{"title":"Mathematical Model of Information Security Event Management Using a Markov Chain in Industrial Systems","authors":"V. M. Krundyshev, G. A. Markov, I. Yu. Zhukov","doi":"10.3103/S0146411624700755","DOIUrl":"10.3103/S0146411624700755","url":null,"abstract":"<p>The problem of ensuring information security in industrial Internet-of-Things (IIoT) systems is considered. In the study, it is found that, in most cases, security information and event management (SIEM) systems with configured rules for correlating events in the information infrastructure are used to protect comprehensively the information perimeter of an industrial enterprise from external and internal threats. In this case, there is a need to create a mathematical apparatus that allows for an accurate and objective estimate of the effectiveness of a SIEM system. As a result of the study, the problem of preventing information security incidents in IIoT systems is formalized based on the developed mathematical model of information security event management using a continuous-time Markov chain.</p>","PeriodicalId":46238,"journal":{"name":"AUTOMATIC CONTROL AND COMPUTER SCIENCES","volume":"58 8","pages":"1132 - 1138"},"PeriodicalIF":0.6,"publicationDate":"2025-03-14","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"143622082","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
{"title":"Protection of Ad Hoc Networks against Distributed Network Scanning","authors":"M. A. Pakhomov","doi":"10.3103/S0146411624701013","DOIUrl":"10.3103/S0146411624701013","url":null,"abstract":"<p>The peculiarities of network scanning of self-organizing networks are studied, and the methods for its detection are analyzed. A modification of the hybrid network scanning detection method is proposed, and the approaches to identify decoy scanning and create black lists of subnetworks for preventing further scanning are presented. The proposed protection methods are compared to the available analogs.</p>","PeriodicalId":46238,"journal":{"name":"AUTOMATIC CONTROL AND COMPUTER SCIENCES","volume":"58 8","pages":"1343 - 1351"},"PeriodicalIF":0.6,"publicationDate":"2025-03-14","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"143622221","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
{"title":"Analysis of Data Exchange Systems about Information Security Threats","authors":"E. Yu. Pavlenko, N. V. Polosukhin","doi":"10.3103/S0146411624701037","DOIUrl":"10.3103/S0146411624701037","url":null,"abstract":"<p>The modern approaches and protocols for communication concerning information security threats are analyzed. A classification of information about the threats is given, and the area of applicability of these classes is estimated. A classification of protocols and standards for communication concerning the threats is presented, and the classes of information about the threats and protocols describing such threats are compared. For each class of protocols and standards, the area of applicability for describing each level of information about the threats is estimated. The main conclusion is as follows: the further study of the standards in this domain will allow determining the necessary set of requirements on the process of exchanging information about the threats that enables more efficiently responding to them and reducing potential risks.</p>","PeriodicalId":46238,"journal":{"name":"AUTOMATIC CONTROL AND COMPUTER SCIENCES","volume":"58 8","pages":"1365 - 1372"},"PeriodicalIF":0.6,"publicationDate":"2025-03-14","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"143622223","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
{"title":"Segmenting Input Data to Improve the Quality of Identification of Information Security Events","authors":"M. E. Sukhoparov, I. S. Lebedev, D. D. Tikhonov","doi":"10.3103/S0146411624700822","DOIUrl":"10.3103/S0146411624700822","url":null,"abstract":"<p>The processing of information sequences using segmentation of input data, aimed at improving the quality indicators of destructive impact detection using machine learning models is proposed. The basis of the proposed solution is the division of data into segments with different properties of the objects of observation. A method is described that uses a multilevel data processing architecture, where the processes of training, analysis of the achieved values of quality indicators, and assignment of the best models for quality indicators to individual data segments are implemented at various levels. The proposed method allows us to improve the quality indicators of the detection of destructive information impacts through segmentation and assignment of models that have the best indicators in individual segments.</p>","PeriodicalId":46238,"journal":{"name":"AUTOMATIC CONTROL AND COMPUTER SCIENCES","volume":"58 8","pages":"1192 - 1203"},"PeriodicalIF":0.6,"publicationDate":"2025-03-14","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"143621764","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
