Reference:
Derendyaev D.A., Gatchin Y.A., Bezrukov V.A..
Determining the influence of the human factor on the main characteristics of security threats.
// Cybernetics and programming.
2019. № 3.
P. 38-42.
DOI: 10.25136/2644-5522.2019.3.19672 URL: https://en.nbpublish.com/library_read_article.php?id=19672
Abstract:
The human factor is considered in the work from the point of view of threat of influence on information security problems. A review of the expert assessment of security threats over different years showed that the growing influence of the human factor is increasing all the time. The article outlines a number of security threats that are most affected by the human factor, which occupy leading positions in general statistics. The method of calculating the influence of the human factor on the main characteristics of information security threats is given: probability and criticality. The study was based on work with the probability of occurrence and criticality of unrelated threats to information security with the presence of the human factor. The paper reviews the expert assessment of information security threats, which consisted in identifying the most likely and critical threats to information security with the presence of a human factor. The above method of calculating the impact of the human factor on information security threats helps to understand how critical the impact of the human factor is, to clearly distinguish its influence and to trace the level of its impact, which is absent in most modern threat assessment methods due to the consideration of information security threats in general, without taking into account one or another factor .
Keywords:
human factor, probability of threat, calculation method, criticality of the threat, impact coefficient, Information Security, expert review, security threats, protection of information, single factor effect
Reference:
Lyapustin A., Kolesnikova S., Mel'nik D..
The model of protection of multilevel communications
// Cybernetics and programming.
2018. № 3.
P. 87-98.
DOI: 10.25136/2644-5522.2018.3.26566 URL: https://en.nbpublish.com/library_read_article.php?id=26566
Abstract:
The work is devoted to the urgent problem of ensuring the security of heterogeneous information platforms, using the system of electronic support of on-line communications processes in a medical institution - e-health online communications. The authors pay special attention to such important aspects of the topic as: the security of heterogeneous information platforms, the model for the protection of heterogeneous information platforms, the classification of communications and the protection mechanisms of MMK. The tendencies for the development of new distributed safety models are considered. This article presents a model of multi-level communications. A classification of communications and protection mechanisms for each level with different security levels using cryptography protocols is proposed. Security flexibility can be provided to health organizations using a variety of key size combinations to protect data and channels. At each level, different levels of security can be provided depending on the sensitivity of the data. Thus, we came to the MMK model as a solution to the problem of communication in e-health and other large organizations with a distributed network of computer communications.
Keywords:
protection mechanisms, heterogeneous information platforms, multilevel communications, intelligent protection system, threat detection, information security, analysis systems, detection algorithms, electronic communications, data protection
Reference:
Borodin A.V..
The linear congruent sequences of the maximum period in programs obfuscation
// Cybernetics and programming.
2016. № 6.
P. 1-19.
DOI: 10.7256/2306-4196.2016.6.18499 URL: https://en.nbpublish.com/library_read_article.php?id=18499
Abstract:
The article is devoted to development of the system of practical methods of protection of software against refactoring for purpose of lowering probability of infringement copyright for used algorithms. As the basic method of protection offered approach, which feature is use of the linear congruent sequences as bases for morphism of an order of layout operators of programming language to the execution order of the program, required by functionality. The specific technology of an obfuscation programs written in scripting languages, in particular on Microsoft Visual Basic, is offered. Also the notation of formal understanding of a level resistance of the considered system of methods is discussed. For the formal description of concept of an obfuscation programs and a level resistance of an obfuscation used the set-theoretic formalism. Several results of the number theory is used in article for reasons for existence of the solution of the task obfuscation in the offered setting for any program. The main result of article is new practical approach to an obfuscation programs, written in scripting languages, which can be to a certain extent generalized on language systems of other nature. Also in article the paradoxical result is shown - the obfuscation code can correspond completely to a paradigm of structured programming when saving the declared level of resistance to refactoring.
Keywords:
code refactoring, obfuscation, machine code, linear congruential generator, lexical analysis, source code, computational complexity, spaghetti code, structured programming, VBA
Reference:
Kovaleva A., Zakirov V., Turbov A., Tretyakov A., Ponomarev D..
