Problems of information security. Computer systems

RAR RUS 9-22 0009-0000-3249-4103 Peter the Great St. Petersburg Polytechnic University Bogina Vasilisa bogina_vm@spbstu.ru Peter the Great St. Petersburg Polytechnic University Borisov Georgiy borisov.gi@edu.spbstu.ru 0009-0004-8242-2764 Saint Petersburg Electrotechnical University “LETI” Bratko Victor 0000-0001-9862-1507 Peter the Great St. Petersburg Polytechnic University Dakhnovich Andrey add@ibks.spbstu.ru 13103571000 0000-0002-0232-7248 Peter the Great St. Petersburg Polytechnic University Zegzhda Dmitry zegzhda_dp@spbstu.ru

Russia, 195251, St. Petersburg, Polytechnicheskaya str., 29

Analysis of the applicability of large language models to the simulation of realistic dialogues for the purpose of simulating social engineering attacks The given research is aimed at checking whether synthetic-generated dialogues by LLMs between an “adversary” and a “victim” represent plausibility. To check the credibility of our results, we chose the method of verification using open-source data from U.S. and Russian reports. The actors of dialogues (LLM-agents) were given synthetically generated biographical and personal data, set using prompt engineering techniques, specifically the Persona Pattern. Data from the experiment show a high level of stability and plausibility consistent with ongoing trends in the sphere of social engineering research. Thus, it proves that it is possible to simulate realistic interaction within societal cells with the final goal of computational recreation of social engineering attacks and other related fields using LLMs. 10.48612/jisp/kfvm-3811-vmk4 004.056 LLM-agents dialogue simulation social engineering prompting techniques agent-based modeling social modeling https://jisp.spbstu.ru/article/2025.24.1/ pib_4.pdf

RAR RUS 23-34 0009-0004-4143-7302 National University of Oil and Gas «Gubkin University» Sintsov Mikhail sinzovmi@gmail.com Determining the optimal response time to information security threats in a limited resource environment In research proposed an approach in which the total time of detection, analysis and response to the actions of an attacker does not tend to a minimum value, but is within such limits, in which the possibility of active counteraction to the attacker remains, not allowing him to cause unacceptable damage, which allows to maintain the necessary and sufficient level of information security of the organization with limited resources. Calculated the average time spent by a SOC expert on the analysis of a suspicion of an incident, in which the quality of this analysis allows engineers to take effective actions to contain the attacker. Options for reducing this indicator are considered in view of the need to process all incoming incident suspicions in a high-quality manner in conditions of limited resources. As part of the proposed approach testing, the calculation of the optimal total time of detection, analysis and response for two types of incident suspicions is carried out. 10.48612/jisp/mp7a-vpp7-xu6f 004 Information security retrospective search acceptable level of damage median time of an attacker’s presence in the IT infrastructure response to information security threats https://jisp.spbstu.ru/article/2025.24.2/ pib_4.pdf

RAR RUS 35-47 0000-0001-5221-7621 Saint Petersburg State University of Aerospace Instrumentation Elina Tatyana elinatn@yandex.ru 0000-0002-1825-0097 Federal State Unitary Enterprise State Research Institute of Applied Problems Shevchenko Daria shevchenko_darya_5@mail.ru A model for implementing artificial intelligence into embedded systems This paper examines the problem of implementing artificial intelligence in resource-constrained embedded systems. A comprehensive analysis of existing hardware platform limitations and the challenges of integrating AI into devices with limited computing power, RAM, and energy efficiency is provided. This analysis represents a significant practical challenge in modern IoT devices, robotics, and industrial automation. The process of implementing an image classifier model trained on MNIST on a Raspberry Pi Pico microcontroller platform is described in detail. A unified methodology for implementing AI in embedded systems is proposed, covering problem definition, hardware platform selection, model selection and optimization, offline development environment setup, downloading, and testing. This methodology has practical value and can be adapted to a wide range of IoT projects. 10.48612/jisp/b3r2-vr82-1b7z 004.7: 004.032.26 Artificial intelligence systems modeling embedded systems image recognition Internet of Things https://jisp.spbstu.ru/article/2025.24.3/ pib_4.pdf

RAR RUS 48-58 0000-0003-1674-6248 S. M. Budyonny Military Academy of the Signal Corps Ostroumov Oleg oleg‑26stav@mail.ru 0000-0002-8433-5670 Russian State Hydrometeorological University Lepeshkin Oleg 57200960264 0000-0001-6289-3295 Russian State Hydrometeorological University Sikarev Igor sikarev@yandex.ru

