9004 2071-8217 4 2023 1-191

RAR RUS 9-18 13103571000 0000-0002-0232-7248 Peter the Great St. Petersburg Polytechnic University Zegzhda Dmitry zegzhda_dp@spbstu.ru

Russia, 195251, St. Petersburg, Polytechnicheskaya str., 29

0000-0003-1736-7178 Peter the Great St. Petersburg Polytechnic University Anisimov Vladimir an‑33@yandex.ru 0000-0001-9665-0128 Peter the Great St. Petersburg Polytechnic University Suprun Alexander afs54@inbox.ru

Russia, 195251, St. Petersburg, Polytechnicheskaya str., 29

0000-0002-6527-2352 Peoples’ Friendship University of Russia named after Patrice Lumumba Anisimov Evgeny anis.an‑33@yandex.ru Substantiation of the rational composition of the information security system The paper discusses a methodological approach to constructing models and algorithms for decision support when justifying the rational composition of a system for ensuring information security of a corporate computer network. In this case, the problem under consideration is represented in the form of a discrete mathematical programming model. A special feature of the model is the ability to take into account a wide variety of destructive impacts on a computer network and methods of protecting it. The generality of the model is also ensured by taking into account the possible nonlinear nature of the function reflecting the specific goals of creating an information security system. To solve the problem, a generalized algorithm has been developed that takes into account the features of the model. The general nature of the requirements for the parameters of the model and algorithm allows, on their basis, to form a fairly wide range of decision support techniques when justifying the rational composition of the information security system for specific variants of corporate computer networks and the conditions of their functioning. 10.48612/jisp/tmd5-nzne-p23v 004.056 corporate computer network information security system system composition formation model algorithm https://jisp.spbstu.ru/article/2023.14.1/ 2023_4-5-6.pdf

RAR RUS 19-30 0000-0003-1345-1874 Peter the Great St. Petersburg Polytechnic University Pavlenko Evgeny pavlenko_eyu@spbstu.ru 0000-0003-1511-9971 Peter the Great St. Petersburg Polytechnic University Polosukhin Nikita polosukhin.ibks@spbstu.ru Analysis of cyber threat intelligence information exchange systems Offers an analysis of modern protocols and approaches in cyber threat intelligence. The classification of CTI information was given, also the area of applicability for each class was estimated. The classification of CTI protocols and standards was presented with the mapping to CTI levels. An assessment of applicability to describe each CTI level was addressed to each class of protocols and standards. The main conclusion is that further study of the available standards in this area will determine the necessary set of requirements to the process of CTI information sharing, which will allow to face threats more effectively and reduce potential risks. 10.48612/jisp/rt14-m8a5-5zxd 004.056 information security threats cyber threat intelligence CTI level exchange protocols https://jisp.spbstu.ru/article/2023.14.2/ 2023_4-5-6.pdf

RAR RUS 31-41 0000-0002-6972-1768 Krasnodar Higher Military School named after General of the Army S. M. Shtemenko Chechin Ivan chechin@mail.ru 0009-0004-9048-8042 Krasnodar Higher Military School named after General of the Army S. M. Shtemenko Marinin Alexey alieksiei.marinin.2001@mail.ru 0000-0001-9448-2386 Krasnodar Higher Military School named after General of the Army S. M. Shtemenko Novikov Pavel novikov.p.ark@yandex.ru 0000-0002-0644-4353 Krasnodar Higher Military School named after General of the Army S. M. Shtemenko Dichenko Sergei dichenko.sa@yandex.ru 0000-0001-9665-2174 Krasnodar Higher Military School named after General of the Army S. M. Shtemenko Samoilenko Dmitry 19sam@mail.ru Combinational coding of data taking into account the analysis of the value of the information contained As a result of the analysis of known methods for ensuring data integrity, it was found that in conditions of continuous growth in the volume and value of information processed and stored in information automated systems for various purposes, the main disadvantage is the high redundancy of control information, leading to an increase in the load on the data warehouses of the systems in question and, as a consequence, a reduction in their resources. A method of ensuring data integrity based on combinational coding is considered, taking into account the analysis of the value of the protected information, and the results of its research related to the possibility of reducing the amount of introduced redundancy when using, in particular, Reed-Solomon codes are presented. 10.48612/jisp/mvrb-h5xa-xx1r 519.718 information protection data integrity data integrity monitoring and recovery memory capacity Reed-Solomon codes combination codes https://jisp.spbstu.ru/article/2023.14.3/ 2023_4-5-6.pdf

