MALWARE DETECTION SYSTEM BASED ON MACHINE LEARNING TECHNOLOGY
O.N. Vybornova, I.A. Pidchenko
The continuous growth in the number of malicious programs makes the task of their detection urgent: classifying programs into malicious and safe. In this regard, this study is devoted to the development of a malware detection system based on machine learning, namely, training an artificial neural network with a teacher. In the course of the study, we analyzed the structure of Portable Executable files of the Windows operating system, selected characteristics from PE-files to form a training set, and also selected and substantiated the topology (four-level perceptron) and parameters of the antivirus neural network. The Keras library was used to create and train the model. The Ember dataset of safe and malicious software was used to form the training set. We have trained and verified the adequacy of training for the developed malicious code recognition model. The training results of the anti-virus neural network proposed in the study showed a high accuracy of malware detection and the absence of the overtraining effect, which indicates good prospects for using the model. Although the experimental model of a neural network is not able to fully replace the anti-virus scanners, the materials of the article are of practical value for the tasks of classifying programs into malicious and safe.
Keywords: malware, machine learning, anti-virus neural network, neural network training, Keras, Ember, Dropout.
BAYESIAN METHODS IN THE ANALYSIS OF ILLEGAL ACTIVITY OF USERS OF ELECTRONIC TRADING PLATFORMS
The paper considers the issues of prevention and detection of crimes committed in the information and communication environment, as well as its use. Given the increasing demand for the Internet as an important social component in the state’s development strategy, the development and implementation of tools, preventive measures and methods for solving crimes committed in the virtual environment in the system of law enforcement cannot be overestimated. Despite the fact that algorithms for committing crimes of this type are widely known and well-studied by domestic and foreign authors, methods for solving such crimes and questions of their practical application remain a topical subject of scientific research. This article discusses a possible mechanism for law enforcement agencies based on a preliminary study and identification of patterns in the use of the Internet by its users. Based on data mining methods, we consider ways to improve the effectiveness of internal Affairs agencies in the application of measures to prevent and solve crimes in the information and communication environment. The method proposed in this paper provides an opportunity to forecast demand and supply for commercial offers posted on the global network that are associated with criminal manifestations. The use of these scenarios in law enforcement provides an opportunity not only to organize preventive measures to prevent the onset of criminal consequences, but also to disclose previously committed criminal acts.
Keywords: data mining, Internet, crime, forecasting, electronic commerce, a posteriori probability.
THE MODEL FOR EVALUATING THE EFFECTIVENESS OF AN INFORMATION SECURITY SYSTEM CONFIGURATION BASED ON GENETIC ALGORITHMS
I.M. Kosmacheva, N.V. Daviduyk, I.V. Sibikina, I.Y. Kuchin
The article presents the hierarchical structure of settings for information security tools, introduced criteria for evaluating the effectiveness of security systems, formalizes the concept of “security system configuration” based on evolutionary modeling objects, such as population, chromosome (solution vector), fitness function, etc. The mathematical model for constructing a security system using artificial intelligence methods has been developed. The proposed system is characterized by the possibility of considering the influence of random factors (staff, equipment failures, attack time on the security system) when choosing a protection option and the ability of adapting the protection system to changing environmental conditions. This model allows to use it not only in the professional activities of information security specialists, but also in training process as a kind of simulator. The development of an effective information security system using a genetic algorithm is possible on the basis of system monitoring events data, data received from experts and during simulation of the protection system. Thus, the research results have an applied nature and can be used in developments related to the design of information systems, decision support systems in the field of information security.
Keywords: evolutionary modeling, simulation, genetic algorithm, threats to information security, information security tools, security system configuration, data protection.
METHOD FOR ASSESSING THE LEVEL OF SECURITY RISKS OF NETWORK NODES TO IMPROVE THE EFFICIENCY OF PLACEMENT OF IMMUNE DETECTORS
V.L. Tokarev, A.A. Sychugov
The relevance of the study is due to the need to improve the efficiency of the use of intrusion detection systems based on immune detectors. The rational placement of immune detectors on separate network nodes is of great importance for the effectiveness of the use of such systems. It is proposed to use the security risk level of individual network nodes as a criterion for selecting nodes for installing immune detectors. In this article, we propose a method for estimating this value, which makes it possible to single out the least protected nodes. Assessing the security risk of network nodes is complicated by the fact that the vulnerability is often not the only one. The main idea underlying the method is the use of a statistical formal model based on Markov chains in combination with a graph of possible trajectories and metrics for analyzing vulnerabilities. Scoring scores are used as metrics for analyzing vulnerabilities, which use three types of metrics: basic, temporal, and contextual. A design example is given. The resulting model can be used to identify critical nodes along the path of access to the target node, in which intruders can be most dangerous. Based on the information obtained using the model, the network administrator can install immune detectors on these nodes, which will significantly improve the protection system.
