Internet of Things (IIoT) cybersecurity is to provide availability of operation processes, in the other words, “cyber sustainability”. The survey describes actual IIoT network-level cybersecurity issues that could be mitigated by appliance of “Security through obscurity” approach on the very edge of IIoT cybersecurity. In the end, authors try to evaluate cybersecurity of IIoT systems through an anonymity measure. Thus, availability and anonymity terms are tried to be connected.
Keywords:Digital Manufacturing, Cybersecurity, Industry 4.0, Industrial Internet of Things, Critical Information Infrastructure
Dolgoprudny, Moscow Institute of Physics and Technology (National Research University)
Annotation:To mitigate the risks, it is necessary to create additional systems for monitoring the integrity of the OpenStack-based virtual infrastructure. The work examines the architecture of OpenStack, a study of the life cycle of a virtual machine is carried out to determine the OpenStack components (and their parts) for which it is necessary to ensure integrity control.
Keywords:Virtualization, hypervisor, OpenStack, virtual machine, integrity, integrity control, components of virtual machines.
Ivanov M.I., Pavlenko E. Y.
Annotation:This paper presents a security study of networks with dynamic topology. As a solution to the problem of attack detection, an approach to attack detection in networks with dynamic topology based on adaptive neuro-fuzzy inference system was developed. A software layout of the system that implements the proposed approach has been developed and its effectiveness has been evaluated using various metrics. Experimental results confirmed the validity and effectiveness of the developed approach for attack detection in networks with dynamic topology.
Keywords:dynamic topology networks, attack detection, network security, machine learning, fuzzy logic, neural networks
Smirnov S. I., Eremeev M. A., Pribylov I. A.
Annotation:The article presents an approach to detecting malicious actions of an attacker based on the analysis of the Security.evtx event logs of the Windows operating system when investigating an information security incident. The authors experimentally tested the use of the autoregression model (the Change Finder algorithm), on the basis of which malicious activity of domain users in the corporate network was detected.
Keywords:information security incident, APT attack, horizontal movement, Security log Security. evtx, Change Finder algorithm.
Kulikov D.A., Platonov V.V.
Annotation:This article discusses adversarial attacks on machine learning models and their classification. Methods for assessing the resistance of an LSTM classifier to adversarial attacks are investigated. JSMA and FGSM attacks, chosen due to the portability of adversarial examples between machine learning models, are discussed in detail. An attack of "poisoning" of the LSTM classifier is proposed. Methods of protection against the considered adversarial attacks are formulated.
Keywords:adversarial attack, intrusion detection system, neural network, LSTM.
E.V. Zavadskii, D.V. Ivanov
Annotation:In this paper, we propose an implementation of a Honeypot system that uses the method of dynamic resource management based on a graph of potential attacks to enable the deployment of a virtual network infrastructure of any scale, and compare its resource consumption with a traditional Honeypot system.
Keywords:Network Infrastructure, Hybrid Honeypot-system, Potential Attack Graph
V.V. Danilov, V.A. Ovcharov
Annotation:This paper substantiates a threat model for implementing attacking scenarios on the Domain Name System (DNS) network service, taking into account current vulnerabilities in order to develop measures to ensure information security of a controlled information and telecommunications network (ITCS), namely, timely response to computer information security incidents (IS). The data obtained allows us to more fully describe the profiles of network objects that use the DNS service to identify the states of the monitored infrastructure. The use of this model can expand the capabilities of tools for detecting and preventing intruder attack scenarios.
Keywords:DNS server, DNS query, attacking scenarios, botnet, domain name resolution.
G. S. Kubrin, D. V. Ivanov
Annotation:The paper describes a method of phishing site classification development based on dynamically updated dataset. A prototype of a system for automating model development and modification is described. A classificatory developed using the proposed method is described.
Keywords:phishing site detection, machine learning, web-page feature selection
E.B. Aleksandrova, E.N. Shkorkina, A.Yu. Oblogina
Annotation:An authentication protocol for Internet of Things networks based on the edge computing architecture is proposed. The protocol makes it possible to reduce the computational load on resource-constrained devices, while ensuring high resistance to attacks along different vectors and an acceptable execution speed for such networks.
Keywords:Internet of Things, authentication, edge computing, resource-constrained devices
Kustov V.N., Krasnov A.G.
Annotation:Abstract – The authors consider the problem of masking a hidden message in HUGO stegosystems under natural noise in the communication channel using discrete chaotic Arnold cat map and Baker map, which are iterative reversible discrete transformations in highly undetectable HUGO stegosystems. To estimate the level of chaotic state of a hidden message represented by a digital still image, the authors introduce the concept of the chaotic coefficient, which is a numerical indicator of the entropy of the probability of disordered pixels. The authors propose a method for determining the maximum value of the chaotic coefficient corresponding to the maximum chaotic state of the hidden image.
