×

You are using an outdated browser Internet Explorer. It does not support some functions of the site.

Recommend that you install one of the following browsers: Firefox, Opera or Chrome.

Contacts:

+7 961 270-60-01
ivdon3@bk.ru

  • The method for the technical and economic assessment of options for building an organizational and technical system of the "cyberpolygon" class

    The article is devoted to the study of problematic issues of the formation of organizational and technical systems of the "cyberpolygons" class using the original methodological apparatus for the feasibility study of system engineering solutions for their construction. The features of existing approaches to the justification of system engineering solutions for the construction of organizational and technical systems, information technology and technical systems are considered. Directions for their development are proposed, taking into account the dynamics of the phased creation and modernization of organizational and technical systems with simultaneously developing infrastructure projects and solutions. Formal aspects in the methodological apparatus are reflected in the change in the composition of the functional components in the conceptual and analytical models, the corresponding formal descriptions of their relationships and characteristics, as well as in the modification of the procedures for the technical and economic assessment of options for building a cyberpolygon. The method of technical and economic evaluation of options for constructing a cyberpolygon proposed in this study makes it possible to rank alternative options for the infrastructures of the created cyberpolygon according to the value of their technical and economic efficiency and to select the rational one from them.

    Keywords: information security, infrastructure, cyberpolygon, feasibility study, means of protection

  • Method of normalization of fields of external sources of the MITRE CTI cyberattack data repository

    The growing complexity of industrial systems significantly increases the surface of possible cyber attacks, and therefore requires reliable methods for assessing the security of infrastructure. Modern methods of security assessment rely on working with a large amount of data, the presentation of which is often not standardized. One of these sources is the MITRE ATT&CK knowledge base, which contains information about attacking techniques in a format that allows you to interact with it programmatically. This work is aimed at solving the problem of normalizing the fields of external sources describing the attacking technique in order to increase the efficiency of working with the repository described above. The method proposed in this paper is based on the possibility of the specification of the STIX language used to describe the data presented in MITRE ATT&CK to expand and use open dictionaries. The development of the proposed method was based on data on the attacking techniques of the Enterprise matrix, as the most complete among all domains of the ATT&CK knowledge base, however, the proposed method is independent and does not depend on a specific domain.

    Keywords: threat analysis, knowledge base, information security, MITRE ATT&CK, standardization

  • Application of ontologies in learning systems

    The article provides general information about ontologies (including definitions of ontology), its formal (mathematical) model, and also provides a step-by-step process for developing an ontology. The areas of application of ontologies are considered and special attention is paid to the use of ontologies in the field of education. There are some suggestions about using ontologies as a knowledge base for an information security learning system. Also the fragment of a graphical representation of an ontology for biometrics, which is one of the areas of information security, is given. Ontology for biometrics is based on the national standard and developed in the Protege system.

    Keywords: biometrics, knowledge, information security, knowledge representation model, learning system, learning, ontology, ontological model, OWL, RDF

  • Blockchain as a service for protecting information about the authenticity of educational diplomas

    The problem of fake diplomas of education causes alarm and concern to society. In the digital age, falsification has reached great proportions. In this regard, a mechanism for recording and confirming the authenticity of diplomas using technology is proposed. A sector-token method of accessing a blockchain record is proposed. The recording technology and the blockchain formation model are shown. The proposed technology guarantees that the diplomas are genuine, protected from forgery, belong to the specialists who received them.

    Keywords: blockchain, data protection, diploma forgery, educational institution, authentication

  • Advantages and disadvantages of using personal mobile devices in financial institutions

    This article discusses information system vulnerabilities associated with the use of personal mobile devices in financial services companies. The recommendations of this study will help to understand the importance of formulating an information security policy in this situation. The use of personal devices by employees has become commonplace in the workplace due to the increased reliance of business processes on Internet-based services and advances in technology. The organization benefits from the fact that employees buy, use their own devices, thus, the organization reduces the cost of providing employees with computer equipment and software for workplaces. However, a company can suffer huge losses if the use and connection of personal devices to the company's information technology infrastructure is not regulated and controlled. Hacking personal devices by intruders allows you to gain unauthorized access to the assets of information systems. Financial institutions handle highly sensitive information, which makes them more vulnerable when using personal devices. A qualitative research method was conducted with specially selected participants working in the information security departments of financial institutions. The study revealed the lack of an information security policy regarding personal devices and the use of an unlimited number of such devices by employees.

    Keywords: personal mobile devices, information security, unauthorized access, vulnerabilities, cyber attack

  • Development of a training system for modeling and demonstrating cryptographic protocols quantum key distribution

    The analysis of the foundations of modern cryptographic systems is carried out. Problems of classical cryptography arising in the development of quantum computers are considered. Considered are cryptographic protocols of quantum key distribution, their advantages and disadvantages. The analysis of stands for simulation of quantum key distribution available on the market is carried out. The rationale for the need to develop a training system has been made. The authors have developed a system for modeling and demonstrating quantum cryptographic protocols BB84, B92 and BB84 (4 + 2), intended for a detailed study of the principles of quantum cryptographic protocols in dynamics. The system provides the process of work both in text and graphic form. The developed system fully meets the needs of teaching students modern quantum information security technologies.

