AUTOMATIC CONTROL AND COMPUTER SCIENCES最新文献

{"title":"Protection of Ad Hoc Networks against Distributed Network Scanning","authors":"M. A. Pakhomov","doi":"10.3103/S0146411624701013","DOIUrl":"10.3103/S0146411624701013","url":null,"abstract":"<p>The peculiarities of network scanning of self-organizing networks are studied, and the methods for its detection are analyzed. A modification of the hybrid network scanning detection method is proposed, and the approaches to identify decoy scanning and create black lists of subnetworks for preventing further scanning are presented. The proposed protection methods are compared to the available analogs.</p>","PeriodicalId":46238,"journal":{"name":"AUTOMATIC CONTROL AND COMPUTER SCIENCES","volume":"58 8","pages":"1343 - 1351"},"PeriodicalIF":0.6,"publicationDate":"2025-03-14","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"143622221","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"Analysis of Data Exchange Systems about Information Security Threats","authors":"E. Yu. Pavlenko,&nbsp;N. V. Polosukhin","doi":"10.3103/S0146411624701037","DOIUrl":"10.3103/S0146411624701037","url":null,"abstract":"<p>The modern approaches and protocols for communication concerning information security threats are analyzed. A classification of information about the threats is given, and the area of applicability of these classes is estimated. A classification of protocols and standards for communication concerning the threats is presented, and the classes of information about the threats and protocols describing such threats are compared. For each class of protocols and standards, the area of applicability for describing each level of information about the threats is estimated. The main conclusion is as follows: the further study of the standards in this domain will allow determining the necessary set of requirements on the process of exchanging information about the threats that enables more efficiently responding to them and reducing potential risks.</p>","PeriodicalId":46238,"journal":{"name":"AUTOMATIC CONTROL AND COMPUTER SCIENCES","volume":"58 8","pages":"1365 - 1372"},"PeriodicalIF":0.6,"publicationDate":"2025-03-14","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"143622223","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"Analysis of the Problems of Using Steganographic Methods in Implementing Illegal Actions and Their Role in Digital Forensics","authors":"S. V. Bezzateev,&nbsp;M. Yu. Fedosenko","doi":"10.3103/S0146411624701207","DOIUrl":"10.3103/S0146411624701207","url":null,"abstract":"<p>This paper is a study of the problem of the use of steganographic algorithms by attackers to hide and exchange illegal data. The paper formulates the relevance of the problem by analyzing cases of using steganography in attacks on computer systems and based on the trend of developing a controlled Internet, supported by a regulatory framework. This article presents an analysis of methods for hiding data and their subsequent exchange on public internet resources through a review of the works of researchers in this area; and the main tools used by attackers are identified and described. As an analysis of counteraction methods, a comparative characteristic of the use of various artificial intelligence technologies in the field of steganalysis is presented; the most promising ones applicable for the tasks of the automatic analysis of content posted on public internet resources are highlighted. As a final provision of the work, the process of exchanging hidden data by intruders using EPC notation is modeled; the directions and tasks of steganalysis, whose solution will allow developing a unified system to protect public internet resources in the future, are highlighted; and the prospects for using new steganographic algorithms, such as hiding in the blockchain and the source code of resources, as well as posting content with the presence of physical information attachments, are presented.</p>","PeriodicalId":46238,"journal":{"name":"AUTOMATIC CONTROL AND COMPUTER SCIENCES","volume":"58 8","pages":"1406 - 1421"},"PeriodicalIF":0.6,"publicationDate":"2025-03-14","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"143622008","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"Development of Software and Hardware to Protect Technological Processes from Cyber Threats","authors":"F. G. Pashaev,&nbsp;D. I. Zeinalov,&nbsp;G. T. Nadzhafov","doi":"10.3103/S0146411624701074","DOIUrl":"10.3103/S0146411624701074","url":null,"abstract":"<p>The rapid development of technological computer networks (TCNs) and SCADA systems has inevitably accelerated the integration process between these networks and the global Internet. As a result, the solution of many problems of technological and production processes has been simplified, and opportunities have been created for remote management of enterprise personnel and operational personnel. However, this situation has created new, previously nonexistent threats to monitoring, diagnostics, and control systems. Various specialized groups, hackers, and sometimes government agencies carry out targeted attacks on specific industrial enterprises via the Internet. Organizers of cyberattacks on process control systems improve their methods and tools over time and increase their professional level. They carefully study the objects of their future