9004 2071-8217 1 2021 1-134

RAR RUS 9-19 0000-0001-9659-1244 Peter the Great St. Petersburg Polytechnic University Poltavtseva Maria potavtseva@ibks.spbstu.ru Data structures formation in active security monitoring tasks The trend towards automation of security management processes, including in industrial cyber-physical systems, has led to a change in the role of information security monitoring from solving the problem of conformity assessment to ensuring timely awareness of security management methods - active monitoring. The paper is devoted to the formation of requirements for the subsystem of data collection and processing of information security active monitoring. The author systematizes a number of cyber-physical systems security management tasks, considers examples of methods for solving them, and identifies data structures that are in demand by these methods 004.056 information security security monitoring security control industrial cyber-physical systems data preparation data structuring data engineering https://jisp.spbstu.ru/article/2021.2.1/ 2021_1-5-6.pdf

RAR RUS 20-30 Ageev S. Ageeva N. Karetnikov V. Privalov A. 57200960264 0000-0001-6289-3295 Russian State Hydrometeorological University Sikarev Igor sikarev@yandex.ru

Russia, 192007, St. Petersburg, Voronezhskaya str., 79

Algorithm for rapid detection of traffic anomalies in high-speed corporate multiservice communication networks The paper an adaptive heuristic (behavioral) algorithm for detecting traffic anomalies in high-speed corporate multiservice communication networks, functioning in real time. The main results of his research are presented 681.142.33.681.14 pseudogradient algorithm conditionally nonlinear pareto optimal filtering fuzzy logical takagi — sugeno conclusion fuzzy rule base fuzzy knowledge base https://jisp.spbstu.ru/article/2021.2.2/ 2021_1-5-6.pdf

RAR RUS 31-38 0009-0008-4442-5365 Peter the Great St. Petersburg Polytechnic University Kubrin Georgiy kubrin@ibks.spbstu.ru 0000-0001-8206-2915 Peter the Great St. Petersburg Polytechnic University Ivanov Denis ivanov@ibks.spbstu.ru Dynamic phishing website dataset collection The paper describes a list of deficiencies in the publicly available datasets of phishing websites. A method is proposed that mitigates those deficiencies. A prototype is described and the results which was successfully used to create a dataset of phishing site archives. Created dataset does not contain described deficiencies 004.056.57 phishing site detection machine learning website archiving https://jisp.spbstu.ru/article/2021.2.3/ 2021_1-5-6.pdf

RAR RUS 39-49 0000-0002-9732-0099 Peter the Great St. Petersburg Polytechnic University Kalinin Maxim max@ibks.spbstu.ru

Russia, 195251, St. Petersburg, Polytechnicheskaya str., 29

0000-0002-2264-7513 Peter the Great St. Petersburg Polytechnic University Krundyshev Vasiliy krundyshev_vm@spbstu.ru Analysis of ultra-high volumes of network traffic based on quantum machine learning This paper presents a method for analyzing network traffic based on the use of quantum machine learning. A method for encoding network traffic in terms of a quantum computer has been developed. The results of experimental studies have shown the superiority of the proposed approach over traditional machine learning methods in detecting network attacks 004.056 network traffic analysis quantum computer quantum machine learning qubit network attacks intrusion detection system https://jisp.spbstu.ru/article/2021.2.4/ 2021_1-5-6.pdf

RAR RUS 50-54 Marshev I. 0009-0002-7321-7430 Peter the Great St. Petersburg Polytechnic University Zhukovskii Evgeniy bugaev.va@edu.spbstu.ru

Russia, 195251, St. Petersburg, Polytechnicheskaya str., 29

0000-0002-7485-4848 Peter the Great St. Petersburg Polytechnic University Aleksandrova Elena aleksandrova_eb@spbstu.ru Protection against adversarial attacks on malicious executable detection methods using machine learning algorithms Strength of malware detection methods based on machine learning algorithms has been analyzed. Adversarial attack for given methods has been developed. The method of robustness improvement of vulnerability detection methods has been proposed 004.056 malware detection classification machine learning adversarial attack neural network static analysis https://jisp.spbstu.ru/article/2021.2.5/ 2021_1-5-6.pdf

