The study of statistical characteristics of network traffic allows us to detect its fractal features and estimate how the fractal dimension changes under cyber attacks (CA). These studies highlight the relationship between attacks and dynamic changes in the fractal dimension, which allows us to better understand how attacks affect the structure and behavior of network traffic. Such understanding is critical for developing effective methods for monitoring and protecting networks from potential threats. These observations justify the use of fractal analysis methods, including discrete wavelet analysis, for detecting CA. In particular, it is possible to monitor the fractal dimension of telecommunication traffic in real time with tracking its changes. However, the choice of the most appropriate mother wavelet for multiresolution analysis remains an insufficiently studied aspect. The article evaluates the influence of the choice of the mother wavelet type on the estimate of the Hurst exponent and the reliability of CA detection. The following types of mother wavelets are considered: Haar, Daubechies, Simlet, Meyer and Coiflet. The study included an experimental evaluation of the Hurst exponent on a data set that includes a SYN flood attack and normal network traffic. It was shown that the minimum spread of the Hurst exponent estimate for traffic with SYN flood attacks is achieved when using the Meyer mother wavelet with an analysis window of more than 10,000 samples and the Haar wavelets with an analysis window of less than 10,000 samples.
Keywords: mother wavelet, computer attack, network traffic, Hurst exponent, wavelet analysis, fractal dimension
The purpose of this work is to analyze the concept of the threat of ransomware, methods of their detection, as well as to consider methods of intelligent analysis in solving the problem of detection, which are a popular tool among researchers of ransomware and malicious software (malware) in general. Data mining helps to improve the accuracy and speed up the malware detection process by processing large amounts of information. Specialists can identify new, previously unknown malware. And with the help of generative adversarial networks, zero-day malware can be detected. Despite the fact that a direct and objective comparison of all the studies presented in the work is impossible, due to different data sets, it can be assumed that using the architecture of generative-adversarial networks is the most promising way to solve the problem of detection.
Keywords: malware, ransomware, intelligent analysis, machine learning, neural network, generative adversarial network
the article considers the development trends of the high-tech industry of quantum communications. The most popular topologies of quantum communication networks are described, including those with trusted intermediate nodes. The methods of interaction between nodes of the backbone quantum-cryptographic network are given and the main methods of ensuring secure transmission in such networks are presented. A simplified scheme for distributing a quantum secret key between the end segments of the backbone telecommunication network using trusted intermediate nodes is considered. Possible data leakage channels in the general structure of quantum-cryptographic networks are described.
Keywords: quantum communications, quantum key, network topologies, trusted nodes
The use of electronic signatures has recently become widespread and has become an integral part of most business processes. The electronic signature management tools offered by the cryptography vendor are not always able to satisfy all the requests of organizations. In this paper we consider an approach aimed at solving most of the problems of electronic signature management. The essence of the method consists in the combined use of both libraries of the cryptography tools developer and the capabilities of highly specialized libraries for working with cryptography and documents.
Keywords: software, electronic signature management, stamp, electronic signature visualization, information protection
An integrated information security system combining dynamism and efficiency is proposed, and a quantitative assessment of this system is presented. The study is aimed at identifying all potential switching routes of maximum length between unique states, taking into account potential difficulties that may arise when implementing a recomposition information security system. The main tool for analyzing and modeling various transition configurations in the system under study is the apparatus of graph theory. Within the framework of the proposed approach, each subsystem includes several independent options or components, and at any given time only one of these options functions. An important aspect is both the interaction between the subsystems and the ability to switch components within one subsystem. For a visual understanding of the proposed approach, an example is given that illustrates the basic principles and mechanisms of the developed system.