Modelling Threats to Security of M2M Connectivity in Wireless Networks
// Cybernetics and programming.
2016. № 6.
P. 38-46.
DOI: 10.7256/2306-4196.2016.6.21550 URL: https://en.nbpublish.com/library_read_article.php?id=21550
Abstract:
The subject of the research is the security of information systems. This trend is one of the most important in the development of the modern society which is conditioned by the growing trust in technologies. The decreasing role of a human in modern processes has led to the creation of such technologies as M2M connectivity and IoT (Internet of things). Conversion of a great amount of data into electronic data and presence of autonomous elements, for example, in transport infrastructure have created the need to defend such systems from law breakers. This is due to the fact that there may be serious consequences in case of losing control over the system. The present article is devoted to deliberate influence of a law breaker in a general case. The authors of the article describe the main successive steps of attacking the information system that are typical for the majority of security threats. The authors underline the fact that certain preparatory measures and the need to suppress traces of crime are needed. The authors describe the mechanism of influence using the method of the mathematical tool 'Petri-Markov nets' as the most appropriate for this process. The net consists of positions and branches and the goal set by a law breaker is achieved when the entire network is passed through. In their article the authors describe two nets for modeling the influence of a law breaker, these are a simplified net and a more complex net allowing to take into account more details of a law breaker's behavior. The first Petri-Markov net allows to consider the main steps towards the attack and uses the system of integral-differential equations to describe it. Unlike the first one, the second model takes into account one's opportunity to return to the previous step when problems with the execution of a threat by a law breaker arise. The novelty of the research is caused by the fact that the authors use mathematical models to make a detailed description of the process of attacking the information system. They offer two models that will be needed to ensure information security. They allow to better understand a law breaker and give opportunity to define the most vulnerable points of the information system requiring elimination or additional control.
Keywords:
integral-differential equations, transition matrix, mathematical model, Petri-Markov nets, offense, attacker, attack, security, protection, information system
Reference:
Korobeinikov A.G., Kutuzov I.M..
Obfuscation of concealment calls using InvokeDynamic instructions
// Cybernetics and programming.
2016. № 5.
P. 33-37.
DOI: 10.7256/2306-4196.2016.5.18686 URL: https://en.nbpublish.com/library_read_article.php?id=18686
Abstract:
The object of the study is technology of hiding method calls. Hidden calls are need to hide: entity dependencies; data processing logic; algorithms. The methods used to complete the task are limited by language technologies and its performance. Method can be called directly and indirectly: via the bootstrap method; from native code (JNI); using Reflection; using JRE 1.7, InvokeDynamic. The examples with source code are given. The authors conclude that the most promising methods among considered is invokedynamic technology. The study present analysis of such methods as the bootstrap method, calling method from through native code, obfuscation calls via Reflection and InvokeDynamic. The article discusses various ways to conceal the method invocation. The characteristic features of obfuscation for most popular ones are reviewed. The most promising among the discussed methods is invokedynamic technology. It allows completely removing method signature from the source code, leaving only the service information for the bootstrap method. With proper implementation of the bootstrap method it is possible to create bytecode, which will be impossible to decompile into valid Java code, Groovy's or Scala.
Keywords:
InvokeDynamic, Reflection mechanism, native code, bootstrap, obfuscate, Data protection, Java, source code, method call, listing
Reference:
Derendyaev D.A., Gatchin Y.A., Bezrukov V.A..
Mathematical model for evaluating the impact coefficient of a single factor on information security threats
// Cybernetics and programming.
2016. № 5.
P. 222-227.
DOI: 10.7256/2306-4196.2016.5.19608 URL: https://en.nbpublish.com/library_read_article.php?id=19608
Abstract:
Currently, more attention is paid to the protection of information resources against various threats. There are numerous methods of risk assessment and management, which are aimed at minimizing the threats to information security. However, the risk assessment generally considered a threat, that is, under the action of all potential factors. Wherein the one or other factor may have more influence on the particular threat than others. The paper presents a mathematical model for evaluating the impact coefficient of a single factor on information security threats. The study was based on the evaluation of probability of occurrence and criticality of unrelated threats to information security. The study was based on the probability of occurrence and criticality of unrelated threats to information security. The mathematical model presented in the paper makes it possible to assess the characteristics of threats under the influence of a specific factor. This in turn helps to understand how much a single factor strongly influences information security. The data obtained makes it possible to optimize the protection system counteracting the most critical factors.
