9004 2071-8217 2 2021 1-152

RAR RUS 9-20 Stasyev V. Integrity control of KVM-based virtual machines components on OpenStack platform To mitigate the risks, it is necessary to create additional systems for monitoring the integrity of the OpenStack-based virtual infrastructure. The work examines the architecture of OpenStack, a study of the life cycle of a virtual machine is carried out to determine the OpenStack components (and their parts) for which it is necessary to ensure integrity control. 004.056.2 virtualization hypervisor openstack virtual machine integrity integrity control components of virtual machines https://jisp.spbstu.ru/article/2021.3.1/ 2021_2-5-6.pdf

RAR RUS 21-40 Ivanov M. 0000-0003-1345-1874 Peter the Great St. Petersburg Polytechnic University Pavlenko Evgeny pavlenko_eyu@spbstu.ru Anomaly detection in cyber-physical systems using graph neural networks This paper presents a security study of networks with dynamic topology. As a solution to the problem of attack detection, an approach to attack detection in networks with dynamic topology based on adaptive neuro-fuzzy inference system was developed. A software layout of the system that implements the proposed approach has been developed and its effectiveness has been evaluated using various metrics. Experimental results confirmed the validity and effectiveness of the developed approach for attack detection in networks with dynamic topology 004.056 dynamic topology networks attack detection network security machine learning fuzzy logic neural networks https://jisp.spbstu.ru/article/2021.3.2/ 2021_2-5-6.pdf

RAR RUS 41-47 Smirnov S. 0000-0002-5511-4000 MIREA – Russian Technological University Eremeev Mihail Pribylov I. Approach to detecting malicious actions of attacker based on autoregression model in investigation of cyber incident The paper presents an approach to detecting malicious actions of an attacker based on the analysis of the Security.evtx event logs of the Windows operating system when investigating an information security incident. The authors experimentally tested the use of the autoregression model (the Change Finder algorithm), on the basis of which malicious activity of domain users in the corporate network was detected 004.85 information security incident APT attack lateral movement security log security.evtx change finder algorithm https://jisp.spbstu.ru/article/2021.3.3/ 2021_2-5-6.pdf

RAR RUS 48-56 Kulikov D. 0000-0002-9899-2778 Peter the Great St. Petersburg Polytechnic University Platonov Vladimir plato@ibks.spbstu.ru Adversarial attacks on intrusion detection systems using LSTM classifier This paper discusses adversarial attacks on machine learning models and their classification. Methods for assessing the resistance of an LSTM classifier to adversarial attacks are investigated. JSMA and FGSM attacks, chosen due to the portability of adversarial examples between machine learning models, are discussed in detail. An attack of “poisoning” of the LSTM classifier is proposed. Methods of protection against the considered adversarial attacks are formulated 004.032.26 adversarial attack intrusion detection system neural network LSTM https://jisp.spbstu.ru/article/2021.3.4/ 2021_2-5-6.pdf

RAR RUS 57-64 Peter the Great St. Petersburg Polytechnic University Zavadskii Evgeniy zavadskij_ev@spbstu.ru 0000-0001-8206-2915 Peter the Great St. Petersburg Polytechnic University Ivanov Denis ivanov@ibks.spbstu.ru Implementation of honeypot systems based on potential attack graph This paper proposes an implementation of Honeypot system that uses dynamic resource management method based on potential attacks graph to enable the deployment of a virtual network infrastructure of any scale. Its resource consumption with a traditional Honeypot system is compared 004.94 network infrastructure hybrid honeypot-system potential attack graph https://jisp.spbstu.ru/article/2021.3.5/ 2021_2-5-6.pdf

RAR RUS 65-73 Danilov V. JSC Russian Space Systems Ovcharov Vladimir eo475944@gmail.com Security threat model of network domain name service when implementing attacking scenarios This paper substantiates a threat model for implementing attacking scenarios on the Domain Name System (DNS) network service, taking into account current vulnerabilities in order to develop measures to ensure information security of a controlled information and telecommunications network (ITCS), namely, timely response to computer information security incidents (IS). The data obtained allows us to more fully describe the profiles of network objects that use the DNS service to identify the states of the monitored infrastructure. The use of this model can expand the capabilities of tools for detecting and preventing intruder attack scenarios 004.056 DNS server DNS query attacking scenarios botnet domain name resolution https://jisp.spbstu.ru/article/2021.3.6/ 2021_2-5-6.pdf