{"title":"Peculiarities of Solving the Problem of Controlling Information Security Risks in the Development of Protection Methods against Covert (Steganographic) Information Exchange in Public Internet Resources","authors":"M. Yu. Fedosenko","doi":"10.3103/S0146411624700809","DOIUrl":"10.3103/S0146411624700809","url":null,"abstract":"<p>This paper describes the stage of the practical control of information security risks of a web resource as a result of its use as a medium and communication channel in a steganographic information exchange. The possibility of using steganography in public internet resources as an intruder’s tool for the exchange of illegal data and realization of computer attacks is established on the basis of the available research results. It is proved that developing methods for preventing malicious use of steganographic algorithms is an urgent task. The information security threats concerning steganographic methods according to the database of the Federal Service for Technical and Export Control of the Russian Federation are considered. These threats are used to develop a four-level model of threats of a web resource on the part of user data, including risks of violation of integrity, access, confidentiality, and statements of Federal Law no. 374-FL (and corrections to Federal Law no. 149-FL On the Information, Information Technologies, and Protection of Information). Taking into account the statements of Federal Law no. 374-FL demonstrates the problem of the unavailability of data for checking malicious use in their covert exchange. On the basis of the developed model, the risks of a web resource are assessed by the Microsoft Security Assessment Tool (MSAT), as well as theoretically estimated by the FRAP and CRAMM matrices to demonstrate the peculiarities of using a specific approach to solve the problem of countering the new type of attacks. The necessary measures and mitigation components are calculated by the mathematical programming methods to reveal the minimal and optimal quantitative composition of the protection components against the malicious use of steganography. These measures and components consist of specialists, their competencies, and software tools needed for high-quality protection of a web resource within the studied scientific problem of malicious use of information protection technologies in the course of malpractice, as well as further development of tools for countering and analyzing the data arriving at the web resource.</p>","PeriodicalId":46238,"journal":{"name":"AUTOMATIC CONTROL AND COMPUTER SCIENCES","volume":"58 8","pages":"1169 - 1179"},"PeriodicalIF":0.6,"publicationDate":"2025-03-14","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"143621798","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
A. F. Suprun, A. Yu. Gar’kushev, A. V. Lipis, I. L. Karpova, A. A. Shalkovskaya
{"title":"Assessment of the Competence of an Intelligent Information Security Management System","authors":"A. F. Suprun, A. Yu. Gar’kushev, A. V. Lipis, I. L. Karpova, A. A. Shalkovskaya","doi":"10.3103/S0146411624701220","DOIUrl":"10.3103/S0146411624701220","url":null,"abstract":"<p>This article studies the development of tools for assessing intelligent information security (IS) management systems (MSs) at enterprises. The proposed methodology is based on a combination of methods of the entropy approach to assessing the quality of information and a priori assessment of competence in terms of the balance between the efficiency and validity of the decisions taken. The proposed mathematical model can be used for the a priori assessment of decision support systems in the field of information security.</p>","PeriodicalId":46238,"journal":{"name":"AUTOMATIC CONTROL AND COMPUTER SCIENCES","volume":"58 8","pages":"1429 - 1435"},"PeriodicalIF":0.6,"publicationDate":"2025-03-14","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"143622006","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
