9004 2071-8217 4 2024 1-162

RAR RUS 9-21 0000-0003-0623-9891 Peter the Great St. Petersburg Polytechnic University Gololobov Nikita gololobov_nv@spbstu.ru 0000-0003-1345-1874 Peter the Great St. Petersburg Polytechnic University Pavlenko Evgeny pavlenko_eyu@spbstu.ru Analysis of methods for attaching malware at the level of security rings of x86_64 processors This paper examines methods for persistence establishment of malicious software (malware) to various levels of security rings of modern processors based on the x86_64 architecture. The article discusses all levels of rings from 3 (user) to -3 (level of the control engine). In addition, for each level, the capabilities of malware are defined, which is attached to the corresponding ring. Correlating the capabilities and levels of rings makes it possible in the future to develop criteria according to which it will be possible to identify malicious software operating on a personal computer. As a result of the analysis, it was established that the methods of attachment for different rings differ, and malicious activity can only be detected from levels lower than the malware located, which imposes a number of requirements on a unified method for its detection 10.48612/jisp/ukdu-5bxg-fz27 004.056 cybersecurity malware analysis security rings methods of attaching malware https://jisp.spbstu.ru/article/2024.19.1/ 2024_4-5-6.pdf

RAR RUS 22-32 0009-0004-5410-411X Rostov State University of Economics Cherevan Anton antuere@yandex.ru 0000-0003-2273-725X Rostov State University of Economics Lapsar Aleksey lapsar1958@mail.ru

Russia, 344000, Rostov-on-Don, Bolshaya Sadovaya str., 69

A method for detecting floating exploits in software at the final stage of development This article presents a method for detecting and eliminating floating vulnerabilities in mobile applications at the final stage of development. The nature of such vulnerabilities is analyzed and existing methods of their detection and neutralization are considered. The developed method is based on analyzing the state of the application at different points in time and comparing it with the reference state. It includes fixing the initial state, discrete analysis of its changes, detection and identification of vulnerabilities, their elimination. The main area of application of the method is to ensure the security of mobile applications at late stages of development and in the process of final testing. The conclusions of the article emphasize the importance of early detection of floating vulnerabilities to ensure a high level of information security of the final (final) software product 10.48612/jisp/5f4e-f193-hrv3 004.021, 681.518.22 floating vulnerabilities mobile applications program testing state estimation information security https://jisp.spbstu.ru/article/2024.19.2/ 2024_4-5-6.pdf

RAR RUS 33-41 Military Space Academy named after A. F. Mozhaysky Gilmullin Rustam grustam@bk.ru Military Space Academy named after A. F. Mozhaysky Kuzinkov Aaleksey zeba83@gmail.com Military Space Academy named after A. F. Mozhaysky Mukaev Ivan ivanmukaev@yandex.ru Identification of subscriber terminals with multithreaded pipeline organization of calculations for database formation Identification of graphical subsystems with parallel-conveyor organization of calculations as a means of detection of subscriber terminals in information-telecommunication networks 10.48612/jisp/7zgh-m9b1-69rr 004.043 identification graphical subsystem JavaScript web browser https://jisp.spbstu.ru/article/2024.19.3/ 2024_4-5-6.pdf

RAR RUS 42-52 0009-0004-0517-5704 Peter the Great St. Petersburg Polytechnic University Erastov Vyacheslav erastov.vo@edu.spbstu.ru Peter the Great St. Petersburg Polytechnic University Zubkov Evgeny zubkov.e@edu.spbstu.ru 13103571000 0000-0002-0232-7248 Peter the Great St. Petersburg Polytechnic University Zegzhda Dmitry zegzhda_dp@spbstu.ru

Russia, 195251, St. Petersburg, Polytechnicheskaya str., 29

Research of information security audit problems of geographically distributed devices of the Internet of Things Existing approaches to building systems for active auditing of IoT devices are investigated. A sustainable approach to auditing IoT devices using fault-tolerant distribution is proposed. A comparative analysis of algorithms for achieving consensus in distributed systems and means of implementing active auditing is carried out 10.48612/jisp/vk2n-dgmv-b18h 004.056 audit Censys distributed computing information security information technology Internet of Things Nmap port scanner Raft Shodan https://jisp.spbstu.ru/article/2024.19.4/ 2024_4-5-6.pdf