attacks and identify vulnerabilities in the software of object control systems. The developed set of technical means is based on the use of STM32F4XX controllers and LPT ports of computers. Connection diagrams and installation methods for technical means are provided, which, as the created exchange protocols, can serve as a bridge between the global Internet and technological corporate computer networks. Simple algorithms and operating software fragments of the created protocols are presented. The program fragments are given in the C programming language and in the DELPHI programming system. The developed software acts as a filtering bridge between the global Internet and the technological corporate computer network. Information between the two networks is exchanged by using a nonstandard protocol using the STM32F4XX controller and LPT port.</p>","PeriodicalId":46238,"journal":{"name":"AUTOMATIC CONTROL AND COMPUTER SCIENCES","volume":"58 8","pages":"1396 - 1405"},"PeriodicalIF":0.6,"publicationDate":"2025-03-14","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"143622009","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"Justification of the Rational Composition of the Information Security System","authors":"A. F. Suprun,&nbsp;D. P. Zegzhda,&nbsp;V. G. Anisimov,&nbsp;E. D. Anisimov","doi":"10.3103/S0146411624700706","DOIUrl":"10.3103/S0146411624700706","url":null,"abstract":"<p>This paper examines a methodological approach to the construction of models and algorithms for supporting decision-making in substantiating rational composition of the information security system of a corporate computer network. In this case, the problem under consideration is presented in the form of a discrete model of mathematical programming. A special feature of the model is the ability to take into account a wide variety of destructive impacts on a computer network and methods of protecting it. The generality of the model is also ensured by taking into account the possible nonlinear nature of the function reflecting the specific goals of creating an information security system. To solve the problem, a generalized algorithm is developed that takes into account the features of the model. The general nature of the requirements for the parameters of the model and algorithm allows, on their basis, to form a fairly wide range of methods for supporting decision-making in the substantiation of the rational composition of the information security system for specific variants of corporate computer networks and the conditions of their operation.</p>","PeriodicalId":46238,"journal":{"name":"AUTOMATIC CONTROL AND COMPUTER SCIENCES","volume":"58 8","pages":"1093 - 1099"},"PeriodicalIF":0.6,"publicationDate":"2025-03-14","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"143622078","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"Detecting Malware Using Deep Neural Networks","authors":"T. D. Ovasapyan,&nbsp;M. A. Volkovskii,&nbsp;A. S. Makarov","doi":"10.3103/S0146411624700779","DOIUrl":"10.3103/S0146411624700779","url":null,"abstract":"<p>This article proposes a method for detecting malicious executable files by analyzing disassembled code. This method is based on a static analysis of assembler instructions of executable files using a special neural network model, whose architecture is also presented in this article. In addition, the effectiveness of the method is demonstrated using several different metrics, showing a significant reduction in Type-II errors compared to other state-of-the-art methods. The obtained results can be used as a basis for designing systems for thestatic analysis of malware.</p>","PeriodicalId":46238,"journal":{"name":"AUTOMATIC CONTROL AND COMPUTER SCIENCES","volume":"58 8","pages":"1147 - 1155"},"PeriodicalIF":0.6,"publicationDate":"2025-03-14","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"143622079","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"Mathematical Model of Information Security Event Management Using a Markov Chain in Industrial Systems","authors":"V. M. Krundyshev,&nbsp;G. A. Markov,&nbsp;I. Yu. Zhukov","doi":"10.3103/S0146411624700755","DOIUrl":"10.3103/S0146411624700755","url":null,"abstract":"<p>The problem of ensuring information security in industrial Internet-of-Things (IIoT) systems is considered. In the study, it is found that, in most cases, security information and event management (SIEM) systems with configured rules for correlating events in the information infrastructure are used to protect comprehensively the information perimeter of an industrial enterprise from external and internal threats. In this case, there is a need to create a mathematical apparatus that allows for an accurate and objective estimate of the effectiveness of a SIEM system. As a result of the study, the problem of preventing information security incidents in IIoT systems is formalized based on the developed mathematical model of information security event management using a continuous-time Markov chain.