IMPLEMENTATION OF AN ADAPTIVE AUTHENTICATION SYSTEM USING AN EEG INTERFACE
A.Y. Iskhakov, A.M. Smirnov
The work offers methodological support for critical information infrastructure objects, which provides for the systematization of the basic steps for the formation of adaptive authentication algorithms, including using a biometric factor, which consists in checking the electroencephalogram of the access subject. The proposed approach eliminates the drawbacks of existing traditional authentication methods based on the use of explicit verification methods related to the fact that authentication characteristics are used to authenticate the user, which can be compromised by attackers. During the research, an authentication subsystem was implemented using the brain-computer interface. Despite the resistance to errors of the second kind, the insufficient results of the false access denial coefficient obtained at the stage of the experiment do not allow for the “seamless” implementation of such biometric authentication mechanisms in existing objects of critical information infrastructure. At the same time, the effectiveness of the adaptive mechanisms for checking the user profile formed on the basis of the approach proposed in the work indicates the possibility of their use on real objects using diverse factors and authentication criteria. Thus, in the framework of this article, one of the aspects of an integrated approach to ensure the security of the functioning of technological processes, as well as combating fraud and theft of information through the formation of adaptive authentication algorithms, was considered.
Keywords: authentication, electroencephalogram, neurointerface, brain–computer interface, critical information infrastructure, information security.
DESTRUCTIVE INFORMATIONAL AND PSYCHOLOGICAL INFLUENCE IN SOCIAL NETWORKS
V.P. Okhapkin, E.P. Okhapkina, A.O. Iskhakova, A.Y. Iskhakov
The article discusses the problem of the destructive information influence in social networks revealing. It is noted that the tasks that are associated with the rapid detection of destructive information influence are prerequisites for the development and improvement of methods and means for identifying such influences in social networks. To understand the social dynamics of social networks groups we consider: the communication model proposed by Theodore Newcomb, Kurt Levin’s “planar map”, and Fritz Haider’s theory of cognitive balance. UN documents on the counteraction of the use of the Internet for the extremist purposes and radicalization were analyzed. The role of the cognitive approach to the analysis of social network messages and the main scenarios implemented by influence actors in texts aimed at different audiences are considered. The study presents a systematic approach to the task of designing a multi-agent platform. Special attention is paid to the block of pattern analysis of user’s messages in social networks both from the position of mathematical modeling and social dynamics. The article describes the architecture and methods of the multi-agent system for the destructive information and humanitarian impact detection. The system consists of the administration interface, subsystems for the multi-agent system administration and agents management, clustering agents, network messages analysis and dispersion analysis. The description of the main blocks of agents and subsystems is given.
Keywords:multi-agent technologies, cluster analysis, information security, aggression, radicalization, machine learning, personality, information and psychological impact destructive informational impact, socio-cyberphysical system.
METHODS OF ACCEPTABLE OPTIONS FORMATION OF ORGANIZATIONAL STRUCTURE AND THE STRUCTURE OF THE AUTOMATED INFORMATION SECURITY MANAGEMENT SYSTEM
To ensure comprehensive information protection, it is necessary to use various means of information protection, distributed by levels and segments of the information system. This creates a contradiction, which consists in the presence of a large number of different means of information protection and the inability to ensure their joint coordinated application in ensuring the protection of information due to the lack of an automated control system. One of the tasks that contribute to the solution of this problem is the task of generating a feasible organizational structure and the structure of such an automated control system, whose results would provide these options and choose the one that is optimal under given initial parameters and limitations.Тhe problem is solved by reducing the General problem to a particular problem of splitting into subgraphs of the original graph of the automated cyber defense control system. In this case, the subgraphs will correspond to the subsystems of the automated cyber defense management system at different levels and will provide a visual representation of the process of acceptable variants formation of the organizational composition and structure of such an automated control system. As a result of the operation of splitting into subtasks of the graph, a set of acceptable variants of the organizational composition and structures of the automated cyber defense management system are supposed to be obtained, based on which the optimal choice is made under the given initial parameters and restrictions. As a result, the technique of formation of admissible variants of organizational structure and structure by the automated control system of cyber defense is received.
Keywords: information security, cybersecurity, information protection, control, automated control systems.