Keywords:
expert opinion , optimization of protection, threat risk, information security, human factor, impact factor, critical threats, likelihood of the threat, influence factor, mathematical model
Reference:
Pavlov A.V..
The Method of Defining the SDN Network Configuration Change
// Cybernetics and programming.
2016. № 4.
P. 73-80.
DOI: 10.7256/2306-4196.2016.4.19516 URL: https://en.nbpublish.com/library_read_article.php?id=19516
Abstract:
The subject of the research is the analysis of SDN network safety methods. One of such safety methods is the analysis of the current network configuration for a fast determination of changes and upkeep of the authorized status. Today SDN networks are gaining popularity therefore development of protection algorithms for such networks is a necessary step. SDN network approach to data transfer differs from that of traditional networks. Based on that fact, an important research goalo is either to define drawbacks of exisiting algorithms applicable to such networks or to develop new ones. Research goals include analysis of existing algorithms, search for solutions and adaptation of these solutions to initial tasks or development of a new solution. As a result of the research, the author describes a device that would ensure security of SDN network at the level of data transfer disregarding external factors. This would alllow to provide an independent evaluation of network security. When the network is being re-configured, all changes will be automatic or semi-automatic, thus they will not distort the authorized status of the network.
Keywords:
network modeling, Unified Threat Management, network security, network analysys, network topology, security, SDN security device, network, SDN, network configuration
Reference:
Derendyaev D.A., Gatchin Y.A., Bezrukov V.A..
Algorithm for Representation of Residual Risk Mathematical Model
// Cybernetics and programming.
2016. № 4.
P. 81-85.
DOI: 10.7256/2306-4196.2016.4.19655 URL: https://en.nbpublish.com/library_read_article.php?id=19655
Abstract:
The majority of modern risk evaluation and management methods imply the concept of residual risk as a figure describing the risk of a threat after all countermeasures have been implemented, however, researchers do not pay enough attention thereto. In this research the authors offer their algorithm allowing to represent the residual risk of information security threats in a form of a mathematical model which in its turn creates opportunities for a more detailed analysis of a parameter under review and the model itself. Coefficients of this model demonstrate the impact of input parameters on the final result. The algorithm of the residual risk mathematical model is based on a complete factorial experiment taking into account peculiarities of a parameter under review. This approach allows to analyze the role of residual risk not only as a figure but also mathematical model which can help to better imply residual risk when implementing risk evaluation and management methods in order to improve an information protection system at an enterprise.
Keywords:
risk evaluation methods, durability of protection mechanisms, risk of a threat, model coefficient, complete factorial experiment, algorithm, information security threats, information protection system, mathematical model, residual risk
Reference:
Korobeinikov A.G., Grishentsev A.Y., Kutuzov I.M., Pirozhnikova O.I., Sokolov K.O., Litvinov D.Y..
Developing of the mathematical and simulation models for calculation of an estimate of informatization object protection from unauthorized physical access
// Cybernetics and programming.
2014. № 5.
P. 14-25.
DOI: 10.7256/2306-4196.2014.5.12889 URL: https://en.nbpublish.com/library_read_article.php?id=12889
Abstract:
Methods and techniques allowing to calculate quantitative estimates of level of protection from unauthorized physical intrusion for different informatization objects using various means and protection systems are currently being intensively developed. Generally the quantitative evaluation of protection is represented by a set of probability characteristics, the predominant of which is some integral indicator. Therefore, developing mathematical and simulation models for calculating an estimate of informatization object protection from unauthorized physical access is an urgent task. This model then is used as a part of a complex system of information security. To solve this problem the article presented uses methods of information protection, graph theory and probability theory. The results shown in the article were calculated using Maple system of computer algebra. Scientific novelty of the work is: – in creating a mathematical model for calculation the probability of detecting of unauthorized physical access to information by an alarm system; – in bulding of a simulation model for evaluation of level of protection of informatization object from unauthorized physical access; – in developing of a technique of evaluation of full protection from unauthorized physical access for object of informatization
Keywords:
mathematical model, simulation model, neograph, acyclic graph , orgraph, adjacency matrix, weight matrix, Dijkstra algorithm, unauthorized physical access, protection of objects of informatization
Reference:
Zavodtsev I.V., Zakharchenko R.I., Zakutaev A.A..
