9004 2071-8217 3 2023 1-186

RAR RUS 9-24 Military Academy of the General Staff of the Armed Forces of the Russian Federation Chernyshov Vladimir Mozhaisky Military Aerospace Academy Glibovsky Pavel vka@mil.ru Mozhaisky Military Aerospace Academy Timashov Pavel vka@mil.ru Method of providing and conducting internal audit of information security of organisations on the basis of risk-oriented approach In order to guarantee effective information security of an organization, a systematic and comprehensive approach is necessary. One of the most effective tools for obtaining an independent and objective assessment of organizations’ security against information security risks and threats and evaluating the level of organization IS provision is the internal information security audit. Nowadays, more and more additional requirements are imposed to the methods of ensuring and conducting IS audit. Having analyzed the scientific literature, training manuals and articles in the field of information security, a method based on the risk-oriented approach is developed. The risk management theory and the internal audit methodology built on its basis should become the tools for conducting the audit. Information security audit based on the risk-oriented approach will make it possible to assess the security of the organization, identify risks, create and (or) adjust the plan of measures to minimize them, improve the interaction of departments responsible for control and risk management 10.48612/jisp/5hvf-zvdp-akn4 004.021 information security audit risk-oriented approach risk matrix information security threats security level https://jisp.spbstu.ru/article/2023.13.1/ 2023_3-5-6.pdf

RAR RUS 25-32 0000-0001-6753-2181 Saint Petersburg Federal Research Center of Russian Science Academy Lebedev Ilya isl_box@mail.ru 0000-0003-1798-8257 Russian State Hydrometeorological University Sukhoparov Mikhail mail@sukhoparovm.ru Improving the quality of information security state identification based on sample segmentation Improving the quality indicators of information security state identification of individual segments of cyber-physical systems is associated with the processing of large information arrays. We propose a method for improving quality indicators when solving problems of information security state identification. Its implementation is based on the formation of individual segments of the sample. The analysis of properties of these segments makes it possible to select and assign algorithms having the best quality indicators on the current segment. The segmentation of the data sample is considered. Experimental values of the quality index for the proposed method for different classifiers on individual segments and the whole sample are given on the example of real dataset data 10.48612/jisp/9ppa-1zda-5vvd 004.056 information security machine learning data set data segmentation data sampling https://jisp.spbstu.ru/article/2023.13.2/ 2023_3-5-6.pdf

RAR RUS 33-57 0000-0001-8786-5661 ITMO University Fedosenko Maxim fedosenkomaksim98@gmail.com 0000-0002-0924-6221 Saint Petersburg State University of Aerospace Instrumentation Bezzateev Sergey sergey.bezzateev@gmail.com

Russia, 190000, St. Petersburg, Bolshaya Morskaya str., 67, liter A

Comparative analysis of the problems of the application of steganography methods in the implementation of illegal actions and its role in digital forensics This work contains a study of the problem of using steganographic algorithms by attackers to hide and exchange illegal data. The paper formulates the relevance of the problem by analyzing of the cases of using steganography in attacks on computer systems and based on the development trend of controlled Internet, supported by the legal framework. An analysis of methods for hiding data and their subsequent exchange on public Internet resources is presented through a review of the works of researchers in this area, the main tools used by attackers are identified and described. As an analysis of counteraction methods, a comparative description of use of the artificial intelligence technologies in the field of steganoanalysis is presented, the most promising and applicable for the tasks of automatic analysis of content posted on public Internet resources are identified. In the conclusion provisions of the work, the process of exchanging hidden data by malefactors using the model of EPC notation. The directions and tasks of steganoanalysis are highlighted, the solution of which will allow further development of a unified system for protecting public Internet resources, prospects for the use of new steganographic algorithms, such as hiding in the blockchain, source code are presented. resources and placement of content with the presence of physical attachments of information 10.48612/jisp/hnud-f89z-8gx7 004.056 steganography steganoanalysis hidden data exchange intruder models artificial intelligence in steganoanalysis machine learning neural networks natural language processing blockchain static code analysis https://jisp.spbstu.ru/article/2023.13.3/ 2023_3-5-6.pdf