RAR RUS 74-81 0009-0008-4442-5365 Peter the Great St. Petersburg Polytechnic University Kubrin Georgiy kubrin@ibks.spbstu.ru 0000-0001-8206-2915 Peter the Great St. Petersburg Polytechnic University Ivanov Denis ivanov@ibks.spbstu.ru Development of phishing site classificators based on dynamicaly updated dataset The paper describes a method of phishing site classification development based on dynamically updated dataset. A prototype of a system for automating model development and modification is described. A classificatory developed using the proposed method is described 004.056 phishing site detection machine learning web-page feature selection https://jisp.spbstu.ru/article/2021.3.7/ 2021_2-5-6.pdf

RAR RUS 82-88 0000-0002-7485-4848 Peter the Great St. Petersburg Polytechnic University Aleksandrova Elena aleksandrova_eb@spbstu.ru Oblogina A. Shkorkina E. Authentication of intelligent electronic devices in IoT network with the edge computing architecture An authentication protocol for Internet of Things networks based on the edge computing architecture is proposed. The protocol makes it possible to reduce the computational load on resource-constrained devices, while ensuring high resistance to attacks along different vectors and an acceptable execution speed for such networks 004.056 Internet of Things authentication edge computing resource-constrained devices https://jisp.spbstu.ru/article/2021.3.8/ 2021_2-5-6.pdf

RAR RUS 89-96 Kustov V. Krasnov A. Discrete chaotic transformations of hidden messages to disguise them as noise in steganography problems The paper considers the problem of masking a hidden message in HUGO stegosystems under natural noise in the communication channel using discrete chaotic Arnold cat map and Baker map, which are iterative reversible discrete transformations in highly undetectable HUGO stegosystems. To estimate the level of chaotic state of a hidden message represented by a digital still image, the authors introduce the concept of the chaotic coefficient, which is a numerical indicator of the entropy of the probability of disordered pixels. The authors propose a method for determining the maximum value of the chaotic coefficient corresponding to the maximum chaotic state of the hidden image 519.7 chaotic transformation entropy Arnold cat map baker map HUGO stegosystem https://jisp.spbstu.ru/article/2021.3.9/ 2021_2-5-6.pdf

RAR RUS 97-103 0000-0002-0644-4353 Krasnodar Higher Military School named after General of the Army S. M. Shtemenko Dichenko Sergei dichenko.sa@yandex.ru Multi-dimensional data integrity control model Multi-dimensional data storage systems designed for storing large amounts of information and functioning under destructive influences are considered. A model for controlling the integrity of multi-dimensional data arrays based on Pascal’s cryptographic pyramid is presented 519.718 information protection control of the integrity of multi-dimensional data arrays hash function Pascal’s pyramid https://jisp.spbstu.ru/article/2021.3.10/ 2021_2-5-6.pdf

RAR RUS 104-108 0000-0002-6419-0072 St. Petersburg State University of Aerospace Instrumentation Tatarnikova Tatiana Tm-tatarn@yandex.ru Verevkin S. Kraeva E. Protection against HID attacks The paper examines the relevance of HID attacks in order to gain access to protected information resources or take control over hardware and software and hardware as part of an automated workplace or peripheral equipment. Presented are devices for implementing devices for carrying out HID attacks in order to demonstrate their capabilities. Based on the results of considering the currently existing hardware and software implementations of HID devices, a comprehensive method proposed for ensuring the security of information systems and individual devices from the considered type of attacks 004.056 human interface device input-output device emulation information security attack malicious code https://jisp.spbstu.ru/article/2021.3.11/ 2021_2-5-6.pdf

RAR RUS 109-117 ZEGZHDA Peter 13103571000 0000-0002-0232-7248 Peter the Great St. Petersburg Polytechnic University Zegzhda Dmitry zegzhda_dp@spbstu.ru

Russia, 195251, St. Petersburg, Polytechnicheskaya str., 29

0000-0003-1736-7178 Peter the Great St. Petersburg Polytechnic University Anisimov Vladimir an‑33@yandex.ru 0000-0002-6527-2352 Peoples’ Friendship University of Russia named after Patrice Lumumba Anisimov Evgeny anis.an‑33@yandex.ru Saurenko Tatyana Model for forming development program of organization’s information security system The urgent need for the purposeful development of information security systems in the context of the intensive introduction of digital technologies in the economy and social sphere determines the relevance of improving the methodological apparatus for substantiating appropriate decisions in planning and managing this process. The purpose of this article is to develop a mathematical model and an algorithm for supporting decision-making in the formation of a program for the development of an organization's information security system. At the same time, a generalized structure of the model and an algorithm for solving the problem of forming the optimal version of the program are proposed. Minimization of financial costs is, used as an optimality criterion in the model. Uncertainty inherent in the development of information security systems is, taken into account by setting the intervals of possible costs during the implementation of projects included in the program. To solve the problem, an iterative algorithm is, proposed for the sequential formation of an appropriate version of the program 519.854 information security system optimization of the system development program model algorithm https://jisp.spbstu.ru/article/2021.3.12/ 2021_2-5-6.pdf

