9004
2071-8217
Problems of information security. Computer systems
1
2026
1-214
RAR
RUS
9-14
0009-0007-5463-0437
Povolzhskiy State University of Telecommunications and Informatics
Belova
Olga
olya4369@yandex.ru
Evaluation of signal masking by a two-component steganographic system in windowed information processing
This paper examines a two-component steganographic system operating under windowed processing of audio signals. A mathematical model is proposed for selecting the first and second container components during multilayer data embedding within a fixed-size window. The influence of the system’s parameter selection on the quality of message masking and the stegosystem’s resistance to detection is analyzed. Simulation results for the process of hidden embedding in musical fragments are presented, confirming an increase in masking efficiency compared to classical LSB methods. It is shown that the use of a windowed approach and preliminary cryptographic encryption ensures a more uniform distribution of the least significant bits and reduces the probability of detecting hidden information.
10.66424/2071-8217-2026-1-1
621.372.552
Steganography
two-component system
beep
windowing
multilayer embedding
data masking
https://jisp.spbstu.ru/article/2026.25.1/
2026_1_5-6.pdf
RAR
RUS
15-30
0000-0002-4151-5908
Mozhaisky Military Space Academy
Russu
Valery
russu_valeriy@mail.ru
0000-0002-2758-8650
Mozhaisky Military Space Academy
Neaskin
Stanislav
nemaskin3112@mail.ru
0000-0003-1300-2470
Mozhaysky Military Space Academy
Biryukov
Denis
Biryukov.D.N@yandex.ru
Russia, 197198, St. Petersburg, Zhdanovskaya str., 13
A model of the process of controlling the functioning of an automated data storage and processing system under cyber attack conditions
An aggregated model based on technical diagnostics principles is proposed, allowing system states to be classified by their level of technical operability and security. Formal metrics are introduced for quantitatively assessing the security of automated systems. It is shown that countering attacks targeting vulnerabilities in software update subsystems requires the development of new methods for identifying dangerous configuration states.
10.66424/2071-8217-2026-1-2
004.056
Information protection
information security
cyber attack
information impact
https://jisp.spbstu.ru/article/2026.25.2/
2026_1_5-6.pdf
RAR
RUS
31-57
0009-0007-7763-1993
Saint-Petersburg State University of Aerospace Instrumentation
Bardovsky
Alexey
bardovski.alesha@mail.ru
0000-0003-1284-0915
Fomicheva
Svetlana
levikha@mail.ru
Investigation of the confidential containers performance in fog computing for object detection tasks
In this paper, we propose and formalize a new general task that is relevant for distributed fog environments with intelligent edge/fog nodes – secure scaling, updating and (re)training of deployed ML models (Secure Scale Machine Learning – SSML). As part of the SSML solution for the secure detection of objects in foggy infrastructures for video systems, a method is proposed for determining the optimal ensemble of an ML detector and an ML framework that takes into account the features of the Intel SGX enclave. The proposed technique additionally makes it possible to assess the readiness/unavailability of edge/fog nodes to detect objects in real time during the experiment. The implementation of the technique on a dedicated fog node with an SGX enclave and using SCONE in hardware mode demonstrated that secure inference has an almost 5-fold increase in latency for the TensorFlow interpreter and more than 50-fold for TensorFlow Lite. It has been revealed that the main reason for such high overhead costs is the limitation of the size of protected memory caching pages and the associated intensive page switching operations. The absolute latency for secure inference at the best of the studied ensembles (TinyYolo_v3, TensorFlow, SGX) was 331 ms per frame of the video stream. It is emphasized that confidential logical inference in real time requires both specialized assemblies of ML frameworks and modifications of ML detector architectures.