    Keywords: information security; encryption; quantum cryptography; modeling; education system

  • Methodology for the automated process of a complex technical system construction managing

    When building complex technical systems, as a rule, the resources of an existing system are used as a basis, which may be redundant due to the lack of a clear definition of what the system is needed for. This necessitates the determination of the system intended purpose, the selection of elements for its construction and management in the process of its operation, aimed at achieving the intended purpose and optimizing the resource support used to build the system. The paper proposes an approach to building a system based on the development of its functioning profile, which characterizes the achievement of its intended purpose, modeling the process of a complex technical system functioning and evaluating the effectiveness of the profile. The use of the proposed methodology will allow, at the stage of building a complex system, to improve the quality and efficiency of designing a complex technical system by taking into account the functional needs of the system, as well as determining the amount of resources required to fulfill them.

    Keywords: profile, complex technical system, criticality, system design, system construction, control process automation, functions, tasks, resource

  • Information security as an element of economic security

    This article discusses and demonstrates the need for writing and functioning of a high-quality information security system for a modern enterprise that performs activities in various fields (industry, energy, humanitarian activities, etc.). Its role in creating conditions is also analyzed. for the economic security of the organization itself and the country as a whole. The paper presents the current classification of information security threats. The activities that are aimed at protecting data in the world of the modern world are analyzed once again, and examples of activities aimed at protecting data in the world of the modern world are given, as well as an example of the most common reasons for its leakage today.

    Keywords: information security, economic security of an enterprise, information protection, threats and risks of information security, artificial intelligence

  • Methods of processing biometric data of handwriting

    This paper presents methods of processing handwritten biometric data. The initial data are coordinates of a position of a pen on a graphics tablet. For this, the proprietary database of handwriting samples and the open signature database SVC 2004 were used. The proprietary database includes 29 users, 754 random and 754 simple forgeries. At the stage of biometric data processing, the following methods were used – «interpolation of handwriting» (entering points at an equal distance between the initial points of the handwritten signature), the histogram approach, «pen movement speed» (the path traveled by the pen at different stages of handwriting input process). Such methods eliminate the variability of the biometric data over time and over spatial axes. As a result, we recommended a standardization approach (Z-score), discretization (one-dimensional linear interpolation and discretization with variable step based on arithmetic progression) of biometric data. The table of results presents the values of the quality of biometric features. The obtained experimental results will be useful for researchers to improve their studies in the field of biometric security systems

    Keywords: handwriting, biometric data, graphic tablet, verification, authentication, standardization, discretization, interpolation, information security

  • A study of the subliminal impact factors of audio-visual information

    An urgent task in the context of digitalization of all spheres of society is to create a system of protection against the negative impact of digital images on the person. The solution to this problem is impossible without assessing the subliminal impact of audio-visual information. The study presents a solution to the problem of systematization of subliminal factors of audio-visual information and optimization of methods to deal with them. Risk factors and limitations as the basis for the design of the protection system at the level of technical.

    Keywords: information security, modeling, risk factors, subliminal impact, digital image

  • A method for detecting and counteracting the spread of malicious information in swarm robotic systems in the process of task distribution

    The growing popularity of the use of group robotics, including swarm robotic systems (SRS), actualizes the issues of information security. Known approaches to detecting malicious behavior of agents or malicious information do not take into account the scalability and decentralization properties of SRS, which does not allow ensuring the integrity of information circulating through communication channels within SRS. In turn, the dissemination of malicious information in the process of distributing tasks between SRS agents initially reduces the efficiency of performing these tasks, that is, an attack is carried out on the very first and most critical stage of the system's functioning. The purpose of this work is to improve the efficiency of the functioning of SRS agents in the presence of malicious agents by developing a method for detecting and counteracting the spread of malicious information. The elements of scientific novelty of this work include the following. As part of solving the problem, a number of specific criteria are proposed that take into account the distribution of tasks in the SRS, as well as a classifier based on an artificial neural network to detect malicious information. To improve the accuracy of detection and counteracting the spread of malicious information in SRS, a modification of the reputation mechanism is proposed. A distinctive feature of the modification is not only the formation of an indicator of the truth of the message information in the process of task distribution, but also the assessment of the influence of malicious agents on the process of forming this indicator. The presented solution is implemented in the form of software in the Python programming language, which can be used in modeling decentralized control systems of SRS.

    Keywords: swarm robotic systems, task distribution, artificial neural networks, trust and reputation mechanism

  • Overview of the Internet of Things Security Threats

    The concept of the Internet of Things (IoT) was introduced by Kevin Ashton at the Massachusetts Institute of Technology in 1998. The vision of the concept is that objects, “things”, embrace each other and, therefore, see IoT, in which each object has its own individual volume identity and can interact with other objects. Internet objects can make a big difference in size from small to very large. The Internet of Things is turning into ordinary products such as cars, buildings, and machines into smart devices, connected objects that can communicate with people, applications, and others with devices. In the article, we observe the widespread use of the Internet in large cities and its impact on various industries. The paper discusses the security threat of the Internet of Things, resulting in security recommendations.

    Keywords: IoT, NB-IoT, security, security threats, Cybercrime, Computer security

  • The role of Blockchain technology in the implementation of cybersecurity

    Blockchain technology has been adopted in various fields, primarily in finance, through the use of cryptocurrencies. However, this technology is also useful in cyber security. This article discusses various Blockchain methodologies for the cybersecurity sector proposed by various researchers. This study showed that most researchers are focused on using Blockchain to secure IoT devices, networks and data. This paper looked at the strategies used by earlier researchers to secure three problematic IT areas using Blockchain. The main conclusion of the study was to ensure the integration and uniformity of solutions so that future researchers focus on a single Blockchain to create cybersecurity applications.

    Keywords: blockchain, Internet of things, IoT, cyber security, computer security