9004 2071-8217 3 2021 1-158

RAR RUS 9-15 Peter the Great St. Petersburg Polytechnic University Abitov Roman abitov_roman@mail.ru 0000-0003-1345-1874 Peter the Great St. Petersburg Polytechnic University Pavlenko Evgeny pavlenko_eyu@spbstu.ru Identification of vulnerabilities in software for ARM processors using symbological execution This paper discusses the prospects for using symbolic execution as a basis for identifying vulnerabilities in ARM processors software. An analysis of the shortcomings of the existing methods of binary analysis in comparison with the considered method is given. A method for identifying potentially vulnerable functions or procedures in software for ARM processors is proposed. A method is proposed for checking the reachability of the found potential vulnerabilities, taking into account a large number of conditional jumps, logical branches and input data streams embedded in the software. A method for checking the exploitation of found vulnerabilities based on the analysis of registers and their contents is proposed. 004.056 Software Cybersecurity Binary Analysis Symbolic Execution Symbolic Modeling Symbolic Computation Vulnerability Search Methods https://jisp.spbstu.ru/article/2021.4.1/ 2021_3_5-6.pdf

RAR RUS 16-26 0000-0002-6501-2008 The Academy of Federal Security Guard Service of the Russian Federation Kozachok Alexander totrin@mail.ru Academy of the FSO of Russia Kozachok Vasily 0000-0002-7231-5728 MIREA – Russian Technological University Spirin Andrey spirin_aa@mirea.ru Encrypted files detection algorithm Since 2010 there is an increase in leaks of confidential information due to the fault of an internal violator, despite the availability of a wide range of means for detecting and preventing information leaks. One of the possible channels leakage is transmission of information in encrypted form, since existing leak detection tools use signature methods of data classification. The article presents an algorithm for detecting encrypted data based on a statistical model of pseudorandom sequences. The proposed algorithm allows classifying encrypted and compressed data with an accuracy of 0.97. 004.056.53 Statistical Data Analysis Classification of Encrypted and Compressed Data Machine Learning Binary Data Analysis Pseudorandom Sequences https://jisp.spbstu.ru/article/2021.4.2/ 2021_3_5-6.pdf

RAR RUS 27-33 Kriulin Artur kriulin@mirea.ru 0000-0002-5511-4000 MIREA – Russian Technological University Eremeev Mihail Nefedov V. Malware detection approach based on the detection of abnormal network traffic using machine learning algorithms The article considers a possibility of using machine learning technologies to detect network connections of malicious programs based on the detection of anomalies. The classification of network connections of malicious software is carried out based on statistical signs during data transmission that occur at the transport and network levels of the OSI model. It is proposed to use machine learning technologies to assess the probability of detecting malware based on their network activity 004.056 Machine Learning Algorithms Malware Intrusion Detection Tools Network Activity https://jisp.spbstu.ru/article/2021.4.3/ 2021_3_5-6.pdf

RAR RUS 34-43 0009-0005-3102-5950 Peter the Great St. Petersburg Polytechnic University Izotova Oksana izotova@ibks.spbstu.ru 0000-0003-2849-4682 Peter the Great St. Petersburg Polytechnic University Lavrova Daria lavrova_ds@spbstu.ru

Russia, 195251, St. Petersburg, Polytechnicheskaya str., 29

Fake posts detection using graph neural networks The paper is devoted to the study of graph neural networks as a separate field and the possibility of their application to solve such an urgent cybersecurity problem as the detection of fake posts. The implementation of a proprietary graph neural network model capable of detecting fake posts is presented, and the results of experimental studies demonstrating the effectiveness of using graph neural networks to solve the problem are presented 004.056 Information Security Graph Neural Networks Fake Posts Graph Model https://jisp.spbstu.ru/article/2021.4.4/ 2021_3_5-6.pdf