RAR RUS 118-126 0009-0004-1271-709X Peter the Great St. Petersburg Polytechnic University Ognev Roman ognev_ra@spbstu.ru 0009-0002-7321-7430 Peter the Great St. Petersburg Polytechnic University Zhukovskii Evgeniy bugaev.va@edu.spbstu.ru

Russia, 195251, St. Petersburg, Polytechnicheskaya str., 29

13103571000 0000-0002-0232-7248 Peter the Great St. Petersburg Polytechnic University Zegzhda Dmitry zegzhda_dp@spbstu.ru

Russia, 195251, St. Petersburg, Polytechnicheskaya str., 29

Detection malware based on clusterization of performed actions The application of classification algorithms for detecting malicious software is investigated using classes of actions obtained as a result of clustering based on the analysis of sequences of calls to WinAPI-functions as features. The application of the following classification algorithms is considered: gradient boosting, adaptive boosting, linear regression, and the forest case. The quality assessment was carried out using the accuracy metrics, F1-measure, the area under the ROC curve, as well as taking into account the training time 004.056 classification clustering malicious software malicious behavior machine learning behavioral analysis dynamic analysis computer security https://jisp.spbstu.ru/article/2021.3.13/ 2021_2-5-6.pdf

RAR RUS 127-134 0000-0003-1798-8257 Russian State Hydrometeorological University Sukhoparov Mikhail mail@sukhoparovm.ru 0000-0001-6753-2181 Saint Petersburg Federal Research Center of Russian Science Academy Lebedev Ilya isl_box@mail.ru IoT devices analysis using neural networks ensemble trained on unbalanced sample An approach to identifying anomalous situations in network segments of the Internet of Things based on an ensemble of classifiers is considered. Classifying algorithms are tuned for different types of events and anomalies using training samples of different composition. The use of an ensemble of algorithms makes it possible to increase the accuracy of the results due to collective voting. The experiment performed using three neural networks identical in architecture is described. The results of the assessment were obtained both for each classifier separately and with the use of an ensemble 004.056 ensemble of classifiers anomaly detection parasitic traffic information security https://jisp.spbstu.ru/article/2021.3.14/ 2021_2-5-6.pdf

RAR RUS 135-144 0000-0002-2009-5460 Peter the Great St. Petersburg Polytechnic University Ovasapyan Tigran otd@ibks.spbstu.ru Nikulkin V. Peter the Great St. Petersburg Polytechnic University Moskvin Dmitry moskvin_da@spbstu.ru Application of Honeypot technology with adaptive behavior for IoT networks The paper discusses the application of Honeypot technology with adaptive behavior for tracking and analyzing attacks on the Internet of Things networks. The analysis of existing adaptive systems is carried out and the optimal one for building a honeypot is determined. It is proposed to use the Markov decision process as a mathematical apparatus for the adaptive Honeypot system. The resulting honeypot can be used to track XMPP and SSH attacks 004.056 honeypot Internet of Things adaptive behavior Markov decision process (MDP) https://jisp.spbstu.ru/article/2021.3.15/ 2021_2-5-6.pdf

RAR RUS 145-150 0000-0002-2141-6780 Peter the Great Saint-Petersburg Polytechnic University Shtyrkina Anna anna_sh@ibks.spbstu.ru Cyber-physical systems sustainability based on graph theory The paper explores an approach to ensuring the sustainability of cyber-physical systems (CPS) based on graph theory. The existing approaches of ensuring the security of CPS are considered. To formalize the problem it is proposed to model the behavior of CPS based on graph theory. Representation of CPS as a graph allows to take into account the structural characteristics of the system under study that change as a result of attacking influences, as well as to produce compensating actions aimed at maintaining the sustainability of functioning 004.056 sustainability of functioning cyber-sustainability cyber-physical system information security graph theory https://jisp.spbstu.ru/article/2021.3.16/ 2021_2-5-6.pdf