RAR RUS 42-47 0000-0002-5785-5160 Omsk State Technical University Belim Sergey sbelim@mail.ru 0009-0004-8456-8636 Omsk State Technical University Gorshkov Sergey hench.sg@gmail.com Method of embedding hidden data in message stream with error-correcting coding The article proposes a model for steganographic embedding of data into a stream of messages using error-correcting coding. Embedded data is disguised as interference in the information channel. The inline message extraction is based on the error correcting code detection procedure for corrupted bits. The robustness of the scheme is based on the inability to obtain complete information about the embedding by the analyst. The model is universal and can be implemented in any network protocol that uses error-correcting codes. 10.48612/jisp/zdvp-46u8-hzu9 004.056.5 network steganography error-correcting codes hidden information channels https://jisp.spbstu.ru/article/2023.14.4/ 2023_4-5-6.pdf

RAR RUS 48-60 Mozhaisky Military Aerospace Academy Andrushkevich Daria Mozhaisky Military Aerospace Academy Andrushkevich Sergey Mozhaisky Military Aerospace Academy Kryukov Roman A method of responding to targeted attacks based on the mapping of information security events using indication signatures A method of responding to targeted attacks is developed, which is based on the idea of detecting and responding to targeted attacks at the stage of their implementation. The adequacy of application of the developed method in practice is demonstrated. 10.48612/jisp/rk43-u13d-he2g 004.021 information security information security event information security incident information security monitoring computer attack SIEM-system correlation https://jisp.spbstu.ru/article/2023.14.5/ 2023_4-5-6.pdf

RAR RUS 61-71 0000-0002-5511-4000 MIREA – Russian Technological University Eremeev Mihail MIREA – Russian Technological University Zakharchuk Ivan zaharchuk@mirea.ru Risk assessment of the use of open source projects: a method for analyzing metrics of the development process The article proposes an approach to the analysis of open source projects for exposure to the risks of a sudden change in the nature of project development associated with external reasons of political or economic personal interest of individuals involved in the development. The aim of the work is an attempt to offer representative features that allow us to highlight the development bias in open source projects at early stages. For this purpose, groups of features are identified: community characteristics, characteristics of the development process and characteristics of the project code base. 10.48612/jisp/7umb-zgmf-2z8k 004.056.5 software composition analysis open-source software development processes evaluation https://jisp.spbstu.ru/article/2023.14.6/ 2023_4-5-6.pdf

RAR RUS 72-83 Peter the Great St. Petersburg Polytechnic University Volkovskiy Maxim 0000-0002-2009-5460 Peter the Great St. Petersburg Polytechnic University Ovasapyan Tigran otd@ibks.spbstu.ru Peter the Great St. Petersburg Polytechnic University Makarov Alexander makarov_as@spbstu.ru Malware detection using deep neural networks The paper proposes a method for detecting malicious executable files by analyzing disassembled code. This method is based on static analysis of assembler instructions of executable files using a special neural network model, the architecture of which is also presented in this paper. In addition, through several different metrics, the effectiveness of the method has been demonstrated, showing a significant reduction of the second-order error compared to other state-of-the-art methods. The results obtained can be used as a basis for designing static malware analysis systems. 10.48612/jisp/zduz-gzb1-4fmf 004.56 detection of malicious software static analysis machine learning deep neural networks disassembled code analysis transformer BERT https://jisp.spbstu.ru/article/2023.14.7/ 2023_4-5-6.pdf

RAR RUS 84-94 0000-0002-6419-0072 St. Petersburg State University of Aerospace Instrumentation Tatarnikova Tatiana Tm-tatarn@yandex.ru 57200960264 0000-0001-6289-3295 Russian State Hydrometeorological University Sikarev Igor sikarev@yandex.ru

Russia, 192007, St. Petersburg, Voronezhskaya str., 79

Attack detection by artificial neural networks The description of the developed neural network attack detection algorithm is given, the peculiarity of which is the possibility of launching two parallel processes: searching for the optimal model of an artificial neural network and normalizing the training sample data. It is shown that the choice of the artificial neural network architecture is carried out taking into account the loss function for a limited set of attack classes. The use of libraries (frameworks) TensorFlow and Keras Tuner for the software implementation of the attack detection algorithm is shown. The description of the experiment on choosing the architecture of the neural network and its training is given. The accuracy obtained in experiments reaches 94-98 % for different classes of attacks. 10.48612/jisp/u9zt-prru-97em 004.032.26 attack detection system artificial neural network classification dataset architecture optimization training loss function https://jisp.spbstu.ru/article/2023.14.8/ 2023_4-5-6.pdf

