№ 2 (36)

The aim of the study is to generalize and structure processes that determine the level of information security risk of a subject of socio-economic activity. The conceptual model is developed on the basis of: analysis of the subject's activity process and its decomposition into separate states in the space of activity effects; analysis of the information process that ensures the management of the subject, and its decomposition in the form of a set of elementary information operations; analysis of the life cycle of an information technology system as an environment for the flow of an information process, vulnerabilities of which determine the possibility of realizing threats to information security. The model is a generalized formalized description of information processes and technologies, as well as the processes of the economic activity of the subject, forming the «channels of influence» of sources of threats to information security on the effects (results) of socio-economic activity. The model is a tool for preliminary (qualitative) analysis of information security risk, used to identify key factors that are subject to detailed (quantitative) analysis in assessing the level of risk.
Keywords: risk analysis, information security threat, threat implementation method, automated system in secure
execution, information process, life cycle of an automated system, information infrastructure, activity process, activity effect, consequence of threat realization.

1. Petrenko S. A., Simonov S. V. Upravlenie informacionnymi riskami. Ekonomicheski opravdannaya bezopasnost’. M.: DMK Press, 2004. 400 s.
2. Probabilistic Modeling in System Engineering/By ed. A. Kostogryzov. -London: IntechOpen, 2018. 278 p., DOI: 10.5772/
intechopen.71396.
3. Barabanov A.V., Dorofeev A.V., Markov A.S., Cirlov V.L. Sem’ bezopasnyh informacionnyh tekhnologij. M.: DMK Press, 2017. 224 p.
4. Buldakova T.I., Mikov D.A. Realizaciya metodiki ocenki riskov informacionnoj bezopasnosti v srede MATLAB, Voprosy kiberbezopasnosti
[Cybersecurity issues], 2015, No4 (12). S. 53-61.
5. Markov A.S., Cirlov V.L. Upravlenie riskami - normativnyj vakuum informacionnoj bezopasnosti, Otkrytye sistemy. SUBD. 2007, No8.
S. 63-67.
6. Rajkova N.O., SHahalov I.YU. Sravnenie ISO/IEC 27001:2005 i ISO/IEC 27001:2013, IT-Standart. 2015, No 1 (2). S. 45-48.
7. Revenkov P.V., Krupenko D.S. Ocenka riskov informacionnoj bezopasnosti v usloviyah primeneniya sistem mobil’nogo bankinga,
Voprosy kiberbezopasnosti [Cybersecurity issues], 2019, No 2 (30). S. 21-28.
8. Grusho A.A., Primenko E.A., Timonina E.E. Teoreticheskie osnovy komp’yuternoj bezopasnosti. – M.: Academia, 2009. 272 c.
9. Hovard M., Leblank D. Zashchishchennyj kod. 2-e izd. M.: Russkaya redakciya, 2004. 704 s.
10. Barankova I.I., Mihajlova U.V., Afanas’eva M.V. Minimizaciya riskov informacionnoj bezopasnosti na osnove modelirovaniya ugroz