Keywords: information security, intrusion detection systems, immune detectors, Markov chains.
ASPECTS OF THE SAFE FUNCTIONING OF UNMANNED VEHICLES IN A SMART CITY ENVIRONMENT
A.V. Abdulov, E.A. Abdulova
At present, unmanned vehicle (UV) to provide the accurate navigation under motion are in majority cases depended on GPS, what makes the access to the Network of importance for correct performance in the smart city environment. To implement the smart city conception, the search of alternative techniques of UV localization is vital, since in real conditions GPS signal may be either absent, or its accuracy may be found insufficient to move over a route or to implement maneuvers. One should note that there exist problems for putting in operation the UV technologies: ethical (confidentiality and trust) and cybersecurity. Since in the smart city environment all UVs are to be connected to the Network, then cybersecurity issues also require an additional attention. Cyber threats can provoke violations in both individual UVs and the transportation system as a whole. The paper emphasizes three main categories of UV program systems providing, correspondingly, sampling and processing data, planning, and control. An approach to the UV performance architecture is presented, based on the sampling and processing data, decision making, network and computational multi-level analytics. To increase the UV security in a smart city, the paper proposes to utilize a safety management system based on the factor analysis and risks calculation techniques. To increase the UV security in the part of unobstructed motion, local positioning network models are proposed enabling to work out motion schemes.
Keywords:unmanned vehicle, smart city, functioning architecture, safety management system, local positioning, network models.
STUDY OF THE PROBABILISTIC CHARACTERISTICS OF PSP SYNCHRONIZATION METHODS: A MAJORITY METHOD FOR PROCESSING SYNCHRONIZING INFORMATION IN MAS PROTOCOLS FOR MULTIPLE ACCESS AND WARD’S SEQUENTIAL ESTIMATION METHOD
UDC 621.391, 004.021
V.V. Podoltsev, I.M. Azhmukhamedov
The relevance of the study is due to the need to develop a methodology for choosing the optimal sync sequence length during majority processing of a pseudo-random sequence segment (PRS), which will reduce the synchronization time in the face of increasing errors. In this regard, this article is aimed at studying the probabilistic characteristics of the compared PRS synchronization methods and developing a methodology for choosing the optimal sync sequence length. The leading method to study this problem is the Ward sequential estimation method, which allows for a small signal / noise ratio in the band of the received signal (H 2 < 1) to enter synchronism within one period. The article presents the results of simulation for the method based on majority checks and the Ward method. The dependences of the decoding bit error Pм on the length of the processed segment N, the dependencies of the symbolic decoding error Pсимв on the length of the processed segment N, and the dependence of the average search time on the PRS on the length of the processed segment N are constructed. A comparative analysis of the simulation results for the Ward method and the method based on majority decoding is performed. Based on the studies, a methodology was developed for choosing the optimal length of the synchronization sequence during majority processing of the PRS segment. The materials of the article are of practical value for scientists, doctoral students, graduate students, teachers, practitioners working and studying in the field of information security.
Keywords:probability of destructive error, decoding bit error, average memory bandwidth search time, length of the processed segment, majority information processing method, Ward method.
ENSURING THE FUNCTIONAL SAFETY OF HARDWARE AND SOFTWARE SYSTEMS IN AN UNCERTAIN ENVIRONMENT OF USE
V.E. Gvozdev, M.B. Guzairov, O.Y. Bezhaeva, A.S. Davlieva, R.R. Galimov
A promising direction in ensuring the functional safety of subject-centric systems, which include information and computing systems, which are hardware and software systems, is the so-called “barrier thinking” (English – barrier thinking). The emergence of this scientific trend dates back to the late 80s and is associated with the name J. Reason. The starting point of the scientific direction is the recognition of the inevitability of latent defects in the control systems of a complex system. The focus of philosophy is the development of multilayer, layered systems of protection against external aggressive influences, as well as manifestations of latent defects in control systems. The practical implementation techniques based on “barrier thinking” is reduced to eliminating the possibility of such a combination of latent defects at various levels of the control object (organizational, tactical, operational), at which the hazards are transformed into unwanted effects. One of the promising approaches to the formation of a systematic procedure for creating barriers is the approach known in foreign literature as the Anticipatory Failure Determination (AFD), and in the domestic one as “diversion analysis”. The approach called “diversion analysis” includes reactive and proactive approaches to ensuring the functional safety of subject-centric systems. This article analyzes the conceptual framework of AFD, the result of which is the conclusion that the methodological basis of AFD is system analysis. This justifies the possibility of adapting models and methods of system analysis to the problems of qualitative and quantitative research of systems within the framework of AFD. A description of a typical event analysis framework for AFD-1 is provided. An example of the use of this circuit in the failure analysis case of a software product is given. In conclusion, the restrictions on the scope of applicability of AFD as a methodological basis for ensuring the functional safety of hardware and software systems in the conditions of uncertainty in the environment of use are determined.
