Vol 23, No 3 (2024)
Information security
A Private Semi-Markov Model as a Tool to Reduce the Complexity of the Task of Assessing the Stability of the Functioning of Elements of the Information Infrastructure Exposed to Threats
Abstract
Decision-making on information infrastructure (II) security for its sustainable functioning in the face of threats requires a tool to assess the sustainability of its individual elements. The application of the semi-Markov model to assess the stability of the functioning of elements of II exposed to threats in a direct setting is associated with the increasing complexity of the description of the object of delineation (parametric space) in step progression from the number of the considered impacts, which reduces its practical significance. However, no studies have been found in the scientific literature to reduce the complexity of the semi-Markov model. The article presents an approach to reducing the complexity of modeling by adopting correct assumptions when forming the initial data. Given the conditions under which it is possible to take a series. It was a cost to limit the applicability of the model by significantly reducing the complexity of the modelling. The problem statement and the modified transition graph are given. The novelty of the problem statement is to take into account the limitations on the available resources for the restoration of functionality of the element. To explain the physical essence of the modeling process, a thought experiment with a model is introduced. To solve the problem, the following methods were used: a) expert methods for extraction of initial data; b) mathematical models of private semi-Markov processes; c) methods of transformation of Laplace; r) methods of planning of experiment. Illustrative examples and graphs accompany the task sequence demonstration. As a result of the experiment, the regularities of the studied process, the existence of which was proved formally. As a result of the experiment, the regularities of the studied process were revealed, the existence of which was officially proved. The results of the study broaden knowledge about the application of methods of Markov processes to assess the stability of the functioning of AI elements in relation to the conditions of the impact of threats.
Informatics and Automation. 2024;23(3):611-641
611-641
Methodology for Collecting Data on the Activity of Malware for Windows OS Based on MITRE ATT&CK
Abstract
The digitalization of the modern economy has led to the emergence of information technologies in various areas of human activity. In addition to positive effects, this has enhanced the problem of countering cyber threats. The implementation of cyber threats often impacts serious consequences, especially when it comes to critical information infrastructure. Malware is an important part of the modern landscape of cyber threats; the most high-profile cybercrimes of recent years are associated with the use of malware. In this regard, the problem area of countering malware is actively developing, and one of the promising areas of research in this area is the creation of methods for detecting malware based on machine learning. However, the weak point of many well-known studies is the construction of reliable data sets for machine learning models, when the authors do not disclose the features of the formation, preprocessing and labeling of data on malware. This fact compromises the reproducibility a lot of studies. This paper proposes a methodology for collecting data on malware activity based on the MITRE ATT&CK matrix and Sigma rules and designed for Windows OS. The proposed methodology is aimed at improving the quality of datasets containing malware and legitimate processes behavior’s features, as well as at reducing the time of data label by an expert method. A software stand was prepared and experiments were carried out for testing the methodology. The results of experiments confirmed applicability of our methodology.
Informatics and Automation. 2024;23(3):642-683
642-683
A Method to Quantitative Compare Obfuscating Ttransformations
Abstract
The paper considers the problem of quantitative comparison of potency and resistance of practically applied obfuscating transformations of program code. A method is proposed to find the potency and resistance of transformations by calculating the «comprehensibility» of the obfuscated and deobfuscated versions of a program, respectively. As a measure of program comprehensibility, it is proposed to use the similarity of this program to the approximation of its «most comprehensible» version. Based on the proposed method a model to assess potency and resistance was built, the main elements of which are: a set of investigated obfuscating transformations, a similarity function, a method to approximate the most comprehensible version of the program and a deobfuscator. To implement this model 1) obfuscating transformations provided by Hikari obfuscator are chosen; 2) 8 similarity functions are constructed by machine learning methods using static characteristics of programs from CoreUtils, PolyBench and HashCat sets; 3) the smallest program version was chosen as an approximation of the most comprehensible program version (found among the versions obtained using optimization options of GCC, Clang and AOCC compilers); 4) a program deobfuscation scheme based on the optimizing compiler from LLVM was built and implemented. The results of the potency and resistance for sequences of transformations of lengths one, two and three were experimentally obtained. These results showed consistency with the results of independent potency and resistance evaluations obtained by other methods. In particular, it was found that the highest potency and resistance are demonstrated by sequences of transformations starting with transformations of the control flow graph, and the lowest resistance and potency are generally demonstrated by sequences that do not contain such transformations.