10.66424/2071-8217-2026-1-3
004.89
Confidential computing
fog infrastructure
trusted execution environments
enclave
object detector
secure inference
latency
https://jisp.spbstu.ru/article/2026.25.3/
2026_1_5-6.pdf
RAR
RUS
58-68
0009-0009-0154-5153
ITMO University
Zdornikov
Egor
eozdornikov@itmo.ru
Forecasting multistage attacks in Kubernetes from Falco alerts using State-Space Models
10.66424/2071-8217-2026-1-4
004.8:004.485:004.421
Kubernetes
Falco
attack forecasting
multi-stage attacks
State-Space Models
Intrusion Detection
proactive defense
https://jisp.spbstu.ru/article/2026.25.4/
2026_1_5-6.pdf
RAR
RUS
69-86
0009-0004-3025-261X
Peter the Great St. Petersburg Polytechnic University
Ivanov
Mikhail
ivanov2.ms@edu.spbstu.ru
0000-0003-1345-1874
Peter the Great St. Petersburg Polytechnic University
Pavlenko
Evgeny
pavlenko_eyu@spbstu.ru
Usage of the subject-object model in the task of detecting malicious software in the Android OS
An overview of the Android application components, permissions, and API functions has been performed, taking into account their possible use by malicious applications. Statistics of the use of Android application components, permissions, API functions, and broadcast receiver events in malicious and benign programs have been compiled. To describe the operation of an Android application, a subject-object model of the behavior of an Android application is presented.
10.66424/2071-8217-2026-1-5
004.056
Information security
malware
Android
https://jisp.spbstu.ru/article/2026.25.5/
2026_1_5-6.pdf
RAR
RUS
87-98
0000-0002-3096-3102
Ufa University of Science and Technology
Mashkina
Irina
profmashkina@mail.ru
0009-0002-8095-1828
Ufa University of Science and Technology
Dunyushkina
Ksenia
dynushkinaks@yandex.ru
Analysis of information security issues in hyperconvergent infrastructure
The study presents an analysis of the scientific and theoretical problems of information security in Hyper-Converged Infrastructure (HCI), which arise due to the deep integration of resources and the erosion of the traditional perimeter. An option for building an HCI is considered, which allows to increase the isolation level of workloads, in which containers are run inside virtual machines acting as hosts for container orchestration. The study of existing problems revealed a qualitatively new level of complexity: verification of isolation guarantees and ensuring the safe division of resources between independent consumers (tenants), formalization of trust boundaries of heterogeneous HCI, analysis of several levels of abstraction simultaneously. The theoretical analysis of the problems identified the need to build a cluster architecture as a complex object of protection, taking into account the structural and functional characteristics of HCI and Kubernetes orchestrator modules. The architecture of a heterogeneous hyperconverged infrastructure has been developed. Taking into account the requirements of regulators, the developed generalized HCI threat model is presented, which in each specific case can be detailed taking into account the technologies of hypervisor and container virtualization used.
10.66424/2071-8217-2026-1-6
004.056.5
Data Center
hyperconverged infrastructure
containerization
virtualization
threat model
Kubernetes
HCI architecture
https://jisp.spbstu.ru/article/2026.25.6/
2026_1_5-6.pdf
RAR
RUS
99-108
0009-0007-7946-5570
Peter the Great St. Petersburg Polytechnic University
Mingazov
Timur
mingazov.tr@edu.spbstu.ru
0000-0002-9732-0099
Peter the Great St. Petersburg Polytechnic University
Kalinin
Maxim
max@ibks.spbstu.ru
Russia, 195251, St. Petersburg, Polytechnicheskaya str., 29
Adaptive architecture for secure remote access to corporate hosting services
Traditional remote access protection approaches (VPN, firewalls) are insufficient against modern threats such as distributed denial-of-service (DDoS), man-in-the-middle (MITM) attacks and insider threats. This study identifies five key architectural approaches to securing remote access and analyzes them in terms of security, implementation cost, management complexity and scalability. An integrated three-layer architecture is proposed that combines access control mechanisms (Zero Trust/SDP), dynamic network reconfiguration (Moving Target Defense) and client-side application protection (anti-tampering, antidebug). The results indicate that coordinating these mechanisms via a unified control loop improves the resilience of remote access to corporate hosting services while enabling phased adoption.
