Theoretical and applied cybersecurity最新文献

{"title":"risk management of critical information infrastructure: threats-vulnerabilities-consequences","authors":"Vladyslav Kuz","doi":"10.20535/tacs.2664-29132023.2.280377","DOIUrl":"https://doi.org/10.20535/tacs.2664-29132023.2.280377","url":null,"abstract":"Today, interaction between people and objects, including industrial ones, has become an integral part of our everyday life. Access to communications, finance, and all forms of information management and permission to use them can be obtained from almost anywhere using compact devices.
 For example, operators can remotely control individual sectors and control operations in several areas at the same time, surgeons can operate on patients thousands of miles away, and car manufacturers can detect when one of their vehicles has been in an accident within a few seconds after the accident.
 As a result of the spread of the Internet and wireless data networks, the interconnection of so much data, technology and network equipment and devices has quickly become the basis of modern society. At present, we have become a knowledge-based society that often relies on technology to execute or support almost all tasks and functions of human life. Undoubtedly, this has greatly expanded the range of tasks to be solved, but at the same time, the society became much more vulnerable to threats in information and communication systems.
 The vulnerability is explained by the fact that at some point most of the production of different directions and industries is supported by the introduction, storage and search of data/information in a interconnected network of hard disks and data servers, locally or remotely located. And at each of these stages there is an opportunity to steal data, bypass protection, manipulate or replace information. But the risks associated with unintentional accidents caused by human errors, system failures, incompatibility or other unexpected problems, as well as “natural disasters,” must also be taken into account.
 Therefore, the security of computer or cyber systems is a matter of national security. Actually, cyber-threats are so great that more and more security experts are pointing out that protection of cyber systems and data is more of a problem than terrorism. Given the scale of the threat (in terms of cyberattacks) and the actual damage it can be argued, certain systems and structures are at risk [1, 2]. It is proved that hackers can break into government and business websites, steal personal data, change the traffic light scheme, accelerate and slow down travel, and much more.
 As an example, the implementation of a specially created malware program - Stuxnet. The effects of its use were the self-destruction in 2010 of dozens of centrifuges, which supported Iranʼs nuclear program [3, 4]. Some experts think that Stuxnet was created not by independent attackers and possibly with the support of the government. Thus, as a conclusion, it can be confirmed that hackers operate from anywhere in the world, and the links and boundaries between cyberspace and physical systems are sufficiently leveled. Thus, as a conclusion, it can be confirmed that intruders operate from anywhere in the world, and the links and borders bet","PeriodicalId":471817,"journal":{"name":"Theoretical and applied cybersecurity","volume":"109 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2023-11-06","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"135724222","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"Complexity of The Systems of Linear Restrictions over a Finite Field","authors":"Oleh Kurinnyi","doi":"10.20535/tacs.2664-29132023.2.280676","DOIUrl":"https://doi.org/10.20535/tacs.2664-29132023.2.280676","url":null,"abstract":"This paper continues the results obtained in [1]. In the previous paper, we formulated the problem of the unknown vector recovering from linear dependencies with this vector, which act as constraints on it. The next step, after finding out some algebraic and combinatorial properties, is to give basic estimates of complexity for the main problem as well as for related problems. Such related problems can be obtained by fixing some parameters of the main problem or applying constraints on the number of restrictions in the system. Such an analysis makes possible to arrange the problem of recovering an unknown vector based on partial information into the general computational complexity framework in order to approach existing theoretical results to its solution. The obtained theoretical results can be used in algebraic cryptanalysis of stream ciphers and cryptosystems based on linear codes.","PeriodicalId":471817,"journal":{"name":"Theoretical and applied cybersecurity","volume":"111 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2023-11-06","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"135724220","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"Malware detection system based on static and dynamic analysis and using machine learning","authors":"Alan Nafiiev, Andrii Rodionov","doi":"10.20535/tacs.2664-29132023.2.277959","DOIUrl":"https://doi.org/10.20535/tacs.2664-29132023.2.277959","url":null,"abstract":"
 Cyber wars and cyber attacks are an urgent problem in the global digital environment. Based on existing popular detection methods, malware authors are creating ever more advanced and sophisticated malware. Therefore, this study aims to create a malware analysis system that uses both dynamic and static analysis. Our system is based on a machine learning method - support vector machine. The set of data used was collected from various Internet sources. It consists of 257 executable files in .exe format, 178 of which are malicious and 79 are benign. We use 5 different types of data representation: binary information, trace instructions, control flow graph, information obtained from the dynamic operation of the file, and file metadata. Then, using multiple kernel learning, we combine all data views and create one summative machine learning model.
","PeriodicalId":471817,"journal":{"name":"Theoretical and applied cybersecurity","volume":"114 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2023-11-06","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"135724217","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"Extremal graph theory and generation of quadratic multivariate transformations of Algebraic Post-Quantum Cryptography","authors":"Aneta Wróblewska, Vasyl Ustymenko, Oleksandr Pustovit","doi":"10.20535/tacs.2664-29132023.1.287748","DOIUrl":"https://doi.org/10.20535/tacs.2664-29132023.1.287748","url":null,"abstract":"We introduce large groups of quadratic transformations of a vector space over the finite fields defined via symbolic computations with the usage of algebraic constructions of Extremal Graph Theory. They can serve as platforms for the protocols of Noncommutative Cryptography. The modifications of these symbolic computations in the case of large fields of characteristic two allow us to define quadratic bijective multivariate public keys such that the inverses of public maps has a large polynomial degree. We suggest the usage of constructed protocols for the private delivery of quadratic encryption maps instead of the public usage of these transformations.","PeriodicalId":471817,"journal":{"name":"Theoretical and applied cybersecurity","volume":"28 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2023-09-19","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"135108164","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"Machine Learning Models Stacking in the Malicious Links Detecting","authors":"Yevhenii Khukalenko, Iryna Stopochkina, Mykola Ilin","doi":"10.20535/tacs.2664-29132023.1.287752","DOIUrl":"https://doi.org/10.20535/tacs.2664-29132023.1.287752","url":null,"abstract":"
 