Keywords: digital environment, functional safety, hardware-software complex, “barrier thinking”, diversion analysis.
MODEL OF COMPLEX FLOWS ADDRESS THREATS TO INFORMATION SECURITY IN COMMUNICATION NETWORKS SPECIAL PURPOSE
O.I. Bokova, D.A. Zhayvoronok, S.V. Kanavin, N.S. Khokhlov
Currently, special-purpose communications networks are widely used in government bodies, bodies that carry out the functions of the country’s defense, state security and law enforcement. In connection with the features of the functioning of infocommunication systems and communication networks for special purposes, it must be borne in mind that they are deployed and provide management and interaction within the existing departmental and interdepartmental communication systems. The article proposes a model for the formation of a set of means to counter threats to information security in communication networks for special purposes. A description of such complexes is given, situations and grounds for their application are considered. Attention is drawn to the identification of common technological features of the formation of a set of means to counter threats to information security in communication networks for special purposes. To formulate requirements for complexes of means of counteracting threats to information security in communication networks for special purposes, a rule base has been compiled on the basis of which certain countermeasures will be selected. The authors modeled the functioning of a complex of countermeasures using the apparatus of linguistic variables and fuzzy expert systems. Based on the results obtained, requirements can be proposed for creating a set of means to counter threats to information security in special communication networks. The mathematical apparatus used in this article, based on the use of linguistic variables and fuzzy expert systems, can fully characterize the dependence of the effectiveness of countermeasures on the totality of implemented protective measures.
Keywords:countering threats to information security, special-purpose communications networks, integrated approach, fuzzy expert systems, security management.
NETWORK ATTACK ROUTE ANALYSIS APPROACH
I.A. Kuznetsov, V.S. Oladko
The article discusses current problems and tools for ensuring information security in network infrastructure. The author analyzes the current trends in information security breaches in 2018-2019, concludes about the relevance of countering threats related to unauthorized access to network resources and objects. A typical network infrastructure was analyzed, the main elements were identified: subjects, objects and access resources. The most important security elements are network and server hardware. The main sources of threats to network security violations are identified, a chain of threats to network security is compiled and described, the significance of threats is shown by sources of which are external and internal violators. An example of a network attack implementation scheme during exploitation of the BDU vulnerability: 2017-02494 is given. An approach to building network attack routes for an internal and external security intruder is proposed. It is shown that the network attack route represents the procedure for overcoming technical as well as logical devices containing security measures when implementing an attack on a network infrastructure object. An algorithm for constructing a network attack has been developed. The conclusion is drawn about the possibility of applying the approach to building a network attack route in the tasks of security monitoring, security assessment and planning of protective measures.
Keywords:vulnerability, network security, security event, attack vector, intruder.
RATING MANAGEMENT OF RESOURCE ALLOCATIONSOFTWARE IN ORGANIZATIONAL SYSTEMSBASED ON EXPERT SELECTION OPTIMIZATION
B.A. Chernyshov, O.N. Choporov
Rational allocation of resources is one of the most urgent tasks of managing organizational social-and-economic systems. In this case, there is a need to compare objects based on quantifiable estimates. The integral characteristic of this assessment allows you to specify the rating of objects and can be used in rating management systems. The article considers an optimization approach to expert selection of resource allocation options when using rating management in organizational social-and-economic systems. It is shown that the sources of multivariance are: a variety of sets of indicators used for internal rating assessment, a variety of models for ordering objects of the organizational system by the value of the integral assessment, a variety of models for the distribution of resource provision. The optimization of the expert selection is proposed to be ensured by integrating methods of organizing group examinations, processing their results and selecting the final solution. Combining them in a single cycle of decision-making management within the computer meeting, a question/answer mode of the negotiation process was introduced, allowing to coordinate the opinions of a group of equivalent experts with the dominant one. The paper also justifies the final variant choice of resource allocation in the organizational system based on a combination of the majority and dictator principles.
Keywords: organizational system, rating management, resource support, group expertise, optimal choice.