10.66424/2071-8217-2026-1-7
004.056
Adaptive security
remote access
dynamic protection
system architecture
Zero Trust Architecture
Moving Target Defense
Software-Defined Perimeter
anti-tampering
https://jisp.spbstu.ru/article/2026.25.7/
2026_1_5-6.pdf
RAR
RUS
109-122
0000-0001-5518-5565
Minin Nizhny Novgorod State Pedagogical University
Ponachugin
Alexander
sasha3@bk.ru
0009-0002-3427-1514
Minin Nizhny Novgorod State Pedagogical University
Andreeva
Arina
a.andreeva@naash.ru
The impact of the Shadow IT on data processing security in infrastructure of institutions: risks and solutions
The article presents an analysis of the factors contributing to the emergence of Shadow IT, an assessment of its impact on data security properties, and a set of formalized measures aimed at mitigating the associated risks in Internet-oriented information systems. The study employs a systems analysis of information systems, a comparative analysis of Shadow IT management approaches, information security threat analysis, generalization of practices in the application of technical and organizational security controls, and an analysis of the frequency of Shadow IT occurrence. As a result, architectural and organizational prerequisites for the proliferation of Shadow IT in distributed and cloud-based data processing environments are identified; the impact of unauthorized IT services on the confidentiality, integrity, and availability of information is analyzed; approaches to the detection and control of Shadow IT are examined; and a set of formalized measures is proposed, aimed at increasing transparency in the use of IT resources and improving the manageability of data processing processes. The conducted analysis and proposed measures are expected to reduce the level of uncontrolled information security risks and enhance the resilience of data processing in the long term.
10.66424/2071-8217-2026-1-8
05.13.19
Shadow IT
information security
internet-oriented infrastructure
data security
access management
https://jisp.spbstu.ru/article/2026.25.8/
2026_1_5-6.pdf
RAR
RUS
123-133
0009-0002-7760-6337
Saint Petersburg State University of Aerospace Instrumentation
Razinkin
Evgeny
erazinkin@mail.ru
Multi-level model of secure interoperability in e-commerce based on a security profile
As e-commerce evolves, the number of integration points between online storefronts, payment services, logistics, accounting and analytics systems continues to grow. At the same time, information security measures are typically specified in a fragmented manner and are weakly aligned with interoperability models and risk management processes. This paper proposes a multi-layer model of secure interoperability for e-commerce systems, which embeds information security requirements into the interaction profile. The model is complemented by a classification of intersystem exchanges and a reference integration scenario via a gateway, forming a multi-layer interoperability structure within which security invariants are defined. An attacker model is developed that maps attack vectors to framework levels and classes of exchanges. Based on this model, a matrix is constructed that links threats to configuration parameters and control settings of the integration gateway and monitoring systems. Requirements are defined for a machine-readable security profile that includes invariants, indicators, countermeasures and their traceable identifiers, as well as integration with KPI/KRI-based monitoring and DevSecOps processes. The proposed structure enables risk-oriented design and assessment of protection for e-commerce integration points and can serve as a basis for further automation of security profile configuration and audit.
10.66424/2071-8217-2026-1-9
004.056.5
E-commerce
information security
interoperability
integration gateway
attacker model
risk assessment
security profile
KPI
KRI
https://jisp.spbstu.ru/article/2026.25.9/
2026_1_5-6.pdf
RAR
RUS
134-151
0009-0000-3319-8357
Saint Petersburg Electrotechnical University "LETI"
Kasyanov
Alexandr
kasjanov@inbox.ru
0009-0002-5411-7477
National Research University Higher School of Economics
Vitchak
Ivan
intdx@yandex.ru
Error of approximation of chi-square distribution by normal distribution as a function of sample size
The article examines the approximation error of the chi-square distribution using a normal distribution, which is relevant when applying statistical tests to evaluate the quality of random number generators. The aim of the study is to determine under what conditions it is acceptable to replace chi-square statistics with their approximations (normal distributions) in order to simplify the calculation of p-values using the complementary error function. To achieve this goal, the research employed mathematical analysis methods, including analysis of the gamma distribution, which includes the chi-square distribution as a special case, and the application of the Berry – Esseen inequality for evaluating the accuracy of approximation. An analytical expression for the third absolute central moment of the distribution was obtained, allowing for an analytical estimation of the minimum length of a bit sequence necessary to achieve a specified level of approximation accuracy. The results showed that, in order to achieve the high level of accuracy required in cryptographic applications, there are significant practical limitations due to the required sample size. These limitations are related to computational complexity, memory requirements, and time costs. The issue of determining the optimal number of intervals in a test using chi-square statistics is considered to optimize the balance between the desired sensitivity with resistance to random fluctuations. The scientific novelty of this work lies in formalizing the conditions for using normal approximation to calculate p-values and developing recommendations for selecting the number of intervals and estimating the minimum sample size. The results obtained contribute to increasing the statistical significance and validity of statistical tests for verifying pseudo-random number generators. They also reduce the influence of heuristic considerations in determining the sample size, which increases the reliability of evaluating random number generator characteristics. In practical terms, this work aims to unify statistical analysis procedures in cryptography by formalizing conditions under which it is correct to replace the chi-square distribution with the normal distribution.