RAR RUS 53-62 0000-0003-4374-1645 National Research Nuclear University MEPhI (Moscow Engineering Physics Institute) Finoshin Mikhail MAFinoshin@mephi.ru 0000-0003-3022-8973 Russian University of Transport (MIIT) Ivanova Irina iid.ivanova@yandex.ru 55229487100 0000-0002-4429-8799 National Research Nuclear University MEPhI (Moscow Engineering Physics Institute) Zhukov Igor i.zhukov@inbox.ru

Russia, 115409, Moscow, Kashirskoe shosse, 31

LLC Hexagon Zuikov Alexander az@hex.team Covert storage channels in the TLS protocol Protection methods against TLS covert storage channels using the Random and SessionID fields of the ClientHello message are proposed. Protection means have been developed using the proposed protection methods: a module for IDS/IPS Suricata that filters TLS packets depending on the SessionID contents, and a proxy server that reformats packets transmitted to the communication environment. A comparative analysis of the implemented protection means was carried out from the point of view of their impact on the communication channel bandwidth and their effectiveness in the secret information transfer countering. The developed protection means are applicable for integration into existing protection systems against network covert channels. Recommendations on the use of proposed protection means depending on the desired level of security are given 10.48612/jisp/r5fz-um2f-mh48 004.056 secret information ClientHello message Random SessionID field proxy server filtering mean https://jisp.spbstu.ru/article/2024.19.5/ 2024_4-5-6.pdf

RAR RUS 63-73 7006566675 0000-0002-6076-7241 Emperor Alexander I St. Petersburg State Transport University Kornienko Anatoliy kaa.pgups@yandex.ru

Russia, 190031, St. Petersburg, Moskovsky ave., 9

0000-0003-2683-0697 Emperor Alexander I St. Petersburg State Transport University Kornienko Svetlana sv.diass99@yandex.ru Emperor Alexander I St. Petersburg State Transport University Barabanshchikova Mariya mary.barabanshikova01@mail.ru Digital Technologies 1520 LLC Sobakin Sergey s.sobakin@dt1520.ru Software tool for managing the access control model for the corporate portal The article considers the corporate portal on the Incomand platform as a single access point to the information system of Digital Technologies 1520 LLC to ensure automation and systematization of implemented business processes in order to improve work efficiency and organize convenient access for employees to all information assets, including confidential information. To increase the level of security of information processed and stored in the organization, a software tool for managing the role model of access control for employees of the organization has been developed and implemented, which significantly complements the standard security model of the corporate portal 10.48612/jisp/a5ht-bx3z-t1rd 004.056 corporate information system corporate portal role model of access control information protection https://jisp.spbstu.ru/article/2024.19.6/ 2024_4-5-6.pdf

RAR RUS 74-84 0000-0002-1399-1822 Peter the Great St. Petersburg Polytechnic University Shenets Nikolay shenets_nn@ibks.spbstu.ru 0000-0002-7485-4848 Peter the Great St. Petersburg Polytechnic University Aleksandrova Elena aleksandrova_eb@spbstu.ru Peter the Great St. Petersburg Polytechnic University Konoplev Artem konoplev_as@spbstu.ru 0000-0003-0623-9891 Peter the Great St. Petersburg Polytechnic University Gololobov Nikita gololobov_nv@spbstu.ru Key pre-distribution technique using Shamir’s secret sharing scheme Two new approaches to key pre-distribution based on an ideal additive homomorphic secret sharing scheme were proposed in [1]. However, it was not possible to prove their security against insider attacks in the general case. In this paper, a simple method for distributing shares based on Shamir’s secret sharing scheme corresponding to the first approach in [1] is proposed and analyzed. Namely, the following problem is solved: it is necessary to distribute 2n shares among n participants in such a way that each participant keeps two shares, and any pair of participants corresponds to a (3,4)-threshold scheme, where the common threshold can be arbitrary. Note that such a problem is solved for the first time in the theory of secret sharing. Unfortunately, the analysis showed that the key agreement protocol based on the proposed technique of shares pre-distribution is not resistant to insider attacks. A general necessary condition for the security of the key agreement protocol in the inside adversary model is obtained 10.48612/jisp/1p42-3zn6-ffrx 004.056.53 (003.26) key pre-distribution Shamir’s secret sharing scheme key agreement protocol adversary model lightweight cryptography https://jisp.spbstu.ru/article/2024.19.7/ 2024_4-5-6.pdf