RAR RUS 44-54 Kustov V. Krasnov A. Noise-tolerant coding and highly undetectable stegosystems — is the alliance successful? The article deals with the problem of masking hidden messages under natural noise in highly undetectable stegosystems ±1HUGO and ⊕HUGO. To ensure high resistance of stegosystems to hacking, a preliminary discrete chaotic transformation of the hidden message is performed according to the Arnold’s cat algorithm. Further, in their research, the authors effectively apply noise-resistant coding for the covering object and stego using a self-orthogonal noise-resistant code. To model the data transmission channel, the model of a binary synchronous communication channel with interference is used. The article also presents the results of simulation modeling, confirming the high resistance of the proposed stegosystems to hacking. 519.7 ±1HUGO ⊕HUGO Self-orthogonal Noise-tolerant Code Self-orthogonal Code Encoder Multi-threshold Decoder Arnold’s cat transform https://jisp.spbstu.ru/article/2021.4.5/ 2021_3_5-6.pdf

RAR RUS 55-62 ITMO University Fedorov Ivan ivanfedorov@itmo.ru ITMO University Pimenov Andrej tik11994@mail.ru 0000-0002-0924-6221 ITMO University Panin Grigorij Llchh@yahoo.com 0000-0002-0924-6221 Saint Petersburg State University of Aerospace Instrumentation Bezzateev Sergey sergey.bezzateev@gmail.com

Russia, 190000, St. Petersburg, Bolshaya Morskaya str., 67, liter A

Blockchain in 5G networks: perfomance comparison of private and public blockchain Blockchain provides a set of possibilities to improve security, privacy and service quality in 5G mobile networks. In spite of all advantages, blockchain technology has disadvantages such as low throughput and transactions’ high latency. This paper describes an experiment within which two popular blockchain (private and public) are compared. The main aim of experiment is to verify that private blockchain is available for usage in mobile networks and solve these challenges. 004.056 Blockchain 5G Mobile Networks Private Blockchain Public Blockchain BLOCKBENCH Hyperledger Fabric Ethereum Geth https://jisp.spbstu.ru/article/2021.4.6/ 2021_3_5-6.pdf

RAR RUS 63-71 Lomonosov Moscow State University Grusho Alexander grusho@yandex.ru

Russia, 119991, Moscow, Leninskie Gory, 1

0000-0002-5005-2744 Grusho Nikolaj info@itake.ru Zabezhailo Mihail 0000-0002-6493-3622 Timonina Elena Using contradictions in data to search implicit failures in computer systems This paper discusses the problem of detecting implicit failures in distributed information systems. If the hardware or software does not provide enough data to detect a failure, then the system administrator or information security officer has to check each element of the computer system associated with the task. In this work, reducing the search for implicit failures (anomalies) is associated with construction of the hierarchical method for representing knowledge about the system. It is proposed to model information technology in the form of directed acyclic graphs. The concept of contradiction is defined, which is used to find the causes of failures and anomalies. A failure or anomaly in the implementation of the transformation is defined as a contradiction between the input and output data. The paper proposes the approximate method for solving contradiction search problems, based on the assumption that data have probabilistic origin and extraordinary data are unlikely. If the calculation results in a contradiction, then the anomaly occurred in the block under consideration and, using the detailing operation, it is possible to specify the localization of the anomaly inside the block. 004.896 Information Security Root Cause and Anomaly Localization Causal Relationships Contradictions in Data https://jisp.spbstu.ru/article/2021.4.7/ 2021_3_5-6.pdf

RAR RUS 72-82 0009-0006-6856-2108 Peter the Great St. Petersburg Polytechnic University Pahomov Maksim pahomov_ma@spbstu.ru Research of UEFI BIOS mechanisms for access to motherboard sensors from the operating system on the platform of mass chipsets on the example of temperature and voltage sensors Capturing measurements from motherboard sensors is possible in a variety of environments, but it carries the risk of compromising such data. The safest way to access sensors is to directly access them using UEFI BIOS technologies, bypassing the operating system (OS). This paper examines the mechanisms for accessing motherboard sensors, as well as ways of transferring this information to the OS. 004.056.53 UEFI BIOS Motherboard Sensors Temperature Sensors Voltage Sensors Mass Chipsets https://jisp.spbstu.ru/article/2021.4.8/ 2021_3_5-6.pdf