Keywords: information security system, state graph, DLP system, IPS/IDS system
Currently, one of the most extensive issues in the field of information security is the organization of user access control to information infrastructure objects. Taking into account the volume of corporate information resources, as well as the number of users requesting access, there is a need to automate the access approval process taking into account possible risks. In this case, the most optimal solution to this problem is the use of fuzzy logic. The article analyzes the process of providing access to the information infrastructure using a fuzzy classifier and develops a conceptual model of the fuzzy classifier algorithm for incoming requests for access in order to automate the process and minimize information security risks associated with possible destructive actions aimed at the confidentiality, integrity and availability of the information infrastructure.
Keywords: neural network, machine learning, information security, cybersecurity, properties and structure of a neural network, mathematical model, threats and information vulnerabilities
Nowadays, the Internet has become an integral part of our lives, providing access to a huge amount of information and services. However, along with this, the number of destructive Internet resources that can harm users, especially children and adolescents, is growing. In this regard, there is a need to create an effective system for regulating access to such resources. The article presents an expert system for regulating access to destructive Internet resources, developed on the basis of modern technologies and methods of artificial intelligence. The system allows to automatically detect and block access to resources containing malicious content, as well as provides an opportunity for manual configuration and access control. The article describes the main components of the system and presents images demonstrating the work of the system for blocking access to destructive resources. The article will be useful for specialists in the field of information security, artificial intelligence and protection of children from malicious content on the Internet.
Keywords: destructive content, expert system, information security, Internet resources, SpaCy, Keras, RNN, LSTM, PyQt5, vectorization
The article solves the problem of automated generation of user roles using machine learning methods. To solve the problem, cluster data analysis methods implemented in Python in the Google Colab development environment are used. Based on the results obtained, a method for generating user roles was developed and tested, which allows reducing the time for generating a role-based access control model.
Keywords: machine learning, role-based access control model, clustering, k-means method, hierarchical clustering, DBSCAN method
The work analyzes existing approaches to forecasting contract execution, including traditional statistical models and modern methods based on machine learning. A comparative analysis of various machine learning algorithms, such as logistic regression, decision trees, random forest and neural networks, was carried out to identify the most effective forecasting models.An extensive database of information on government contracts was used as initial data, including information about contractors, contract terms, deadlines and other significant factors. A prototype of an intelligent forecasting system was developed, testing was carried out on real data, as well as an assessment of the accuracy and reliability of the resulting forecasts. The results of the study show that the use of machine learning methods can significantly improve the quality of forecasting the execution of government contracts compared to traditional approaches
Keywords: intelligent system, mathematical modeling, government procurement, government contracts, software package, forecasting, machine learning
One of the most pressing tasks in ensuring data protection in information systems is the classification and ranking of threat sources. All threat sources have varying degrees of danger to information system assets. Ranking allows you to prioritize when designing an information security system and allocate greater resources to prevent the most pressing and significant threats. This article discusses an algorithm for ranking threats based on the hierarchy analysis method.
Keywords: data protection, information technology, hierarchy process analysis, systems analysis, information systems, information security
This paper is devoted to the quantitative assessment of the information security system. The authors propose to build a system that combines components with the properties of dynamism and protection efficiency. The proposed information security system includes two types of antivirus components, three data leakage prevention systems, and four intrusion detection and prevention systems. For clarity, the article provides a theoretical and graphical interpretation of the information security system. Each possible path in the system represents its state. It is shown that adding new components or subsystems leads to an increase in all possible states of the system, complicating the analysis by an intruder. Within the framework of this multi-component approach, each element of the system interacts with others, which helps to achieve the optimal level of efficiency in ensuring information security. In addition, the proposed approach is characterized by scalability, which ensures seamless integration of both individual components and subsystems as a whole.
Keywords: recomposition, information security system, DLP system, IPS/IDS system
The article analyzes the current threats and vulnerabilities of web applications. Based on the analysis, approaches to protection and recommendations for ensuring the security of web applications are proposed, taking into account current challenges and problems. The article may be useful for information security specialists, software developers and heads of organizations interested in the security of web applications being developed or used.