Russia, 192007, St. Petersburg, Voronezhskaya str., 79

Method of determining the criticality of elements of a complex technical system The importance of information and infrastructure increases every year. The criticality of such assets is determined by the impact of disruptions to their stable operation. This paper develops an approach to determining the criticality of communication system elements. It is based on the use of a system performance profile during the construction and operation of the system. Determining the importance of each element within the communication system will ensure the stable operation of the system, aimed at fulfilling the required number of tasks and functions. 10.48612/jisp/6d8t-megz-2zb1 621.39 Critical information infrastructure critically important object criticality operational stability continuity of operation information security control system communication system https://jisp.spbstu.ru/article/2025.24.4/ pib_4.pdf

RAR RUS 59-75 0009-0003-6745-9414 LLC “Hexagon” Pasechnik Margarita mopasechnik@hex.team 0000-0003-4374-1645 National Research Nuclear University MEPhI (Moscow Engineering Physics Institute) Finoshin Mikhail MAFinoshin@mephi.ru LLC Hexagon Zuikov Alexander az@hex.team 55229487100 0000-0002-4429-8799 National Research Nuclear University MEPhI (Moscow Engineering Physics Institute) Zhukov Igor i.zhukov@inbox.ru

Russia, 115409, Moscow, Kashirskoe shosse, 31

Authentication of electronic vehicle control units based on hidden channels To enhance the security of industrial CAN networks in vehicles by transmitting covert information for the authentication of electronic control units. The research methods include a comparative analysis of existing approaches to constructing covert channels in vehicle CAN networks, as well as extended protocols used in CAN buses, to identify the most effective solutions for electronic control unit authentication. During the study, a covert channel scheme in the CAN FD network will be developed, and a test bench will be created to simulate its operation, taking into account various noise-based attacks. Additionally, the study will investigate the noise resistance of the proposed scheme and evaluate its applicability in real-world operating conditions. The results of the study demonstrate the successful development of a modified covert channel in the industrial CAN FD network of vehicles, resistant to noise. Based on a comparative analysis of existing protection and authentication methods in CAN networks, an optimal approach was selected, enabling the construction of a counter synchronization scheme for authentication, based on traffic optimization. The developed covert channel was integrated into a time synchronization system and tested on a bench, verifying its functionality under noise conditions. The testing results confirmed the high noise resistance of the proposed covert channel scheme, proving its effectiveness for use in automotive networks. Additionally, an analysis of the scheme’s applicability in real-world operating conditions was conducted, opening prospects for its implementation in actual vehicles using the CAN FD protocol. The scientific novelty of the work lies in the development and modification of a covert channel for authentication in the industrial CAN FD network of vehicles, resistant to noise. For the first time, a counter synchronization method for authentication based on traffic optimization is proposed, enhancing the security and reliability of the network. The study also includes a comparative analysis of the proposed scheme’s resistance to noise. 10.48612/jisp/rtzv-kfdx-ddfg 004.056 Covert channels authentication industrial CAN network CAN FD protocol noise resistance counter synchronization vehicle network security https://jisp.spbstu.ru/article/2025.24.5/ pib_4.pdf

RAR RUS 76-88 0000-0002-7485-4848 Peter the Great St. Petersburg Polytechnic University Aleksandrova Elena aleksandrova_eb@spbstu.ru 0009-0001-6593-6446 Peter the Great St. Petersburg Polytechnic University Gadisova Vladislava gadisova_va@spbstu.ru Security issues in federated learning systems The paper discusses key security problems in federated learning systems: protecting the privacy of participants’ data from gradient inversion attacks and ensuring model resistance in the presence of poisoning attacks. A review of current approaches to defense against the above threats is presented, and limitations in attempting to apply them together are identified. Based on the analysis, we formulate our own ideas for further research aimed at developing more effective and balanced defense methods that consider both data privacy and poisoning attack resistance. 10.48612/jisp/rp53-1tp9-n87g 004.056 Distributed systems machine learning security federated learning gradient inversion attacks poisoning attacks https://jisp.spbstu.ru/article/2025.24.6/ pib_4.pdf

