9004
2071-8217
Problems of information security. Computer systems
2
2024
1-194
RAR
RUS
9-19
0000-0002-0950-901X
Vedernikov
Yuriy
vedernikov.yura@yandex.ru
St. Petersburg State Maritime Technical University
0000-0001-6695-2328
St. Petersburg State Marine Technical University
Garkushev
Alexander
sangark@mail.ru
St. Petersburg State Maritime Technical University
Lipis
Alexey
dlipis@smtu.ru
0000-0001-9665-0128
Peter the Great St. Petersburg Polytechnic University
Suprun
Alexander
afs54@inbox.ru
Russia, 195251, St. Petersburg, Polytechnicheskaya str., 29
Reconfiguration of the system development model information security management: interaction of base modules with the operator
The article is devoted to the study of the possibility of modernizing the information security management systems of industrial enterprises by applying modern optimization methods. In addition to discrete deterministic values of parameters that reflect the influence of various factors on information security, propose to take into account heterogeneous indicators specified numerically, interval, verbally and using parametric series. A model of implementation in the form of a program that allows you to make an informed choice of the best of the alternatives.
10.48612/jisp/amv1-kdnf-zaae
004.942
information security model
optimization
ranking
priority system
preference matrix
https://jisp.spbstu.ru/article/2024.16.1/
2024_2_rus.pdf
RAR
RUS
20-30
Jet Infosystems
Markov
Georgy
0000-0002-2264-7513
Peter the Great St. Petersburg Polytechnic University
Krundyshev
Vasiliy
krundyshev_vm@spbstu.ru
13103571000
0000-0002-0232-7248
Peter the Great St. Petersburg Polytechnic University
Zegzhda
Dmitry
zegzhda_dp@spbstu.ru
Russia, 195251, St. Petersburg, Polytechnicheskaya str., 29
Mathematical model of information security event management using Markov chain in industrial systems
This paper examines the problem of ensuring information security in industrial Internet of Things systems. The study found that in order to comprehensively protect the information perimeter of an industrial enterprise from external and internal threats, in most cases information security event and incident management systems (SIEM systems) with customized rules for correlating events in the information infrastructure are used. At the same time, there is a need to create a mathematical apparatus that allows one to accurately and objectively assess the effectiveness of the SIEM system. As a result of the study, the problem of preventing information security incidents in industrial Internet of Things systems was formalized based on the developed mathematical model for managing information security events using a continuous-time Markov chain.
10.48612/jisp/vzkp-rbuh-xd9m
004.056
mathematical model
industrial Internet of things
information security event management
Markov chains
SIEM system
https://jisp.spbstu.ru/article/2024.16.2/
2024_2_rus.pdf
RAR
RUS
31-43
0000-0001-6753-2181
Saint Petersburg Federal Research Center of Russian Science Academy
Lebedev
Ilya
isl_box@mail.ru
0000-0003-1798-8257
Russian State Hydrometeorological University
Sukhoparov
Mikhail
mail@sukhoparovm.ru
0009-0008-0128-4144
Tikhonov
Daniil
tikhonovdanil@gmail.com
Saint-Petersburg Federal Research Center of Russian Science Academy
Quality improvement of information security events identification through input data splitting
The processing of information sequences using segmentation of input data is proposed, aimed at improving the quality of detection of destructive influences using machine learning models. The basis of the proposed solution is the division of data into segments with different
properties of the objects of observation. A method using a multi-level data processing architecture is described, where learning processes are implemented at various levels, the analysis of the achieved values of quality indicators and the assignment of the best models for quality indicators to individual data segments. The proposed method makes it possible to improve the quality indicators for detecting destructive information influences by segmenting and assigning models that have the best performance in individual segments.
