Vol 52, No 8 (2018)
- Year: 2018
- Articles: 41
- URL: https://journals.rcsi.science/0146-4116/issue/view/10770
Article
Hierarchical Software-Defined Security Management for Large-Scale Dynamic Networks
Abstract
An approach is presented to the construction of a hierarchical security management system for large-scale dynamic communication networks (MANET, VANET, FANET, WSN, etc.) with the use of software-defined network technologies and supercomputer elastic computations. The results of experiments to evaluate the effectiveness of the proposed approach are presented.
Detection of Threats in Cyberphysical Systems Based on Deep Learning Methods Using Multidimensional Time Series
Abstract
A method for detecting anomalies in the work of cyberphysical systems by analyzing a multidimensional time series is proposed. The method is based on the use of neural network technologies to predict the values of the time series of the system data and to identify deviations between the predicted value and the current data obtained from the sensors and actuators. The results of experimental studies are presented, which testify to the effectiveness of the proposed solution.
A Use Case Analysis of Heterogeneous Semistructured Objects in Information Security Problems
Abstract
This paper is devoted to solving the problem of developing a case-based decision support system for information security problems. The source data can be described as heterogeneous semistructured objects and formalized as property vectors. An approach to constructing a knowledge base for such problems using a two-level representation (the level of case-objects and the use case structure level) is given. The authors consider a use case modeling method for preparing a basic data set. Methods for assessing the similarity of heterogeneous semistructured objects and higher-level use cases are proposed. Results of experimental approbation of the described solutions and the architecture of the corresponding decision support system are presented.
Security Analysis Based on Controlling Dependences of Network Traffic Parameters by Wavelet Transformation
Abstract
This article presents mathematical tools of wavelet transformations for use in detecting network traffic attacks. The technique consists in discrete wavelet transformation of parameters of network packets extracted from traffic and tracking the degree of dependence of various network traffic parameters using the multiple correlation coefficient. The efficiency of the proposed technique is shown in the results of experimental detections of SYN flood DoS attacks.
Multifractal Analysis of Internet Backbone Traffic for Detecting Denial of Service Attacks
Abstract
This paper proposes to use multifractal analysis to detect backbone network traffic anomalies that indicate network failures or attacks. Multifractal spectrum characteristics are used as security metrics. The effectiveness of the proposed approach is confirmed by experimental results on detecting Denial of Service attacks.
A Distributed Intrusion Detection System with Protection from an Internal Intruder
Abstract
The protection of modern distributed information networks from external and internal intruders continues to be of great importance due to the development of data transmission and processing technology. The article describes a model of data processing in the distributed intrusion detection system (DIDS) and method of using of hidden agents to protect from an internal intruder. The distribution of the functions on data processing between the DIDS local agent and central data processing node is presented. We describe a method of hiding of presence of the agent from the system user while retaining control of it from the part of the operator.
Using Neural Networks to Detect Internal Intruders in VANETs
Abstract
This article considers ensuring protection of Vehicular Ad-Hoc Networks (VANET) against malicious nodes. Characteristic performance features of VANETs and threats are analyzed, and current attacks identified. The proposed approach to security provision relies on radial basis neural networks and makes it possible to identify malicious nodes by indicators of behavior.
Detection of Abnormal Traffic in Dynamic Computer Networks with Mobile Consumer Devices
Abstract
An adaptive model of a network attack detection system in a distributed computer network is proposed. The detection system is based on various methods of data mining allowing referring the network interaction to the normal or abnormal according to the set of the attributes extracted from the network traffic. The proposed model of the intrusion detection system allows ensuring the protection of devices of the Internet of things.
Application Model of Modern Artificial Neural Network Methods for the Analysis of Information Systems Security
Abstract
In this work considered the problem of safety analysis of control mechanisms in modern information systems, including control software systems of cyberphysical and industrial facilities, digital control systems for distributed cyber environments VANET, FANET, MARINET, industrial Internet of things and sensor networks. The representation of security violation as a property of the system described by a complex function is proposed, in which the method of finding violations is described in the form of approximation of that function and the calculation of its values for specific systems. Various approaches to the interpolation of such function are considered in the work, it is shown that the most promising option is the use of deep neural networks.
Threat Analysis of Cyber Security in Wireless Adhoc Networks Using Hybrid Neural Network Model
Abstract
The article discusses the problem of analysis of cybersecurity threats in wireless ad hoc networks—VANET, FANET, MARINET, MANET, WSN. The problem of neural network approximation of the function of cyber threat existence in the system is formulated. The parameters of the neural network model were optimized according to the likelihood maximization criterion on the training data set. A hybrid neural network based on recurrent and graph convolutional neural networks is proposed as a solution architecture.
Prevention of Attacks on Dynamic Routing in Self-Organizing Adhoc Networks Using Swarm Intelligence
Abstract
A technology for preventing a full range of attacks on routing in self-organizing adhoc networks (MANET, VANET/FANET/MARINET, IoT, WSN, mesh networks, M2M networks, etc.) is presented. The new technology develops the Watchdog method and the method of estimating the packet transfer coefficient (P-Secure) by implementing an ant swarm algorithm for constructing a secure route in the network, in which all nodes are agents for analyzing the security of neighboring nodes. An example is given of constructing a safe route in the VANET network using the created ant swarm algorithm.