Analysis of developing tools for neural network modules of management system for information security incidents
// Cybernetics and programming.
2014. № 5.
P. 26-33.
DOI: 10.7256/2306-4196.2014.5.13308 URL: https://en.nbpublish.com/library_read_article.php?id=13308
Abstract:
The article shows the analysis of tools for developing neural network modules of management system for information security incidents, reviews its main features in simulation and testing. Specific attention is given to a comparative analysis in terms of usability and neural network modeling features. Development of domestic control systems for information security incidents still is in the state of research and development projects. This, on the one hand, complicates immediate transfer complex solutions for data protection entirely on the domestic base, but, on the other hand, allows taking into account all the latest scientific achievements in the implementation methodological basis for constructing own management system for information security incidents. This fact determines the need for further consideration of methods and techniques for the construction of management systems for information security incidents. Reviewing features of neuropackages and their comparison in terms of ease of use and range of services for modeling neural network systems allowed to determine that in components and the ability to solve the special case of constructing modules such tools as MATLAB and NeuroSolutions are the most suitable applications, offering a greater set of features and having better technical support.
Keywords:
information security , incident management , neural network module , neural network architecture , neural networks , tools , management system for information security inciden, simulation , testing , comparative analysis
Reference:
Bogatyrev S..
Main trends in modern software systems for stock valuation
// Cybernetics and programming.
2014. № 3.
P. 36-54.
DOI: 10.7256/2306-4196.2014.3.12009 URL: https://en.nbpublish.com/library_read_article.php?id=12009
Abstract:
The subject of the article is the best achievements of foreign information systems, which shall be implemented while improving Russian information analogs. The article describes most advantageous and useful features of the American information system BLOOMBERG to identify them for improvement of national information systems by filling them with similar functionality. One of the main threats for the Russian national economy is related to the ongoing and expanding possibility of sanctions from western countries to our state. The sanctions get as more harmful as more our economy is integrated in foreign financial and stock markets and as financial institutes proved to be more dependent from services provided by the global infrastructure, including information systems. The author shows a convenient and efficient interface for the information system. The article brings a record of all opportunities of the leading information system for the analytical work in the evaluation of stocks, indicates the directions of their implementation in the development of the domestic infrastructure to diversify the domestic stock market. The author discloses the news feature of the system, presents enhanced by integrating the information blocks from different segments and areas of the stock market, describes the tools for technical and fundamental analysis, shows the possibilities for requesting the originals, based on which the indicators were formed. Implementation of the described above features of the leading foreign information system in development of the domestic analogs allows avoiding the painful consequences impending the domestic financial institutions, operating in the financial and stock markets. Active expansion of foreign information systems replaced and undermined the Russian systems on the market. Improving the domestic software using the described above features, taking into account the functions for analytical work with the system of stock valuation and their implementation in domestic software will allow to diversify the infrastructure of the Russian stock market and make the work of the Russian financial companies and banks more stable and successful.
Keywords:
database, stock valuation, information systems, technical analysis, fundamental analysis, financial analysis, companies reports, stock price, stock price chart, figures of technical analysis
Reference:
Prokhozhev N.N., Korobeinikov A.G., Bondarenko I.B., Mikhailichenko O.V..
Stability of the digital watermark embedded in the region of the coefficients of discrete wavelet transform to the changes of the image-container
// Cybernetics and programming.
2013. № 5.