bezopasnosti, Dinamika sistem, mekhanizmov i mashin. 2019. Tom 7, No 4. S 60-66. DOI: 10.25206/2310-9793-7-4-60-66.
11. Gorohov D.E. Apriornaya ocenka velichiny riska informacionnoj bezopasnosti na osnove modelirovaniya processa realizacii
informacionnyh ugroz, Informacionnaya bezopasnost’. 2009, No4. S. 593-598.
12. Tekunov V.V., YAzov YU.K. Modelirovanie dinamiki realizacii ugroz bezopasnosti informacii s ispol’zovaniem apparata setej PetriMarkova, Informaciya i bezopasnost’. 2018. T. 21, No 1. S. 38-47.
13. Kasenov A.A., Magazev A.A., Cyrul’nik V.F. Markovskaya model’ sovmestnyh kiberugroz i ee primenenie dlya vybora optimal’nogo nabora
sredstv zashchity informacii, Modelirovanie i analiz informacionnyh sistem. 2020. T. 27, No 1. S. 108-123. DOI: 10.18255/1818-1015-
2020-1-108-123.
14. CHobanyan V.A., SHahalov I.YU. Analiz i sintez trebovanij k sistemam bezopasnosti ob”ektov kriticheskoj informacionnoj infrastruktury,
Voprosy kiberbezopasnosti [Cybersecurity issues], 2013, No 1 (1). S. 17-27.
15. Kononov A.A., Kotel’nikov A.P., CHernysh K.V. Ocenka zashchishchennosti kriticheski vazhnyh ob”ektov na osnove postroeniya modelej
sobytij riskov, Upravlenie riskami i bezopasnost’yu. Trudy ISA RAN. 2012. Tom 62, No 4. S. 69-75.
16. Vasil’eva T.N., L’vova A.V. Primenenie ocenok riskov v upravlenii informacionnoj bezopasnost’yu, Prikladnaya informatika. 2009, No 5 (23).
17. Anikin I.V. Metod analiza ierarhij v zadachah ocenki i analiza riskov informacionnoj bezopasnosti, Informatika i upravlenie. Vestnik KGTU im. A.N. Tupoleva. 2006, No 3. S. 11-18.
18. Anikin I.V. Nechetkaya ocenka faktorov riska informacionnoj bezopasnosti, Bezopasnost’ informacionnyh tekhnologij. 2016. T. 23, No 1. S. 78-87.
19. Kazarov E.G., Rudakov A.M., Mityushov D.G. Ispol’zovanie teorii nechetkih mnozhestv pri modelirovanii ugroz bezopasnosti informacii, Vestnik YAroslavskogo vysshego voennogo uchilishcha protivovozdushnoj oborony. 2019, No 2 (5). S. 192-200.
20. Gas’kova D.A., Massel’ A.G. Tekhnologiya analiza kiberugroz i ocenka riskov narusheniya kiberbezopasnosti kriticheskoj infrastruktury, Voprosy kiberbezopasnosti [Cybersecurity issues], 2019, No 2 (30). S. 42-49. DOI: 10.21681/2311-3456-2019-2-42-49.
21. Petrenko S.A. Obzor metodov immunnoj zashchity industrii 4.0, Zashchita informacii. Inzajd. 2019, No 5 (89). S. 36-48.
22. Boev A.S., Byvshih D.M., Korobejnikov A.S., Strokova T.M. Analiz riskov pri podgotovke nauchno-tekhnicheskogo i tekhnologicheskogo zadela innovacij, RISK: Resursy. Informaciya. Snabzhenie. Konkurenciya. 2013, No3. S.214-221.
23. Lastochkin YU.I., YArygin YU.N., Byvshih D.M. Sistema pokazatelej dlya kompleksnogo analiza sostoyaniya i perspektiv razvitiya sil i sredstv vojsk radioelektronnoj bor’by VS RF, Vooruzhenie i ekonomika. 2017, No 4 (41). S. 21-31.