10.66424/2071-8217-2026-1-10
519.248
Statistical tests
minimum sequence length
gamma distribution
asymptotic analysis
third absolute central moment
Berry – Essen inequality
optimal number of intervals
https://jisp.spbstu.ru/article/2026.25.10/
2026_1_5-6.pdf
RAR
RUS
152-167
13103571000
0000-0002-0232-7248
Peter the Great St. Petersburg Polytechnic University
Zegzhda
Dmitry
zegzhda_dp@spbstu.ru
Russia, 195251, St. Petersburg, Polytechnicheskaya str., 29
Peter the Great St. Petersburg Polytechnic University
Gavva
Georgij
gavva.gd@edu.spbstu.ru
0000-0002-9732-0099
Peter the Great St. Petersburg Polytechnic University
Kalinin
Maxim
max@ibks.spbstu.ru
Russia, 195251, St. Petersburg, Polytechnicheskaya str., 29
0000-0002-2009-5460
Peter the Great St. Petersburg Polytechnic University
Ovasapyan
Tigran
otd@ibks.spbstu.ru
PJSC Rosseti North-West
Tolstykh
Maxim
tolstykhma@rosseti-sz.ru
Cyber resilience of digital substations: intelligent technology for cyber threat detection and adaptive environment management
This paper reviews the problem of ensuring cyber resilience for digital substations, critical energy infrastructure facilities vulnerable to targeted cyberattacks. A solution is proposed in the form of a comprehensive technology integrating intelligent attack and anomaly detection using a radial-basis neural network and an adaptive control mechanism built on a stochastic self-learning machine with a variable structure and linear tactics. The detector ensures resource-efficient and highly accurate detection of cyberattacks on low-resource devices of the digital substation network at the connection level. The adaptive control mechanism dynamically restructures the digital substation network’s flows based on environmental responses and undergoes additional learning during incident processing, enabling the neutralization of a wide range of known and unknown threats. Experimental results have demonstrated that the proposed solution meets key requirements for digital substation protection systems: high performance, adaptability, and cybersecurity.
10.66424/2071-8217-2026-1-11
004.056
Adaptive control
cyber resilience
cyberattack detection
radial basis neural network
self-learning machine
digital substation
https://jisp.spbstu.ru/article/2026.25.11/
2026_1_5-6.pdf
RAR
RUS
168-175
57200960264
0000-0001-6289-3295
Russian State Hydrometeorological University
Sikarev
Igor
sikarev@yandex.ru
Russia, 192007, St. Petersburg, Voronezhskaya str., 79
Russian State Hydrometeorological University
Abramova
Alexandra
alexandria567@mail.ru
0000-0002-5069-6144
Russian State Hydrometeorological University
Prostakevich
Konstantin
atombyfreund@mail.ru
0009-0007-1151-4268
Russian State Hydrometeorological University
Semidelova
Alina
alinastel@yandex.ru
0000-0003-0554-5790
Admiral Makarov State University of Maritime and Inland Shipping
Abramov
Valery
val.abramov@mail.ru
Automation of water transport activities using factorial approach to risk managemen
Presented systematic vision for water transport activities automation. Research purpose was to develop factorial approach to risk management while water transport activities automation. Key systems to be automated within mentioned activity are considered. Main research result is factorial risk management method development while autonomous navigation.
