METHOD FOR ASSESSING THE LEVEL OF SECURITY RISKS OF NETWORK NODES TO IMPROVE THE EFFICIENCY OF PLACEMENT OF IMMUNE DETECTORS
V.L. Tokarev, A.A. Sychugov
The relevance of the study is due to the need to improve the efficiency of the use of intrusion detection systems based on immune detectors. The rational placement of immune detectors on separate network nodes is of great importance for the effectiveness of the use of such systems. It is proposed to use the security risk level of individual network nodes as a criterion for selecting nodes for installing immune detectors. In this article, we propose a method for estimating this value, which makes it possible to single out the least protected nodes. Assessing the security risk of network nodes is complicated by the fact that the vulnerability is often not the only one. The main idea underlying the method is the use of a statistical formal model based on Markov chains in combination with a graph of possible trajectories and metrics for analyzing vulnerabilities. Scoring scores are used as metrics for analyzing vulnerabilities, which use three types of metrics: basic, temporal, and contextual. A design example is given. The resulting model can be used to identify critical nodes along the path of access to the target node, in which intruders can be most dangerous. Based on the information obtained using the model, the network administrator can install immune detectors on these nodes, which will significantly improve the protection system.
Keywords: information security, intrusion detection systems, immune detectors, Markov chains.
IMPLEMENTATION OF AN ADAPTIVE AUTHENTICATION SYSTEM USING AN EEG INTERFACE
A.Y. Iskhakov, A.M. Smirnov
The work offers methodological support for critical information infrastructure objects, which provides for the systematization of the basic steps for the formation of adaptive authentication algorithms, including using a biometric factor, which consists in checking the electroencephalogram of the access subject. The proposed approach eliminates the drawbacks of existing traditional authentication methods based on the use of explicit verification methods related to the fact that authentication characteristics are used to authenticate the user, which can be compromised by attackers. During the research, an authentication subsystem was implemented using the brain-computer interface. Despite the resistance to errors of the second kind, the insufficient results of the false access denial coefficient obtained at the stage of the experiment do not allow for the “seamless” implementation of such biometric authentication mechanisms in existing objects of critical information infrastructure. At the same time, the effectiveness of the adaptive mechanisms for checking the user profile formed on the basis of the approach proposed in the work indicates the possibility of their use on real objects using diverse factors and authentication criteria. Thus, in the framework of this article, one of the aspects of an integrated approach to ensure the security of the functioning of technological processes, as well as combating fraud and theft of information through the formation of adaptive authentication algorithms, was considered.
Keywords: authentication, electroencephalogram, neurointerface, brain–computer interface, critical information infrastructure, information security.
DESTRUCTIVE INFORMATIONAL AND PSYCHOLOGICAL INFLUENCE IN SOCIAL NETWORKS
V.P. Okhapkin, E.P. Okhapkina, A.O. Iskhakova, A.Y. Iskhakov
The article discusses the problem of the destructive information influence in social networks revealing. It is noted that the tasks that are associated with the rapid detection of destructive information influence are prerequisites for the development and improvement of methods and means for identifying such influences in social networks. To understand the social dynamics of social networks groups we consider: the communication model proposed by Theodore Newcomb, Kurt Levin’s “planar map”, and Fritz Haider’s theory of cognitive balance. UN documents on the counteraction of the use of the Internet for the extremist purposes and radicalization were analyzed. The role of the cognitive approach to the analysis of social network messages and the main scenarios implemented by influence actors in texts aimed at different audiences are considered. The study presents a systematic approach to the task of designing a multi-agent platform. Special attention is paid to the block of pattern analysis of user’s messages in social networks both from the position of mathematical modeling and social dynamics. The article describes the architecture and methods of the multi-agent system for the destructive information and humanitarian impact detection. The system consists of the administration interface, subsystems for the multi-agent system administration and agents management, clustering agents, network messages analysis and dispersion analysis. The description of the main blocks of agents and subsystems is given.
Keywords:multi-agent technologies, cluster analysis, information security, aggression, radicalization, machine learning, personality, information and psychological impact destructive informational impact, socio-cyberphysical system.