Keywords: cyber threat, cyber attack, exploitation of web vulnerabilities, web application
The article analyzes the features of the protection of modern cloud systems and the distribution of responsibility between the interacting parties, and offers recommendations for improving the security of cloud resources. Based on the analysis, comprehensive protection measures and recommendations for improving the security of cloud resources are proposed, which can be useful to information security specialists and IT specialists to understand the features of protecting cloud systems, as well as in choosing a cloud provider and preparing for the transition to the cloud.
Keywords: cloud computing, cloud provider, shared responsibility model, cloud resource security
In the article, the authors propose an approach that allows assessing the relevance of using indicators of compromise for a particular industry. The current problems associated with the redundancy of indicators of compromise and the low level of trust in their sources are highlighted. An approach is proposed that allows quantifying the relationship between indicators and the source, as well as scoring sources.
Keywords: compromise indicator, feed of the compromise indicator, rating of feeds
This article considers the issues of guaranteed deletion of information on solid-state drives. A review of the requirements of the domestic regulatory framework in terms of formulating the requirements for guaranteed deletion of information is carried out. The analysis of domestic and foreign standards and methods of guaranteed deletion of information are carried out. The features of solid-state drives and the applicability of domestic and foreign standards of sanitizing data for such drives are also considered. The problem of guaranteed deletion of individual files on solid-state drives without the possibility of recovery is indicated. Key problems that arise during guaranteed deletion of individual files on a solid-state drive without taking it out of service are highlighted. Conclusions about the impossibility of effective implementation of guaranteed deletion of individual files on solid-state drives in the process of using the drive, without taking it out of service, are made.
Keywords: data recovery, solid state drive, wear leveling, garbage collection, guaranteed data destruction
Protecting the endpoints of an information system from cyber attacks determines the search and development of methods for detecting such attacks using artificial intelligence. The dynamics of the increase in the number of information threats of various types leads to the need to use machine learning methods to classify the functioning of automated control systems, including computing processes in automated control systems. The purpose of the study is to classify the computational processes of the created database for detecting illegitimate processes, taking into account minimizing the number of process parameters to achieve acceptable detection quality. Methods: as a mathematical tool, it is proposed to use a model trained on the created dataset and a correlation matrix based on Pearson coefficients to determine a group of parameters of computational processes. Results: an analysis of the data set based on Pearson correlation coefficients was carried out, which allows minimizing the number of parameters of the input data of the model. It is proposed to use the random forest method for the functioning of the model in solving the binary classification problem of detecting illegitimate computing processes in the automated control system. The effectiveness of the proposed model is evaluated by classification metrics: Precision, Recall, The developed model was tested at fixed volumes, training and testing samples. The work of the model was evaluated using the ROC curve and the PR curve.
Keywords: machine learning, binary classification, computational processes, database, data processing, model testing
In this paper, we present the implementation of a neural network approach to solving the problem of handwritten signature recognition. We analyzed the main approaches to handwritten signature recognition. We identified the features of using a handwritten signature as an identification method, including the variability of a handwritten signature and the possibility of forgery. We identified the relevance of using neural networks to solve the signature recognition problem. We developed a neural network model for recognizing handwritten signatures, presented its architecture containing convolutional and fully connected layers, and trained the neural network model based on handwritten signatures "Handwritten Signatures" containing 2263 signature samples. The accuracy of the developed model was 92% on the test sample. We developed a web application "Recognition of a static handwritten signature" based on the developed neural network model on the Amvera cloud hosting. The web application allows identifying users based on a handwritten signature sample.
Keywords: handwritten signature, neural networks, signature recognition, image processing, machine learning, web application, cloud hosting, identification, verification, artificial intelligence
The problem of personality recognition by voice using adaptive Kalman filter is considered. The extracted features of the acoustic signal are used as features of biometric authentication person. A comparative table of speaker separation errors and evaluation speaker separation system using Kalman filter is presented.