Cyber-sustainability of Software-Defined Networks Based on Situational Management
Abstract
The correctness and efficiency of the homeostatic approach to ensuring cyber-sustainability based on the software-defined networking (SDN) technology is proven. The cyberphysical system Smart Home is simulated using this technology. The authors conducted a series of experiments in which the system was countering various attacks. The software-defined network used three self-adaptation mechanisms to ensure cyber-sustainability in the experiment. The experiments confirmed that the SDN-based Smart Home system retained its sustainability under destructive impacts.
Approaches to Modeling the Security of Cyberphysical Systems
Abstract
This paper considers features of cyberphysical systems (CPSs) as complexes combining physical and information components. Approaches to modeling CPSs based on graphs and stochastic dynamics are analyzed. Common features and further directions in CPS modeling are identified. The development direction of the homeostasis-based CPS information security modeling is determined.
An Approach to the Programs Security Analysis using Vector Representation of Machine Code
Abstract
In this article, the authors propose an approach to the security analysis of program code using vector representations of machine instructions. The article also proposes a method for constructing multidimensional vector spaces for a set of program code instructions. The construction of semantically expressive vector representations of machine instructions is considered as one of the important tasks in constructing a neural network code classifier for vulnerabilities. The applicability of the principle of transfer learning to machine code is demonstrated experimentally.
A Blockchain Decentralized Public Key Infrastructure Model
Abstract
This article presents a comparative analysis of available solutions in authenticating access subjects in computer-aided information and telecommunication systems. Centralized and decentralized public key infrastructures (PKIs) are considered, and their weaknesses are brought to light. A blockchain model of decentralized PKI for access subject authentication in computer-aided information and telecommunication systems is proposed. The current embodiments of blockchain PKIs are checked for compliance with the proposed model.
An Approach to Vulnerability Searching of Integer Overflows in the Executable Program Code
Abstract
This article proposes an approach to identifying integer overflow vulnerabilities in software represented by the executable code of x86 architecture. The approach is based on symbolic code execution and initially twofold representation of memory cells. A truncated control transfer graph is constructed from the machine code of the program, the paths in which are layer-by-layer checked for the feasibility of the vulnerability conditions. The proposed methods were implemented in practice and experimentally tested on the various code samples.
Modeling the Dissemination of Information Threats in Social Media
Abstract
The goal of this article is raising the effectiveness of predicting the spread of information in social media. In order to achieve the set goal, the following scientific problem must be solved: based on the specified structure of a social network, typical algorithms of social interaction, statistics of coverage of certain profile groups of social media users, it is necessary to determine the probability distribution for the dissemination of destructive information in the social network, which will make it possible to predict its coverage of various social groups.
Ensuring Secure Data Input/Output Operations for SGX ENCLAVE
Abstract
This paper investigates the problem of ensuring secure input/output operations in the Intel SGX technology. The problem is extremely urgent, and its solution will make it possible to protect confidential user data from attacks from different malicious software while finding data outside the enclave. The authors present different methods for solving the posed problem developed by them. The complexity of the practical application of these methods as well as their main disadvantages and advantages are analyzed. The most preferred method which ensures secure storage and processing of data outside the enclave is also chosen.
Security Provision in Wireless Sensor Networks on the Basis of the Trust Model
Abstract
This article considers security provision in wireless sensor networks on the basis of the trust model. The operating principles of sensor networks are analyzed, and the classification of routing techniques is composed. Typical threats are analyzed and existing attacks against Wireless Sensor Networks (WSNs) identified. A technique of protection against malicious nodes is elaborated using the trust model. The experimental assessment of the technique for efficiency is performed by modeling its work in a WSN simulator.
CRC Error Probability under Batch Random Noise
Abstract
We consider error probabilities in protocols using CRC to detect distortions in transmitted batches. A probability-theory model of an additive long-term noise is constructed as a sequence of independent noise blocks of a prescribed length. We show that there are conditions to be imposed on the form of the k-order polynomial forming the CRC and on block size s such that the error probability \(\alpha \) is close to \({{2}^{{ - k}}}\) and does not depend on s provided that distortion probability \({{P}_{1}}\) is high.
Directed Digital Signature on Isogenies of Elliptic Curves
Abstract
A protocol for directed digital signature is proposed on isogenies of elliptic curves, in which only a specific recipient, whose signature key was used to generate the signature, can verify the signature. The sender and recipient of the message control the delegation of the right to verify the received signature.