Keywords:chaotic transformation, entropy, Arnold cat map, Baker map, HUGO stegosystem.
Annotation:(Russian) Рассматриваются многомерные системы хранения данных, предназначенные для хранения больших объемов информации, функционирующие в условиях деструктивных воздействий. Представлена модель контроля целостности многомерных массивов данных на основе криптографической пирамиды Паскаля.
Keywords:Multi-dimensional data storage systems designed for storing large amounts of information and functioning under destructive influences are considered. A model for controlling the integrity of multi-dimensional data arrays based on Pascal's cryptographic pyramid is presented.
Tatarnikova T.M., Bogdanov P.Yu., Kraeva E.V.
Annotation:The paper examines the relevance of HID attacks in order to gain access to protected information resources or take control over hardware and software and hardware as part of an automated workplace or peripheral equipment. Presented are devices for implementing devices for carrying out HID attacks in order to demonstrate their capabilities. Based on the results of considering the currently existing hardware and software implementations of HID devices, a comprehensive method proposed for ensuring the security of information systems and individual devices from the considered type of attacks.
Keywords:Human Interface Device, Input-Output device emulation, information security, attack, malicious code
P. D. Zegzhda, D. P. Zegzhda, V. G. Anisimov, E. G. Anisimov, T. N. Saurenko
Annotation:The urgent need for the purposeful development of information security systems in the context of the intensive introduction of digital technologies in the economy and social sphere determines the relevance of improving the methodological apparatus for substantiating appropriate decisions in planning and managing this process. The purpose of this article is to develop a mathematical model and an algorithm for supporting decision-making in the formation of a program for the development of an organization's information security system. At the same time, a generalized structure of the model and an algorithm for solving the problem of forming the optimal version of the program are proposed. Minimization of financial costs is, used as an optimality criterion in the model. Uncertainty inherent in the development of information security systems is, taken into account by setting the intervals of possible costs during the implementation of projects included in the program. To solve the problem, an iterative algorithm is, proposed for the sequential formation of an appropriate version of the program.
Keywords:information security system, optimization of the system development program, model, algorithm.
R.A. Ognev, E.V. Zhukovskiy, D.P. Zegzhda
Annotation:The application of classification algorithms for detecting malicious software is investigated using classes of actions obtained as a result of clustering based on the analysis of sequences of calls to WinAPI-functions as features. The application of the following classification algorithms is considered: gradient boosting, adaptive boosting, linear regression, and the forest case. The quality assessment was carried out using the accuracy metrics, F1-measure, the area under the ROC curve, as well as taking into account the training time.
Keywords:classification, clustering, malicious software, malicious behavior, machine learning, behavioral analysis, dynamic analysis, computer security
M. E. Sukhoparov I. S. Lebedev
Annotation:An approach to identifying anomalous situations in network segments of the Internet of Things based on an ensemble of classifiers is considered. Classifying algorithms are tuned for different types of events and anomalies using training samples of different composition. The use of an ensemble of algorithms makes it possible to increase the accuracy of the results due to collective voting. The experiment performed using three neural networks identical in architecture is described. The results of the assessment were obtained both for each classifier separately and with the use of an ensemble.
Keywords:Ensemble of classifiers, anomaly detection, parasitic traffic, information security.
T. D. Ovasapyan, V. A. Nikulkin, D. A. Moskvin
Annotation:The article discusses the application of Honeypot technology with adaptive behavior for tracking and analyzing attacks on the Internet of Things networks. The analysis of existing adaptive systems is carried out and the optimal one for building a honeypot is determined. It is proposed to use the Markov decision process as a mathematical apparatus for the adaptive Honeypot system. The resulting honeypot can be used to track XMPP and SSH attacks.
Keywords:Honeypot, Internet of things, adaptive behavior, Markov decision process (MDP)
Annotation:The paper explores an approach to ensuring the sustainability of cyber-physical systems (CPS) based on graph theory. The existing approaches of ensuring the security of CPS are considered. To formalize the problem it is proposed to model the behavior of CPS based on graph theory. Representation of CPS as a graph allows to take into account the structural characteristics of the system under study that change as a result of attacking influences, as well as to produce compensating actions aimed at maintaining the sustainability of functioning.
Keywords:sustainability of functioning; cyber-sustainability; cyber-physical system; information security; graph theory