Annotation:
Information is becoming an increasingly valuable asset for companies, so information security management is an integral part of the work of all institutions and enterprises. The professional experience and skills of information security specialists significantly affect the development of the system, audit and management of the information security system. In light of the high rate of receipt of relevant information and rapid changes in the information security system, it is important that future specialists in this field have the ability to analyze information, use it effectively and make accurate forecasts based on this data. The development of reflexive and predictive competencies in practice is possible through the development of the ability to anticipate, which is the mental mechanism underlying forecasting and goal setting. The role of anticipation as a component of reflexive and predictive competencies is considered, as well as methods of its development among information security specialists.Keywords:
information security, cybersecurity, anticipation, reflexive-prognostic competencies, mental regulation, vulnerabilityAnnotation:
The paper describes a business-logic and results of the stegoanalysis software, a stegoanalytical module based on the algorithms developed by the author for image steganalysis, which enables to detect embeddings even with low stego-payload (10–25 % of the total). The solution is aimed at improving the enterprise information security by detecting media files (images) containing embeddings and preventing unauthorized transfer of such files or viewing and extracting the received hidden message as well as preventing the installation of malware, the module of which is embedded in the image with the steganography. The software package works with embeddings by the Koch – Zhao method and LSB-replacement methods.Keywords:
steganalysis, steganographic analysis, stegocontainer analysis, LSB-insert detection, DCT-insert detection, Koch – Zhao methodAnnotation:
The article is devoted to the development of tools for evaluating intelligent information security management systems in enterprises. The proposed methodology is based on a combination of entropy approaches to assessing the quality of information and a priori assessment of competence in terms of balancing the efficiency and validity of decisions made. The proposed mathematical model can be used for a priori evaluation of information security decision support systems.Keywords:
competence, validity, intelligent system, communication, an aggregated modelAnnotation:
This paper presents a mathematical graph-based model for use in automated security analysis systems. The model allows to link information about the system obtained by a specialist in the process of security analysis with a set of attack scenarios in which it may be involved. Executing each scenario results in new portion of data, that describes some system component and contributes to the expansion of the attack graph.Keywords:
attack graph, graph-based model, security analysis, attack scenarios, heterogenic systems, security assessment, penetration testingAnnotation:
Security criteria for self-organizing cyber-physical systems are proposed, taking into account their specificity, which consists in the need to ensure correct functioning, even under conditions of destructive information impacts, and information security. The solution of the problem is complicated by the presence of both local goals of the system components capable of self-organization and the global goal of the entire system. The paper systematizes security threats for self-organizing cyber-physical systems taking into account their specifics. We propose three security criteria – graph and two entropy criteria, the combined use of which will allow us to detect attacking influences aimed at both disabling the system and obtaining the possibility of stealthy control of the system in accordance with the attacker's goals.Keywords:
cybersecurity, self-organizing systems, multi-agent system, intelligence, entropy, target functionAnnotation:
The article analyzes the problems of using of mobile devices when applying of the BYOD concept. An adapted methodology for assessing information security threats is proposed. In addition to the traditional approach of building a security system in the information system, a software tool for monitoring unauthorized access has been developed and tested.Keywords:
BYOD, mobile devices, corporate information system, information security, unauthorized accessAnnotation:
The article proposes a way to assess the effectiveness of selecting and distributing the goals of a group of unmanned aerial vehicles when they perform aerial photography tasks. Analytical expressions are obtained for resource intensity, performance and efficiency of task execution. Modeling and comparative assessment of the efficiency indicator for various options for the formation and target setting of a group of unmanned aerial vehicles was carried out.Keywords:
group of unmanned aerial vehicles, flight task, efficiency, comparative assessment, aerial photographyAnnotation:
Approaches to self-regulation of networks with adaptive network topology based on graph theory are presented. These approaches are limited to networks whose nodes do not change their position in space, such as peer-to-peer and heterogeneous sensor networks, as well as industrial networks using the example of Smart Grid smart energy consumption networks. A generalized objective function is described for each type of network, conditions for self-regulation are formulated, and the process of self-regulation is formally described.Keywords:
information security, self-regulation, graph theory, objective function, network with adaptive topologyAnnotation:
This work contains a description of the stage of practical management of information security risks of a web resource as a result of its use as a medium and communication channel for steganographic information exchange. The possibility of using steganography on public Internet resources as a tool for attackers to exchange illegal data and carry out computer attacks has been established based on available research results. As a result, the relevance of developing methods to counter the malicious use of steganographic algorithms has been proven. The paper examines threats to information security when using steganography methods in accordance with the FSTEC IS BDU. Based on these threats, the 4-level model of threats to a web resource from user data has been developed. It including the risks of violating the integrity, accessibility, confidentiality and provisions of 374-FL (amendments to 149-FL “On information, information technologies and information protection"). The 374-FL demonstrated the problem of the inaccessibility of data to check for malicious nature when it is exchanged covertly. Based on the developed model, a practical assessment of the risks of a web resource was carried out using the Microsoft Security Assessment Tool (MSAT), as well as their theoretical assessment matrices FRAP, CRAMM in order to demonstrate the features of using a specific approach in solving the problem of countering a new type of attack. As a result, the necessary measures and components of mitigation were calculated using mathematical programming methods in order to identify the minimum and most optimal quantitative composition of the components of protection against the malicious use of steganography. These measures and components consist of specialists, their competencies, as well as software tools necessary for high-quality protection of a web resource within the framework of the scientific problem under study: the use by an offender of information security technologies when carrying out illegal activities and the further development of counteraction and analysis tools coming to the web resource data.Keywords:
steganography, steganographic attacks, hidden data exchange, information security risk management, Internet, information security threats, FRAP, CRAMM, OCTAVEAnnotation:
The article considers the possibility of using EPC notations to build scenarios of information security (InfoSec) threats in the automated process control system (ICS). In accordance with regulatory and legal documents, if there is a scenario of an InfoSec threat, it is recognized as relevant to the information system and is included in the InfoSec threat model to justify the choice of measures and means of information protection. The methodology of building scenarios of threat realization in the form of EPC models is proposed. The construction of EPC models of attack scenarios on industrial network infrastructure components is based on the establishment of possible objects of impact taking into account the architecture of the ICS, identification of possible vulnerabilities of infrastructure components and means of protection on the way to the threat’s implementation, determination of possible tactics and techniques, threats, lists of which are presented in methodological documents. The results of the development of several scenario models of computer attacks on the enterprise infrastructure, including an attack over wireless channel of communication with the field level are presented.Keywords:
industrial control system ICS, EPC threat, scenario diagram, target of the threat, information security, tactics, techniques, information security threatsAnnotation:
There are presented development results of info-telecommunication instrumentarium for natural risk management while commercial use of autonomous vessels in the Arctic and Subarctic, including Northern Sea Route and higher latitudes. Toolkit was developed using Foresight technologies, the methods of database designing within online technologies. Research results have a high scientific novelty and can be used by various players, including educational organizations while formation of Master's programs. Online platform Researchgate was used for preliminary discussion and data exchange while research.Keywords:
infocommunication systems, natural risk management, autonomous vessels, ArcticAnnotation:
The article presents the results of the binary code analysis of the embedded software for hardware platforms based on processors with ARM architecture (trustlets) for the presence of potential hidden channels expressed in the form of potentially dangerous functional objects. The descriptive model of the trustlet has been developed based on the binary trustlet code analysis. The model allows to identify quantitative and qualitative indicators describing the presence of potentially dangerous functional objects in the trustlet code. These indicators allows to rank the trustlets according to the vulnerabilities criticality levels. It is advisable to use the ranking results for searching hidden channels in the embedded software carried out during certification tests of information security tools.Keywords:
trustlet, potentially dangerous functional object, vulnerabilities, ARMAnnotation:
This article highlights the most essential properties of software for searching for errors in it by the method of spot-based fuzzing. A generalized set-theoretic model of software is formulated, its invariant form is presented and its adequacy, universality and consistency are proved.Keywords:
information security, software, error detection, mathematical modelling, symbolic execution, fuzzingAnnotation:
The paper reviews the problem of protecting machine learning models from the security threat of violating data confidentiality, which implements membership inference in the training datasets. A method for protective noising of the training dataset is proposed. It has been experimentally shown that Gaussian noising of training dataset with scale of 0.2 is the simplest and most effective approach to protect machine learning models from the training data extraction. Compared to alternative techniques, the proposed method is easy to implement, universal for different types of target models, and allows reducing the effectiveness of attack by up to 26 % points.Keywords:
noising, machine learning, training set, membership inference, Gaussian noiseAnnotation:
The paper proposes machine-learning pipelines that allow to automatically generating relevant feature spaces for virus detectors, detect the presence of viral modifications in JS-files and scripts in real time, as well as interpret and visualize the machine solution obtained automatically. It is shown that the best quality metrics will be demonstrated by models of an abstract syntactic tree using binary classifiers based on ensembles of decision tree. The explanation, the solution automatically generated by the virus detector, is demonstrated.Keywords:
virus analysis, machine-learning models, features viral modification, decision trees ensembles, machine solution interpretationAnnotation:
The article is devoted to the study of the possibility of modernizing the information security management systems of industrial enterprises by applying modern optimization methods. In addition to discrete deterministic values of parameters that reflect the influence of various factors on information security, propose to take into account heterogeneous indicators specified numerically, interval, verbally and using parametric series. A model of implementation in the form of a program that allows you to make an informed choice of the best of the alternativesKeywords:
information security model, optimization, ranking, priority system, preference matrixAnnotation:
This paper examines the problem of ensuring information security in industrial Internet of Things systems. The study found that in order to comprehensively protect the information perimeter of an industrial enterprise from external and internal threats, in most cases information security event and incident management systems (SIEM systems) with customized rules for correlating events in the information infrastructure are used. At the same time, there is a need to create a mathematical apparatus that allows one to accurately and objectively assess the effectiveness of the SIEM system. As a result of the study, the problem of preventing information security incidents in industrial Internet of Things systems was formalized based on the developed mathematical model for managing information security events using a continuous-time Markov chain.Keywords:
mathematical model, industrial Internet of things, information security event management, Markov chains, SIEM systemAnnotation:
The processing of information sequences using segmentation of input data is proposed, aimed at improving the quality of detection of destructive influences using machine learning models. The basis of the proposed solution is the division of data into segments with different properties of the objects of observation. A method using a multi-level data processing architecture is described, where learning processes are implemented at various levels, the analysis of the achieved values of quality indicators and the assignment of the best models for quality indicators to individual data segments. The proposed method makes it possible to improve the quality indicators for detecting destructive information influences by segmenting and assigning models that have the best performance in individual segmentsKeywords:
information security, machine learning, data set, data sampling, data segmentation, processing modelsAnnotation:
Currently, it can be argued that in certain areas of information technology, there is a complete replacement of classical computer system user authentication systems based on passwords and tokens with biometric technologies. However, biometric systems are vulnerable to various types of security threats. For example, in them, unlike the same passwords and tokens, templates based on biometrics cannot be replaced in case of compromise. To solve this problem, new protection schemes have been developed. Conventionally, they can be divided into two groups: biometric cryptography and cancelable biometrics. Biometric cryptography methods show average values of errors of the first and second types; experimental work in this area is widely known. Cancelable biometrics can be highly reliable, but there is not much experimental data on them. This paper presents a comparative analysis of the reliability of existing methods. It is shown that among the static biometric parameters the greatest interest is the iris, and among the dynamic ones – the keyboard stroke. However, using these methods, like others, has its own difficulties and risksKeywords:
identification, authentication, biometrics, template, biometric cryptography, cancelable biometricsAnnotation:
The paper proposes the generative adversarial network approach to improve the robustness of the steganographic method against modern stegoanalyzers. The approach is based on the joint operation of generative adversarial network, pixel importance map and least significant bit replacement method. The results of experimental studies confirmed the effectiveness of the proposed approachKeywords:
generative adversarial networks, steganography, steganography method, steganalysis, machine learningAnnotation:
Tools development results for automating ship repair management processes are presented. It is indicated, that development of adequate and stable model and the choice of algorithms for its use are of key importance, their correctness is shownKeywords:
automation, management, ship repair, modelAnnotation:
This article is dedicated to studying the spreading of oil spills in the aquatic environment and developing a corresponding monitoring system using a group of unmanned aerial vehicles. To effectively control and prevent the spread of oil spills in water bodies, the process of comprehensive monitoring and forecasting needs to be automated. The foundation of such an automated system lies in mathematical models that enable the assessment of spill parameters, prediction of its trajectory, and determination of strategies to prevent and mitigate associated issues. The automation of monitoring and forecasting allows for continuous observation of the state of water resources and swift response to potential oil leaks. With the help of specialized sensors, unmanned aerial vehicles, and other technical means, it is possible to monitor changes in water conditions, detect the presence of oil spills, and determine their sizes. By possessing the ability to promptly respond to spills, the system ensures proper containment of leaks and minimization of negative environmental impact, as well as enables the development of strategies to prevent similar incidents in the futureKeywords:
oil spills, water environment, unmanned aerial vehicles, automation, monitoring system, forecasting, environmental protectionAnnotation:
A comparative analysis of methods for protecting reconfigurable wireless networks that implement topology re-building was carried out, which made it possible to determine the network game method as the most promising in solving the task of maintaining the network connectivity and functional integrity. Managing the network topology when using the basic network game method is characterized by overloading the channels of the control node and excessive sensitivity to changes in network connections. In this research, the basic method is extended with the criterion of the maximal possible path length, which allows reducing the number of network reconfigurations when there is a short route between nodes passing through existing connections. It is experimentally shown that the improved method provides protective online restructuring of a network with lower topology rebuilding costsKeywords:
wireless reconfigurable network, gaming approach, network game, reconfiguration, path length, functional integrityAnnotation:
The features of VANETs are considered. An approach to ensuring the information security of VANETs is proposed, the distinctive feature of which is the early detection of malicious activity of network nodes. To achieve early detection of malicious activity, the parameters of VANETs are presented as a time series, after which their future values are predicted and anomalies are searched by using machine learning methods. The proposed approach makes it possible to improve the safety of intelligent transport systemsKeywords:
information security, VANET, time series prediction, attacks preventionAnnotation:
It is known that the rapid development of technological computer networks and SCADA systems has necessarily accelerated the process of integration between these networks and global Internet networks. As a result, the solution of many issues of technological and production processes has been simplified and opportunities have been created for remote control of the enterprise staff and operational staff. However, this situation has also created new threats previously non-existent to the above-mentioned monitoring, diagnostic and management systems. Targeted attacks are organized by specific specialized groups, hackers and, in some cases, government agencies on the Internet for specific industrial enterprises. Those who organize cyber attacks on technological process control systems, over time, improve their methods and tools, increase their professional level. They carefully study the objects they will attack and identify vulnerabilities in the software of the object management systems. Developed set of technical means is based on the application of STM32F4XX type controllers and LPT ports of computers. The article provides connection diagrams and assembly methods of technical means. These technical means and the exchange protocols created can act as a bridge between the global Internet and technological corporate computer networks. The article presents simple algorithms of protocols and working program fragments. Fragments of the program are given in the C programming language and in the DELPHI programming system. The developed software acts as a filter bridge between the global Internet and TKKŞ. Data exchange between these two networks is carried out by creating non-standard protocols using STM32F4XX controllers and LPT portsKeywords:
Internet attacks, technological computer networks, telemechanical systems, malware, random attacks, STM32F4XX controller, LPT portAnnotation:
With the development of Web3 technologies, the third generation of the Internet has become one of the most promising areas. It involves the use of decentralized, transparent and user-oriented applications. However, many Web3 projects do not pay due attention to security, which can lead to serious consequences. Even a small error in the code can make the system vulnerable, opening access to intruders. Because of this, the industry faces frequent security breaches that threaten users and undermine trust in new technologies. One of the main problems of Web3 is the management of private keys. This is a critical aspect of security, which is directly related to the protection of digital assets and personal information of users. The risk of loss or theft of the private key can lead to irreparable consequences, since in case of loss there is no way to restore or reset the key. This article discusses various ways to store the private key of a cryptographic wallet to ensure security. For example, a key can be divided into parts and stored encrypted on hardware media, or the whole encrypted key can be stored on secure media. Quantitative data were calculated using Shamir’s scheme.Keywords:
key management, encryption, secret sharing, cryptography, distributed storage systemAnnotation:
The paper proposes a method of searching for errors in software based on “in-memory” code phasing. Within the framework of the method, special fragments called “points” are selected in the software code, and these “points” are subjected to phasing testing in isolation from the rest of the program code. A practical example of using the method is presented, as a result of which a memory corruption error was detected in the codeKeywords:
information security, software, error detection, mathematical modelling, symbolic execution, fuzzingAnnotation:
The development of operating systems built on the basis of the Linux kernel contributes to the wider use of Linux distributions as the basis of system software in information systems for various purposes, incl. being objects of critical information infrastructure. The goal of the work is to analyze the available approaches and tools for fuzzing system calls of the Linux kernel, as well as experimental fuzzing testing of some current versions of the kernel, aimed at increasing the overall security of the Linux kernel. Theoretical analysis was used to evaluate and compare existing types of Linux kernel-level vulnerabilities, as well as approaches to kernel fuzzing. An empirical research method was also used, which involved identifying defects and vulnerabilities in a certain configuration of the Linux kernel using fuzzing testing Analyzed critical vulnerabilities at the kernel level, approaches to fuzzing, including system calls, and an experimental study was conducted using the syzkaller fuzzer, which identified defects and vulnerabilities in the Linux kernel versions 4.9 and 5.4, incl. memory use-after-free vulnerability. This area of research requires further development in order to detect new vulnerabilities in current kernel versionsKeywords:
operating system kernel, security threats, vulnerabilities, fuzzing, attack surface, syzkallerAnnotation:
The paper addresses the problem of 3D-representations and automatic synthesis of gas turbine blades shapes. First, we implemented a parametric method of descriptor-based representation using Bernstein polynomials and generalized it to produce controllable 3D-shapes. Then, we proposed a method of automatic synthesis of 3D-shapes based on the use of generative ML models for aerodynamic profiles. This method helps to reduce the number of geometric design variables used in the optimization of the aerodynamic shape of blades. Moreover, it enables automatic synthesis of 3D-shapes with representation independent of shapes level of detail. Its implementation is based on generative-adversarial network BézierGAN and makes it possible to produce arbitrary sized datasets of 3D blades having aerodynamic shapes. Finally, by interpreting and visualizing the generator’s latent space, we observed the subset of latent variables that has the most importance for rapid prototyping of gas turbine bladesKeywords:
gas turbine blade, dataset, 3D object representation, machine learning, generative-adversarial network, Bézier curves, Bernstein polynomialsAnnotation:
This paper describes a study of the problem of generalizing multimodal data in the detection of artificially synthesized audio files. As a solution to the stated problem, a method is proposed which combines simultaneous analysis of audio file characteristics with its semantic component presented in the form of text. The approach is based on graph neural networks and algorithmic approaches involving the analysis of keywords and text sentiment. The conducted experimental studies confirmed the validity and efficiency of the proposed approachKeywords:
deepfake, graph neural networks, artificially synthesized audio file, text analysisAnnotation:
This paper analyzes the security of the common distributed consensus algorithms used in smart city distributed ledgers. There is proposed a concept of smart city distributed ledgers protection, which applies a hybrid distributed consensus protocol based on the joint use of the tangle class algorithm and the proof-of-authority class algorithm, protected by trusted computing and remote attestation technologies. The proposed protocol compensates for the weaknesses and vulnerabilities of the conventional distributed consensus algorithms that are inherent in distributed ledger technology and hinder its widespread use in large-scale smart city systemsKeywords:
smart city, distributed ledger technology, security, distributed consensus algorithmAnnotation:
This article presents a formal formulation of the problem of modifying executable code during execution based on morphing used in computer animation. In the course of the research, the need for developing a morphing method for software was substantiated, and the basic principles used in computer animation were adapted for the field of cybersecurity, and vectors for further research in this direction were determined. The results obtained during the adaptation should be used in the design and implementation of the morphing method for executable codeKeywords:
cybersecurity, executable file protection, binary morphing, protection against ROP chainsAnnotation:
This paper is devoted to an approach to countering network attacks based on network reconfiguration to exclude the possibility of successful completion of the attack. To implement the approach, it is proposed to use the mechanism of recommender systems that provides both generation of possible network topologies and their ranking. The proposed intelligent recommender system is based on a reinforcement learning algorithm based on the actor – critic model. Experimental studies have confirmed the effectiveness of the developed systemKeywords:
reinforcement learning, DDoS, network attack, recommender systemAnnotation:
The paper analyzes the syntactic and semantic characteristics used to identify the similarity of binary code fragments, presents the results of analysis on the effectiveness of decompilation techniques and methods for syntactic similarity detection in the context of code clone detection task. Method for searching the code clones is proposed, which includes analyzing both semantic and syntactic features of the binary code snippets. The results of a comparative analysis of the effectiveness of the proposed method are presentedKeywords:
syntactic similarity, semantic similarity, pseudocode, binary code search, code reusageAnnotation:
The current trend of increasing labor productivity and efficien-cy of business processes entails optimization of software development pro-cesses through the use of generative artificial intelligence models trained on various code bases and manual copying of code fragments. Taking into ac-count the growing number of reported vulnerabilities, methods for detecting clones of program code are needed. In this paper, we propose a method for evaluating the similarity of fragments of the program code of binary executable files, which is based on the representation of the code in the form of an FA-AAST tree and the apparatus of graph neural networks. The results obtained during testing on open and closed source software demonstrate the correctness of the proposed method and higher accuracy in comparison with considered solutionsKeywords:
code clone, AST, FA-AAST, graph neural network, cyberse-curityAnnotation:
The main mathematical mechanism chosen by NIST (National Institute of Standards and Technology) for standardization is the lattice, while the hash function mechanism is an alternative. Unlike isogenies of elliptic curves, these mechanisms use a larger size of both public keys and signatures. Using the example of aggregate signature protocol based on isogenies of elliptic curves, we will show how the masking method can be used to prevent the main attack on this mechanism, while obtaining a smaller signature size. Post-quantum cryptography, aggregate signature, isogeniesKeywords:
post-quantum cryptography, multiple signature, isogenyAnnotation:
The paper presents a survey of existing software security analysis method and their ability to detect vulnerabilities caused by errors in several software components implemented in different programming languages. A set of three generalized code graph representations is proposed for implementation of software security analysis methods with consideration for interaction between components written in different programming languages. A software security analysis system architecture and a prototype of a system that uses proposed generalized code graph representation was developed. The prototype supports analysis of software components written in PHP, C and .NET based programming languagesKeywords:
software vulnerabilities detection, logical vulnerabilities, static code analysis, graph theory, multicomponent software analysisAnnotation:
The paper is devoted to the implementation of intelligent synthesis of cyber-resistant structures. We propose methods that implement the synthesis both at the stage of building a network structure and at the stage of its recovery when an attack or failure occurs. Experimental results confirming the effectiveness of the proposed methods are presented. The architecture of the system for recognizing cyber threats and intelligent synthesis of cyber-resilient network structures is described.Keywords:
functional isomorphism, target function, synthesis, critical nodesAnnotation:
The concept of cyber resilience of complex systems is largely determined by the ability of their network structures to be rebuilt in such a way as to neutralize the impact of an attack already implemented on the system or to make its successful implementation impossible when detected at an early stage. It is proposed to solve the problem of synthesis to ensure cyber resilience of network structures both at the stage of system design (synthesis "from scratch") and at the stage of their operation (synthesis-restructuring). The paper presents modeling of the impact of massive and targeted attacks on the system, considers the constraints on synthesis, and formulates synthesis criteria in terms of graph theory. The obtained theoretical results are the basis for practical construction of cyber-resistant network structures and their rebuilding under attackKeywords:
cyber resilience, target function, synthesis, graph stability, graph integrityAnnotation:
The paper presents a review of software tools for information securi-ty that use hardware virtualization technology on the ARM architecture. For each tool considered, a brief description is provided, along with its advantages and disadvantages. The results of a comparative analysis of the reviewed tools are presented, highlighting the research directions in the field that require the most attentionKeywords:
information security, software, virtualization, hypervisor, ARMAnnotation:
The features of ad-hoc network scanning have been studied and methods for its detection have been analyzed. A modification of the hybrid method for detecting scanning from the Internet has been proposed, along with methods for identifying decoy scanning and creating blacklists of subnets to prevent further scanning. The proposed protection methods have been compared with existing counterpartsKeywords:
information security, ad-hoc networks, network scanningAnnotation:
This article proposes a classification of attributes of cybersecurity threats. A statistical study of the descriptive power of an open and closed threat dataset is presented. An expert study of an advanced persistent threat was also conducted using open reports as an example. The completeness of the threat description, as well as the ability of modern tools and protocols to describe such a threat, are assessed. The main conclusion is that current approaches to describing cybersecurity threats have shortcomings that prevent the most effective use of such information in operational activitiesKeywords:
cybersecurity threats, "pyramid of pain", tactics, techniques and procedures, threat description protocolsAnnotation:
Ensuring consistent access control is one of the key security challenges in heterogeneous Big Data systems. The problem is presented by the large number of data processing tools, information sources and users; heterogeneity of security models; complexity of granular access rules. Analyzing the time factor in this case will improve the consistency and reliability of access differentiation. The aim of the work is to select a methodology and tools for the implementation of temporal logic in the verification processes of access control of Big Data systems. The paper analyzes types of temporal logic and verification methods based on TLA (temporal logic of actions). We propose the use of TAL+ to solve this problem and give an example of the corresponding specificationKeywords:
information security, Big Data, heterogeneous data processing systems, access control, verification, temporal logic, TLA+Annotation:
The paper proposes a methodology of searching for errors and undeclared capabilities in software, which is based on: a graph model of software operation, a method of estimating the achievability of basic software blocks, a mechanism of general simulations and a method of point fuzzing which is using this mechanismKeywords:
information security, software, error detection, methodology, symbolic execution, fuzzingAnnotation:
The paper proposes a method of CAPTCHA generation using adversarial attacks with respect to the image recognition model. The advantages of this method are determined based on comparative analysis of statistical data obtained as a result of the study. The developed method allows increasing the efficiency of counteraction against automatic bypassing of CAPTCHA services due to the use of insecurity of neural network models from malicious influenceKeywords:
adversarial attacks, text recognition, denial of service, CAPTCHA services, machine learning, PythonAnnotation:
The paper examines the performance indicators of automatic machine learning platforms when they function in standard and confidential modes using the example of a nonlinear multidimensional regression. A general protocol of distributed machine learning trusted in the sense of security is proposed. It is shown that within the framework of confidential virtualization, when optimizing the architecture of machine learning pipelines and hyperparameters, the best quality indicators of generated pipelines for multidimensional regressors and speed characteristics are demonstrated by solutions based on Auto Sklearn compared with Azure AutoML, which is explained by different learning strategies. The results of the experiments are presentedKeywords:
automatic machine learning, confidential computing, confidential virtual machines, optimization of the architecture of the machine-learning model, hyperparametersAnnotation:
The most vulnerable nodes of any information system are those that depend on the human factor. Such nodes, for example, include user electronic computers (PCs), which are susceptible to attacks using malicious software (malware). Modern malware detection tools can effectively identify known instances, but their effectiveness for zero-day threats is at a suboptimal level. One of the potential ways to identify malware is a method based on behavioral analysis and analysis of their activity on a personal computer, but its creation requires systematization of known information about the activity of various types of malwares. This scientific work systematizes malicious software to determine the types of activity they exhibit to use the resulting system to create a method for identifying malware based on behavioral analysisKeywords:
information security, malicious software, systematization, malware activityAnnotation:
This article describes an approach to creating target characters based on LLM agents. Agents use personal memory to access biographical and personal data assigned to them. In order to increase the integrity of the characters being created, a short life biography is generated based on the initial target data, corresponding to the original set and enriching the reactions of the agents. The personal traits inherited by agents are formulated on the basis of descriptive information of MBTI types, and the paper presents a study of the correspondence of characters to their target personality typeKeywords:
LLM, social simulation, personalization, social modeling, cyberpsychologyAnnotation:
This paper presents the main probability-theoretic models describing a wide class of physical random number generators and allowing us to propose general approaches to their synthesis and analysisKeywords:
physical random number generator, stochastic process, scheme of instantaneous value, scheme of intervals, scheme of excursion, optimal interpolation problemAnnotation:
The article proposes a new approach to the application of the well-known method of indicator functions, which used to simulate the detection and neutralization of suspicious information objects in the information environment of an industrial enterprise, as well as to simulate a security system during operation. Formula dependencies are given for calculation of stochastic indicators, allowing some objective estimates of values of time parameters and their impact on safe functioning of information systemsKeywords:
indicator function, information security, information system, neutralization, identification of the objectAnnotation:
Mathematical models of information system defense against information security threats are proposed based on the classical model of the struggle between two adversaries – the Lanchester model. Using the method of constructing systems of differential equations with a given set of invariants – first integrals, a deterministic model with invariant control and a stochastic model with Viner perturbations and a model with software control with probability 1 have been constructed. The behavior of the systems has been evaluated by means of mathematical modeling in MathCad. Behavior of the constructed models depending on initial conditions is considered. The existence of the stochastic model of information system protection against information security threats protected with probability 1 is establishedKeywords:
mathematical model, Lanchester model, information security, deterministic model of information protection, stochastic model of information protection, invariant control, program control with probability 1Annotation:
The article deals with the task of the security assessing of big data systems. The authors define the main features of big data systems as an object of security assessment and analyze the known methods of assessment, including methodologies for assessing the security of information systems. Based on the results obtained, a new method of assessment is proposed, taking into account such factors as the state of the access control system in the considered heterogeneous systems and the number of privileged users. A mathematical formalization of the assessment is proposed, the main stages of its implementation are described, and a test case is presentedKeywords:
information security, Big Data, heterogeneous data processing systems, security assessmentAnnotation:
The current task of obtaining evidentiary information as a direction for the development of digital forensics is considered. The procedure for collecting evidentiary information from computer storage devices is given, including the basic requirements for collecting evidence, its safety and ensuring integrity. An overview of methods for obtaining evidentiary information from a computer is given, among which an accessible and effective method is highlighted using Open Source software to form a snapshot of RAM. The results of an experiment to study the possibility of obtaining and analyzing a snapshot of a computer’s RAM using Open Source tools are presented and approximate information is determined that can be obtained when using them in the interests of computer technical expertiseKeywords:
digital forensics, evidentiary information obtained from a computer, the procedure for collecting evidentiary information, methods for obtaining evidentiary information, an experiment on obtaining evidentiary information from a computerAnnotation:
The article discusses the application of the distributed ledger technology to secure information systems of the smart city. The authors identified the limitations of existing solutions in this area and considered the main directions for the development of distributed ledger technology, ensuring successful integration into the smart city ecosystemKeywords:
smart city, internet of things, distributed ledger technology, information securityAnnotation:
In the interests of sound planning for the modernization of information security systems, approaches to constructing methods for assessing the possibility of developing and introducing within the planned time frame innovations necessary for the timely detection, prevention and elimination of the consequences of information security threats are considered. As an indicator for assessing this possibility, it is proposed to use the probability of modernizing the information security system over a certain specified period of time. To quantify this indicator, approaches based on a generalization of Chebyshev’s inequality and the principle of stochastic dominance are proposedKeywords:
information security system, modernization planning, assessing the likelihood of meeting the deadlines for introducing innovationsAnnotation:
The paper evaluates the effectiveness of a group of unmanned aerial vehicles in performing aerial photography tasks in solving heterogeneous tasks and various payload variants. The modeling of options for equipping the elements of the group when performing various tasks is carried out. The integral indicator is defined as a combination of particular performance indicators, efficiency and resource intensity. The relationship between task options and payload options has been established. Numerical modeling of combinations of group equipment options and task options is carried outKeywords:
efficiency, resource intensity, integral indicator, group of unmanned aerial vehicles, flight task, efficiency, comparative assessment, aerial photographyAnnotation:
An approach to investigating the states of complex industrial networks with adaptive topology using network motifs – statistically significant subgraphs of a larger graph – is proposed. The analysis presented addresses the ability of network motifs to characterize system performance and the possibility of their application to short-, medium-, and long-term prediction of system states. Using the Smart Grid network structure as an example, a directed graph is modeled, in which the most common motifs are searched, several attack scenarios on network nodes are simulated and a network state prediction is built. The results of experimental studies confirmed the correctness and validity of the application of this mathematical apparatus for the set tasksKeywords:
dynamic graph, network motive, target function, network with adaptive topology, forecasting