Security of a Key System of a Fiscal Feature
Abstract
This paper describes the protocol for generating a master key for a system for exchanging fiscal features, generating a fiscal feature key with authentication of the means for generating and verifying fiscal features that are installed on the fiscal drive and in the equipment of fiscal data operators and the authorized body. This protocol is based on the use of known domestic cryptographic transformations and is aimed at ensuring the integrity and authenticity of data transmitted through the communication channel between the means of formation and means of verification of fiscal features. The protocol was developed in accordance with the recommendations of Rosstandart regarding the principles of the development and modernization of encryption (cryptographic) means of information protection and was issued in the form of a draft national standard proposed for public discussion and approval in accordance with the established procedure. The main result of this study is the formulation of certain security properties that are identical to those objectives that the intruder sets for the purpose of compromise. Already at the stage of creating a protocol, taking into account methods of compromise makes it possible to establish such structural features in this protocol that would ensure the fulfillment of specified security properties and the subsequent justification of their sufficiency.
Analysis of the Information Security Threats in the Digital Production Networks
Abstract
Protection of Valuable Information in Information Technologies
Abstract
This work considers the possibility of recovering valuable information when an intruder knows the results of information conversion and conversion in the framework of some information technology. The forest-type model of processable information is built. Approaches to protecting valuable information are investigated.
Providing Stable Operation of Self-Organizing Cyber-Physical System via Adaptive Topology Management Methods Using Blockchain-Like Directed Acyclic Graph
Abstract
The methods of protection against attacks on the ad hoc networks in the self-organizing cyber-physical systems are analyzed in the article, and their issues are identified. The authors propose an adaptive management method for the ad hoc network topology, where the blockchain-like directed acyclic graph is applied to solve the identified issues.
Noise Immunity of Noncoherent Reception under Complex Interference Effect on Communication and Monitoring Channels of Automated Information Systems of River Transport on Inland Waterways of the Russian Federation
Abstract
The noise immunity of single noncoherent reception algorithms optimal in communication and monitoring channels of automated information systems with noise and concentrated interference under complex effect of fluctuating, concentrated, and impulse noise is investigated. Equations for error probabilities are obtained. Calculation examples are given.
Problems of Security in Digital Production and Its Resistance to Cyber Threats
Abstract
This paper considers digital production as a stage of industrialization. One aspect of this process is the associated digital transformation of control systems. To analyze the problem of ensuring the security of digital production, the concept of cyberphysical systems is used. The perspectives of using homeostatic control of the stability of such systems using self-similarity indicators are considered.
Studying the Effect of Selection of the Sign and Ratio in the Formation of a Signature in a Program Identification Problem
Abstract
Properties of using various assembler commands, as well as their combined application, have been investigated in order to prepare a final determination as to whether they belong to a known program. Conclusions on the effect of the ratio used in the creation of unified signatures on result of identifications are presented.
Assurance of Cyber Resistance of the Distributed Data Storage Systems Using the Blockchain Technology
Abstract
The article studies the architectures of the modern systems of decentralized data storage and processing, applicability of the blockchain technology in these systems, existing security threats in comparison with the decentralized systems, and methods of security assurance allowing avoidance of these threats.
Development of a Heuristic Mechanism for Detection of Malware Programs Based on Hidden Markov Models
Implementation of Mandatory Access Control in Distributed Systems
Abstract
The implementation of mandatory distribution of access in distributed systems taking into account a user hierarchy is considered. The access control is based on the scheme of preliminary key distribution similar to KDP-scheme. The algorithm of building a family of subsets taking into account a user hierarchy was developed.
Applying Garlic Routing to Guarantee Secure Collaboration of Segments in a Digital Manufacturing Network
Abstract
This article considers the particular characteristics of guaranteeing cybersecurity in new-generation industrial networks and analyzes the main threats and weak points of applying available protection tools. Garlic routing technology is proposed to guarantee secure network collaboration of various digital manufacturing segments.
Modification of Preliminary Blom’s Key Distribution Scheme Taking into Account Simplex Channels
Abstract
A modification is presented of the scheme of preliminary Blom’s key distribution taking into account the direction of information flows. The modification makes it necessary to use a function of three variables. The function of forming key materials ceases to be symmetrical. An exponential form of this function was proposed, which does not increase the amount of key materials.
Architecture of the Protected Cloud Data Storage Using Intel SGX Technology
Abstract
The architecture of the cloud data storage using Intel SGX technology is proposed. The approach offered in the article is provided to protect the user data on the cloud server from the attacks on the part of the provider and on the client personal computer from the malicious software. The developed architecture supports the group access to the data for several users.
Digital Manufacturing Security Indicators
Abstract
This paper describes security indicators specific to digital manufacturing. We divided the set of indicators into three groups: self-similarity-based security indicators, sustainability indicators, and indicators characterizing the homeostatic ability of cyberphysical systems that form the basis of digital production. Indicators can be applied to any type of digital production systems to detect security problems, control the sustainability of their operation, and maintain resilience.
Using Undeniable Signature on Elliptic Curves to Verify Servers in Outsourced Computations
Abstract
When carrying out outsourced cryptographic computations, it is possible not only to have errors in server computations but also to interact with a malicious computing server. In this paper, we propose an undeniable signature protocol adapted for a group of points of elliptic curve. We also present an outsourced algorithm for elliptic curve point multiplication.