RAR RUS 85-93 0000-0001-6377-5581 Admiral S.O. Makarov State University of Marine and River Fleet Baryshnikov Sergey barychnikovso@gumrf.ru Admiral S.O. Makarov State University of Marine and River Fleet Sakharov Vladimir saharovvv@gumrf.ru 57200960264 0000-0001-6289-3295 Russian State Hydrometeorological University Sikarev Igor sikarev@yandex.ru

Russia, 192007, St. Petersburg, Voronezhskaya str., 79

Admiral Makarov State University of Maritime and Inland Shipping Chertkov Alexander 0000-0003-0554-5790 Admiral Makarov State University of Maritime and Inland Shipping Abramov Valery val.abramov@mail.ru Automation of active power flows evaluation Automation of the approximate method for estimating active power flows in an electric network with three buses according to specified parameters in nodes using an incomplete conductivity matrix and the implementation of calculations in the CVX format. is considered. The method is based on the fact that the active resistances of the power transmission lines in the electrical circuit are significantly less than the reactive ones, which makes it possible to obtain a simple relationship between the power in the nodes and the angles, which establishes the connection of the parameters of the nodes using a non-invertible conductivity matrix. CVX is a calculation format that allows you to introduce various constraints, including current density in lines, parametric changes, external perturbations, etc. The results of estimates of active power flows for possible variants of the node “zeroing” scheme by minimizing the Euclidean norm are presented. The practical application of the proposed method is determined by the need to quickly assess the volume of purchases in the electricity markets 10.48612/jisp/hxee-hpu5-8d9h 621.398.04 power grid power flows approximate estimation method conductivity matrix incomplete matrix rank CVX technologies Euclidean norm computational structure https://jisp.spbstu.ru/article/2024.19.8/ 2024_4-5-6.pdf

RAR RUS 94-108 0000-0002-2264-7513 Peter the Great St. Petersburg Polytechnic University Krundyshev Vasiliy krundyshev_vm@spbstu.ru Peter the Great St. Petersburg Polytechnic University Cheskidov Vasily cheskidov.vk@edu.spbstu.ru 0000-0002-9732-0099 Peter the Great St. Petersburg Polytechnic University Kalinin Maxim max@ibks.spbstu.ru

Russia, 195251, St. Petersburg, Polytechnicheskaya str., 29

A protection method for the global model of the federated learning systems based on a trust model The paper reviews the problem of ensuring the security of a global model in the federated learning systems. The proposed protection method, based on data verification using a trusted group of nodes, ensures that only correct updates are considered during the aggregation of the global model. As a result of experimental study, it is demonstrated that the developed method ensures high speed of identification and isolation of adversarial clients implementing label substitution and noise imposition 10.48612/jisp/mf2n-fb13-p7p6 004.056 artificial intelligence security model security noise imposition trust model label substitution federated learning https://jisp.spbstu.ru/article/2024.19.9/ 2024_4-5-6.pdf