RAR RUS 83-95 0000-0001-5757-381X Emperor Alexander I St. Petersburg State Transport University Gofman Maksim gofman@moonmail.ru Noisproof digitial audio watermarking in mimo audio stegosystems The article presents methods of noiseproof combined digital audio watermarking, considering the peculiarities of audio stegosystems using channels with multiple (spatial) input and multiple (spatial) output. Such audio stegosystems include several acoustic speakers (transmitters) and several microphones (receivers), which makes it possible to embed a watermark in the parameters of digital audio signals in the spatial, frequency and time domains. The methods for creating, embedding, and extracting a combined watermark developed in the article are aimed at ensuring a high degree of noiseproof when transmitting a watermarked audio signal through an airborne audio channel at low embedding forces. The method of creating and embedding the combined watermark is based on the transformation of identifying digital information using a synthesized steganographic key into a special sequence and subsequent space-time-frequency coding of the digital audio signal parameters by it. The main attention is paid to the development of a method for detecting and extracting an information bit (extracting) a combined watermark by an authorized receiver in an audio signal transmitted over an airborne audio channel with noise. In this case, it is assumed that the authorized receiver does not know the parameters of the digital audio signal that have been watermarked (blind reception). In the proposed method for extracting a watermark, the decision on its detection is made according to the threshold principle based on the estimation of the peak factor of the kurtosis of the target random variable. As the values of this quantity, the values of the correlation function between the sought-for sequence (watermark) and the sequence extracted from the audio signal received by acoustic microphones and converted into digital form are used. The article contains the results of field experiments to assess the noiseproof of the proposed watermarking method when transmitting audio signals through an airborne audio channel, while the transmission of watermarked audio signals was carried out by several acoustic speakers, and the reception was carried out by a microphone with several capsules. The results of the experiments showed that the developed methods allow the transmission of watermarked digital audio signals with a high degree of noiseproof in audio stegosystems with multiple input and multiple output at low forces of embedding the watermark, providing its auditory transparency. 519.876.5:519.6:004.357 Audio Stegosystem MIMO Channel with Multiple Input and Multiple Output Watermarking Digital Audio Signal Combined Watermark Airborne Audio Channel Noiseproof https://jisp.spbstu.ru/article/2021.4.9/ 2021_3_5-6.pdf

RAR RUS 96-107 0000–0002–8424–3071 Plekhanov Russian University of Economics Kirov Aleksej Kirov.AD@rea.ru Development of a metric model of information events in the information security management system of economic activities The article is devoted to the problem of developing a model of information events metrics in the information security management system (ISMS) of economic entities (EDMS). Based on the analysis of the organization of information security (IS) monitoring in the EDMS and the implementation of IS monitoring processes in the ISMS EDMS, in order to increase the efficiency of ensuring the IS EDMS, measurable indicators (metrics) of information events, as well as tools designed to measure these metrics, are proposed. A model of metrics of information events in the ISMS EDMS is developed, presented in the form of a tree of incident metrics. 004.9 Information Security Management System Information Events Incident Model Metric https://jisp.spbstu.ru/article/2021.4.10/ 2021_3_5-6.pdf

RAR RUS 108-117 0000-0002-6419-0072 St. Petersburg State University of Aerospace Instrumentation Tatarnikova Tatiana Tm-tatarn@yandex.ru 57200960264 0000-0001-6289-3295 Russian State Hydrometeorological University Sikarev Igor sikarev@yandex.ru

Russia, 192007, St. Petersburg, Voronezhskaya str., 79

Saint-Petersburg State University of Aerospace Instrumentation Bogdanov Pavel Russian State Hydrometeorological University Timochkina Tatyana An approach to detecting botnet attacks in the Internet of Things networks An approach to detecting network attacks based on deep learning methods - autoencoders is proposed. It is shown that training examples can be obtained when connecting IoT devices to the network, as long as the traffic does not carry malicious code. Statistical values and functions extracted from traffic are proposed, on which patterns of behavior of IoT devices are built. 004.056.5 Internet of Things Network Attack Attack Detection System Autoencoder Principal Component Method Unsupervised Learning https://jisp.spbstu.ru/article/2021.4.11/ 2021_3_5-6.pdf