METHODS OF ACCEPTABLE OPTIONS FORMATION OF ORGANIZATIONAL STRUCTURE AND THE STRUCTURE OF THE AUTOMATED INFORMATION SECURITY MANAGEMENT SYSTEM
To ensure comprehensive information protection, it is necessary to use various means of information protection, distributed by levels and segments of the information system. This creates a contradiction, which consists in the presence of a large number of different means of information protection and the inability to ensure their joint coordinated application in ensuring the protection of information due to the lack of an automated control system. One of the tasks that contribute to the solution of this problem is the task of generating a feasible organizational structure and the structure of such an automated control system, whose results would provide these options and choose the one that is optimal under given initial parameters and limitations.Тhe problem is solved by reducing the General problem to a particular problem of splitting into subgraphs of the original graph of the automated cyber defense control system. In this case, the subgraphs will correspond to the subsystems of the automated cyber defense management system at different levels and will provide a visual representation of the process of acceptable variants formation of the organizational composition and structure of such an automated control system. As a result of the operation of splitting into subtasks of the graph, a set of acceptable variants of the organizational composition and structures of the automated cyber defense management system are supposed to be obtained, based on which the optimal choice is made under the given initial parameters and restrictions. As a result, the technique of formation of admissible variants of organizational structure and structure by the automated control system of cyber defense is received.
Keywords: information security, cybersecurity, information protection, control, automated control systems.
METHOD OF AUDITING THE PROTECTION OF AUTOMATED SYSTEMS
V.L. Tokarev, A.A. Sychugov
The analysis of the currently existing regulatory framework and methods for analyzing the protection of information resources was carried out. It is noted that the basis of the methods is the use of technical methods of analysis, which involve the use of both active and passive testing of the information protection system. Another existing solution to this problem is the use of expert assessments. However, both approaches are laborious and often subjective. On the basis of the theory of fuzzy sets, a mathematical model is proposed for auditing the security of automated systems on the basis of which an appropriate method has been proposed. Fuzzy models are considered as a tool for auditing automated systems that process confidential information. As an example of the use of the proposed method, an assessment of one of the information security aspects is considered – the security of access to confidential information in an automated system. The proposed method will make it possible to effectively use the obtained estimates for solving the problem of ensuring the security of information in automated systems. The main advantage of the method is that it does not require complex testing procedures, calculating probabilities, attracting and selecting experts, etc., and can be used to evaluate most various aspects of information security.
Keywords: :information security, access security, evaluation.
INTELLIGENT NETWORK INTRUSION DETECTION SYSTEM BASED ON ARTIFICIAL IMMUNE SYSTEM MECHANISMS
The article is devoted to the problem of detecting network attacks, both known and previously unknown. The application of various methods of artificial intelligence in the scientific literature to solve this problem was analyzed. The advantages of the artificial immune system were revealed. Its main mechanisms including artificial lymphocytes generation, negative selection, clonal selection, data analysis, and periodic renewal of lymphocytes were analyzed. The article describes the developed intrusion detection system based on artificial immune system. Developed system includes a sniffing subsystem, so that allows it to analyze real data of host network connections. The article also describes network connections dataset KDD99, which used to efficiency evaluation of developed system. The methods of compressing the initial dataset proposed in the scientific literature were analyzed, and the drawbacks of these methods were identified. This article describes the experimental determination of the network connections significant parameters contained in the dataset. The authors identified 13 significant parameters from 41, and also they described the process of preliminary processing and preparation of the analyzed data, a series of experiments. The results of the experiments showed the high efficiency of the developed system in detecting unknown network attacks, detecting and classifying known attacks.
Keywords: : intrusion detection system, artificial immune system, KDD99, information security, network security, network attack.
DEVELOPMENT OF THE SOFTWARE CONCEPT OF THE TECHNIQUE OF ASSESSMENT OF QUALITY OF INFORMATION SYSTEMS “INSPECTOR”
O. M. Romanova (Knyazeva), K.N. Kurguzkin
The article considers the problem of assessing the quality of information systems (IS) of organizations. It was observed, that the most promising approaches in the field of IS quality assessment and management based on ISO 9000. The method “Inspector” which was developed by I.M. Azhmukhamedov and O.M. Romanova refers to such methods. The task of developing an algorithm and software that collects and processes expert data is actual. The article is devoted to the solution of this problem. The stages were identified in which experts data are collected for the “Inspector”: definition of IS functions; definition of IS subsystems; definition of elements of sets of concepts of fuzzy cognitive models of IS quality assessment; identification of links between the concepts of fuzzy cognitive models of IS quality assessment; formation of a knowledge base for assessing the current level of IS quality, consisting of fuzzy logic rules that determine the impact of each damage’s level of the damage hierarchy on information security services; condition assessment of concepts of fuzzy cognitive models of an estimation of quality of IS, which are input parameters of algorithms of a method “Inspector”. It is noted that at stage four-six it is necessary to use methods that excludes the influence of other experts on the opinion of one expert. As a result, the method of online questioning was chosen to solve the problem. It was suggested that the system is required in the form of a web portal. The algorithm of work was developed. The roles of portal users were identified. The structure of the portal form was defined.
