A.S. Sokolov, A.Y. Chernov, A.S. Konoplev
Peter the Great St. Petersburg Polytechnic University
Annotation:
The complexity of neutralization and the lack of a universal mitigation approach of speculative execution attacks allows potential malware to have an unauthorized access to data being processed by CPU. To provide the confidentiality of such data it`s processing should be transferred from CPU to a microprocessor operating in a trusted execution environment. Paper describes the approach of using Intel DAL technology, which allows to implement application in Intel ME subsystem, thus completely mitigate side channel speculative execution attacks.Keywords:
side-channel attacks, speculative execution, Meltdown, Spectre, Intel TEE, Intel ME, Intel DAL, cryptoservicesK.Yu. Sopin, I.O. Povchun, S.A. Dichenko, D.V. Samoylenko
Krasnodar Higher Military School named after S.M. Shtemenko
Annotation:
The problem of information security in modern conditions of application and functioning of information systems, complicated by the continuous growth of the volume and value of processed information, is considered in the article. A method for ensuring data integrity based on numerical-theoretic Gauss transformations is presented.Keywords:
information system, information protection, control and restoration of data integrity, complex numbersS.V. Belim, S.N. Munko
Omsk State Technical University
Annotation:
The article proposes an algorithm for embedding a digital watermark into the executable code of the program. Dynamic memory of the program is used as a stegocontainer. The digital watermark is formed in the memory of the executable program under certain conditions. The embedding parameters are determined by the executable code and the run time of the program. The digital watermark is checked by a separate application using key information.Keywords:
digital watermark, steganography, dynamic memory, authenticationO. I. Berezovskaya
ITMO University
S. S. Chuprov
ITMO University
Saint Petersburg Electrotechnical University ‘LETI’
E. A. Neverov, E. R. Sadreev
Saint Petersburg Electrotechnical University ‘LETI’
Annotation:
Nowadays, the development of smart city concepts and cyber-physical systems is impossible without considering information security issues. In the conditions of limited computational resources, it is necessary to find a trade-off between the cryptographic strength of the encryption algorithm and its requirements. As part of the study, lightweight modifications of the AES symmetric block cipher are compared to identify the most balanced solution for ensuring the confidentiality of low-power devices communication. The comparison is made both in terms of theoretical indicators that determine cryptographic strength, and in terms of encryption and decryption time, depending on the size of the input data. The obtained results demonstrate that the Modified AES is the most balanced solution in relation to the specified requirements. It outperforms not only other modifications, but also the standard algorithm, improving the diffusion and confusion values by 5% and 30% respectively, and also reducing the average encryption/decryption time by one and a half times.Keywords:
AES, lightweight modifications, resource-constrained environment, cryptographic protection, smart cityV. M. Krundyshev, M. O. Kalinin
Peter the Great St. Petersburg Polytechnic University
Annotation:
This paper presents an adaptive control system for detecting computer attacks in critical information infrastructure based on a neuro-fuzzy analysis of variant cyber-threat spaces and parameters of the protected object using the automatically reconfigurable ANFIS neuro-fuzzy inference system and Takagi-Sugeno-Kanga fuzzy basis. The results of experimental studies have shown that the developed system provides high accuracy and speed of detecting computer attacks in changing decision-making conditions.Keywords:
Adaptive Control, Critical Information Infrastructure, Neuro-Fuzzy System, Computer Attack DetectionE. Yu. Pavlenko, A. D. Fatin
Peter the Great St. Petersburg Polytechnic University (SPbPU)
Annotation:
This paper discusses new approaches to building models of immunization of modern computer networks. The greatest attention is paid to the consideration of the P2P static model, segment model, as well as models of dynamic representation of cyclic and growing graphs. The main advantages and areas of application of the considered models, the nuances of their use and the novelty of the considered methods are highlighted.Keywords:
Computer Networks, Immunization, Scale-Free Networks, P2P, Segment Model, Cyberphysical SystemsV. M. Krundyshev
Peter the Great St. Petersburg Polytechnic University
Annotation:
This paper presents a mathematical model for the spread of computer attacks on critical information infrastructure based on the extension of the basic Lotka-Volterra model. Within the framework of the proposed model, the problem to be solved is formulated, the point of stability of the system is determined, and a criterion is proposed for the adequacy of the applied methods for detecting attacks to changing parameters of the critical information infrastructure and existing cyber threats.Keywords:
Critical Information Infrastructure, Adequacy Criterion, Mathematical Model, Lotka-Volterra Model, Computer Attack Spread Rate, Stability Point, CIII.A. Sikarev
Russian State Hydrometeorological University
V.Yu. Ivanyuk, V.V. Sakharov
Admiral Makarov State University of Maritime and Inland Shipping