RAR RUS 109-139 0009-0005-3510-6942 Bauman Moscow State Technical University Vetoshkin Artem vetart1941@gmail.com 0009-0000-0286-1160 Bauman Moscow State Technical University Mironova Alexandra alexandra.miralex@gmail.com 0009-0007-9909-755X OZON Marketplace Kazakhstan LLP Zenger Anna azenger98@gmail.com 0000-0002-1370-6905 SAP America, Inc. Sukhobokov Artem artem.sukhobokov@gmail.com 0000-0002-0852-4162 Bauman Moscow State Technical University Goryachkin Boris bsgor@mail.ru Prospects for the application of archigraphs in data and knowledge storage systems The choice of a model for representing data and knowledge in storage systems determines several of their simultaneously unattainable most important characteristics, including: the ability to create various flexible and complex data and knowledge architectures required by users, simplicity and convenience of working with them, memory efficiency, and access speed to data and knowledge. In each case, one of the compromise solutions is used, often proposed many decades ago and widely used. The authors propose to change the existing compromises and move on to using new models for representing data and knowledge. It is important to understand that new models are proposed under the conditions of only a partially formed set of evaluation criteria, the lack of information and research on this topic, and in the absence of formalized rules and procedures for choosing a model. The purpose of the work is to expand the capabilities of data and knowledge storage systems to create a variety of flexible and complex data and knowledge architectures as well as to improve the efficiency of memory use. The article provides an overview of the main types of data and knowledge storage systems, showing their shortcomings. The method of organization based on the archigraph model for each type of system is proposed, allowing to eliminate the identified shortcomings. The proposed solutions can be used to create new file systems, database management systems, data warehouse management systems, data lake and knowledge lake management systems, management systems for Data Lakehouse, Data Space, Data Fabric, Data Mesh architectures, and blockchain platforms 10.48612/jisp/9h4x-tm85-bd3e 519.179:004.6 archigraph file system database management system data lake Data Lakehouse Data Space Data Fabric Data Mesh knowledge lake https://jisp.spbstu.ru/article/2024.19.10/ 2024_4-5-6.pdf

RAR RUS 140-151 0000-0003-3410-0678 National Research University of Electronic Technology Gorbunov Vladimir nbia@mail.ru 0009-0004-8999-0051 OA National Research Institute “Submicron” Faizulina Alina alya.fayzullina.03@bk.ru Predictive analysis of information flows in information security systems of telecommunication complexes The key problems of information security are considered. The possibility of embedding protection in the system, the problems of network monitoring. The main security threats. The possibilities of information protection and their reliability are being investigated 10.48612/jisp/dv1g-m6ep-zzm3 004.056.5 information information security information security telecommunication systems antivirus programs https://jisp.spbstu.ru/article/2024.19.11/ 2024_4-5-6.pdf

RAR RUS 152-161 0000-0002-0920-9009 The Ministry of Science and Education of the Republic of Azerbaijan Pashayev Fahrad Heydar pasha.farhad@gmail.com 0009-0008-9488-5503 Nakhchivan State University Pashayeva Sevinj Elman sevincpasa5@gmail.com 0009-0005-3533-3918 The Ministry of Science and Education of the Republic of Azerbaijan Maqgsudova Nargiz Adalat nargizmaqsudscb@gmail.com Optimization of the performance of the search information system in the legislative documents database To formulate optimization tasks in the Electronic Policy Document Management System, an enterprise can be presented as a set of departments performing certain functions. At large enterprises there is a constant exchange between the individual departments of the enterprise, between the document databases of departments. The paper examines solutions to several document database-related problems. Here, first of all, we consider the problem of choosing a model capable of setting the relationship between the query execution time and the amounts of documents, grouping of policy documents according to their sources of creation and evaluation of the advantages that this grouping can offer. An experimental table showing the relationship between data size and query execution time is given to solve the problems set. The least squares method is used to select linear or hyperbolic models used in this table. The closeness of the model of this relationship to a linear dependence is used in evaluating the advantages of partitioning the database into natural groups. It is known that policy document databases store documents of local or international importance that are created and recommended for implementation by local or international organizations. To improve the work, the documents in the database can be grouped by the degree of their importance, by the date of entry into the system, by the organizations that created the document. The paper presents a method of grouping policy documents by the source of their creation. Some numerical characteristics indicating the advantages of this grouping are given 10.48612/jisp/8gta-g6v5-k2hh 004.77: 004.02 policy document database data source query time amount of information additional delays mean-square difference linear model hyperbolic model natural division https://jisp.spbstu.ru/article/2024.19.12/ 2024_4-5-6.pdf