METHOD OF AUDITING THE PROTECTION OF AUTOMATED SYSTEMS
V.L. Tokarev, A.A. Sychugov
The analysis of the currently existing regulatory framework and methods for analyzing the protection of information resources was carried out. It is noted that the basis of the methods is the use of technical methods of analysis, which involve the use of both active and passive testing of the information protection system. Another existing solution to this problem is the use of expert assessments. However, both approaches are laborious and often subjective. On the basis of the theory of fuzzy sets, a mathematical model is proposed for auditing the security of automated systems on the basis of which an appropriate method has been proposed. Fuzzy models are considered as a tool for auditing automated systems that process confidential information. As an example of the use of the proposed method, an assessment of one of the information security aspects is considered – the security of access to confidential information in an automated system. The proposed method will make it possible to effectively use the obtained estimates for solving the problem of ensuring the security of information in automated systems. The main advantage of the method is that it does not require complex testing procedures, calculating probabilities, attracting and selecting experts, etc., and can be used to evaluate most various aspects of information security.
Keywords: :information security, access security, evaluation.
INTELLIGENT NETWORK INTRUSION DETECTION SYSTEM BASED ON ARTIFICIAL IMMUNE SYSTEM MECHANISMS
The article is devoted to the problem of detecting network attacks, both known and previously unknown. The application of various methods of artificial intelligence in the scientific literature to solve this problem was analyzed. The advantages of the artificial immune system were revealed. Its main mechanisms including artificial lymphocytes generation, negative selection, clonal selection, data analysis, and periodic renewal of lymphocytes were analyzed. The article describes the developed intrusion detection system based on artificial immune system. Developed system includes a sniffing subsystem, so that allows it to analyze real data of host network connections. The article also describes network connections dataset KDD99, which used to efficiency evaluation of developed system. The methods of compressing the initial dataset proposed in the scientific literature were analyzed, and the drawbacks of these methods were identified. This article describes the experimental determination of the network connections significant parameters contained in the dataset. The authors identified 13 significant parameters from 41, and also they described the process of preliminary processing and preparation of the analyzed data, a series of experiments. The results of the experiments showed the high efficiency of the developed system in detecting unknown network attacks, detecting and classifying known attacks.
Keywords: : intrusion detection system, artificial immune system, KDD99, information security, network security, network attack.
DEVELOPMENT OF THE SOFTWARE CONCEPT OF THE TECHNIQUE OF ASSESSMENT OF QUALITY OF INFORMATION SYSTEMS “INSPECTOR”
O. M. Romanova (Knyazeva), K.N. Kurguzkin
The article considers the problem of assessing the quality of information systems (IS) of organizations. It was observed, that the most promising approaches in the field of IS quality assessment and management based on ISO 9000. The method “Inspector” which was developed by I.M. Azhmukhamedov and O.M. Romanova refers to such methods. The task of developing an algorithm and software that collects and processes expert data is actual. The article is devoted to the solution of this problem. The stages were identified in which experts data are collected for the “Inspector”: definition of IS functions; definition of IS subsystems; definition of elements of sets of concepts of fuzzy cognitive models of IS quality assessment; identification of links between the concepts of fuzzy cognitive models of IS quality assessment; formation of a knowledge base for assessing the current level of IS quality, consisting of fuzzy logic rules that determine the impact of each damage’s level of the damage hierarchy on information security services; condition assessment of concepts of fuzzy cognitive models of an estimation of quality of IS, which are input parameters of algorithms of a method “Inspector”. It is noted that at stage four-six it is necessary to use methods that excludes the influence of other experts on the opinion of one expert. As a result, the method of online questioning was chosen to solve the problem. It was suggested that the system is required in the form of a web portal. The algorithm of work was developed. The roles of portal users were identified. The structure of the portal form was defined.
Keywords: information security, quality assessment, infrastructure, software development, information system, decision maker, expert evaluation.