{"title":"Model for Ranking the System of Indicators of Node Compromise of Corporate Data Network Nodes","authors":"S. V. Bezzateev, V. A. Mylnikov, A. R. Starodub","doi":"10.3103/S014641162470072X","DOIUrl":"10.3103/S014641162470072X","url":null,"abstract":"<p>The model of the system of ranking indicators of compromise for active countermeasures against targeted attacks is proposed, which makes it possible to detect threats in advance and plan measures to eliminate them before they manifest themselves. Another important aspect is the development of means and methods for the evaluation of information sources according to their level of confidence for the collection of data necessary for the investigation of incidents. On the basis of the proposed models, an information system for the ranking of compromise indicators was developed in order to minimize the possibility of a breach of the confidentiality, integrity and availability of information, as well as the compromise of data in the system.</p>","PeriodicalId":46238,"journal":{"name":"AUTOMATIC CONTROL AND COMPUTER SCIENCES","volume":"58 8","pages":"1108 - 1113"},"PeriodicalIF":0.6,"publicationDate":"2025-03-14","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"143622083","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
{"title":"Assessing the Security of Big Data Systems","authors":"M. A. Poltavtseva, V. V. Zaitseva, D. V. Ivanov","doi":"10.3103/S0146411624701025","DOIUrl":"10.3103/S0146411624701025","url":null,"abstract":"<p>This article considers the problem of assessing the security of big data systems. The authors define the main aspects of big data systems as an object of security assessment and analyze the known assessment methods, including methodologies for assessing the security of information systems (ISs). Based on the obtained results, a new evaluation method is proposed that takes into account factors such as the state of the access control system in the heterogeneous systems under consideration and the number of privileged users. A mathematical formalization of the assessment is proposed, the main stages of its implementation are described, and a test example is presented.</p>","PeriodicalId":46238,"journal":{"name":"AUTOMATIC CONTROL AND COMPUTER SCIENCES","volume":"58 8","pages":"1352 - 1364"},"PeriodicalIF":0.6,"publicationDate":"2025-03-14","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"143622222","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
{"title":"Model of a Distributed Storage System for Crypto Wallet Private Keys","authors":"M. R. Salikhov","doi":"10.3103/S0146411624700949","DOIUrl":"10.3103/S0146411624700949","url":null,"abstract":"<p>With the development of Web3 technologies, the third generation of the Internet has become one of the most promising areas. It involves the use of decentralized, transparent, and user-oriented applications. However, many Web3 projects do not pay sufficient attention to security, which can lead to serious consequences. Even a small error in the code can make the system vulnerable, opening access to attackers. As a result, the industry faces frequent security breaches that threaten users and undermine trust in new technologies. One of the main problems with Web3 is private key management. This is a critical security aspect that is directly related to the protection of digital assets and users' personal information. The risk of losing or theft of a private key can lead to irreparable consequences, since in the case of loss there is no way to restore or reset the key. Various ways of storing the private key of a crypto wallet to ensure security are discussed. For example, the key can be split into parts and stored encrypted on hardware media, or the entire encrypted key can be stored on secure media. Quantitative data are calculated using Shamir’s scheme.</p>","PeriodicalId":46238,"journal":{"name":"AUTOMATIC CONTROL AND COMPUTER SCIENCES","volume":"58 8","pages":"1289 - 1296"},"PeriodicalIF":0.6,"publicationDate":"2025-03-14","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"143622165","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
{"title":"Providing Information Security of Vehicular Ad Hoc Networks Using the Early Detection of Malicious Nodes","authors":"E. Yu. Pavlenko, M. A. Pakhomov","doi":"10.3103/S0146411624700986","DOIUrl":"10.3103/S0146411624700986","url":null,"abstract":"<p>The peculiarities of vehicular ad hoc networks (VANETs) are considered. An approach to provide information security of VANETs is proposed; its distinctive feature lies in the early detection of malicious activity of network participants. For its detection at an early stage, the parameters of the ad hoc vehicular network are represented as a time series, and the prediction of their future values and anomaly detection are carried out using machine learning methods. The proposed approach allows improving the security of intelligent transport systems.</p>","PeriodicalId":46238,"journal":{"name":"AUTOMATIC CONTROL AND COMPUTER SCIENCES","volume":"58 8","pages":"1318 - 1325"},"PeriodicalIF":0.6,"publicationDate":"2025-03-14","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"143622225","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}