The purpose of this work is to develop the method for steganalysis of static JPEG images, based on the usage of artificial immune systems.In this paper, a model of an artificial immune system was developed for the task of detecting hidden information in JPEG images. Basic requirements were determined and the basic elements of an artificial immune system were considered, mutation and antibody cloning operations were introduced. Also, formal description of main nodes of the artificial immune system is given. In addition, a brief overview and analysis of the state of the problem of steganalysis are provided in the paper. Also analysis of the obtained experimental results and an assessment of the effectiveness of the developed method is made.The proposed method allows to detect the presence of hidden information, embedded by various popular steganography tools (like OutGuess, Steghide and F5) in static JPEG images with a sufficiently high accuracy. The theoretical significance of this work consists in the development of a fairly promising approach of heuristic steganalysis using artificial immune systems. The practical significance lies in the developed software product, as well as in experimental data confirming the effectiveness of the method of steganalysis in point of the detection of hidden information in JPEG images.
Keywords: Steganography, Steghide, OutGuess, F5, binary classification, Haar wavelet-transform, Clonal selection,
Negative selection.

1. Holub V., Fridrich J. Low-complexity features for JPEG steganalysis using undecimated DCT // IEEE Trans. Inf. Forensics Secur. 2015. Т. 10, № 2. pp. 219–228. DOI: 10.1109/TIFS.2014.2364918.
2. Gulášová M., Jókay M. Steganalysis of stegostorage library // Tatra Mountains Mathematical Publications. 2016. Т. 67, № 1. pp. 99–116. DOI: 67. 10.1515/tmmp-2016-0034.
3. Fridrich J.J., Goljan M., Hogea D. Steganalysis of JPEG Images: Breaking the F5 Algorithm // Information Hiding. Lecture Notes in Computer Science. 2002. pp. 310-323. DOI: 10.1007/3-540-36415-3_20.
4. Pevny T., Bas P., Fridrich J. Steganalysis by subtractive pixel adjacency matrix. // IEEE Trans. Inf. Forensics Secur. 2010. № 5 (2). pp. 215–224. DOI: 10.1109/TIFS.2010.2045842.
5. Еvsyutin O.O., Shumskaya O.O. Sravnenie linejnogo diskriminanta Fishera i naivnogo bajesovskogo klassifikatora v zadache stegoanaliza JPEG- izobrazhenij // ELЕKTRONNYЕ SRЕDSTVA I SISTЕMY UPRAVLЕNIYA. Tomskij gosudarstvennyj universitet sistem upravleniya i radioelektroniki, Tomsk. 2017.№1-2. pp. 79-82.
6. Hendrych J., Kunčický R., Ličev L. New Approach to Steganography Detection via Steganalysis Framework. // Proceedings of the Second International Scientific Conference “Intelligent Information Technologies for Industry” (IITI’17). 2017. Advances in Intelligent Systems and Computing, vol 679. Springer, Cham. DOI: 10.1007/978-3-319-68321-8_51.
7. Ziou D., Jafari R. Efficient steganalysis of images: Learning is good for anticipation // Pattern Analysis and Applications. 2014. Vol. 17, № 2. pp. 279–289. DOI: 10.1007/s10044-012-0303-9.
8. Watanabe S., Murakami K., Furukawa T. and Zhao Q. Steganalysis of JPEG image-based steganography with support vector machine // 2016 17th IEEE/ACIS International Conference on Software Engineering, Artificial Intelligence, Networking and Parallel/Distributed Computing (SNPD), Shanghai. 2016. pp. 631–636. DOI: 10.1109/SNPD.2016.7515970
9. Wang R., Xu M., Ping X., Zhang T. Steganalysis of JPEG images by block texture based segmentation // Multimedia Tools and Applications. 2015. Т. 74, № 15. pp. 5725–5746. DOI: 10.1007/s11042-014-1880-y.
10. Kodovský J., Fridrich J. Steganalysis of JPEG images using rich models // Proceedings of SPIE – The International Society for Optical Engineering. 2012. Vol. 8303. pp. 1–DOI: 10.1117/12.907495.
11. Pevny T., Fridrich J. Merging Markov and DCT features for multi-class JPEG steganalysis. // Proceedings of SPIE – The International Society for Optical Engineering. 6505. 2007. DOI: 10.1117/12.696774.
12. Dasgupta D. Iskusstvennye immunnye sistemy i ih primenenie. / edited by Romanyuha A.. FIZMATLIT, 2006. 344 p.
13. Pérez J.D.J.S., Rosales M.S., Cruz-Cortés N. Universal steganography detector based on an artificial immune system for JPEG images // Proc. – 15th IEEE Int. Conf. Trust. Secur. Priv. Comput. Commun. 10th IEEE Int. Conf. Big Data Sci. Eng. 14th IEEE Int. Symp. Parallel Distrib. Proce. 2017. pp. 1896–1903. DOI: 10.1109/TrustCom.2016.0290.
14. Lu T., Zhang L., Wang S., Gong, Q. Ransomware detection based on V-detector negative selection algorithm // 2017 International Conference on Security, Pattern Analysis, and Cybernetics, SPAC 2017. pp. 531-536. DOI: 10.1109/SPAC.2017.830433515.
15. Kushnir N.V., Kushnir A.V., Anackaya E.V., Katysheva P.A., Ustinov K.G. Iskusstvennye immunnye sistemy: obzor i sovremennoe sostoyanie. // Elektronnyj setevoj politematicheskij zhurnal “Nauchnye trudy KUBGTU”. Kubanskij gosudarstvennyj tekhnologicheskij universitet, Krasnodar. 2015. №12. pp. 382-391.

The study aims to increase OCSP service availability. In this paper methods of mathematical logic, scanning network methods and distributed system design methods used. As a result, we examined the availability of more than three hundred OCSP responders that store status of SSL-certificates for more than half a million of the most popular websites. The data obtained allowed us to identify the problem that OCSP responders are not always able to provide the required 100% availability. In contrast to the centralized system, the availability of the Ethereum blockchain platform nodes was investigated. This showed that decentralized system availability is higher due to the larger number and prevalence of Ethereum-nodes.An approach to building a decentralized certificate status verification service is proposed - a decentralized OCSP responder model is presented and based on it, the functions of a smart contract and the interaction procedure of the system participants are described. The proposed approach allows to increase the availability of the OCSP service by 30% and to distribute the load between OSCP responders. The solution can be used to build highly available public key systems on an Internet scale, as well as for corporate key management systems
Keywords: information security, Internet, Certification Authority, OCSP, HTTPS, SSL, Ethereum, blockchain, availability.