RAR RUS 89-101 0000-0002-6674-4374 Crypto-Pro LLC Mesengiser Yakob myy@cryptopro.ru 0000–0002–1279–0359 Crypto-Pro LLC Alekseev Evgeny alekseev@cryptopro.ru 0000-0003-4000-1174 National Research Nuclear University MEPhI (Moscow Engineering Physics Institute) Kyazhin Sergey snkyazhin@mephi.ru 0000-0001-8586-5959 Crypto-Pro LLC Smyshlyaev Stanislav svs@cryptopro.ru On the practicality of attacks on electronic document management systems when signature keys are jointly used in TLS 1.2 Prohibiting the use of identical keys in different cryptographic algorithms and protocols is a prerequisite for the security of a wide variety of information systems. However, developers of such systems sometimes ignore this requirement since underestimate the threat. This paper addresses practical attack scenarios against electronic document management systems in a situation where the signature key is also used for client authentication in the TLS 1.2 protocol. As a result of one of the attacks, an adversary forms a signature for a selected PDF file up to 16 MB in size, which is correctly displayed by a number of popular applications. An analysis of the reasons for the feasibility of these attacks leads to the conclusion that a property exists in the TLS 1.2 protocol that leads to a vulnerability when the client authentication key is used as a signature key in electronic document management systems. 10.48612/jisp/8rnd-8vte-brfu 004.056 Cryptography digital signature TLS authentication joint using of a single key https://jisp.spbstu.ru/article/2025.24.7/ pib_4.pdf

RAR RUS 102-109 Russian State Hydrometeorological University Abramova Alexandra alexandria567@mail.ru 0000-0002-5069-6144 Russian State Hydrometeorological University Prostakevich Konstantin atombyfreund@mail.ru 57200960264 0000-0001-6289-3295 Russian State Hydrometeorological University Sikarev Igor sikarev@yandex.ru

Russia, 192007, St. Petersburg, Voronezhskaya str., 79

0000-0003-0554-5790 Admiral Makarov State University of Maritime and Inland Shipping Abramov Valery val.abramov@mail.ru 0000-0002-4822-6768 Peter the Great St. Petersburg Polytechnic University Levina Anastasia alyovina@gmail.com Systemic automation of geoinformation support for autonomous navigation safety in Arctic under climate change There are presented the research results on the systemic automation of geoinformation support for security of autonomous navigation in the Arctic, under climate change. In the course of the research, there were used the methodological foundations of risk management technologies while developing natural – industrial systems. A structural model is proposed that combines investment goals with the costs of geoinformation security support in projects for the development of autonomous navigation in the Arctic. Based on the proposed model, a modular web-based tool has been given that implements systemic automation of geoinformation security for autonomous navigation in the Arctic under climate change. Examples of using the developed tool are given. 10.48612/jisp/zg23-43gm-frvr 007.51 Automation geoinformatics autonomous navigation safety Arctic climate change https://jisp.spbstu.ru/article/2025.24.8/ pib_4.pdf

RAR RUS 110-120 0009-0003-2984-3685 National Research Ogarev Mordovia State University Gulkin Kamil kamil.g.04@bk.ru 0000-0002-9493-1273 National Research Ogarev Mordovia State University Bakaeva Olga helga_rm@rambler.ru Software for detecting potentially dangerous items at mass event entries using computer vision The work is devoted to the development of software for automated detection of potentially dangerous objects in the form of large bags/backpacks on video streams at the entrance of participants to mass events. A client-server solution architecture is proposed, which includes a Streamlit interface, an Ultralytics YOLOv11 detection module, and an incident registration and alerting subsystem. The accuracy of bag identification is verified using the formalized “coordinated detection” criterion: an event is recorded when the confidence threshold γ is exceeded on at least α frames in a sliding window of length τ. On four RTSP channels (processing every 3rd frame), latency of ≈0.5 s was achieved, and false positives were mitigated through time aggregation. The YOLOv11 neural network was trained on a dataset containing 36,000 images, resulting in stable performance (P ≈ 0.953 for “dangerous” object detection accuracy and R ≈ 0.896 for completeness/sensitivity). 10.48612/jisp/e8rx-vv5u-kukg 004.932.72; 004.056.5 Software computer vision neural network YOLOv11 object detection video monitoring “consistent detection” information security https://jisp.spbstu.ru/article/2025.24.9/ pib_4.pdf