10.66424/2071-8217-2026-1-12
007.51
Automation
water transport
autonomous navigation
risk management
factorial approach
https://jisp.spbstu.ru/article/2026.25.12/
2026_1_5-6.pdf
RAR
RUS
176-186
7006566675
0000-0002-6076-7241
Emperor Alexander I St. Petersburg State Transport University
Kornienko
Anatoliy
kaa.pgups@yandex.ru
Russia, 190031, St. Petersburg, Moskovsky ave., 9
0000-0003-2683-0697
Emperor Alexander I St. Petersburg State Transport University
Kornienko
Svetlana
sv.diass99@yandex.ru
0000-0002-9948-9867
Emperor Alexander I St. Petersburg State Transport University
Nikitin
Alexandr
nikitin@crtc.spb.ru
JSC NIIAS
Orlov
Vyacheslav
orlovva206@yandex.ru
Identification of a person in uniform based on video stream data using the YOLO convolutional neural network
The article suggests an approach to identifying a potential violator based on images of a person with uninformative distinguishing features on video frames of an intelligent security video surveillance system. The main focus is on evaluating the possibilities of identifying a person in a uniform (recognizing a person by type of clothing) using video stream data and the deeply trained convolutional neural network YOLO. The developed software model makes it possible to increase the likelihood of identifying potential violators by the context of their type of clothing, location, correlation with official duties, and taking into account other factors.
10.66424/2071-8217-2026-1-13
004.056
Object security
intelligent video surveillance system
identification of a person in uniform
YOLO convolutional neural network
metrics for evaluating the quality of learning
https://jisp.spbstu.ru/article/2026.25.13/
2026_1_5-6.pdf
RAR
RUS
187-200
0009-0005-8893-7846
Kazan National Research Technological University
Sadykov
Alexandr
alex.sadykov@mail.ru
0000-0002-6119-1934
Alekseeva
Anna
annank90@mail.ru
Kazan National Research Technological University
Automation of information security incident detection using custom correlation rules in a SIEM system
The article examines an applied approach to improving the effectiveness of information security incident detection in database management systems using PostgreSQL as a case study and the industrial security information and event management system MaxPatrol SIEM. The relevance of the problem is substantiated in the context of increasing attack complexity and growing volumes of logged data, which complicate the identification of significant events and the formation of a coherent incident context. The methodology for assessing information security threats developed by the Federal Service for Technical and Export Control of Russia (FSTEC) is used as a methodological basis, making it possible to correlate observable log features with threat implementation techniques. The study includes a two-stage selection of relevant threat techniques, an analysis of the correspondence between built-in MaxPatrol SIEM correlation rules and the selected attack scenarios, and the identification of detection gaps. It is shown that the default rule set provides limited coverage of techniques and is mainly focused on administrative operations and typical authentication scenarios. To address the identified gaps, a set of custom correlation rules was developed, implementing detection based on characteristic SQL constructs, sequences of execution errors, and access to sensitive objects. The developed rules were validated and successfully deployed, resulting in full coverage of the selected threat techniques without changes to logging configuration or the use of external analytical modules. The obtained results confirm the practical applicability of the proposed approach for maintaining SIEM solutions and adapting them to specific event sources.
10.66424/2071-8217-2026-1-14
004.056
Event correlation
incident detection
security logs
PostgreSQL
SIEM system
correlation rules
information security threats
https://jisp.spbstu.ru/article/2026.25.14/
2026_1_5-6.pdf
RAR
RUS
201-213
0009-0003-4041-2317
Tumakov
Maksim
tumbox2018@gmail.com
Peter the Great St. Petersburg Polytechnic University
Ivanova
Lyubov
Use of large language models for security event analysis
As cyberattacks continue to rise and adversary techniques become more sophisticated, the workload on security monitoring and incident response teams in security operations centers increases substantially. Access to security events in existing telemetry storage systems still largely relies on queries written in specialized syntax, which does not always provide the required speed and depth of analysis. In parallel, large language models are rapidly evolving, enabling natural-language interaction with accumulated security logs. This paper proposes integrating a semantic large language models layer into an existing security event collection and processing architecture to retrieve relevant events by semantic similarity from natural-language queries. An implemented prototype is also described, demonstrating the technical feasibility of the approach using a locally deployed Mistral model and a web-based chatbot interface for SOC analysts, serving as a foundation for further development and operational adoption.
10.66424/2071-8217-2026-1-15
004.056.5:004.89
Security logs
large language models (LLM)
security operations center (SOC)
semantic search
security event analysis
https://jisp.spbstu.ru/article/2026.25.15/
2026_1_5-6.pdf