RAR RUS 55-61 Nefedov V. Kriulin Artur kriulin@mirea.ru 0000-0002-5511-4000 MIREA – Russian Technological University Eremeev Mihail Approach to detect maliscous servers on anonimous network TOR based on clasterization methods The paper deals with the issues of ensuring the security of communications on the Internet, anonymous access to network resources. The problem situation is revealed, which consists in increasing the probability of deanonymization of users of the TOR network when using servers under a single administrative management in the same chain. An approach to identifying «hidden groups» of TOR anonymous network servers is proposed by analyzing the frequency of server characteristics and clustering them based on the similarity measure. The conducted research allowed us to identify ways to improve the software of the TOR anonymous network and improve the security of users 004.7 + 004.056.5 information security computer networks anonymous communication anonymous networks TOR network clustering https://jisp.spbstu.ru/article/2021.2.6/ 2021_1-5-6.pdf

RAR RUS 62-78 Stepanov M. 0000-0003-1345-1874 Peter the Great St. Petersburg Polytechnic University Pavlenko Evgeny pavlenko_eyu@spbstu.ru 0000-0003-2849-4682 Peter the Great St. Petersburg Polytechnic University Lavrova Daria lavrova_ds@spbstu.ru

Russia, 195251, St. Petersburg, Polytechnicheskaya str., 29

Detection of network attacks in software-defined networks using isolating forest algorithm This paper proposes an approach for detecting network attacks in software-defined networks. The specifics of such networks in terms of security are taken into account, and a modified isolating forest algorithm is taken as the basis for the developed approach. The results of experimental studies where the optimal parameters of the isolating forest algorithm and the extended algorithm of the isolating forest are chosen are presented. Based on the results of the studies, a conclusion is made about the effectiveness of the isolating forest for network attack detection in software-defined networks 004.056 software-defined network network attacks isolation forest algorithm extended isolation forest algorithm networks attack detection https://jisp.spbstu.ru/article/2021.2.7/ 2021_1-5-6.pdf

RAR RUS 79-85 Peter the Great St. Petersburg Polytechnic University Zavadskii Evgeniy zavadskij_ev@spbstu.ru 0000-0001-8206-2915 Peter the Great St. Petersburg Polytechnic University Ivanov Denis ivanov@ibks.spbstu.ru Countering information threats using honeypot systems based on graph of potential attacks In this paper, we propose a method for dynamic resource management of a Honeypot-system based on a graph of potential attacks to enable the deployment of a virtual network infrastructure of any scale, according to which a virtual network infrastructure in conditions of limited computing resources changes its configuration, adapting to the actions of an attacker 004.94 network infrastructure hybrid honeypot-system deception potential attack graph https://jisp.spbstu.ru/article/2021.2.8/ 2021_1-5-6.pdf

RAR RUS 86-95 0000-0002-1399-1822 Peter the Great St. Petersburg Polytechnic University Shenets Nikolay shenets_nn@ibks.spbstu.ru Petushkov A. New regular sliding window algorithms for elliptic curve scalar point multiplication Simple side-channel attacks on the implementation of elliptic curve scalar point multiplication algorithms are considered. New regular sliding window algorithms for calculating multiple points are proposed. Their optimal parameters are evaluated. The efficiency of the proposed algorithms is investigated 004.056.53 (003.26) side-channel attack elliptic curve scalar point multiplication regular algorithm sliding window algorithm https://jisp.spbstu.ru/article/2021.2.9/ 2021_1-5-6.pdf

RAR RUS 96-101 13103571000 0000-0002-0232-7248 Peter the Great St. Petersburg Polytechnic University Zegzhda Dmitry zegzhda_dp@spbstu.ru

Russia, 195251, St. Petersburg, Polytechnicheskaya str., 29

0000-0003-1736-7178 Peter the Great St. Petersburg Polytechnic University Anisimov Vladimir an‑33@yandex.ru 0000-0002-6527-2352 Peoples’ Friendship University of Russia named after Patrice Lumumba Anisimov Evgeny anis.an‑33@yandex.ru Saurenko Tatyana Efficiency of computer network functioning in conditions of malicious information influences The paper proposes a model for predicting the dynamics of a generalized indicator of the efficiency of the functioning of a corporate computer network in conditions of harmful information influences. The model is based on the representation of its dynamics in the form of a function of the level of performance of the corporate network at each moment of time from the specified interval. In this case, the level of network operability is determined by the operability of its elements and is described by an appropriate system of differential equations that take into account harmful effects and the process of eliminating their consequences. For these equations, under some simplifying conditions, analytical solutions are constructed, which greatly facilitates the process of forecasting the dynamics of the generalized efficiency indicator under consideration 004.056.57 corporate computer network functioning harmful information impacts generalized efficiency indicator dynamics forecast model https://jisp.spbstu.ru/article/2021.2.10/ 2021_1-5-6.pdf