10.48612/jisp/znn9-1vat-6xdp
004.048
information security
machine learning
data set
data sampling
data segmentation
processing models
https://jisp.spbstu.ru/article/2024.16.3/
2024_2_rus.pdf
RAR
RUS
44-56
0000-0002-2765-0973
Safiullina
Lina
SafiullinaLKh@corp.knrtu.ru
Kazan National Research Technological University
0000-0001-8927-9113
Kasimova
Alina
KasimovaAR@corp.knrtu.ru
Kazan National Research Technological University
0000-0002-6119-1934
Alekseeva
Anna
annank90@mail.ru
Kazan National Research Technological University
Analysis of the reliability of storing templates when introducing modern biometric technologies into information security systems
Currently, it can be argued that in certain areas of information technology, there is a complete replacement of classical computer system user authentication systems based on passwords and tokens with biometric technologies. However, biometric systems are vulnerable to various types of security threats. For example, in them, unlike the same passwords and tokens, templates based on biometrics cannot be replaced in case of compromise. To solve this problem, new protection schemes have been developed. Conventionally, they can be divided into two groups: biometric cryptography and cancelable biometrics. Biometric cryptography methods show average values of errors of the first and second types; experimental work in this area is widely known. Cancelable biometrics can be highly reliable, but there is not much experimental data on them. This paper presents a comparative analysis of the reliability of existing methods. It is shown that among the static biometric parameters the greatest interest is the iris, and among the dynamic ones – the keyboard stroke. However, using these methods, like others, has its own difficulties and risks.
10.48612/jisp/2hkg-u23v-g9xv
004.93, 64.066.8
identification
authentication
biometrics
template
biometric cryptography
cancelable biometrics
https://jisp.spbstu.ru/article/2024.16.4/
2024_2_rus.pdf
RAR
RUS
57-65
0000-0003-0374-4649
Peter the Great St. Petersburg Polytechnic University
Sergadeeva
Anastasia
nsspbpoly@gmail.com
0000-0003-2849-4682
Peter the Great St. Petersburg Polytechnic University
Lavrova
Daria
lavrova_ds@spbstu.ru
Russia, 195251, St. Petersburg, Polytechnicheskaya str., 29
0000-0002-7485-4848
Peter the Great St. Petersburg Polytechnic University
Aleksandrova
Elena
aleksandrova_eb@spbstu.ru
Countering steganalysis based on generative adversarial networks
The paper proposes the generative adversarial network approach to improve the robustness of the steganographic method against modern stegoanalyzers. The approach is based on the joint operation of generative adversarial network, pixel importance map and least significant bit replacement method. The results of experimental studies confirmed the effectiveness of the proposed approach.
10.48612/jisp/aara-dg74-ata6
004.056
generative adversarial networks
steganography
steganography method
steganalysis
machine learning
https://jisp.spbstu.ru/article/2024.16.5/
2024_2_rus.pdf
RAR
RUS
66-72
0000-0001-6377-5581
Admiral S.O. Makarov State University of Marine and River Fleet
Baryshnikov
Sergey
barychnikovso@gumrf.ru
Admiral S.O. Makarov State University of Marine and River Fleet
Sakharov
Vladimir
saharovvv@gumrf.ru
57200960264
0000-0001-6289-3295
Russian State Hydrometeorological University
Sikarev
Igor
sikarev@yandex.ru
Russia, 192007, St. Petersburg, Voronezhskaya str., 79
0000-0003-0554-5790
Admiral Makarov State University of Maritime and Inland Shipping
Abramov
Valery
val.abramov@mail.ru
Shnurenko
Anatoly
dock@ksz.spb.ru
«Kanonerskiy Ship Repair Plant» CJSC
Automation of ship repair management
Tools development results for automating ship repair management processes are presented. It is indicated, that development of adequate and stable model and the choice of algorithms for its use are of key importance, their correctness is shown.