RAR RUS 58-69 0000-0002-5511-4000 MIREA – Russian Technological University Eremeev Mihail MIREA – Russian Technological University Zakharchuk Ivan zaharchuk@mirea.ru Risk assessment of using open source projects: analysis of existing approaches The article analyzes the existing approaches to evaluating and accounting for the software composition analysis, including open source projects. The analysis of existing frameworks for evaluating software development processes is carried out, including from the point of view of information security. Considered typical risks of using open source components with open licenses. The possibility of evaluating development processes to identify threats to information security in open source projects was noted, as well as the need to automate such a process in order to ensure the efficiency of dependency management in projects using open components as dependencies 10.48612/jisp/fhez-pk5k-7gze 004.056.5 software composition analysis open-source software development processes maturity https://jisp.spbstu.ru/article/2023.13.4/ 2023_3-5-6.pdf

RAR RUS 70-81 0009-0007-4911-8471 Research Institute «Kvant» Samarin Nikolay samarin_nik@mail.ru Systematization of methods for finding errors in software This article systematizes modern methods of searching for errors in software. For each method, a brief description and advantages and disadvantages are considered. On the basis of the analysis the most perspective methods from the point of view of the task of automating the process of searching errors in the software are distinguished. 10.48612/jisp/d7vk-49v5-8t3r 004.056 information security software error detection static analysis dynamic analysis symbolic execution fuzzing https://jisp.spbstu.ru/article/2023.13.5/ 2023_3-5-6.pdf

RAR RUS 82-89 Saint-Petersburg State University of Aerospace Instrumentation Starodub Anna romanstar75@mail.ru 0000-0002-0924-6221 Saint Petersburg State University of Aerospace Instrumentation Bezzateev Sergey sergey.bezzateev@gmail.com

Russia, 190000, St. Petersburg, Bolshaya Morskaya str., 67, liter A

0000-0002-7532-9607 Saint-Petersburg State University of Aerospace Instrumentation Mylnikov Vladimir elinatn@yandex.ru Ranking model of the system of compromise indicators of nodes of a corporate data transmission network A model of the system of ranking indicators of compromise for active counteraction to directed attacks is proposed, which allows pre-detecting threats and planning measures to eliminate them before their manifestation. Also an important aspect is the development of tools and methods for assessing sources of information on the level of trust to collect the necessary data in the investigation of incidents. Based on the proposed models, an information system for ranking indicators of compromise has been developed, which allows minimizing the possibility of violating confidentiality, integrity and availability of information, as well as compromising data in the system 10.48612/jisp/z7b4-5dat-gd8u 004.056.53 information security information protection indicators of compromise modeling methods information system https://jisp.spbstu.ru/article/2023.13.6/ 2023_3-5-6.pdf

RAR RUS 90-102 Mozhaisky Military Aerospace Academy Tkachenko Sergey Mozhaisky Military Aerospace Academy Kochetkov Ilya 0000-0003-1300-2470 Mozhaysky Military Space Academy Biryukov Denis Biryukov.D.N@yandex.ru

Russia, 197198, St. Petersburg, Zhdanovskaya str., 13

Mozhaisky Military Aerospace Academy Telbuh Vyacheslav telbuh89@yandex.ru Agent-based modelling information distribution in social-information internet services The observed increase in the number of threats in the field of information security of society and the state creates the need for their timely identification. The paper proposes a combined approach to identifying and categorizing agents that have the greatest impact on users in social networks, which consists in combining and consistently applying existing methods. A simulation model of information dissemination was created and tested, which made it possible to simulate the process of information interaction between participants of the Internet information and telecommunications network and the influence of malicious agents on them. The results of the experiment show that changing the configuration of the agency network of influence and increasing the psychological protection of users to destructive effects allows you to reduce the scale of distribution of negative content 10.48612/jisp/721k-4dvv-a3t9 004.67 social graph analysis dynamics of information flows social network manipulation of public opinion https://jisp.spbstu.ru/article/2023.13.7/ 2023_3-5-6.pdf

RAR RUS 103-116 0000-0001-7271-8343 ITMO University Shilova Anastasiya Bondareva.AD@yandex.ru 0000-0001-6691-6167 ITMO University Vorobeva Alisa alice_w@mail.ru A network access definition method to ensure network infrastructure security based on removal of excessive network connectivity The purpose of this work is to increase the security of the network infrastructure. A network infrastructure model has been developed, an access control method based on the elimination of excessive network connectivity between subjects and objects of access has been proposed and evaluated, the directions of its development have been described. The method can be used for network segmentation 10.48612/jisp/mr9d-5tum-xmdp 004.72 information security access control network infrastructure firewall https://jisp.spbstu.ru/article/2023.13.8/ 2023_3-5-6.pdf