1. Fadai T., Schrittwieser S., Kieseberg P., Mulazzani M. Trust me, I’m a Root CA! Analyzing SSL Root CAs in Modern Browsers and Operating Systems. In Proceedings - 10th International Conference on Availability, Reliability and Security. IEEE, 2015. pp. 174–179. DOI: 10.1109/ARES.2015.93
2. Cooper D., Santesson S., Farrell S., Boeyen S., Housley R., Polk W. Internet X.509 Public Key Infrastructure Certificate and Certificate Revocation List (CRL) Profile. 2008. DOI: 10.17487/RFC5280
3. Liu Y., Tome W., Zhang L., Choffnes D., Levin D., Maggs B., Mislove A., Schulman A., Wilson C. An End-to-End Measurement of Certificate Revocation in the Web’s PKI // ACM Press, 2015. pp. 183–196.
4. Santesson S. Myers M., Ankney R., Malpani A., Galperin S., Adams C. X.509 Internet Public Key Infrastructure Online Certificate Status Protocol - OCSP. 2013. DOI: 10.17487/RFC6960
5. Serrano N., Hadan H., Camp L.J. A Complete Study of P.K.I. (PKI’s Known Incidents) // SSRN Electronic Journal. 2019. DOI: 10.2139/ssrn.3425554
6. Busygin A.G., Konoplev A.S., Zegzhda D.P. Skhema i infrastruktura obespecheniya zashchishchennosti kommunikacij v seti Internet ot ataki «chelovek poseredine», osnovannoj na ispol’zovanii otozvannyh sertifikatov // Informacionnaya bezopasnost’ regionov Rossii. Sankt-Peterburg, 2017. pp. 170-171
7. Laurie B. Certificate Transparency // Queue. 2014. № 8 (12). pp. 10–19.
8. Fromknecht, C., Velicanu, D., Yakoubov, S. A Decentralized Public Key Infrastructure with Identity Retention. // IACR Cryptology ePrint Archive, 2014. p. 803.
9. Yao S. Chen J., He K., Du R., Zhu T., Chen, X. PBCert: Privacy-Preserving Blockchain-Based Certificate Status Validation Toward Mass Storage Management // IEEE Access. 2019. (7). pp. 6117–6128.
10. Scheitle Q., Hohlfeld O., Gamba J., Jelten J., Zimmermann T., Strowes S., Vallina-Rodriguez N. A Long Way to the Top: Significance, Structure, and Stability of Internet Top Lists. In Proceedings of the Internet Measurement Conference 2018 (IMC ‘18). ACM, New York, NY, USA, 2018, pp. 478-493. DOI: 10.1145/3278532.3278574
11. Porter Felt A., Barnes R., King A., Palmer C., Bentzel C., Tabriz P. Measuring HTTPS Adoption on the Web // 26th USENIX Security Symposium. Vancouver: USENIX Association, 2017. pp. 1323–1338.
12. Kumar D., Wang Z., Hyder M., Dickinson J., Beck G., Adrian D., Mason J., Durumeric Z., Halderman A., Bailey M. Tracking Certificate Misissuance in the Wild // 2018 IEEE Symposium on Security and Privacy (SP). IEEE, 2018. pp. 785–798. DOI: 10.1109/SP.2018.00015
13. Nurmuhametov R.K., Stepanov P.D., Novikova T.R. TEKHNOLOGIYA BLOKCHEJN I EE PRIMENENIE V TORGOVOM FINANSIROVANII // Finansovaya analitika: problemy i resheniya. 2018. №2 (344). DOI: 10.24891/fa.11.2.179
14. Ye C. Li G., Cai H., Gu Y., Fukuda A. Analysis of Security in Blockchain: Case Study in 51%-Attack Detecting IEEE, 2018. pp. 15–24. DOI: 10.1109/DSA.2018.00015
15. Kim, S., Ma Z., Murali S., Mason J., Miller A., Bailey M. Measuring Ethereum Network Peers. // IMC ’18 Proceedings of the Internet Measurement Conference. pp. 91–104. DOI: 10.1145/3278532.3278542

Purpose: development of a model of conflict in the context of information impact under limitations for counteraction measures costs.
Method: mathematical modeling is based on the Markov chains apparatus and model of the situation development under conflict of the parts of confrontation. Assessing the probability of a system being in a particular state at a given time moment enables the analysis of a system state under or without information impacts, detection of the latter and counteraction to them, as well as the analysis of the transitions between the system states.
Result: the model developed can be applied to formalization and assessment of the security of socially important objects. The method obtained takes into account the changing conditions of functioning of information system under protection and consists in determination of the system current state, in forecasting its behavior using the Markov model for various configurations of the protection system and in configuration selection in order to achieve maximum system performance.
Keywords:  information impact, Markov model, confrontation, counteraction, forecasting.