Keywords: biometric authentication, voice, neural network compilation, adaptive Kalman filter
Security vulnerabilities are always a burning issue that website administrators spend a lot of time on researching in order to keep the website running securely. These vulnerabilities allow hackers to exploit, attack, infiltrate and influence the data of any company's websites. For stable, smooth and secure website operation, it is necessary to know the basic information about website security vulnerabilities. This article analyses the methods of detecting website vulnerabilities and applying effective measures to ensure website security. The article provides current challenges in the field of information security, describes methods of vulnerability detection and gives recommendations for the application of specific measures to secure websites.
Keywords: website security, vulnerability, information security, code, software, security vulnerability scanning
The general characteristics of the innovative RAID-60 data storage system, which combines the best aspects of RAID-6 and RAID-0E technologies, as well as the reliability model of this data storage sys-tem, are presented. The main purpose of this connection is to provide outstanding performance with maximum data redundancy. The arti-cle discusses in detail the structural analysis, advantages and various scenarios for the use of the specified RAID-60 data storage system and the proposed model of its reliability. An important aspect is also the comparison of the RAID-60 system with other widespread vari-ants of data storage systems, such as RAID-0, RAID-1 and RAID-5, as well as with the reliability models of these systems. Particular at-tention is paid to the formula that allows you to calculate the average operating time to failure of a disk array. Also, for completeness of the analysis, attention is paid to plotting the probability of a RAID-60 failure (P(t)) over time (t). This graph is an important tool for visu-alizing the dynamics of reliability of data storage systems.
Keywords: RAID-60, reliability, disk array, data redundancy, manufacturer, parity blocks, data storage
The paper methodologically shows the identity of the mathematical problem of graph path searching with the technical problem of searching for various defects in software, in particular, bugs and undocumented features. The graph model of software functioning, which became the basis for the presented methodology, is briefly described. New research directions based on graph theory problems, which have not been previously used to search for defects in software, are stated.
Keywords: graph model, software, graph pathfinding, breadth-first search, meet-in-the-middle method, malicious software
The result of the research is a method of complex biometric authentication. The method is implemented in the form of a software complex consisting of a subsystem biometric authentication by face image and a subsystem biometric authentication by voice. The training sample consisting of stored files biometric images (facial images and audio recordings) allows to reduce the error rates of the first and second kind in user recognition. The proposed method of biometric authentication is designed to improve the efficiency user recognition processes.
Keywords: authentication, biometrics, neural network architecture, training sampling
The application of orthogonal matrices in information processing and transformation systems is considered. A method is proposed for assessing the results of protective masking of audio information using Walsh-structured quasi-orthogonal Mersenne matrices.
Keywords: orthogonal matrix, message masking, masking/unmasking algorithm, amplitude-frequency response, white noise, root mean square error, signal-to-noise ratio
The problem of vulnerabilities in the Robot Operating System (ROS) operating system when implementing a multi-agent system based on the Turtlebot3 robot is considered. ROS provides powerful tools for communication and data exchange between various components of the system. However, when exchanging data between Turtlebot3 robots, vulnerabilities may arise that can be used by attackers for unauthorized access or attacks on the system. One of the possible vulnerabilities is the interception and substitution of data between robots. An attacker can intercept the data, change it and resend it, which can lead to unpredictable consequences. Another possible vulnerability is unauthorized access to the commands and control of Turtlebot3 robots, which can lead to loss of control over the system. To solve these vulnerabilities, methods of protection against possible security threats arising during the operation of these systems have been developed and presented.
Keywords: Robotic operating system (ROS), multi-agent system, system packages, encryption, SSL, TLS, authentication and authorization system, communication channel, access restriction, threat analysis, Turtlebot3
The paper discusses a stegoalgorithm with localization of the embedding area in the YCbCr color space to protect images of a license plate, a vehicle from different angles, a traffic event, as well as issues of developing a software system that implements the stegoalgorithm. Image protection allows you to effectively implement the concept of multimodal interaction of socio-cyberphysical systems in an automotive self-organizing network. Evaluations of the effectiveness of the developed method are provided.
Keywords: VANET, intelligent transport networks, city traffic management system, steganography, information security, watermark