Annotation:
A method for identifying signals based on the results of electrocardiogram (ECG) processing performed based on wavelet technologies is considered. The use of digital technologies for processing and diagnostics of ECG signals using wavelet analysis can significantly improve the efficiency and quality of evaluation of pacemaker settings during implantation, as well as in the process of correction of functional modes, diagnostics, in order to eliminate postoperative complications, etc. Digital processing of complex cardiac signals at a qualitatively new level is an indispensable condition for radically improving the processing of the current values of the diagnosed parameters, the widespread use of digital tools for making informed and effective decisions in the field of medical care, as well as for information support of identification processes. A method of approximation is considered and an algorithm for analyzing ECG diagrams obtained during implantation and in the process of choosing the modes of functioning of pacemakers based on the wavelet, transform is given. The presence of high–frequency components and short-term pulses in the spectrum of ECG signals, the evaluation of which is practically impossible by the traditionally used methods of spectral analysis, determined the choice of a method for digitalizing the decomposition of signals into basic frequency rhythms for parametric evaluation of QRS complexes. The approximation method is based on the use of wavelet analysis, which allows deep investigation of such modes. Examples of the use of wavelet analysis for the approximation of ECG diagrams using cubic splines whose interpolation nodes are located on an uneven grid are given. Digital technologies are implemented using the tools of the MATLAB computing environment.Keywords:
electrocardiogram, parametric estimation, identification, wavelet technologies, Dobshy wavelets, cubic spline, signal reconstruction levels, wavelet decomposition coefficientsI. I. Zabirov, I. V. Mashkina
Ufa State Aviation Technical University (USATU)
Annotation:
The possibility of using of Identity and access Management system (IdM/IAM) is considered in the paper to automate users account and access rights management in Industrial Control System (ICS). The main feature of IdM/IAM system is that they require an individual approach and ongoing support when implemented in ICS. The results of the role-based access model development are presented for its implementation in IdM/IAM. An analysis of ICS safety has been carried out and the article provides a list of the information assets and information subjects representing the function, or roles, of industrial network users. A hierarchy of users roles and an access matrix (with possible rights) have been developed.Keywords:
Industrial control system, information assets, information subjects, access control, user account and rights management, hierarchy of users rolesA.M. Sukhov, A.V. Krupenin, V.I. Yakunin
Krasnodar Higher Military School named after S.M. Shtemenko
Annotation:
The article describes a method associated with the construction of mathematical models of quality indicators for further evaluation of the process of functioning of an automated system for special purposes, taking into account destructive influences. Methods for calculating the performance indicators of complex systems are presented. The features of the construction of analytical and simulation models are disclosed. Algorithms for modeling of the designed automated systems of special purpose are constructed.Keywords:
Mathematical Model, Quality Indicator, Method, Algorithm, Destructive Impact, Automated System of Special PurposeI. S. Lebedev
St. Petersburg Federal Research Center of the Russian Academy of Sciences (SPC RAS)
M. E. Sukhoparov
Russian State Hydrometeorological University
Annotation:
Improving the qualitative indicators of identifying the state of information security of individual cyber-physical systems segments is associated with the processing of large information arrays. A method of splitting data samples is proposed to improve the quality of algorithms for classifying information security states. Classification models are configured on training sets of examples in which outliers, noisy data, and an imbalance of observed objects may be present, which affects the qualitative indicators of the results. At certain points in time, under the influence of the external environment, the frequency of occurrence of observed events, the ranges of recorded values may change, which significantly affects the quality indicators. It is shown that a number of events in the samples occur as a result of the actions of internal and external factors.Keywords:
information security, machine learning, dataset, influencing factors, the formation of data samplesN. V. Gololobov, E.Y. Pavlenko
Peter the Great St. Petersburg Polytechnic University (SPbPU)
Annotation:
The paper proposes the use of recurrent neural networks with the LSTM architecture for solving problems related to the detection of anomalous instances in data sets and compares the effectiveness of the proposed method with the traditional technique – the support vector machine for one class. During the study, an experiment was conducted and criteria for the effectiveness of implementations were formulated. The results obtained in this way made it possible to draw appropriate conclusions about the applicability of recurrent neural networks in the tasks of detecting anomalous instances and put forward proposals for the further development of this direction.Keywords:
anomaly detection, machine learning, support vector method, recurrent neural networks, LSTM, learning without a teacher, recurrent neural networksE. A. Rudnitskaya, M. A. Poltavtseva
Peter the Great St.Petersburg Polytechnic University
Annotation:
This paper is about the adversarial attacks on machine learning systems that analyze medical images. The authors review the existing attacks, conducts their systematization and practical feasibility. The article contains an analysis of existing methods of protection against adversarial attacks on machine learning systems. It describes the peculiarities of medical images. The authors solve the problem of protection against adversarial attacks for these images based on several defensive methods. The authors have determined the most relevant protection methods, their implementation and testing on practical examples – the analysis of COVID-19 patient’s images.Keywords:
attacks on machine learning systems, machine learning system protection, adversarial attacks, medical images, machine learningV. G. Anisimov
Peter the Great St. Petersburg Polytechnic University
E. G. Anisimov, T. N. Saurenko
Peoples’ Friendship University of Russia
V.P. Los
MIREA – Russian Technological University
Annotation:
Computer networks are an important part of modern civilization. They are used literally in all spheres of human activity. Significant losses due to failures of these networks cause high requirements for the stability of their operation. Ensuring the necessary resilience, in particular, relies on the protection of computer networks from virus attacks. In its interests, appropriate protection systems are being created. As an indicator of the effectiveness of such systems, it is proposed to use the number of network computers that a virus manages to infect before it is detected and removed. The empirical basis for assessing the effectiveness of systems for protecting computer networks from virus attacks is the data obtained as a result of field tests and (or) previous operating experience. These data are random in nature, and their volume, as a rule, is significantly limited. An approach to assessing the effectiveness of systems for protecting computer networks from virus attacks, taking into account the indicated features of empirical data, is considered in this article. The approach is based on the presentation of empirical data in the form of a small sample from the general population of values of a random variable of the number of computers on the network that the virus managed to infect before it was detected and removed. The distribution function of this quantity is taken as a test model. The construction of the distribution function is based on the principle of maximum uncertainty. Shannon's entropy is taken as a measure of uncertainty.Keywords:
computer network, virus attack, network protection system, protection efficiencyA.A.Poltavtsev
Tver State Technical University (TvSTU)
Annotation:
If the data is not available to the outside world, it is useless. The data must be available so that the necessary processing and planning can be carried out. Regulating and monitoring user access to a database is one of the important tasks of the database security community. Database protection against inference attacks is a part of information security that tries to prevent the disclosure of sensitive information through available information (tables, individual records). It is necessary to have methods capable of maintaining a balance between the use of information and the protection of data. The purpose of this work is to compare different inference control methods in order to evaluate the methods results to minimize both the loss of information and the risk of information disclosure.Keywords:
Information Security, Security Monitoring, Security Control, Data Structuring, Data EngineeringA.A. Kriulin, M.A. Eremeev, G.Yu. Poterpeev
MIREA – Russian Technological University
Annotation:
The article discusses the possibility of using the Mitre AT&T knowledge base in the development of systems for detecting computer attacks involving malware. Using the Mitre API, a statistical analysis of malware is carried out, as well as techniques and tactics used by hacker groups to compile additional indicators of compromised attacks.Keywords:
computer security, Mitre, APT, malware, executable file, statistical analysisA. D. Fatin, E. Yu. Pavlenko
Peter the Great St. Petersburg Polytechnic University
Annotation:
This paper discusses the main methods of immunization of modern computer networks. The greatest attention is paid to topologies and types of graph structures under consideration. An assessment and comparison of existing immunization strategies and methods for solving the problems of optimal selection of nodes for immunization in the context of the considered topologies is also carried out. The main advantages, disadvantages and areas of application of the selected topologies and methods for solving immunization problems are highlighted.Keywords:
computer networks, immunization, cyber-physical systems, network security, scale-free networksT. M. Tatarnikova, A. V. Sverlikov
St. Petersburg State University of Aerospace Instrumentation
I.A. Sikarev
Russian State Hydrometeorological University
Annotation:
It is shown that data protection technologies used in wired communication networks are not available for low-power devices of the Internet of things. Therefore, the search for an attack on IoT devices can be implemented by means of analyzing the traffic that carries the attack and, as a result, is classified as anomalous. A technique for searching for an anomaly in the network traffic of the Internet of things is proposed. A sequence of steps is considered to isolate a random component from the traffic generated by the IoT sensor devices, remaining after the exclusion of the main characteristics and which may contain an anomaly. The software implementation of the proposed technique can become part of the intrusion detection system for the Internet of things.Keywords:
Internet of things, anomalous traffic, data security, traffic analysis technique, intrusion detection systemT.V. Starikov, K.Yu. Sopin, S.A. Dichenko, D.V. Samoylenko
Krasnodar Higher Military School named after S.M. Shtemenko
Annotation:
The actual problem of optimization of information integrity control in data storage systems functioning in conditions of continuous growth of its volumes and destructive influences of an attacker is considered. A method of cryptographic integrity control of multidimensional data arrays based on the rules for constructing Reed-Solomon codes is presented.Keywords:
information protection, data integrity control, cryptographic methods, Reed-Solomon codeD.E. Vilkhovsky
Dostoevsky Omsk State University
Annotation:
The paper presents a compact method of detecting LSB inserts in color photographic images that proves high efficiency when dealing with low stego-payload images. The method is based on an analysis of signatures of pairwise similarity the zero and first layers, an algorithm for largest empty rectangles, white (black) pixel dominance pattern and image moments analysis.Keywords:
Steganalysis, steganographic analysis, stegocontainer analysis, LSB-insert detectionA.S. Sokolov, A.Y. Chernov, A.S. Konoplev
Peter the Great St. Petersburg Polytechnic University
Annotation:
The appearance of Meltdown/Spectre attacks exploiting the vulnerabilities in Intel processors via misuse of speculative executions has destroyed confidence in the security of user’s confidential data which includes cryptoservices secret parameters. The developed Meltdown/Spectre countermeasures demonstrated ineffectiveness in neutralizing the newly designed speculative execution attacks. Paper highlights a fundamental solution of specified issue via Intel ME technology usage. The dedicated Intel ME processor is immune to Meltdown/Spectre attacks, which makes it effective to be used as a cryptoprocessor. Implementation of the proposed approach can be achieved through the usage of Intel Dynamic Application Loader (Intel DAL) technology.Keywords:
side-channel attacks, speculative execution, Meltdown, Spectre, Intel ME, Intel DAL, cryptoserviceK.Yu. Sopin, S.A. Dichenko, D.V. Samoylenko
Krasnodar Higher Military School named after S.M. Shtemenko
Annotation:
New complex tasks related to information security when scaling data storage systems are considered. A method of cryptographic integrity control of large data arrays based on geometric fractals is presented.Keywords:
data storage system, information protection, data integrity control, hash function, Sierpinski triangleV. D. Danilov, T. D. Ovasapyan, D. V. Ivanov, A. S. Konoplev
Peter the Great St. Petersburg Polytechnic University
Annotation:
This article presents research aimed at analyzing methods for generating synthetic data to populate honeypot systems. To select the generated data types, the relevant target objects in the context of honeypot-systems are identified. Existing generation methods are investigated. Methods for evaluating the quality of generated data in the context of honeypot systems are also analyzed. As a result, a layout of an automated system for generating synthetic data for honeypot-systems is developed and its performance is evaluated.Keywords:
honeypot system, deep learning methods, synthetic data generation, machine learning, inference attacksA.M. Sukhov, A.V. Krupenin, V.I. Yakunin
Krasnodar Higher Military School named after S.M. Shtemenko
Annotation:
A new approach is considered related to the construction of mathematical models of quality indicators for further evaluation of the process of functioning of the information security system, taking into account the requirements for the results of the operation. The vector of quality indicators of the results of the process of functioning of the system. Under consideration is substantiated, models of the virtual indicator and the required quality of the results of the process of functioning of the information security system are presented.Keywords:
mathematical model, quality indicator, destructive impact scenario, unified information space, information security systemA.Yu. Garkushev
St. Petersburg State Marine Technical University
A.F. Suprun
Peter the Great St. Petersburg Polytechnic University
S. Yu. Sysuev
Mikhailovskaya Military Artillery Academy
Annotation:
The article is devoted to the development of a model and algorithm for solving the problem of ensuring information security in promising domestic computer-aided design systems based on a modified method of branches and boundaries using the duality of solutions to linear programming problems. As a result, an algorithm was obtained that allows the developer to ensure the information security of shipbuilding projects at a sufficient level.Keywords:
information security, ship design, mathematical model