RAR RUS 117-125 0000-0003-1345-1874 Peter the Great St. Petersburg Polytechnic University Pavlenko Evgeny pavlenko_eyu@spbstu.ru Artificial immunization in hierarchical and peer-to-peer networks for protection against cyber threats A description of immunization approaches for cyber-physical systems based on hierarchical and peer-to-peer network topology is presented. A systematic analysis of existing immunization methods based on graph theory, theoretical formalization, and experiment is performed. The approach showed sufficient efficiency of artificial immunization using global strategies for cyber-physical systems based on hierarchical network infrastructure 10.48612/jisp/4bkh-ke2t-zz4u 004.056 cybersecurity artificial immunization cyberphysical systems graph theory network topology https://jisp.spbstu.ru/article/2023.13.9/ 2023_3-5-6.pdf

RAR RUS 126-137 0000-0002-6071-8087 Mozhaisky Military Aerospace Academy Yakunin Vladimir Yavi1957@mil.ru 0000-0001-9665-2174 Krasnodar Higher Military School named after General of the Army S. M. Shtemenko Samoilenko Dmitry 19sam@mail.ru 0000-0003-2233-811X Krasnodar Higher Military School named after S. M. Shtemenko Sukhov Alexander 19am87@mail.ru 0000-0003-1404-6125 Krasnodar Higher Military School named after S. M. Shtemenko Krupenin Alexander 19am87@mail.ru Characteristics of sensitivity and influence of parameters of the information security system model and its functioning process on the efficiency of the operation Algorithms for solving the direct and inverse problems of investigating the effectiveness of the functioning of the information security system have been developed and presented. The task of investigating the effectiveness of the operation is formulated. The characteristics of the sensitivity of the study of the effectiveness of the operation are considered. The characteristics of the influence of the parameters of the information security system model and its functioning process on the efficiency of the operation are described, namely: influence coefficient, instability coefficient, control potential, optimization potential 10.48612/jisp/1eat-bdvg-hg4e 519.718 analysis effectiveness sensitivity function information security system https://jisp.spbstu.ru/article/2023.13.10/ 2023_3-5-6.pdf

RAR RUS 138-147 Admiral S.O. Makarov State University of Marine and River Fleet Sakharov Vladimir saharovvv@gumrf.ru 57200960264 0000-0001-6289-3295 Russian State Hydrometeorological University Sikarev Igor sikarev@yandex.ru

Russia, 192007, St. Petersburg, Voronezhskaya str., 79

0000-0001-6377-5581 Admiral S.O. Makarov State University of Marine and River Fleet Baryshnikov Sergey barychnikovso@gumrf.ru Admiral Makarov State University of Maritime and Inland Shipping Ivanyuk Vladimir Balance production models with information security Balance models of management and planning of processes of production of final products at enterprises are considered. Diagrams of the assembly of products based on the input - output method of Vasily Leontiev are given. According to the diagrams, according to the Gozint theorem, matrices of direct and complete needs are formed, according to which, according to the proposed algorithm, the required parts and assemblies are evaluated for the production of various products as a final product. A method of encryption and decryption is proposed for the transmission of messages in digital format containing calculated data and technological schemes that are confidential. Examples of performing digital operations are given 10.48612/jisp/7tvk-afen-h9dh 2.3.3 balance model Gozint diagram matrices of direct and full needs plan algorithm confidential message encryption message extraction https://jisp.spbstu.ru/article/2023.13.11/ 2023_3-5-6.pdf

RAR RUS 148-153 0000-0002-7959-3835 St. Petersburg State Maritime Technical University Karpova Irina ik070889@gmail.com 0000-0001-9665-0128 Peter the Great St. Petersburg Polytechnic University Suprun Alexander afs54@inbox.ru

Russia, 195251, St. Petersburg, Polytechnicheskaya str., 29

0000-0001-6695-2328 St. Petersburg State Marine Technical University Garkushev Alexander sangark@mail.ru St. Petersburg State Maritime Technical University Lipis Alexey dlipis@smtu.ru Modeling of work of an employee of the information security service of an industrial enterprise The article proposes a set of indicators that can be used to assess the quality of a specialist in the information security service of an industrial enterprise, as well as to assess the quality of its functioning in the process of work. Formula dependencies for calculating stochastic indicators are given, which allow to obtain some objective estimates of the subjective influence of the human factor on the safe functioning of information systems of industrial measures 10.48612/jisp/1vmb-73pk-5e9e 004.056.5, 629.5.067 quality indicators information security information system https://jisp.spbstu.ru/article/2023.13.12/ 2023_3-5-6.pdf