1. Osipov V.Yu., Yusupov R.M. Informacionnyi vandalizm, kriminal i terrorizm kak sovremennye ugrozy obshchestvu // Trudy SPIIRAN [SPIIRAS Proceedings]. 2009. № 8. pp. 34–45.
2. Molotnikova A.A., Zvonkova D.V. Ob istochnikakh i prostejshikh sposobakh kolichestvennogo prognozirovaniya ugroz terrorizma i ekstremizma // Nauka i obrazovanie: khozyajstvo i ekonomika; predprinimatel’stvo; pravo i upravlenie [Science and Education; State Economy; Business; Law and Management]. 2017. № 12. pp. 119–123.
3. Andreeva O.N. Metod monitoringa riskov tekhnogennykh narushenii i avarijnykh situacii // Naukoemkie tekhnologii [Journal Science Intensive Technologies]. 2017. № 18 (3). pp. 85–91.
4. Petrov A.V. Antiterroristicheskaya bezopasnost’: sushchnost’ i soderzhanie // Vestnik TvGU. Seriya “Filosofiya” [Herald of TvGU. Series: Philophy]. 2018. № 1. pp. 113–122.
5. Prognozirovanie razvitiya kriminal’noi situacii v Respublike Kazakhstan: Monografiya / Kollektiv avtorov. Astana: Akademiya pravoohranitel’nykh organov pri General’noj prokurature Respubliki Kazakhstan. 2017. 172 p.
6. Fatkieva R.R., Vorobiev V.I., Levonevskiy D.K. Approach to Information Security Control of Complex Computer Networks // In Proceedings of the 19th IEEE International Conference on Soft Computing and Measurements (Saint Petersburg, Russian Federation, May 25-27, 2016). SCM 2016. IEEE Xplore, 2016. pp. 71-72. DOI: 10.1109/SCM.2016.7519687.
7. Levonevskiy D.K., Fatkieva R.R., Ryzhkov S.R. Network AttackS Detection Using Fuzzy Logic // In Proceedings of the 18th IEEE International Conference on Soft Computing and Measurements (Saint Petersburg, Russian Federation, May 19-21, 2015). SCM 2015.
IEEE Xplore, 2015. pp. 243-244. DOI: 10.1109/SCM.2015.7190470.
8. Permyakova M.A., Permyakova O.V. Veroyatnostnyi podkhod k proektirovaniyu SZI s primeneniem markovskikh processov // Aktual’nye problemy sovremennoi nauki, tekhniki i obrazovaniya [Actual Problems of Science, Technology and Education]. 2017. № 1. pp. 214 – 217.
9. Magazev A.A., Cyrul’nik V.F. Issledovanie odnoi markovskoi modeli ugroz bezopasnosti komp’yuternykh system // Modelirovanie i analiz informacionnykh system [Modeling and Analysis of Information Systems]. 2017. № 24(4). pp 445-458. DOI: 10.18255/1818-1015-2017-4-445-458.
10. Evglevskaya N.V., Privalov A.A., Skudneva E.V. Markovskaya model’ konflikta avtomatizirovannykh sistem obrabotki informacii i upravleniya s sistemoi destruktivnykh vozdejstvii narushitelya // Izvestiya Peterburgskogo universiteta putei soobshcheniya [Proceedings of Petersburg Transport University]. 2015. № 1 (42). pp. 78-84
11. Abramov P.B. Model’ informacionnogo konflikta na osnove markovskikh form s vneshnimi potokami sobytii. V sbornike: Okhrana, bezopasnost’, svyaz’ – 2014. Materialy mezhdunarodnoi nauchno-prakticheskoi konferencii. Voronezhskii institut MVD Rossii (Voronezh, Rossiya, 27 noyabrya 2014). 2015. pp. 7-12.
12. Andreeshchev I.A. Optimizaciya tekhnicheskikh parametrov sistemy zashchity informacii na osnove polumarkovskoi modeli funkcionirovaniya informacionnoi sistemy // Informaciya i bezopasnost’ [Information and Security]. 2017. № 20 (1), pp. 49 -56.
13. Marichev A.V., Shchetnikova D.A. Analiz sushchestvuyushchikh tekhnologii adaptivnoi peredachi potokovykh dannykh // Vestnik Voronezhskogo instituta vysokikh tekhnologii [Vestnik of Voronezh Institute of High Technologies]. 2018. № 1 (24). pp. 47-49.
14. Vorob’ev V.I., Fatkieva R.R., Evnevich E.L., Markov V.S. Privedenie rezul’tatov setevykh izmerenii informacionnoi bezopasnosti v sootvetstvii s rekomendaciyami FSTEK na osnove procedury garmo-nizacii // Upravlenie ekonomicheskimi sistemami: elektronnyi nauchnyi zhurnal [Management of Economic systems. Scientific Electronic Journal]. 2015. № 12 (84). pp. 22.
15. Tikhonov V.I. Markovskie processy / M.: Sov.radio. 1977. 488 p.
16. Kolmogorov A.N. Ob analiticheskikh metodakh v teorii veroyatnostei // Uspekhi matematicheskikh nauk [Russian Mathematical Surveys]. 1938. № 5. pp. 5–41.
17. H.Majn, S. Osaki. Markovskie processy prinyatiya reshenii / Glavnaya redakciya fiziko-matematicheskoi literatury. M. Nauka. 1977. 176 p. 

Purpose of the article: development of a methodology for assessing the impact of the system of protection against computer attacks on the personnel of the protected system.
Method: expert evaluation in the individual evaluation elements, metrics, and criteria included in the overall measure of the factor “Ease of use” with the subsequent additive convolution of the assessment elements, metrics, and criteria weighting factors the importance of separate evaluation of the elements metrics and criteria.Result: it is shown that the influence of the system of protection against computer attacks on the personnel of the protected automated system can be estimated as the degree of reducing the ease of use of the automated system with the introduction of the system of protection against computer attacks. The indicator characterizing degree of decrease in convenience of application of the protected automated system representing additive convolution of the relations of each estimated criterion characterizing separate properties of the protected system defined for the automated system without inclusion in its structure of system of protection against computer attacks to the estimated criteria defined for the automated system with the system of protection against computer attacks included in its structure taking into account weight coefficients of the importance of each criterion is offered. Evaluation of the criteria characterizing the individual properties of the protected automated system is based on expert evaluation of the indicators of the 4th level (individual evaluation elements), followed by additive convolution to the indicators of the 3rd level (metrics) and to the indicators of the 2nd level (criteria), taking into account the weight coefficients of significance of indicators of all levels.