 
 An analysis of the performance of various classifiers on address and network groups of features was performed. A new classification model is proposed, which is a stacking of 3 models: kNN, XGBoost and Transformer. The best model for stacking was experimentally determined: Logistic Regression, which made it possible to improve the result of the best available model by 3%. The hypothesis that stacking a larger number of worse models has an advantage over stacking a smaller number of more productive models on the used data set was confirmed: regardless of the choice of stacking meta-algorithm, stacking of three models showed better results than stacking two.
 
 
","PeriodicalId":471817,"journal":{"name":"Theoretical and applied cybersecurity","volume":"54 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2023-09-19","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"135108153","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"Analysis of the core research for vendor email compromise filtering model using machine learning","authors":"Oleh Kozlenko, Dmytro Zibarov","doi":"10.20535/tacs.2664-29132023.1.284121","DOIUrl":"https://doi.org/10.20535/tacs.2664-29132023.1.284121","url":null,"abstract":"Vendor email compromise became one of most sophisticated types of social engineering attacks. Strengths of this malicious activity rely on basis of impersonating vendor that company working with. Thus, it is easy for attacker to exploit this trust for doing different type of data exfiltration or ransom. To mitigate risks, that come with these challenges, information security specialist should consider using different types of approaches, including machine learning, to identify anomalies in email, so further damages can be prevented. The purpose of this work lies in the identification of optimal approach for VEC-style attacks detection and optimizing these approaches with least amount of false-positive (FP) parameters. The object of this research is different methods of text processing algorithms, including machine learning methods for detecting VEC emails. The subject of research in this paper mainly considers impact of mentioned text processing algorithms and its relation with efficiency of VEC email classification, identifying most effective approach and, also, how to improve results of such detections. Results of this paper consists of details for VEC-email attacks detection, challenges that comes with different approaches and proposed solution, that lies in using text processing techniques and agent-related approach with main sphere of implication – machine-learning systems, that are used for identifying social-engineering attacks through email.","PeriodicalId":471817,"journal":{"name":"Theoretical and applied cybersecurity","volume":"159 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2023-09-19","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"135108161","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"OSINT Time Series Forecasting Methods Analysis","authors":"Dmytro Lande, Anatolii Feher","doi":"10.20535/tacs.2664-29132023.1.287750","DOIUrl":"https://doi.org/10.20535/tacs.2664-29132023.1.287750","url":null,"abstract":"Time series forecasting is an important niche in the modern decision-making and tactics selection process, and in the context of OSINT technology, this approach can help predict events and allow for an effective response to them. For this purpose, LSTM, ARIMA, LPPL (JLS), N-gram were selected as time series forecasting methods, and their simple forms were implemented based on the time series of quantitative mentions of nato, himars, starlink and cyber threats statings obtained and generated using OSINT technology. Based on this, their overall effectiveness and the possibility of using them in combination with OSINT technology to form a forecast of the future were investigated.","PeriodicalId":471817,"journal":{"name":"Theoretical and applied cybersecurity","volume":"16 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2023-09-19","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"135108866","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"Cyber