Keywords: information security, quality assessment, infrastructure, software development, information system, decision maker, expert evaluation.
A STUDY OF THE POSSIBILITIES OF USING STEGANOGRAPHIC METHODS OF INFORMATION PROTECTION
A.V. Pitolin, Y.P. Preobrazhensky, O.N. Choporov
Steganographic methods are used to hide the very fact of the existence of certain messages. The paper analyzes the key concepts that are used in steganographic methods of information transformation. Describes the features of the steganographic methods hide information in graphic files. Developed the threat model unauthorized transfer of information by steganographic methods of information transformation using the graphical containers. The article Presents a classification scheme of threats of unauthorized information transfer using the methods of its steganographic transformation. An experiment was conducted to identify the most effective ways to counteract unauthorized access to information. The author has established that almost all methods of counteraction to unauthorized access on time of influence do not exceed 2 seconds. Highlighted ways to counter at the time of exposure that do not exceed 0.7 seconds. The experiment was conducted among 10 people with the help of the S-tools program and the created AntiStego software. The paper presents the algorithm of the program “AntiStego” together with the description of the software modules implementing counteraction to unauthorized access. A generalized scheme of the experiment for combating the unauthorized covert transfer of information.
Keywords: information security, steganographic approach, unauthorized access.
IDENTIFICATION OF USERS BY KEYBOARD HANDWRITING USING THE ALGORITHM
OF FREQUENT BIGRAMS REGISTRATION
V.I. Vasilyev, M.F. Kaliamov, L.F. Kaliamova
In this article the developed algorithm for identification of users by keyboard handwriting with registration of frequent bigrams is considered. By means of this algorithm it is possible to carry out identification of users in a constant, continuous operation in computer system. The offered algorithm eliminates defects of existing user identification methods which are used only during login and by that do not protect system from invasion after authorization of the user. As temporal indices of keyboard handwriting the following characteristics are used: key press time, pauses between clicking of keys. Time response characteristics are gathered according to each bigram separately, it is necessary because keys are located at different distances from each other and it turns out that temporal time delays of clicking of the same key will differ in different bigrams. That will use more often bigrams during operation of the user in system, especially time response characteristics will be exact and respectively the efficiency of user identification will increase. After carrying out identification if data differ from reference, then the subsequent lock of execution of actions by the user is possible. For confirmation of overall performance of an algorithm results of check using a finding method Euclidean distances are provided.
Keywords: : information security, information protection, identification, authentication, biometry, keyboard handwriting, bigrams.
VULNERABILITY CLASSIFICATION OF CLOUD TOOLS IN THE PROBLEM OF QUANTITATIVE RISK ASSESSMENT
A.V. Tsaregorodtsev, A.N. Zelenina, V.A. Savelev
Almost all technologies that are now part of the cloud paradigm existed before, but so far there have been no offers on the market that would combine the promising technologies in a single commercially attractive solution. Only in the past decade publicly available cloud services emerged, which made these technologies, on the one hand, available to the developer, and on the other hand, understandable for the business community. But many of the features that make cloud computing attractive can conflict with traditional information security models. Based on a common vulnerability assessment system, which allows to determine the qualitative index of susceptibility to vulnerabilities of information systems taking into account environmental factors, a methodology for risk assessment for different types of deployment of cloud environments was proposed. Based on the widely used Common Vulnerability Accounting System, which helps to determine the qualitative indicator of susceptibility to information system vulnerabilities, the article proposes a classification of vulnerabilities typical for different types of cloud deployment.
Keywords: : information security, cloud computing, vulnerability, risk model, risk assessment.