</p>","PeriodicalId":46238,"journal":{"name":"AUTOMATIC CONTROL AND COMPUTER SCIENCES","volume":"58 8","pages":"1132 - 1138"},"PeriodicalIF":0.6,"publicationDate":"2025-03-14","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"143622082","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"Peculiarities of Solving the Problem of Controlling Information Security Risks in the Development of Protection Methods against Covert (Steganographic) Information Exchange in Public Internet Resources","authors":"M. Yu. Fedosenko","doi":"10.3103/S0146411624700809","DOIUrl":"10.3103/S0146411624700809","url":null,"abstract":"<p>This paper describes the stage of the practical control of information security risks of a web resource as a result of its use as a medium and communication channel in a steganographic information exchange. The possibility of using steganography in public internet resources as an intruder’s tool for the exchange of illegal data and realization of computer attacks is established on the basis of the available research results. It is proved that developing methods for preventing malicious use of steganographic algorithms is an urgent task. The information security threats concerning steganographic methods according to the database of the Federal Service for Technical and Export Control of the Russian Federation are considered. These threats are used to develop a four-level model of threats of a web resource on the part of user data, including risks of violation of integrity, access, confidentiality, and statements of Federal Law no. 374-FL (and corrections to Federal Law no. 149-FL On the Information, Information Technologies, and Protection of Information). Taking into account the statements of Federal Law no. 374-FL demonstrates the problem of the unavailability of data for checking malicious use in their covert exchange. On the basis of the developed model, the risks of a web resource are assessed by the Microsoft Security Assessment Tool (MSAT), as well as theoretically estimated by the FRAP and CRAMM matrices to demonstrate the peculiarities of using a specific approach to solve the problem of countering the new type of attacks. The necessary measures and mitigation components are calculated by the mathematical programming methods to reveal the minimal and optimal quantitative composition of the protection components against the malicious use of steganography. These measures and components consist of specialists, their competencies, and software tools needed for high-quality protection of a web resource within the studied scientific problem of malicious use of information protection technologies in the course of malpractice, as well as further development of tools for countering and analyzing the data arriving at the web resource.</p>","PeriodicalId":46238,"journal":{"name":"AUTOMATIC CONTROL AND COMPUTER SCIENCES","volume":"58 8","pages":"1169 - 1179"},"PeriodicalIF":0.6,"publicationDate":"2025-03-14","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"143621798","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"Model for Ranking the System of Indicators of Node Compromise of Corporate Data Network Nodes","authors":"S. V. Bezzateev,&nbsp;V. A. Mylnikov,&nbsp;A. R. Starodub","doi":"10.3103/S014641162470072X","DOIUrl":"10.3103/S014641162470072X","url":null,"abstract":"<p>The model of the system of ranking indicators of compromise for active countermeasures against targeted attacks is proposed, which makes it possible to detect threats in advance and plan measures to eliminate them before they manifest themselves. Another important aspect is the development of means and methods for the evaluation of information sources according to their level of confidence for the collection of data necessary for the investigation of incidents. On the basis of the proposed models, an information system for the ranking of compromise indicators was developed in order to minimize the possibility of a breach of the confidentiality, integrity and availability of information, as well as the compromise of data in the system.</p>","PeriodicalId":46238,"journal":{"name":"AUTOMATIC CONTROL AND COMPUTER SCIENCES","volume":"58 8","pages":"1108 - 1113"},"PeriodicalIF":0.6,"publicationDate":"2025-03-14","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"143622083","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"Segmenting Input Data to Improve the Quality of Identification of Information Security Events","authors":"M. E. Sukhoparov,&nbsp;I. S. Lebedev,&nbsp;D. D. Tikhonov","doi":"10.3103/S0146411624700822","DOIUrl":"10.3103/S0146411624700822","url":null,"abstract":"<p>The processing of information sequences using segmentation of input data, aimed at improving the quality indicators of destructive impact detection using machine learning models is proposed. The basis of the proposed solution is the division of data into segments with different properties of the objects of observation. A method is described that uses a multilevel data processing architecture, where the processes of training, analysis of the achieved values of quality indicators, and assignment of the best models for quality indicators to individual data segments are implemented at various levels. The proposed method allows us to improve the quality indicators of the detection of destructive information impacts through segmentation and assignment of models that have the best indicators in individual segments.</p>","PeriodicalId":46238,"journal":{"name":"AUTOMATIC CONTROL AND COMPUTER SCIENCES","volume":"58 8","pages":"1192 - 1203"},"PeriodicalIF":0.6,"publicationDate":"2025-03-14","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"143621764","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}