Security Logical and Probabilistic Model of a Critical Infrastructure Facility in the Electric Energy Industry","authors":"Lesia Alekseichuk, Oleksii Novikov, Dmytro Yakobchuk, Andrii Rodionov","doi":"10.20535/tacs.2664-29132023.1.287365","DOIUrl":"https://doi.org/10.20535/tacs.2664-29132023.1.287365","url":null,"abstract":"In the work, a cyber security logical and probabilistic model of a critical infrastructure facility in the energy sector was developed and investigated. The cyber security logical and probabilistic model describes the development of adverse events that arise in the Industrial Control System of the electrical network from the realization of possible threats from cyberspace, such as attacks on the protection system through the corporate network, connection through a modem and wireless connection. The resulting model is based on sequentially developed structural, logical and probabilistic models.
 The field of use of the developed model is automation systems for designing information protection systems or designing trajectories of attacks on these systems. The model was also applied to study the sensitivity of the probability of the development of adverse events to variations in the probability of realization of possible threats to the system.","PeriodicalId":471817,"journal":{"name":"Theoretical and applied cybersecurity","volume":"54 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2023-09-19","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"135108159","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"Defining of Goals in the Development of Cyber Resilient Systems According to NIST","authors":"Oleksandr Bakalynskyi, Fedir Korobeynikov","doi":"10.20535/tacs.2664-29132023.1.287751","DOIUrl":"https://doi.org/10.20535/tacs.2664-29132023.1.287751","url":null,"abstract":"
 
 
 This paper introduces an approach to defining goals in the development of cyber-resilient systems, following the guidelines established in the standards of the National Institute of Standards and Technology (NIST) in the United States. This work aims to provide a roadmap for researchers and practitioners of cyber resilience in creating information systems capable of withstanding and adapting to adverse conditions, malfunctions, and attacks while ensuring the guaranteed execution of all primary cyber-system functions.
 
 
","PeriodicalId":471817,"journal":{"name":"Theoretical and applied cybersecurity","volume":"209 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2023-09-19","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"135108155","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"System construction of cybersecurity vulnerabilities with Q-analysis","authors":"Viktoriia Igorivna Polutsyhanova","doi":"10.20535/tacs.2664-29132023.1.285430","DOIUrl":"https://doi.org/10.20535/tacs.2664-29132023.1.285430","url":null,"abstract":"Today, in order to assess potential cyber threats, it is necessary to conduct a comprehensive assessment of the vulnerabilities of the investigated system. To do this, it is necessary to describe the identified vulnerabilities and consider potential vulnerabilities. In addition, the relationship between system vulnerabilities must be properly assessed. The most common assumption is that all vulnerabilities are independent and are implemented either by random events or by malicious intent. The paper proposes a method that allows modeling the vulnerabilities of complex systems as a whole, taking into account their hidden connections. Q-analysis [2] was used to study the structure of the system of interconnected vulnerabilities that arise in the process of project implementation. An example of the application of Q-analysis methods is presented and an explanation of the nature and impact of some potential threats and their combinations is offered.","PeriodicalId":471817,"journal":{"name":"Theoretical and applied cybersecurity","volume":"32 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2023-09-19","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"135108152","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}