UNK RUS 95-104 0009-0006-4281-1321 ITMO University Kovalev Anton supernaruto21@yandex.ru ITMO University Fedorov Ivan ivanfedorov@itmo.ru Method for ensuring data integrity in edge computing networks based on blockchain technology With the rapid development of edge computing and the increasing number of connected devices, the article addresses the pressing issue of data integrity. It examines the current problem and focuses on the utilization of blockchain technology, which offers unique opportunities for addressing this challenge. The article provides a brief overview of existing methods and proposes a method for ensuring integrity based on blockchain technology. It suggests utilizing the Hot Stuff consensus algorithm in the presence of multiple active nodes, ensuring efficient operation and system scalability. Special attention is given to the utilization of a secondary blockchain based on Ethereum to enhance security and establish checkpoints in large blockchain networks. This facilitates the work of edge servers and enables users to verify data integrity on-demand using smart contracts. New approaches to ensuring data integrity and leveraging blockchain technology also can be used in different implementations of Internet of things. 10.48612/jisp/rpdb-gfht-t891 004 blockchain edge computing data integrity security https://jisp.spbstu.ru/article/2023.14.9/ 2023_4-5-6.pdf

RAR RUS 105-115 0009-0002-7009-2265 Peter the Great St. Petersburg Polytechnic University Anoshkin Ilya ilya.anoschkin@outlook.com 0009-0001-1385-8028 Peter the Great St. Petersburg Polytechnic University Orel Eugeniy orel_em@ibks.spbstu.ru Peter the Great St. Petersburg Polytechnic University Moskvin Dmitry moskvin_da@spbstu.ru Decentralized messaging systems threat model This paper presents developed model of information security threats for messaging systems with decentralized node structure. Information flows are considered, the diagram of states information in the process of interaction within the decentralized messaging system is developed. The presented security threats correspond to the FSTEC BDU classification and are also categorized by layers of the Open Systems Interoperability Reference Model. For each of the above threats, the ways of their realization were consideredand the possible source of the threat was described. 10.48612/jisp/fp8h-93nu-t75k 004.056 threat model decentralized systems information flows state diagram https://jisp.spbstu.ru/article/2023.14.10/ 2023_4-5-6.pdf

RAR RUS 116-121 0000-0001-5494-7142 Saint Petersburg State University of Aerospace Instrumentation Khutsaeva Altana afkhutsaeva@itmo.ru 0000-0002-5544-2434 Saint Petersburg State University of Aerospace Instrumentation Davydov Vadim vvdavydov@guap.ru 0000-0002-0924-6221 Saint Petersburg State University of Aerospace Instrumentation Bezzateev Sergey sergey.bezzateev@gmail.com

Russia, 190000, St. Petersburg, Bolshaya Morskaya str., 67, liter A

Oblivious signature scheme based on isogenies of supersingular elliptic curves The proposed oblivious signature scheme 1-out-of-n messages based on the difficulty of finding isogenies between supersingular elliptic curves is a variety of Schnorr’s signature. The signature time of 10 messages takes 42,2 seconds. The signature scheme is aimed at solving problems related to maintaining privacy on the Internet 10.48612/jisp/2m49-vg37-99pt 004.056 digital signature oblivious signature scheme isogeny based cryptography https://jisp.spbstu.ru/article/2023.14.11/ 2023_4-5-6.pdf

RAR RUS 122-132 0000-0001-9659-1244 Peter the Great St. Petersburg Polytechnic University Poltavtseva Maria potavtseva@ibks.spbstu.ru 0000-0002-9732-0099 Peter the Great St. Petersburg Polytechnic University Kalinin Maxim max@ibks.spbstu.ru

Russia, 195251, St. Petersburg, Polytechnicheskaya str., 29

13103571000 0000-0002-0232-7248 Peter the Great St. Petersburg Polytechnic University Zegzhda Dmitry zegzhda_dp@spbstu.ru

Russia, 195251, St. Petersburg, Polytechnicheskaya str., 29

Data modeling in information security of polystorages This paper is devoted to the problem of modeling data and processes in big data systems including polystorages and other heterogeneous components of information processing. At present, approaches to harmonization of polystorages data models are proposed in this research area. Various proposed methods are considered in this paper, but these solutions are not suitable for use in information security problems directly. The authors formulate requirements for modeling of the considered objects for solving security problems and formulate a level approach to modeling based on the general concept of poly-storage security within the framework of the consistency approach. The paper presents an original systematization of data models of modern poly-storages and DBMS in their composition, taking into account the used mathematical apparatus. A new methodology of three-level modeling of data and processes in the object of protection is proposed, the bases of models for all levels of data representation are formulated. The results of the work lay the foundation for the complex representation of data and processes in solving the problems of security and analyzing the security of big data systems. 10.48612/jisp/x468-hp82-adav 004.652 information security Big Data heterogeneous data processing systems set theory graph theory category theory https://jisp.spbstu.ru/article/2023.14.12/ 2023_4-5-6.pdf