10.48612/jisp/a6v5-3det-fzv9
681.5.011
automation
management
ship repair
model
https://jisp.spbstu.ru/article/2024.16.6/
2024_2_rus.pdf
RAR
RUS
73-83
0000-0003-4322-3223
Admiral Makarov State University of Maritime and Inland Shipping
Egorova
Kristina
natashov1397@mail.ru
Admiral Makarov State University of Maritime and Inland Shipping
Glebov
Nikolay
glebovnb@gumrf.ru
0000-0001-7648-5321
Admiral Makarov State University of Maritime and Inland Shipping
Goloskokov
Konstantin
goloskokovkp@gumrf.ru
Automated system for monitoring and predicting the spread of oil spills in aquatic environment using a group of UAVs
This article is dedicated to studying the spreading of oil spills in the aquatic environment and developing a corresponding monitoring system using a group of unmanned aerial vehicles. To effectively control and prevent the spread of oil spills in water bodies, the process of comprehensive monitoring and forecasting needs to be automated. The foundation of such an automated system lies in mathematical models that enable the assessment of spill parameters, prediction of its trajectory, and determination of strategies to prevent and mitigate associated issues. The automation of monitoring and forecasting allows for continuous observation of the state of water resources and swift response to potential oil leaks. With the help of specialized sensors, unmanned aerial vehicles, and other technical means, it is possible to monitor changes in water conditions, detect the presence of oil spills, and determine their sizes. By possessing the ability to promptly respond to spills, the system ensures proper containment of leaks and minimization of negative environmental impact, as well as enables the development of strategies to prevent similar incidents in the future
10.48612/jisp/7bff-vvhf-p294
681.5, 004.9
oil spills
water environment
unmanned aerial vehicles
automation
monitoring system
forecasting
environmental protection
https://jisp.spbstu.ru/article/2024.16.7/
2024_2_rus.pdf
RAR
RUS
84-94
Peter the Great St. Petersburg Polytechnic University
Gavva
Georgij
gavva.gd@edu.spbstu.ru
0000-0002-9732-0099
Peter the Great St. Petersburg Polytechnic University
Kalinin
Maxim
max@ibks.spbstu.ru
Russia, 195251, St. Petersburg, Polytechnicheskaya str., 29
Ensuring the connectivity and functional integrity of wireless reconfigurable networks by rebuilding the topology using an improved method of network game
A comparative analysis of methods for protecting reconfigurable wireless networks that implement topology re-building was carried out, which made it possible to determine the network game method as the most promising in solving the task of maintaining the network connectivity and functional integrity. Managing the network topology when using the basic network game method is characterized by overloading the channels of the control node and excessive sensitivity to changes in network connections. In this research, the basic method is extended with the criterion of the maximal possible path length, which allows reducing the number of network reconfigurations when there is a short route between nodes passing through existing connections. It is experimentally shown that the improved method provides protective online restructuring of a network with lower topology rebuilding costs
10.48612/jisp/tdnx-gf17-e1e5
004.056
wireless reconfigurable network
gaming approach
network game
reconfiguration
path length
functional integrity
https://jisp.spbstu.ru/article/2024.16.8/
2024_2_rus.pdf
RAR
RUS
95-103
0009-0006-6856-2108
Peter the Great St. Petersburg Polytechnic University
Pahomov
Maksim
pahomov_ma@spbstu.ru
0000-0003-1345-1874
Peter the Great St. Petersburg Polytechnic University
Pavlenko
Evgeny
pavlenko_eyu@spbstu.ru
Ensuring information security of vanets based on early detection of malicious nodes
The features of VANETs are considered. An approach to ensuring the information security of VANETs is proposed, the distinctive feature of which is the early detection of malicious activity of network nodes. To achieve early detection of malicious activity, the parameters of VANETs are presented as a time series, after which their future values are predicted and anomalies are searched by using machine learning methods. The proposed approach makes it possible to improve the safety of intelligent transport systems
10.48612/jisp/grg8-p2zd-5gbt
004.056
information security
VANET
time series prediction
attacks prevention
https://jisp.spbstu.ru/article/2024.16.9/
2024_2_rus.pdf
RAR
RUS
104-116
0000-0002-0920-9009
The Ministry of Science and Education of the Republic of Azerbaijan
Pashayev
Fahrad Heydar
pasha.farhad@gmail.com
0009-0002-4985-6371
Nakhchivan State Universty
Zeynalov
Javanshir Ibrahim
0009-0001-3136-6684
Nakhchivan University
Najafov
Hasan Taghi