RAR RUS 154-169 0000-0001-7564-6744 Moscow Technical University of Communication and Informatics Sheluhin Oleg sheluhin@mail.ru 0000-0001-7689-4678 Moscow Technical University of Communication and Informatics Rakovskiy Dmitry Prophet_alpha@mail.ru Multi-label classification of labels of system logs of computer networks. Formalization of the task Purpose. An important problem in the intelligent processing of syslog data is the existence of datasets containing records with multiple class label associations. A dataset suitable for classification typically contains a set of features and an associated set of class labels. The goal of classification is a trained model capable of assigning an appropriate class to an unknown object (records in “historical data”). The solution to this problem is associated with an exponential growth of label combinations that must be taken into account, as well as the computational costs of training data-mining models. The problem of multi-label classes in relation to computer network (CN) is currently insufficiently studied. The aim of the study is to formalize the problem of multivalued classification of experimental data (binary or multiclass) using the example of CN system log entries and to demonstrate its applicability to information security problems. Novelty. The novelty of the study lies in illustrating the presence of multi-labeled class labels in the analysis of syslog entries generated by CN. It is shown that this feature is inherent in most CNs, which are subject to boundary requirements for several indicators (attributes) of a predetermined Service Level Objectives. In case of occurrence of anomalous states for several attributes at once, an increase in the number of labels is a prerequisite for the occurrence of a rare anomalous state (system anomaly) CN at the current time. Results. It is shown that the problem of ambiguity of system log class labels is relevant for the analysis of the availability and integrity of information circulating in the CN. It is shown that the ambiguity of class labels manifests itself not only in the occurrence of several CN states at the current time, but also in the implicit multi-valued mapping of known CN attributes to these states. It is shown that with unambiguous learning, the label returned by such algorithms is a scalar value, and the resulting one-label classifiers label the data with loss of information. The multi-valued approach operates with labels assets (or vectors), and the resulting multi-valued classifier can assign several labels to CN states at once, which increases the classification accuracy. The significance of the secondary attributes of “historical data”, which determine the quality of a multivalued classification, is shown. Practical relevance. Multi-labeled system log class labels are relevant in the areas of diagnosing malfunctions of CS hardware components, detecting attacks, detecting suspicious network activity, and other information security tasks. 10.48612/jisp/ndfd-tk9h-reuz 004.67 computer networks multi-labeled classification multiclass classification information security https://jisp.spbstu.ru/article/2023.13.13/ 2023_3-5-6.pdf

RAR RUS 170-176 St. Petersburg State University of Aerospace Instrument Engineering Grigoriev Maxim 0000-0002-6419-0072 St. Petersburg State University of Aerospace Instrumentation Tatarnikova Tatiana Tm-tatarn@yandex.ru Development of a trainable neural network for analysis of linguistic data The description of the developed linguistic application for the recognition of ancient Egyptian hieroglyphs is given. The main methods for creating and training a neural network are considered and a method suitable for the successful operation of the algorithm for recognizing ancient Egyptian hieroglyphs is determined. Based on the analysis of tools for solving the problem, the method of learning with a teacher and the convolutional type of neural network were chosen as optimal for image recognition with the ReLu activation function. In the future, the proposed neural network will find application in the development of a dictionary with a character recognition function. 10.48612/jisp/rt28-tnke-68b2 004.032.26 ancient Egyptian hieroglyphs recognition Gardiner code convolutional neural network classification application https://jisp.spbstu.ru/article/2023.13.14/ 2023_3-5-6.pdf

RAR RUS 177-185 0000-0003-0554-5790 Admiral Makarov State University of Maritime and Inland Shipping Abramov Valery val.abramov@mail.ru 57200960264 0000-0001-6289-3295 Russian State Hydrometeorological University Sikarev Igor sikarev@yandex.ru

Russia, 192007, St. Petersburg, Voronezhskaya str., 79

0000-0001-7601-2874 Profinfotech LLC Chestnov Arsenii arsenij430@gmail.com Creation and prospects of development of software for finding snow cover maxima from databases of meteorological archives The team of authors has developed algorithms and compiled a program code for processing large arrays of meteorological data in order to determine the maximum snow cover with specific dates. 10.48612/jisp/5h2z-hprm-pb9h 2.3.3 meteorology arrays program code snow cover data processing https://jisp.spbstu.ru/article/2023.13.15/ 2023_3-5-6.pdf