METHOD OF AUDITING THE PROTECTION OF AUTOMATED SYSTEMS
V.L. Tokarev, A.A. Sychugov
The analysis of the currently existing regulatory framework and methods for analyzing the protection of information resources was carried out. It is noted that the basis of the methods is the use of technical methods of analysis, which involve the use of both active and passive testing of the information protection system. Another existing solution to this problem is the use of expert assessments. However, both approaches are laborious and often subjective. On the basis of the theory of fuzzy sets, a mathematical model is proposed for auditing the security of automated systems on the basis of which an appropriate method has been proposed. Fuzzy models are considered as a tool for auditing automated systems that process confidential information. As an example of the use of the proposed method, an assessment of one of the information security aspects is considered – the security of access to confidential information in an automated system. The proposed method will make it possible to effectively use the obtained estimates for solving the problem of ensuring the security of information in automated systems. The main advantage of the method is that it does not require complex testing procedures, calculating probabilities, attracting and selecting experts, etc., and can be used to evaluate most various aspects of information security.
Keywords: :information security, access security, evaluation.
ИНТЕЛЛЕКТУАЛЬНАЯ СИСТЕМА АНАЛИЗА ИНЦИДЕНТОВ ИНФОРМАЦИОННОЙ БЕЗОПАСНОСТИ (НА ОСНОВЕ МЕТОДОЛОГИИ SIEM-СИСТЕМ С ПРИМЕНЕНИЕМ МЕХАНИЗМОВ ИММУНОКОМПЬЮТИНГА)
В.И. Васильев, Р.Р. Шамсутдинов
Статья посвящена проблеме интеллектуального анализа инцидентов информационной безопасности с применением методологии, используемой в системах управления информационной безопасностью и событиями безопасности. Проанализирована сущность таких систем, состав основных модулей и порядок их взаимодействия, возможность интеграции с методами искусственного интеллекта. Описана разработанная распределенная система анализа инцидентов информационной безопасности, синтезирующая механизмы искусственной иммунной системы и корреляционного анализа данных для выявления известных и неизвестных аномалий, анализа их критичности и определения приоритетов в реагировании. Представлена схема взаимодействия модулей разработанной системы, математическая составляющая применяемого метода корреляционного анализа данных. Подробно описана серия проведенных вычислительных экспериментов, показавших высокий уровень эффективности системы в обнаружении аномалий и возможности дополнительного обучения друг друга клиентскими модулями, а также успешное выполнение серверной компонентой агрегации и корреляционного анализа данных, поступающих от клиентов, в заданном интервале времени, выделении наиболее существенных инцидентов за последний проанализированный интервал, а также за все время, как в комплексе, так и для каждой группы инцидентов. Графическое отображение сервером статистических данных позволяет наглядно оценить критичность тех или иных инцидентов и определить приоритеты в реагировании на них.
Ключевые слова: SIEM-система, иммунокомпьютинг, корреляционный анализ, информационная безопасность, безопасность сети.
Полный текст статьи:
INTELLIGENT NETWORK INTRUSION DETECTION SYSTEM BASED ON ARTIFICIAL IMMUNE SYSTEM MECHANISMS
The article is devoted to the problem of detecting network attacks, both known and previously unknown. The application of various methods of artificial intelligence in the scientific literature to solve this problem was analyzed. The advantages of the artificial immune system were revealed. Its main mechanisms including artificial lymphocytes generation, negative selection, clonal selection, data analysis, and periodic renewal of lymphocytes were analyzed. The article describes the developed intrusion detection system based on artificial immune system. Developed system includes a sniffing subsystem, so that allows it to analyze real data of host network connections. The article also describes network connections dataset KDD99, which used to efficiency evaluation of developed system. The methods of compressing the initial dataset proposed in the scientific literature were analyzed, and the drawbacks of these methods were identified. This article describes the experimental determination of the network connections significant parameters contained in the dataset. The authors identified 13 significant parameters from 41, and also they described the process of preliminary processing and preparation of the analyzed data, a series of experiments. The results of the experiments showed the high efficiency of the developed system in detecting unknown network attacks, detecting and classifying known attacks.
Keywords: : intrusion detection system, artificial immune system, KDD99, information security, network security, network attack.