Creatıon of software technıcal tools to protect technologıcal processes from ınternet threats
It is known that the rapid development of technological computer networks and SCADA systems has necessarily accelerated the process of integration between these networks and global Internet networks. As a result, the solution of many issues of technological and production processes has been simplified and opportunities have been created for remote control of the enterprise staff and operational staff. However, this situation has also created new threats previously non-existent to the above-mentioned monitoring, diagnostic and management systems. Targeted attacks are organized by specific specialized groups, hackers and, in some cases, government agencies on the Internet for specific industrial enterprises. Those who organize cyber attacks on technological process control systems, over time, improve their methods and tools, increase their professional level. They carefully study the objects they will attack and identify vulnerabilities in the software of the object management systems. Developed set of technical means is based on the application of STM32F4XX type controllers and LPT ports of computers. The article provides connection diagrams and assembly methods of technical means. These technical means and the exchange protocols created can act as a bridge between the global Internet and technological corporate computer networks. The article presents simple algorithms of protocols and working program fragments. Fragments of the program are given in the C programming language and in the DELPHI programming system. The developed software acts as a filter bridge between the global Internet and TKKŞ. Data exchange between these two networks is carried out by creating non-standard protocols using STM32F4XX controllers and LPT ports
10.48612/jisp/p79a-z1nu-71vk
004.3; 004.4
Internet attacks
technological computer networks
telemechanical systems
malware
random attacks
STM32F4XX controller
LPT port
https://jisp.spbstu.ru/article/2024.16.10/
2024_2_rus.pdf
RAR
RUS
117-129
0009-0002-1075-6808
ITMO University
Salihov
fanny2man@gmail.com
A model of a distributed storage system for private keys of crypto wallets
With the development of Web3 technologies, the third generation of the Internet has become one of the most promising areas. It involves the use of decentralized, transparent and user-oriented applications. However, many Web3 projects do not pay due attention to security, which can lead to serious consequences. Even a small error in the code can make the system vulnerable, opening access to intruders. Because of this, the industry faces frequent security breaches that threaten users and undermine trust in new technologies. One of the main problems of Web3 is the management of private keys. This is a critical aspect of security, which is directly related to the protection of digital assets and personal information of users. The risk of loss or theft of the private key can lead to irreparable consequences, since in case of loss there is no way to restore or reset the key. This article discusses various ways to store the private key of a cryptographic wallet to ensure security. For example, a key can be divided into parts and stored encrypted on hardware media, or the whole encrypted key can be stored on secure media. Quantitative data were calculated using Shamir’s scheme
10.48612/jisp/z7u3-vp19-u74n
004.056.55
key management
encryption
secret sharing
cryptography
distributed storage system
https://jisp.spbstu.ru/article/2024.16.11/
2024_2_rus.pdf
RAR
RUS
130-137
0009-0007-4911-8471
Research Institute «Kvant»
Samarin
Nikolay
samarin_nik@mail.ru
A method for finding errors in program code based on inmemory fuzzing
The paper proposes a method of searching for errors in software based on “in-memory” code phasing. Within the framework of the method, special fragments called “points” are selected in the software code, and these “points” are subjected to phasing testing in isolation from the rest of the program code. A practical example of using the method is presented, as a result of which a memory corruption error was detected in the code
10.48612/jisp/39tp-t61k-29uv
004.056
information security
software
error detection
mathematical modelling
symbolic execution
fuzzing
https://jisp.spbstu.ru/article/2024.16.12/
2024_2_rus.pdf
RAR
RUS
138-151
0009-0002-8019-437X
Altai State Technical University
Teplyuk
Pavel
teplyukpavel@yandex.ru
0000-0001-5103-3177
Altai State Technical University
Yakunin
Aleksey
almpas@list.ru
Identifying security flaws in the Linux kernel using system call fuzzing