Informatics and Automation. 2024;23(3):684-726
684-726
Digital information telecommunication technologies
Decentralized Protocol for Organizing Sustainable Interaction between Subscribers in Networks with High Dynamics of Topology Changes
Abstract
Emergency services often have to carry out rescue and liquidation operations in the absence of centralized communications. The inability to ensure stable communication between members of the rescue unit significantly reduces the quality of work. Moreover, in modern realities, stable communication means not only voice exchange, which can be provided by shortwave radio transmitters, but also intensive exchange of large volumes of traffic. The use of standard solutions based on standard network equipment (Wi-Fi, satellite communications, etc.) and existing algorithms for ensuring quality of service in the conditions under consideration does not allow quickly ensuring information exchange between heterogeneous subscribers. Moreover, operation in high-Hz bands can be very difficult in the presence of obstacles, which reduces the overall coverage area and the quality of data transmission. We propose a network layer routing protocol designed to organize decentralized communication in an emergency service department, where subscribers have different degrees of mobility and types of transmitted traffic. This protocol includes algorithms for connecting to the network, detecting optimal and alternative communication routes, and transmitting and balancing traffic along the found routes. The original route search algorithm analyzes the performance of communication channels and determines all possible paths for transmitting traffic between subscribers. Using the route evaluation function based on gradient boosting of decision trees, optimal and alternative communication routes are formed, and when transmitting data, traffic balancing is performed based on the received information. An experimental study of the proposed protocol showed an improvement in the speed of deployment and quality of service in scenarios with varying degrees of subscriber mobility.
Informatics and Automation. 2024;23(3):727-765
727-765
Recovery of Discrete-Time Signal Based on the Moving Average Model and Estimation of the Samples Correlation in Forward and Reverse Forecasting
Abstract
The article discusses the development of mathematical support for the recovery of the values of discrete-time sequence samples obtained as a result of uniform sampling of a continuous signal. The recovery problem of discrete-time sequence samples is solved for a signal that can be considered stationary or stationary at least in a broad sense (quasi-stationary). The development of mathematical support for the recovery of the values of signal samples was carried out on the basis of constructing a moving average model and estimating the correlation of signal samples over time with forward and reverse forecasting. Estimates of the signal correlation function necessary to recover sample sections with lost values are calculated from samples with known values. Correlation function estimates can be calculated regardless of the location of the recovery area when the condition of stationarity of the signal is met. The obtained estimates of the correlation function samples can be used for both forward and reverse forecasting. Moreover, even if it is necessary to recover several problem sections, it is enough to calculate only once the sample of correlation function estimates necessary for their restoration. The resulting mathematical solution to the problem became the basis for the development of algorithmic support. Test tests and functional checks of the algorithmic support were carried out on the basis of simulation using a signal model representing an additive sum of harmonic components with random initial phases. The simulation results showed that the calculation of estimates of the lost sample values is carried out with a fairly low error, both in forward and reverse forecasting, as well as when they are used together. In practice, the choice of a sequence recovery algorithm based on forward or reverse forecasting will be determined based on the actual conditions of its processing. In particular, if previous samples with known values are not enough to carry out forward forecasting, then the reverse forecasting procedure is implemented and vice versa. The developed algorithmic support can be implemented in the form of metrologically significant software for digital signal processing systems.
Informatics and Automation. 2024;23(3):766-800
766-800
A Genetic Approach-Based Intra Coding Algorithm for H.266/VVC
Abstract
This paper presents a genetic approach for optimizing intra coding in H.266/VVC. The proposed algorithm efficiently selects coding tools and Multi-Type Tree (MTT) partitions to achieve a balance between encoding time and video quality. The fitness evaluation function, which combines perceptual metrics and coding efficiency metrics, is used to assess the quality of each candidate solution. The results demonstrate a significant reduction in encoding time without compromising video quality. The proposed algorithm selects coding tools from a set of available tools in H.266/VVC. These tools include intra prediction modes, transform units, quantization parameters, and entropy coding modes. The MTT partitioning scheme includes four types of partitions: quadtree, binary tree, ternary tree, and quad-binary tree. Perceptual metrics are used to evaluate the visual quality of the encoded video. Coding efficiency metrics are used to evaluate the coding efficiency of the encoded video. The fitness evaluation function combines perceptual metrics and coding efficiency metrics to assess the quality of each candidate solution.
Informatics and Automation. 2024;23(3):801-830
801-830
Models of Composite Harmonic Half-Waves and the Relationship of Time Sampling with the Entropy of Time Parameters of Signals
Abstract
The problem of finding the absolute error of stepwise and linear interpolation of the control signal from uniform samples from it using models of composite harmonic half-waves is solved. Previously, during the inspection of the control object, the maximum values of the signal parameters and half-waves are determined: speed, acceleration and sharpness, there are no spectrum parameters. To determine the values of the intervals of uniform sampling of time, two groups of models of "harmonic half-waves" are considered. The first group of models is described by harmonic time functions whose parameters are consistent. The second group of models is described by composite harmonic functions of time, thereby the time parameters of the signals are consistent. It is proved that with an increase in the entropy of the maximum values of the signal parameters, the value of the time sampling interval increases without increasing the interpolation error. Thus, the entropy value of the signal parameters serves as an indicator of their inconsistency. The results of modeling and graphs obtained in the environment of the mathematical package are presented. The results are intended to optimize the loading of input tasks and primary information processing of processors in robust real-time automation systems, for example, used to control high-speed trains when braking in sliding or skidding mode.