MODELING OF COUNTERACTION TO DESTRUCTIVE INFLUENCE IN SOCIAL NETWORKS
V. A. Minaev, M. P. Sychev, L.S. Kulikov, E.V. Vaitz
In the last decade, the activity of both foreign centers and various groups of influences within the country on the organization of destructive impacts on Russian society and its social groups, especially youth, in order to destabilize the domestic political, socio-economic and criminal situation has significantly increased in social networks. That is why in the Doctrine of information security of the Russian Federation information and psychological effects (IPE) are called important negative factors affecting the state of information security (IS). In this regard, the creation of models to counter destructive information impacts (DII) of manipulative nature in social networks, assessment and forecasting of their impact on social groups are at the present stage actual management tasks. The system-dynamic model of information counteraction of DII in social networks is considered. Its application for the purposes of counteraction to information terrorism, extremism and other destructive influences on modern society by means of information networks is proved. The description of the model in the form of flowcharts in the designations of system dynamics is given. Systems of differential equations are shown. Simulation experiments with models using the promising Anylogic platform were carried out. The model make it possible to forecast DII taking into account the factor of counteraction in social networks, to play different scenarios of the dynamics of these interrelated processes.
Keywords: : simulation modeling, destructive information impact, counteraction, management, social network.
MODELING MANIPULATIVE INFLUENCES IN SOCIAL NETWORKS
V. A. Minaev, M. P. Sychev, L.S. Kulikov, E.V. Vaitz
In the Doctrine of information security of the Russian Federation the main negative factors affecting the state of information security (IS), called informational and technical influences (ITI) and information and psychological influences (IPI). Therefore, modeling, evaluation and forecasting of information influences (II) on social groups and organizing of the corresponding information counteraction (ICA) are urgent tasks of management. The system-dynamic models of information influences in social networks and groups are considered. Their application for purposes of counteraction to information terrorism and extremism is proved. The description in the form of flowcharts is given. Systems of differential equations are presented. Experiments with models using the advanced simulation platform Anylogic were carried out. In a sample of Russian settlements based on cluster analysis found homogeneous typological groups that differ in the average time of transmission of information in social networks. Based on Gibbs ‘ postulate, the system-dynamic model of information influences among students has been successfully tested. The high consistency of simulation results with empirical data (determination coefficients of at least 90%) is shown. Models allow you to forecast the II and ICA and to play different scenarios of the dynamics of these processes.
Keywords: : simulation modeling, information influences, management, social network, topology, typology, cluster analysis.
THE INVESTIGATION OF ERROR-CORRECTING CODING OF THE VARIOUS FILES
E. I. Vorobyev, Y. P. Preobrazhenskiy
Problems related to the protection of information from interference are relevant in a variety of practical applications. The information itself can be text, graphic, contain video clips. Interference can be unintentional as well as specially created by cyber criminals. To process and transmit information in practice, various noise-resistant codes are used. The paper discusses the characteristics of some similar stakes: Hamming code, code, reed-Muller, BCH code Bose-Chowdhury-Hoquinghem. The results of comparison of characteristics-correcting codes are shown. An illustration of the encoded text and those bits that have been distorted. A graphical dependency is given to illustrate the dependence of the number of corrected errors on the number of errors that were added to the original message for the three selected codes. The results of studies of the characteristics of redundancy of codes with different files are shown. The BCH and reed-Muller codes were chosen for testing. Txt, midi, wmv and mpeg-2 files were analyzed. A table on the results of research, which shows how the file size, as well as its appearance, have an impact on redundancy. It is established that Hamming and reed-Muller code fix single errors well, BCH code is suitable for correcting various errors.
Keywords: : coding, information, correcting ability, error.
ACCESS CONTROLS TO INFORMATION RESOURCES IN INFORMATION SYSTEMS
T.I. Lapina, E.M. Dimov, E.A. Petrik, D.V. Lapin
In article the campaign to the organization of multifactor authentication of users in automated information systems at remote access of many users to one information resource through network protocols is considered. It is shown that at a multiuser mode of data access of one of the main objectives of information security support of resources the problem of confirmation of the personality entering information exchange which can be solved by use of multiple-factor authentication is. For confirmation of the identity of the user dynamic biometric identification and authentications on a basis is used by dynes of hand-written handwriting. The complex of technical means of receiving biometric data, the procedure of their analysis and an algorithm of access to an information resource is offered. For forming of a biometric image, it is offered to use discrete transform of Fourier and the system of the orthogonal functions of Haar allowing to select essential features of the measured data of dynamics of hand-written handwriting of the user of information resources.