RAR RUS 121-137 0009-0003-2993-0287 Samara State Technical University Ahmed Tamer Rashid thameer987@gmail.com 0000-0001-5778-3438 Samara State Medical University Avsievich Aleksandr avsievich@mail.ru Deep learning models for effective detection of fake news This work is devoted to the development of algorithms aimed at improving the detection of false and malicious information disseminated under the guise of news reports. Special attention is paid to their impact on the reliability of information in the modern digital world. To classify and identify fake news, deep learning algorithms have been proposed, including bidirectional recurrent neural networks (BiLSTM), recurrent neural networks (LSTM) and convolutional neural networks followed by bidirectional recurrent networks (CNN + BiLSTM). The effectiveness of the developed models was evaluated on a specialized dataset containing the texts of real and fake news articles in English, taking into account the news agenda in the Islamic context. The results showed that the BiLSTM model achieved a slightly higher accuracy of 98.0 % compared to other models, which proves the effectiveness of deep learning algorithms in detecting fake news. The study offers a promising approach to solving this problem and highlights the importance of developing better tools to ensure the accuracy of information and protect users from misinformation. In the conducted studies, by improving the neural network configuration, it became possible to increase the accuracy of the LSTM, BiLSTM, CNN + BiLSTM models by 7.65, 2.5 and 1.9 %, respectively, compared with previous results. 10.48612/jisp/mh68-utm7-dxb1 004 Fake news false information natural language processing deep learning BiLSTM LSTM CNN + BiLSTM CNN https://jisp.spbstu.ru/article/2025.24.10/ pib_4.pdf

RAR RUS 138-162 Konovalchik Pavel JSC Russian Space Systems Ovcharov Vladimir eo475944@gmail.com Methodological and technological foundations for countering cognitive threats in generative multimodal content The rapid development of artificial intelligence platforms, methods, and technologies creates favorable conditions for the formation of destructive multimodal content and its controlled distribution across various information resources on the Internet. The article presents original research results and develops an approach to countering a new class of information threats – cognitive threats in generative multimodal content. For the first time, a cognitive threat model has been substantiated that takes into account the specifics of a new class of attackers – cognitive security violators. New scientific results have been obtained through training and applying scientifically validated classes of neural network models to analyze various types of emotions. Their novelty and practical value are related to the applicability of these models to solving problems of detecting various types of cognitive biases in the generative multimodal content of Telegram channels. 10.48612/jisp/6b6u-6nv2-9nar 004.8 + 004.9 + 162.5 Information threats artificial intelligence cognitive biases cognitive security cognitive threats generative multimodal content https://jisp.spbstu.ru/article/2025.24.11/ pib_4.pdf

RAR RUS 163-183 0000-0002-7231-5728 MIREA – Russian Technological University Spirin Andrey spirin_aa@mirea.ru 0009-0006-2542-1348 MIREA – Russian Technological University Lebin Maksim lebin2002@yandex.ru 0009-0006-1697-2631 MIREA – Russian Technological University Gindin Evgeny jenyag2002@gmail.com 0009-0001-2060-785X MIREA – Russian Technological University Isakova Natalia ntfenech@gmail.com The impact of adversarial attacks on deep learning models This study presents a comparative analysis of the robustness of modern deep learning architectures against adversarial attacks. The study focuses on three representative models – EfficientNet-B0, MobileNetV2, and Vision Transformer (ViT-B16) – illustrating the evolution of architectures from convolutional networks to transformer-based approaches. The experimental evaluation was conducted on the ISIC‑2019 medical dataset containing dermoscopic images of skin lesions. To assess model robustness, a comprehensive set of digital and physical attacks was employed, including DeepFool, Carlini – Wagner, AutoAttack, Boundary Attack, and Patch Attack. The analysis demonstrated that all evaluated models exhibit significant vulnerability to targeted perturbations: optimizationbased attacks reduce classification accuracy by more than 55 percentage points, while physical attacks can disrupt model predictions even without access to internal parameters. The Vision Transformer (ViT-B16) showed relative resilience to minor perturbations, indicating the potential of attention-based architectures for improving robustness, though complete protection remains unattainable. The results emphasize the necessity of developing integrated approaches to adversarial robustness, encompassing architectural modifications, regularization techniques, and adaptive training – a direction of particular importance for critical domains such as medicine, transportation, and security systems. 10.48612/jisp/2e7p-gxfk-11a3 004.056.5, 004.85:004.89, 519.237.8 Adversarial attacks neural network robustness deep learning EfficientNet MobileNet Vision Transformer computer vision model protection https://jisp.spbstu.ru/article/2025.24.12/ pib_4.pdf