Keywords: impact of the protection system on personnel, usability indicator, evaluation element, metric, criterion, expert evaluation.

1. Mitrohin V. E., Rigenblum P. G. Matematicheskaya model vliyaniya sredstv zaschity unformatsii na harakteristiki uzla svyazi telekommunikatsionnoy seti // Vestnik SibGUTI [Herald of the Siberian State Tech. Univ.], 2016, No 1, pp. 66 – 73.
2. Scheglov A. Yu., Scheglov K. A. Analiticheskoe modelirovanie harakteristiki proizvoditelnosti sistemy zaschity informatsii // Voprosy zaschity informatsii [Information security issues], 2016. No 4 (115), pp. 3 – 12.
3. Drobotun E. B., Kozlov D. V. Otsenka stepeni vliyaniya antivirusnyh programmnyh sredstv na kachestvo funkcionirovaniya informacionno-vychislitelnyh sistem // Programmnye produkty i sistemy [Software & Systems], 2016, No 4 (vol. 29), pp. 129 – 134. DOI: 10.15827/0236-235X.116.129-134
4. Drobotun E. B. Otsenka stepeni vliyaniya sredstv razgranicheniya dostupa na proizvoditelnost informacionno-vychislitelnoy sistemy // Programmnye produkty i sistemy [Software & Systems], No 1, pp. 128 – 133. DOI: 10.15827/0236-235X.031.1.128-133
5. Fyodorova V. A., Moiseeva T. A., Kolyagina I. A. Analiz vliyaniya sredstv zaschity infformatsii na propusknuyu sposobnost seti // Radiopromyshlennost [Radio industry], 2018, No 1 (vol. 29), pp. 68 – 73. DOI: 10.21778/2413-9599-2018-1-68-73
6. Skryl S. V., Mescheryakova T. V., Golubkov D. A., Arutyunova V. I. Matematicheskie modeli optimalnyh parametrov mehanizmov antivirusnoy zaschity seansovogo tipa // Proyshlennye ASU I kontrollery [Industrial ACS and controllers], 2016, No 10, pp. 61 – 65.
7. Andruh O. N., Homyakov A. V. Analiz standartov i podhodov k otsenke kachestva programmnogo obespecheniya // Sbornik nauchnyh trudov Instituta inzhenernoy fiziki [Collection of scientific papers of the Institute engineering physics], 2015, No 4, pp. 64 – 68.
8. Lipaev V. V. Nadezhnost` i funktsionalnaya bezopasnost` kompleksov program realnogo vremeni: monografiya. Moscow, Berlin, Direct Media, 2015. 281 p.
9. Sytnik A. A., Shulga T. E., Danilov N. A. Ontologiya predmetnoy oblasti «Udobstvo ispol`zovaniya programmnogo obespecheniya» // Trudy ISP RAN [Proc. ISP RAS], 2018, Vol. 30, Issue 2, pp. 195-214. DOI: 10.15514/ISPRAS-2018-30(2)-10
10. Legkov K. E., Burenin A. N., Emel’yanov A. V. Osnovnye pokazateli kachestva funktsionirovaniya informatsionnyh podsistem avtomatizirovannyh sistem upravleniya sloznymi organizatsionno-tehnicheskimi ob’ektami // Informatsiya i kosmos [Information and Space], 2017, No 2, pp. 58 – 64.
11. Petrovskiy A. B. Teoriya prinyatiya resheniy: uchebnik dlya stud. vysh. ucheb. zavedeniy. Moscow, Publishing center «Academy», 2009. 400 p.
12. Hamhanova D. N. Teoreticheskie osnovy obespecheniya edinstva ekspertnyh izmerenij. Ulan-Ude, East Siberian state technological publishing house University’s, 2006. 170 p.
13. Ruposov V. L. Metody opredeleniya kolichestva ekspertov // Vestnik Irkutskogo gosudarstvennogo universiteta [Herald of Irkutsk state technical University], 2015, No 3 (98), pp. 286 – 292.
14. Metodika primeneniya ekspertnyh metodov dlya ocenki kachestva produkcii. Moscow, Standards publishing, 1977. 55 p.
15. Popov D. I., Sovetov B. Ya., Kasatkin V. V. Metodika vychisleniya soglasovannosti mneniy ‘kspertov v avtomatizirovannoy sisteme attestatsii personala promyshlennogo predpriyatiya // Vestnik MADI [Herald of the automobile and road institute], 2007, No 3 (10), pp. 92 – 94.

The aim of the article is developing a number of approaches for quantifying cybersecurity of network control systems and detecting cyber-attacks on these one. Research method: the system under study is described by a model of discrete space-time with time-invariant feedback, the detection of attacks in which carried out using the proposed detection filter. The possible goals and resource limitations of the attacker in the target control system, the effects of attacks are analyzed, and attack detection method is proposed. The analysis of component and cross-platform structures is carried out. Conclusions and structures of alignment and collision are made. Research result: based on the proposed estimates of the maximum intensity of the possible impact, as well as sufficient and necessary resources for its implementation, an algorithm for detecting a cyber-attack on a network control system is proposed. The approach has several advantages of its implementation, one of which is the cost-effectiveness of implementation. The efficiency of the proposed approach is illustrated by the example of managing a critically important object of maritime transport. The developed practical examples are relevant and implemented in practice on ferries operating at the Kerch ferry. The implemented model allows to provide protection against cybernetic attacks on the ballast system of a critical marine transport facility.
Keywords: maritime transport, cybersecurity, control system, ballast, restrictions, fault tolerance, discreteness.