RAR RUS 102-108 0000-0003-4866-217X Gryzunov Vitaly Conceptual model of geoinformation system adaptive control under conditions of destabilization A conceptual model of a geoinformation system operating under conditions of destabilization is proposed. Destabilizing factors are of a deterministic, stochastic and non-stochastic nature. The geographic information system is considered as a control object with a variable structure, the problem of adaptation to destabilization is formulated 004.27+004.056 geographic information system destabilizing factors information security https://jisp.spbstu.ru/article/2021.2.11/ 2021_1-5-6.pdf

RAR RUS 109-116 Fatin Aleksander sasha-fatin@mail.ru 0000-0003-1345-1874 Peter the Great St. Petersburg Polytechnic University Pavlenko Evgeny pavlenko_eyu@spbstu.ru Using the NEAT-hypercube mechanism for cyberattack detection in Internet of Things In this paper, we consider a method for detecting abnormal behavior in the operation of cyber-physical systems, the Internet of Things (IoT) and distributed control systems using the prediction and analysis of multidimensional time series using neuroevolutionary algorithms based on the development of the hypercube substrate. The method is based on identifying deviations between the current values of the state of the cyber-physical system and the predicted results. The results of studies of the described method are presented, demonstrating the correctness and accuracy of this approach 004.056 information security cyber-physical systems IoT hypercube neat neuroevolution multivariate timeset https://jisp.spbstu.ru/article/2021.2.12/ 2021_1-5-6.pdf

RAR RUS 117-130 Vasileva Ksenia 0000-0003-2849-4682 Peter the Great St. Petersburg Polytechnic University Lavrova Daria lavrova_ds@spbstu.ru

Russia, 195251, St. Petersburg, Polytechnicheskaya str., 29

Anomaly detection in cyber-physical systems using graph neural networks The paper proposes the application of convolutional graph neural networks to detect anomalies in cyber-physical systems, developed a graph model reflecting the dynamics of changes in the state of devices, presented an algorithm for data preprocessing, which provides the formation of the graph based on the studied sample of telemetry values. The optimal parameters of the neural network were established experimentally, the applicability and effectiveness of the proposed model for detecting anomalies in cyber-physical systems were shown, and the ability of the model to detect and distinguish between classes of attacks was confirmed 004.056 graph neural networks cyber-physical system anomaly detection; convolutional neural networks information security telemetric data analysis https://jisp.spbstu.ru/article/2021.2.13/ 2021_1-5-6.pdf

RAR RUS 131-137 0000-0001-9862-1507 Peter the Great St. Petersburg Polytechnic University Dakhnovich Andrey add@ibks.spbstu.ru Peter the Great St. Petersburg Polytechnic University Moskvin Dmitry moskvin_da@spbstu.ru 13103571000 0000-0002-0232-7248 Peter the Great St. Petersburg Polytechnic University Zegzhda Dmitry zegzhda_dp@spbstu.ru

Russia, 195251, St. Petersburg, Polytechnicheskaya str., 29

Security through obscurity in industrial Internet of Things One of the major problems in the Industrial Internet of Things cybersecurity is to provide availability of operation processes, in the other words, “cyber sustainability”. The survey describes actual the Industrial Internet of Things network-level cybersecurity issues that could be mitigated by appliance of “Security through obscurity” approach on the very edge of the Industrial Internet of Things cybersecurity. In the end, authors try to evaluate cybersecurity of the Industrial Internet of Things systems through an anonymity measure. Thus, availability and anonymity terms are tried to be connected 004.056 digital manufacturing cybersecurity industry 4.0 industrial Internet of Things critical information infrastructure https://jisp.spbstu.ru/article/2021.2.14/ 2021_1-5-6.pdf