A STUDY OF THE POSSIBILITIES OF USING STEGANOGRAPHIC METHODS OF INFORMATION PROTECTION
A.V. Pitolin, Y.P. Preobrazhensky, O.N. Choporov
Steganographic methods are used to hide the very fact of the existence of certain messages. The paper analyzes the key concepts that are used in steganographic methods of information transformation. Describes the features of the steganographic methods hide information in graphic files. Developed the threat model unauthorized transfer of information by steganographic methods of information transformation using the graphical containers. The article Presents a classification scheme of threats of unauthorized information transfer using the methods of its steganographic transformation. An experiment was conducted to identify the most effective ways to counteract unauthorized access to information. The author has established that almost all methods of counteraction to unauthorized access on time of influence do not exceed 2 seconds. Highlighted ways to counter at the time of exposure that do not exceed 0.7 seconds. The experiment was conducted among 10 people with the help of the S-tools program and the created AntiStego software. The paper presents the algorithm of the program “AntiStego” together with the description of the software modules implementing counteraction to unauthorized access. A generalized scheme of the experiment for combating the unauthorized covert transfer of information.
Keywords: information security, steganographic approach, unauthorized access.
IDENTIFICATION OF USERS BY KEYBOARD HANDWRITING USING THE ALGORITHM
OF FREQUENT BIGRAMS REGISTRATION
V.I. Vasilyev, M.F. Kaliamov, L.F. Kaliamova
In this article the developed algorithm for identification of users by keyboard handwriting with registration of frequent bigrams is considered. By means of this algorithm it is possible to carry out identification of users in a constant, continuous operation in computer system. The offered algorithm eliminates defects of existing user identification methods which are used only during login and by that do not protect system from invasion after authorization of the user. As temporal indices of keyboard handwriting the following characteristics are used: key press time, pauses between clicking of keys. Time response characteristics are gathered according to each bigram separately, it is necessary because keys are located at different distances from each other and it turns out that temporal time delays of clicking of the same key will differ in different bigrams. That will use more often bigrams during operation of the user in system, especially time response characteristics will be exact and respectively the efficiency of user identification will increase. After carrying out identification if data differ from reference, then the subsequent lock of execution of actions by the user is possible. For confirmation of overall performance of an algorithm results of check using a finding method Euclidean distances are provided.
Keywords: : information security, information protection, identification, authentication, biometry, keyboard handwriting, bigrams.
VULNERABILITY CLASSIFICATION OF CLOUD TOOLS IN THE PROBLEM OF QUANTITATIVE RISK ASSESSMENT
A.V. Tsaregorodtsev, A.N. Zelenina, V.A. Savelev
Almost all technologies that are now part of the cloud paradigm existed before, but so far there have been no offers on the market that would combine the promising technologies in a single commercially attractive solution. Only in the past decade publicly available cloud services emerged, which made these technologies, on the one hand, available to the developer, and on the other hand, understandable for the business community. But many of the features that make cloud computing attractive can conflict with traditional information security models. Based on a common vulnerability assessment system, which allows to determine the qualitative index of susceptibility to vulnerabilities of information systems taking into account environmental factors, a methodology for risk assessment for different types of deployment of cloud environments was proposed. Based on the widely used Common Vulnerability Accounting System, which helps to determine the qualitative indicator of susceptibility to information system vulnerabilities, the article proposes a classification of vulnerabilities typical for different types of cloud deployment.
Keywords: : information security, cloud computing, vulnerability, risk model, risk assessment.
TWO-STAGE PROCEDURE OF QUANTITATIVE ASSESSMENT OF INFORMATION SECURITY RISK OF CLOUD COMPUTING
A.V. Tsaregorodtsev, A.N. Zelenina, V.A. Savelev
When organizations use cloud services, special attention to ensuring the security of their computing resources and information assets should be paid. It is one of the most important factors in making decisions on outsourcing services. Adopting a new model of providing IT services using cloud technologies and managing information risks is impossible without understanding the possible types of threats that organizations may face. The authors propose a methodology for assessing information security risks that allows analyzing the cloud services security under the impact of the threat classes under consideration, as well as a set of effective measures and means to counteract these threats. The proposed method for assessing risks for different types of deployment of cloud environments is aimed at identifying the countermeasures to possible attacks and correlating the amount of damage with the total cost of ownership of the entire infrastructure of information resources of the organization.
Keywords: : information security, cloud computing, risk assessment, risk model, frequency of exploit use, damage during the implementation of the exploit.