RAR RUS 118-129 0000-0001-9659-1244 Peter the Great St. Petersburg Polytechnic University Poltavtseva Maria potavtseva@ibks.spbstu.ru 0000–0002–2954–3899 Peter the Great St. Petersburg Polytechnic University Kharitonova Anna Medical cyber-physical systems attack systematization The computerization of medicine opens up wide opportunities not only for providing assistance, but also for intruders. The violation of digital control of medical devices can lead not only to data leakage, but also to a threat to human health and life. The diversity and specificity of medical cyber-physical devices makes it difficult to protect them and consider the threat landscape. The purpose of this work is to systematize attacks on medical systems. The authors highlight the features of medical cyber-physical systems (MCPS), consider a set of typical attacks. The authors have identified both common attacks for various CPS, and specialized attacks aimed at medical devices and systems. The paper analyzes the existing systematization as well. The authors present a developed new systematization of attacks on a wide range of features, which is distinguished by the completeness and highlighting of all important attack aspects from the point of view of the medical field. 004.056 Information security Cyber-physical Systems Medical Systems Security Threats Attacks Systematization of Attacks Medical IoTH https://jisp.spbstu.ru/article/2021.4.12/ 2021_3_5-6.pdf

RAR RUS 130-136 0000-0003-1798-8257 Russian State Hydrometeorological University Sukhoparov Mikhail mail@sukhoparovm.ru 0000-0001-6753-2181 Saint Petersburg Federal Research Center of Russian Science Academy Lebedev Ilya isl_box@mail.ru Segmenting data samples for Internet of Things devices security state analysis The technique of segmenting data samples in order to improve indicators of the classifying algorithms quality is considered. It takes into account the factors that influence the change in the ranges of values of the target variables. Identifying impacts on current and anticipated situations allows for the segmentation of data samples. As a result, the ranges of the studied variables and outliers are reduced, and noisy data is removed. An experiment performed using a split sample is described. The results of the assessment were obtained for each classifier on the general sample and on the segments. 004.056 Segmentation of data samples detection of anomalies parasitic traffic information security https://jisp.spbstu.ru/article/2021.4.13/ 2021_3_5-6.pdf

RAR RUS 137-144 Fatin Aleksander sasha-fatin@mail.ru 0000-0003-1345-1874 Peter the Great St. Petersburg Polytechnic University Pavlenko Evgeny pavlenko_eyu@spbstu.ru Approaches to building situational control systems for cyberphysical systems overview This paper provides a detailed overview of methods and tools for building situational management systems in the field of cyber-physical systems security. Recommendations are given for the construction of finite systems in relation to their areas of application and existing solutions in this area. The purpose of this study is to systematize, summarize, analyze and supplement the existing experience in the field of describing and solving problems of information security of cyber-physical systems; to draw up a general information basis for the subsequent implementation of your own system of situational management of the cyber-physical system. 004.056 Information Security Cyber-Physical Systems Situational Control Descriptor Models RX Codes Syntagmatic Chains Graph https://jisp.spbstu.ru/article/2021.4.14/ 2021_3_5-6.pdf

RAR RUS 145-156 0000-0001-9659-1244 Peter the Great St. Petersburg Polytechnic University Poltavtseva Maria potavtseva@ibks.spbstu.ru Peter the Great St. Petersburg Polytechnic University Andreeva Tatyana Methods of time series multidimensional aggregation of streaming data in the cyber-physical systems security monitoring This work is devoted to the research and development of data aggregation methods in order to increase the performance of detecting attacks in cyber-physical systems (CPS). A special feature of the work is the aggregation of data presented in the form of time series with different periods for methods of prediction and intrusion detection. The article contains requirements for CPS data aggregation, research of new methods of hierarchical and multidimensional aggregation of stream data. The authors propose methods for multi-dimensional data aggregation based on trees and directed graphs and conduct their comparative analysis. For experimental evaluation, the authors developed a prototype of a data aggregation system with hierarchical and multidimensional aggregation systems. The paper contains an assessment of the developed prototype performance and the amount of memory required for each proposed method. The authors propose the application of the developed solutions, indicating the characteristics of the target systems. 004.056 Cyber Physical Systems (CPS) Multidimensional Aggregation Data aggregation Graph theory Queue tree https://jisp.spbstu.ru/article/2021.4.15/ 2021_3_5-6.pdf