P. 18-28.
DOI: 10.7256/2306-4196.2013.5.9773 URL: https://en.nbpublish.com/library_read_article.php?id=9773
Abstract:
The article deals with the stability of the digital watermark built-into the image-container through the use of steganography algorithms based on discrete wavelet transform (DWT), to external influences, such as JPEG lossy compression, filtering, noise and scaling. The author states that steganographic algorithms performing embedding can provide good secrecy of the digital watermarking, and tend to use the coefficients of correlation property between different planes of one subband having the same coordinates. It is noted that an important parameter when using steganographic algorithms based on the DWT is the choice of the level of wavelet decomposition. The authors describe the methodology which was used to assess the sustainability of the digital watermarking to to external influences on the image-container and experimental conditions. The authors also evaluated stability of DWT ti JPEF lossy compression, to Gaussian white noise, to scale the image to the image filtering. In conclusion the authors say that the results of DWT stability to external influences on the image-container confirm the theoretical advantage of using low-frequency plane wavelet decomposition in steganographic systems with high demands on DWT sustainability.
Keywords:
stability, digital watermarks, image-container, steganographic algorithms, discrete wavelet transform, JPEG compression, filtering, nois, scaling, algorithm
Reference:
Negol's A.V., Piskova A.V..
Positioning systems
// Cybernetics and programming.
2013. № 4.
P. 46-50.
DOI: 10.7256/2306-4196.2013.4.9357 URL: https://en.nbpublish.com/library_read_article.php?id=9357
Abstract:
This paper describes the principle of operation of GPS satellite navigation and reviews the positive and negative aspects of such systems. Authors note that GPS identification - identification of a navigator in space – is calculated by constructing a circle with a radius equal to the distance between the satellite and the receiving device. User location can be determined with an accuracy of up to one meter, with the help of auxiliary identification subsystem containing data about satellites ‘orbits. The paper gives the positive and negative aspects of navigation. All the results of researches held at the Massachusetts Institute of Technology show that in the XXI century the private life of every person has certain limitations. If it is necessary to have a reliable system of identification, everyone must be prepared for the fact that information about a location of a person can be accessed by someone without authorization. Hence the development of improved systems of data protection is requires as well as promoting their use among ordinary users.
Keywords:
GPS, navigation, identification, privacy, location, security system, satellite, Google, smartphone, base station
Reference:
Bogatyrev S., Dobrynin S.S..
Information base of banks cost analysis
// Cybernetics and programming.
2013. № 3.
P. 21-42.
DOI: 10.7256/2306-4196.2013.3.9166 URL: https://en.nbpublish.com/library_read_article.php?id=9166
Abstract:
The paper presents the results of the use of the world's leading information products, received after over 6 years in the analytical work. The authors consider quality software products used in the cost analysis of banks and show the possibilities of modern information systems and banking analyst. Experience in the use of modern analytical bank software is systematized by several criteria that are important to the user. Each software product was rated on the five-point system based on the views of the authors and their colleagues: university lecturers and professional financial analysts on eligibility. For the first time a rating table of modern analytical software products of leading world manufacturers of specialized information and the software operating on the Russian market was compiled. The authors analyzed availability of products at current rates at the moment and the possibility of remote access, evaluated user interface and the ease of handling produced data, frequency of software updates and relevance of information, openness to users and promotion in the Russian media market.
Keywords:
software development, information systems, spreadsheets, software solutions, information agency, DBMS, cost analysis, coefficients of cost analysis, multipliers, producing data
Reference:
Smirnov V.I..
Evaluation of the security of voice data in a dedicated room using instrumental calculation method
// Cybernetics and programming.
2012. № 2.
P. 18-24.
DOI: 10.7256/2306-4196.2012.2.13869 URL: https://en.nbpublish.com/library_read_article.php?id=13869
Abstract:
Preventing the interception of confidential negotiations of the selected premises technical reconnaissance is one of the main directions in the field of technical protection of information. The need for measures to prevent the interception of voice information through technical channels due to a number of reasons is high. First, the speech information has specific features (confidentiality, efficiency, documentation and virtual). Second, the means used pickup of speech information in the acoustic channel leakage is relatively simple and cheap. Third, there is a constant improvement of TCP. Methods to reduce the possibility of interception of voice information of the allocated space, traditionally divided into passive and active. To assess the speech intelligibility author used subjective and objective methods. The most convenient and reliable method is considered subjective articulation method discussed in this article. The paper describes an instrumental calculation method used at present for the evaluation and monitoring of voice data security.
Keywords:
information security, defining speech, leakage of voice information, articulation index, articulating measurement, allocated space, interception of information, intelligibility, threat, protection of information