RAR RUS 133-144 0000-0002-2701-6972 Ryazan State University named for S. A. Yesenin Ruchkin Vladimir v.ruchkin@365.rsu.edu.ru 0000-0001-6062-1966 Ryazan State University named for S. A. Yesenin Fulin Vladimir v.fulin@365.rsu.edu.ru 0000-0001-6062-1966 Ryazan State Agrotechnological University named after P. A. Kostychev Ruchkina Ekaterina CJSC “Ryazanpribor” Grigorenko Dmitry Cluster analysis of a collective of algorithms for multicore neural network automates and robots on chip Within the framework of increasing the efficiency of new spheres and directions of development of society, the state pays attention to robotization on a modern domestic basis in order to implement import substitution. One of the urgent problems is the combination of the concepts of a collective of algorithms, a collective of automata, a collective of robots and artificial intelligence. A special role is played by the possibilities of cybernetic research of multicore neural network automata in order to build more complex automata, robots and the behavior of a team of robots based on them. The purpose of this article is to demonstrate the possibilities of a set-theoretic approach of a cybernetic approach to artificial, complex natural objects and systems on this basis and to create a conceptual model for the selection and joint simultaneous design of hardware and software of neural network automata based on a unified study of the processes of parallelization of a collective of algorithms in the form of explicit and implicit clustering. As a result, the authors analyze, show and propose variants of the collective structures of algorithms for ensuring cybersecurity and protection against threats in the form of a hierarchy of security practices. The method of analysis and selection of the best architecture of a multicore neural network collective of an automaton and a robot collective based on automata implemented on a chip is proposed. An expert system based on VLSI 1879VM8YA (NM6408) with a developed user interface is being implemented. 10.48612/jisp/ht78-3683-mp71 004.032 multiple-theoretic approach team of algorithms cybernetic research team of robots conceptual model hardware and software design explicit and implicit clustering cybersecurity threat protection expert system NM Card tool module user interfa https://jisp.spbstu.ru/article/2023.14.13/ 2023_4-5-6.pdf

RAR RUS 145-155 0000-0002-3830-1840 Peter the Great St. Petersburg Polytechnic University Yugai Pavel yugaj_pe@spbstu.ru Peter the Great St. Petersburg Polytechnic University Moskvin Dmitry moskvin_da@spbstu.ru Using machine learning algorithms and Honeypot system to detect adversarial attacks on intrusion detection systems This paper presents adversarial attacks on machine learning algorithms in intrusion detection systems. Some examples of existing intrusion detection systems are examined. Existing approaches to detecting these attacks are considered. Requirements have been formed to improve the stability of machine learning algorithms. Two approaches are proposed for detecting adversarial attacks on machine learning algorithms, the first of which is based on a multi-class classifier and a honeypot system, and the second approach uses a combination of a multi-class and a binary classifier. The proposed approaches can be used in further research aimed at detecting adversarial attacks on machine learning algorithms. 10.48612/jisp/xkgk-zgmm-d7nh 004.056 intrusion detection system machine learning adversarial attack honeypot system evasion attack poisoning attack model extraction attack binary classifier multi-class classifier https://jisp.spbstu.ru/article/2023.14.14/ 2023_4-5-6.pdf

RAR RUS 156-190 0000-0002-6562-9008 Ivannikov Institute for System Programming of the Russian Academy of Sciences Getman Aleksandr ever@ispras.ru 0000-0003-0284-690X The Academy of Federal Security Guard Service of the Russian Federation Goryunov Maxim max.gor@mail.ru 0000-0001-9557-3765 The Academy of Federal Security Guard Service of the Russian Federation Matskevich Andrey mag3d.78@gmail.com 0000-0003-4524-655X The Academy of Federal Security Guard Service of the Russian Federation Rybolovlev Dmitry dmitrij-rybolovlev@yandex.ru 0000-0001-5965-4664 Nikolskaya Anastasiya nikolskaya.a.g@yandex.ru Adversarial attacks against a machine learning based intrusion detection system The paper analyzes relevant sources in the field of implementing modern adversarial attacks against a network intrusion detection system with an analyzer based on machine learning methods. The process of building such a system is summarized; common errors made by developers at each stage, which can be exploited by attackers when implementing various attacks, are indicated. A classification of adversarial attacks against machine learning models is given, and the most well-known adversarial attacks against neural networks and ensembles of decision trees are analyzed. The existing limitations in the use of adversarial attacks against intrusion detection models of the “random forest” type are noted; poisoning and evasion attacks against the object of study are implemented in practice. Possible defense strategies are considered, and the effectiveness of the most common method, adversarial learning, is experimentally assessed. It is concluded that there are no guarantees to ensure the robustness of the used machine learning model to adversarial attacks and there is a need to search for protective strategies that provide such guarantees. 10.48612/jisp/eatr-5pxb-akt8 004.056 network intrusion detection system adversarial attack machine learning network traffic https://jisp.spbstu.ru/article/2023.14.15/ 2023_4-5-6.pdf