Informatics and Automation. 2024;23(3):831-858
831-858
Hardware Compression Method for On-Chip and Interprocessor Networks with Wide Channels and Wormhole Flow Control Policy
Abstract
Increasing the number of processing cores is currently a common way to boost processor performance. However, the load on the memory subsystem consequently increases as the number of its agents grows. Hardware data compression is an unconventional approach to improving memory subsystem performance by reducing, firstly, the main memory access rate by increasing the cache capacity and, secondly, data traffic by packing the data more densely. The paper describes the implementation of hardware data compression in the on-chip network and interprocessor links of a configuration with wide data transmission channels and a wormhole flow control policy. The existing solutions cannot be applied to such configurations because they are essentially based on using narrow data channels and flow control policies implying uninterrupted packet transmission, which is not maintained with the wormhole flow control. The method proposed in this paper enables the use of hardware compression in the aforementioned configuration by moving data compression and decompression from networks to the connected devices, as well as by using a number of optimizations to hide the data processing delays. Optimizations of some specific cases, such as the transmission of large data packets with several cache lines or the transmission of zero data, are considered. Special attention is given to data transmission via interprocessor links, where, due to their lower bandwidth compared to the on-chip network, data compression can be the most beneficial. The increase in memory subsystem bandwidth from using hardware data compression was confirmed in the experiments showing the relative IPC increase in SPEC CPU2017 benchmarks up to 14 percent.
Informatics and Automation. 2024;23(3):859-885
859-885
Robotics, automation and control systems
Classification of Spatial Temporal Patterns Based on Neuromorphic Networks
Abstract
This work is devoted to the problems of developing neuromorphic classifiers of spatiotemporal patterns, as well as their application in neurointerfaces. Classifiers of spatiotemporal patterns based on neural networks, support vector machines, deep neural networks, and Riemannian geometry are considered. A comparative study of these classifiers is carried out in the plane of the accuracy of multiclass recognition of electroencephalographic signals showing time-dependent bioelectrical activity in different areas of the brain during the imagination of different movements. It is shown that such classifiers can provide an accuracy of 60-80% when recognizing from two to four classes of imaginary movements. A new type of classifier based on a neuromorphic network, based on the biosimilar neurons built on the Izhikevich model, is proposed. The network processes input spike sequences and generates pulse streams of different frequencies at the outputs. The network is trained using the Supervised STDP algorithm based on labeled information containing examples of the correct recognition of the required pattern classes. The recognized pattern class is determined by the maximum frequency of the output sequence. The neuromorphic classifier showed an average classification accuracy of 90% for 4 classes of imaginary commands and a maximum of 95%. By modeling the robot control task in the virtual environment it is shown that such accuracy is sufficient for the effective use of the classifier as part of a non-invasive brain-computer interface for non-contact control of robotic devices.
Informatics and Automation. 2024;23(3):886-908
886-908
Development of a Stress-Free Algorithm for Control of Running Platforms Based on Neural Network Technologies
Abstract
The article discusses the task of predicting human speed using neural network technologies and computer vision to minimize lags in treadmill control systems, which pose a health risk to the user. To solve this problem, a stress-free algorithm has been developed, including: predicting the position and speed of the user on the treadmill; calculating the treadmill speed based on the analysis of the user's position and movement characteristics; data collection and processing schemes for training neural network methods; and determining the necessary number of predicted frames to eliminate lags. The scientific novelty of the research lies in the development of a treadmill control algorithm that combines: computer vision technologies for recognizing the user's body model on the platform; neural networks; and machine learning methods to determine the final human speed based on combining data on the person's position in the frame and the current and predicted speed of the person. The proposed algorithm is implemented using Python libraries, and its validation was conducted during experimental studies analyzing the preceding 10 and 15 frames to predict the next 10 and 15 frames. Comparing machine learning algorithms (linear regression, decision tree, random forest, multilayer, convolutional, and recurrent neural networks) at different lengths of analyzed and predicted frames, the RandomForestRegressor algorithm showed the best accuracy in predicting position, while dense multilayer neural networks performed best in determining current speed. Experimental research has been conducted on applying the developed algorithm and models to determine human speed (achieving accuracy when forecasting in the range of 10-15 frames) as well as integrating them into treadmill control systems. Trials have shown the effectiveness of the proposed approach and the correctness of system operation under real conditions. The developed algorithm allows for not using noise-sensitive sensors that require attachment to the user's body but rather forecasting user actions through analyzing all points of the person's body to reduce lags in various human-machine systems.
Informatics and Automation. 2024;23(3):909-935
909-935