Keywords: : user authentication, multi-factor authentication, biometric data analysis.
MODELING PROCESSES OF THE SECONDARY GEODYNAMIC FACTORS FOR ENSURING THE LAW-ENFORCEMENT SEGMENT OF THE HARDWARE AND SOFTWARE COMPLEX «SAFE CITY»
O.I. Bokova, K.M. Bondar, V.S. Dunin, S.V. Kanavin, P.B. Skripko
The article discusses the use of security systems that are relevant to the units of the internal affairs agencies of the Ministry of Internal Affairs of Russia. The infocommunication technology of mathematical modeling is presented, which is based on the processes of secondary geodynamic factors arising as a result of geodynamic movements due to various tectonic disturbances. These processes are a potential direction for the development of the theory of geodynamic risks of security systems provided by law enforcement activities of the Ministry of Internal Affairs of Russia, including subsystems of the HSC«Safe City». The modern infrastructure of the hardware and software complex «Safe City» is based on the functional and technical requirements for the components of the complex and the formats for exchanging data between its elements that are uniform for all municipalities. It consists of a set of automation tools and systems designed for the functioning of vital facilities, taking into account the implementation of the law enforcement component. The basic provisions on the development of a mathematical model of the impact of the so-called secondary geodynamic factors on the process of safe functioning of human society in order to develop informed management decisions of a preventive and reactive nature are given. In particular, they can significantly expand the capabilities of the functional blocks «Safety of the population and municipal (municipal) infrastructure» and «Environmental safety» in the HSC «Safe City». This direction of development and their practical level of implementation becomes relevant in the field of ensuring various aspects of human security and is directly related to the activities of most of the power structures of modern society.
Keywords: : safe city, ministry of the internal affairs of Russia, secondary geodynamic factors, landscape-territorial complexes, security management.
FRAUDULENT TRANSACTIONS DETECTION SYSTEM DESIGN IN INTERNATIONAL LOGISTICS
D.V. Romanov, N.A. Ryndin
The article is devoted to the design of effective system for combat fraud using client’s publicly available data of the package delivery service. Because of the growth of frauds, business incurs heavy losses and complete system for fraud monitoring can stop suspicious actions and make recommendations for their further processing, which will significantly reduce economic, financial and reputational risks. The system is a single resource, which is implemented as a cloud web server and include the intellectual core for execution base labor-intensive operations on transaction analysis and detection. The analysis is based on well-proven machine learning algorithms based on supervised learning. For detection of fraudulent transactions model is built and tested, the best one is chosen. It classifies each transaction during data manipulations and make 2 actions depending on the security level: rejects or interprets it and may give recommendations for further action. After security levels are reviewed or added, the system retrained every time; training data is stored in the centralized repository. The developed service is supposed to be used for companies engaged in international logistics and had a simple and clear interface integration and interaction.
Keywords: : intelligent design, machine learning algorithms, decision support system, fraud transactions, anti-fraud, international logistics.
THE CONDITION MONITORING SYSTEM DESIGNS POTENTIALLY-DANGEROUS OBJECTS
T.I. Lapina, E.A. Petrik, D.V. Lapin, E.A. Kriushin
Approach to creation of a system of monitoring of parameters of accidental process on an example of creation of a control system of deformations of designs of potential and dangerous objects is considered. Measuring instruments of dynamic deformations of provision of structural elements of observed objects, the organization of a system of collecting, processing and analysis of technological data from measuring devices and their integration in real time, integration of diverse data and settlement modules the distributed system of information processing are offered. Approach to classification of measurements of deformations, formations of informative signs of the description of dynamics of accidental process and assessment of risk of emergency on a potential and dangerous object is offered. It is offered to carry out classification of these measurements on the basis of a method of the rationing of selective distributions allowing to lower computing complexity of the procedure of classification. The structure of a software and hardware complex of control of a condition of the processing equipment of the distributed industrial facilities including three subsystems is considered: a subsystem of collection of information from controlled knots of designs and preliminary data processing; subsystem of integration and accumulation (storage) of data; subsystem of the analysis of data and assessment of situations.
Keywords: : constructional risk-analysis, systems of monitoring, rationing of data.