1. Nyrkov A.P., Zhilenkov A.A., Sokolov S.S., Chernyi S.G. Hard- and software implementation of emergency prevention system for maritime transport // Automation and Remote Control. 2018. Т. 79. № 1. Pp. 195-202. DOI: 10.1134/S0005117918010174
2. Соколов С.С., Нырков А.П., Чёрный С.Г., Жиленков А.А. Устройство контроля остойчивости судна. Патент на полезную модель RUS 169161 14.06.2016
3. Guo, B., Chen, Y. Adaptive fast sliding mode fault tolerant control integrated with disturbance observer for spacecraft attitude stabilization system // ISA Transactions. 2019. 94. Pp. 1-9. DOI: 10.1016/j.isatra.2019.04.014
4. Meng, Y., Jiang, B., & Qi, R. Adaptive fault-tolerant attitude tracking control of hypersonic vehicle subject to unexpected centroid-shift and state constraints // Aerospace Science And Technology. 2019. 95. Pp. 105515. DOI: 10.1016/j.ast.2019.1055155. Hu H., Liu L.,
Wang Y., Cheng Z., Luo, Q. Active fault-tolerant attitude tracking control with adaptive gain for spacecrafts // Aerospace Science and Technology. 2020. 98. Pp.105706. DOI: 10.1016/j.ast.2020.105706
5. Zhao Z., Jiang S., Ni, R., Fu S., Han Z., Yu Z. Fault-tolerant control of clutch actuator motor in the upshift of 6-speed dry dual clutch transmission // Control Engineering Practice. 2020. 95. Pp. 104268. DOI: 10.1016/j.conengprac.2019.104268
6. Liang, X., Wang, Q., Hu, C., Dong, C. Observer-based H∞ fault-tolerant attitude control for satellite with actuator and sensor faults // Aerospace Science and Technology. 2015. 95. Pp. 105424. DOI: 10.1016/j.ast.2019.105424
7. Ghanbarpour, K., Bayat, F., Jalilvand, A. Dependable power extraction in wind turbines using model predictive fault tolerant control // International Journal of Electrical Power & Energy Systems. 2020. 118. Pp.105802. DOI: 10.1016/j.ijepes.2019.105802
8. Li X., Wang, J. Fault-tolerant tracking control for a class of nonlinear multi-agent systems // Systems & Control Letters. 2019. 135. Pp. 104576. DOI: 10.1016/j.sysconle.2019.104576
9. Teixeira A., Shames I., Sandberg H., Johansson K. A secure control framework for resource-limited adversaries // Automatica. 2015. 51. Pp.135-148. DOI: 10.1016/j.automatica.2014.10.067
10. Van, M., & Do, X. Optimal adaptive neural PI full-order sliding mode control for robust fault tolerant control of uncertain nonlinear system // European Journal Of Control. 2020. 21. DOI: 10.1016/j.ejcon.2019.12.005
11. Ding S.X. Model-based Fault Diagnosis Techniques: Design Schemes. Springer [Электронный ресурс]: 2015. URL: DOI: 10.1007/978-3-540-76304-8
12. Соколов С.С., Нырков А.П., Чёрный С.Г., Жиленков А.А. Устройство контроля остойчивости судна. Патент на полезную модель RUS 165914 29.06.2016
13. Соколов С.С., Нырков А.П., Чёрный С.Г., Жиленков А.А. Судовое балластное устройство. Патент на полезную модель
RUS 160593 05.11.2015
14. Lei, R., & Chen, L. Adaptive fault-tolerant control based on boundary estimation for space robot under joint actuator faults and uncertain parameters // Defence Technology. 2019. 15(6). Pp. 964-971. DOI: 10.1016/j.dt.2019.07.010
15. Li, L., Luo, H., Ding, S., Yang, Y., Peng, K. Performance-based fault detection and fault-tolerant control for automatic control systems // Automatica. 2019. 99. Pp. 308-316. DOI: 10.1016/j.automatica.2018.10.047
16. Xiao, G., Liu, F. Distributed fault-tolerant model predictive control for intermittent fault: A cooperative way // ISA Transactions. 2019. 89. Pp. 113-121. DOI: 10.1016/j.isatra.2018.12.022

Purpose of the article: development of a software tool for normalizing event logs, which is used as a module for managing security information and security events.Method: normalization of event logs using a tree of fixed depth, since this method gives a high speed of processing input data with a low probability of false positives, however, it requires writing regular expressions.The result: an algorithm for normalizing event logs is described that uses a fixed depth tree in its work. A comparison is made with other methods of normalizing event logs in terms of accuracy. A software tool has been developed that implements this algorithm. The obtained software was tested on real data, the processing time of one event was calculated, and a conclusion was drawn about the average possible number of events processed per second. The authors of the article give a scheme for integrating the resulting software with a system for managing security information and security events. In the conclusion, estimates are given about the effectiveness of the algorithm itself, as well as the software obtained on the basis of the described algorithm for normalizing event logs, as a module of a system for managing security information and security events.
Keywords: information security, event log, incident analysis, event monitoring, statistical algorithm, information
security incident, parsing.