The development of operating systems built on the basis of the Linux kernel contributes to the wider use of Linux distributions as the basis of system software in information systems for various purposes, incl. being objects of critical information infrastructure. The goal of the work is to analyze the available approaches and tools for fuzzing system calls of the Linux kernel, as well as experimental fuzzing testing of some current versions of the kernel, aimed at increasing the overall security of the Linux kernel. Theoretical analysis was used to evaluate and compare existing types of Linux kernel-level vulnerabilities, as well as approaches to kernel fuzzing. An empirical research method was also used, which involved identifying defects and vulnerabilities in a certain configuration of the Linux kernel using fuzzing testing Analyzed critical vulnerabilities at the kernel level, approaches to fuzzing, including system calls, and an experimental study was conducted using the syzkaller fuzzer, which identified defects and vulnerabilities in the Linux kernel versions 4.9 and 5.4, incl. memory use-after-free vulnerability. This area of research requires further development in order to detect new vulnerabilities in current kernel versions
10.48612/jisp/pdp9-d25r-g6eu
004.056
operating system kernel
security threats
vulnerabilities
fuzzing
attack surface
syzkaller
https://jisp.spbstu.ru/article/2024.16.13/
2024_2_rus.pdf
RAR
RUS
152-168
0000-0001-7126-6787
Peter the Great St. Petersburg Polytechnic University
Zhemelev
Georgiy
wws.dev@gmail.com
Automatic synthesis of 3D gas turbine blades shapes using machine learning
The paper addresses the problem of 3D-representations and automatic synthesis of gas turbine blades shapes. First, we implemented a parametric method of descriptor-based representation using Bernstein polynomials and generalized it to produce controllable 3D-shapes. Then, we proposed a method of automatic synthesis of 3D-shapes based on the use of generative ML models for aerodynamic profiles. This method helps to reduce the number of geometric design variables used in the optimization of the aerodynamic shape of blades. Moreover, it enables automatic synthesis of 3D-shapes with representation independent of shapes level of detail. Its implementation is based on generative-adversarial network BezierGAN and makes it possible to produce arbitrary sized datasets of 3D blades having aerodynamic shapes. Finally, by interpreting and visualizing the generator’s latent space, we observed the subset of latent variables that has the most importance for rapid prototyping of gas turbine blades
10.48612/jisp/dx8x-2he5-tffd
004.89
gas turbine blade
dataset
3D object representation
machine learning
generativeadversarial network
Bezier curves
Bernstein polynomials
https://jisp.spbstu.ru/article/2024.16.14/
2024_2_rus.pdf
RAR
RUS
169-177
0009-0005-3102-5950
Peter the Great St. Petersburg Polytechnic University
Izotova
Oksana
izotova@ibks.spbstu.ru
0000-0003-2849-4682
Peter the Great St. Petersburg Polytechnic University
Lavrova
Daria
lavrova_ds@spbstu.ru
Russia, 195251, St. Petersburg, Polytechnicheskaya str., 29
Detection of artificially synthesized audio files using graph neural networks
This paper describes a study of the problem of generalizing multimodal data in the detection of artificially synthesized audio files. As a solution to the stated problem, a method is proposed which combines simultaneous analysis of audio file characteristics with its semantic component presented in the form of text. The approach is based on graph neural networks and algorithmic approaches involving the analysis of keywords and text sentiment. The conducted experimental studies confirmed the validity and efficiency of the proposed approach
10.48612/jisp/p6rt-uvzz-b4k7
004.056
deepfake
graph neural networks
artificially synthesized audio file
text analysis
https://jisp.spbstu.ru/article/2024.16.15/
2024_2_rus.pdf
RAR
RUS
178-193
Peter the Great St. Petersburg Polytechnic University
Tolgorenko
Egor
tolgorenko.em@edu.spbstu.ru
Peter the Great St. Petersburg Polytechnic University
Zubkov
Evgeny
zubkov.e@edu.spbstu.ru
0000-0002-2009-5460
Peter the Great St. Petersburg Polytechnic University
Ovasapyan
Tigran
otd@ibks.spbstu.ru
Authorship identification and verification using machine and deep learning methods
The article presents research aimed at analyzing methods of text authorship identification and verification. The methods of transforming texts into vector representations and determining authorship through text classification are investigated. A dataset is formed, on which the investigated methods are tested, after which conclusions about their effectiveness are drawn. Further research directions are also proposed
10.48612/jisp/vhgh-3g1m-996v
004.056
authorship verification
authorship identification
classification
deep learning methods
machine learning
N-gram
TF-IDF
PCA
https://jisp.spbstu.ru/article/2024.16.16/
2024_2_rus.pdf