1. Y. Duan, G. Fu, N. Zhou, X. Sun, N. C. Narendra, B. Hu, Everything as a service (xaas) on the cloud: origins, current and future trends // Proc. of the 8th International Conference on Cloud Computing, 2015, pp. 621–628.
2. Biriukov A. A. Informatcionnaia bezopasnost`: zashchita i napadenie / A. A. Biriukov. 2-e izd., pererab. i dop. M. : DMK Press, 2017. 434 s.
3. Abdenov A.ZH. Analiz, opisanie i ocenka funktcional`ny`kh uzlov SIEM-sistemy` : uchebnoe posobie / Abdenov A.ZH., Trushin V.A., Sulai`man K. E`lektron. tekstovy`e danny`e. Novosibirsk: Novosibirskii` gosudarstvenny`i` tekhnicheskii` universitet, 2018. 122 c.
4. D. Q. Zou, H. Qin, H. Jin, Uilog: Improving log-based fault diagnosis by log analysis // Journal of Computer Science and Technology, vol. 31, no. 5, pp. 1038–1052, 2016.
5. P. He, J. Zhu, Z. Zheng, M. R. Lyu, Drain: An online log parsing approach with fixed depth tree // ICWS, 2017, pp. 33–40
6. M. Du and F. Li, Spell: Streaming parsing of system event logs // Proc. of the 16th International Conference on Data Mining, 2016. DOI: 10.1109/ICDM.2016.0103
7. Batcher M. Go na praktike / Me`tt Batcher, Me`tt Farina ; per. s angl. R. N. Ragimova; nauch. red. A. N. Kiselev. M.: DMK Press, 2017. 374 s.
8. Donovan A., Kernighan B. The Go Programming Language / Alan A. A. Donovan, Brian W. Kernighan – Boston, USA : Addison–Wesley, 2015. 380 p.
9. Cox-Buday K. Concurrency in Go. Tools and Techniques for Developers / Katherine Cox-Buday – Sebastopol, USA : O’Reilly Media, 2017. 229 p.
10. Petrenko S. A. Politiki bezopasnosti kompanii pri rabote v Internet / S. A. Petrenko, V. A. Kurbatov. 3-e izd. (e`l.). E`lektron. tekstovy`e dan. (1 fai`l pdf : 397 s.). M. : DMK Press, 2018.
11. Petrenko S. A. Upravlenie informatcionny`mi riskami. E`konomicheski opravdannaia bezopasnost` / S. A. Petrenko, S. V. Simonov. 2-e izd. (e`l.). E`lektron. tekstovy`e dan. (1 fai`l pdf : 396 s.). M. : DMK Press, 2018, 384 c. ISBN 5-98453-001-5
12. Tarasov, S. V. SUBD dlia programmista. Bazy` danny`kh iznutri / S. V. Tarasov. M. : SOLON-Press, 2015. 320 s.
13. Chodorow K., Bradshaw S., Brazil E. MongoDB: The Definitive Guide, 3rd Edition / Kristina Chodorow, Shannon Bradshaw, Eoin Brazil – Sebastopol, USA : O’Reilly Media, 2019. 514 p.
14. Gormley C., Tong Z. Elasticsearch: The Definitive Guide: A Distributed Real-Time Search and Analytics Engine / C. Gormley, Z. Tong — Sebastopol, USA : O’Reilly Media, 2015. 724 p.
15. Chhajed S. Learning ELK Stack / Saurabh Chhajed – Birmingham, UK : Packt Publishing, 2015. 206 p.
16. Toshev M. Learning RabbitMQ / Martin Toshev – Birmingham, UK : Packt Publishing, 2015. 262 p.
17. Ayanoglu E., Aytas Y., Nahum D. Mastering RabbitMQ / Emrah Ayanoglu, Yusuf Aytas, Dotan Nahum – Birmingham, UK : Packt Publishing, 2016. 286 p.
18. Minni S. Apache Kafka Cookbook / Saurabh Minni – Birmingham, UK : Packt Publishing, 2015. 128 p.
19. Garg N. Learning Apache Kafka, 2nd Edition / Nishant Garg – Birmingham, UK : Packt Publishing, 2015. 112 p.
20. Huang P., Wang Z. Redis 4.x Cookbook / Pengcheng Huang, Zuofei Wang – Birmingham, UK : Packt Publishing, 2018. 382 p.