№ 2 (48)

Purpose of work is the development of post-quantum digital signature algorithms with comparatively small sizes of the public and secret keys and the signature.Research method is the use of a new concept for constructing signature algorithms on nite non-commutative associative algebras, which is distinguished by the multiple occurrences of the signature S in the power veri cation equation. A public key is generated in the form of a set of vectors every of which is calculated as the product of triples of secret vectors. With a special choice of these triples, it is possible to calculate a signature that satis es the veri cation equation. Results of the study are two developed algebraic post-quantum digital signature algorithms of a new type, security of which is based on the computational dif culty of solving systems of many quadratic equations with many unknowns. The difference from the public-key algorithms of multivariate cryptography is that the system of quadratic equations is derived from the formulas for generating the public-key elements in the form of a set of vectors of m-dimensional nite non-commutative algebra with an associative vector multiplication operation. The said formulas de ne the system of n quadratic vector equations, which reduces to the system of mn quadratic equations over a nite eld. Thanks to the “natural” mechanism for the occurrence of the speci ed system, it is set above the eld, the order of which has a large size (97 and 129 bits). The used procedures for generating the public key and signature include the exponentiation operations to the degree of a large size (96 and 128 bits), which are performed over the elements of the secret (hidden) commutative group contained in the algebra. The signature is formed in the form of two elements: a randomizing natural number e and a “ tting” vector S. The signature authentication equation includes a multiple occurrence of the S element and every entry of the vector S is associated with the formation of a product that is exponentiated to a degree dependent on the value of the e element. A signi cant reduction in the size of public and secret keys and signatures has been achieved, as well as an increase in performance compared to foreign analogues, considered currently as basic algorithms for the adoption of post-quantum digital signature standards. Practical relevance: The developed two new practical post-quantum digital signature algorithms are free from the main disadvantages of known analogues and can be applied under the availability of limited computing resources.
Keywords: finite non-commutative algebra; associative algebra; computationally difficult problem; discrete logarithm; hidden commutative group; digital signature; multivariate cryptography; post-quantum cryptography.

1. Griggs K.N., Ossipova O., Kohlios C.P., Baccarini A.N., Howson E.A., Hayajneh T. Healthcare blockchain system using smart contracts for secure automated remote patient monitoring. Journal of Medical Systems. 2018, vol. 42, iss. 7, article 130. DOI: 10.1007/s10916-018-0982-x
2. Zhang G., Shen F., Liu Z., Yang Y., Wang K., Zhou M.T. Femto: Fair and energy-minimized task offloading for fog-enabled IoT networks. IEEE Internet of Things Journal. 2018, vol. 6, no. 3, pp. 4388–4400. DOI: 10.1109/JIOT.2018.2887229.
3. Xia Q., Sifah E.B., Asamoah K.O., Gao J., Du X., Guizani M. MeDShare: trust-less medical data sharing among cloud service providers via blockchain. IEEE Access. 2017, vol. 5, pp. 14757–14767. DOI: 10.1109/ACCESS.2017.2730843.
4. Yao X., Kong H., Liu H., Qiu T., Ning H. An attribute credential based public key scheme for fog computing in digital manufacturing. IEEE Transactions on Industrial Informatics. 2019, vol. 15, no. 4, pp. 2297–2307. DOI: 10.1109/TII.2019.2891079.
5. Kaur H., Alam M.A., Jameel R., Mourya A.K., Chang V. A proposed solution and future direction for blockchain-based heterogeneous
medicare data in cloud environment. Journal of Medical Systems. 2018, vol. 42, iss. 8, article 156. DOI: 10.1007/s10916-018-1007-5.
6. Shahnaz C A., Qamar U., Khalid A. Using Blockchain for Electronic Health Records. IEEE Access. 2019, vol. 7, pp. 147782–147795.
DOI: 10.1109/ACCESS.2019.2946373.
7. Galbraith S.D. and Gaudry P. Recent progress on the elliptic curve discrete logarithm problem. Designs, Codes and Cryptography. 2016,
vol. 78, no. 1, pp. 51-72. DOI: 10.1007/s10623-015-0146-7.
8. Announcing Request for Nominations for Public-Key Post-Quantum Cryptographic Algorithms. Federal Register, December 20, 2016.
Vol. 81. No. 244. P. 92787–92788. Available at: https://www.gpo.gov/fdsys/pkg/FR-2016-12-20/pdf/2016-30615.pdf (accessed
December 27, 2021).
9. Round 3 Finalists: Public-key Encryption and Key-establishment Algorithms https://csrc.nist.gov/projects/post-quantum-cryptography/
round-3-submissions (accessed December 27, 2021)
10. Moody D. NIST Status Update on the 3rd Round.2021. https://csrc.nist.gov/CSRC/media/Presentations/status-update-on-the-3rdround/images-media/session-1-moody-nist-round-3-update.pdf (accessed December 27, 2021).
11. Moldovyan D.N. Moldovyan A.A., Moldovyan N.A. A new concept for designing post-quantum digital signature algorithms on noncommutative algebras. Voprosy kiberbezopasnosti [Cibersecurity questtions]. 2022, no. 1(47), pp. 10–17.
12. Moldovyan N.A. and A.A. Moldovyan. Digital signature scheme on the 2x2 matrix algebra. Vestnik of Saint Petersburg University. Applied Mathematics. Computer Science. Control Processes. 2021, vol. 17, iss. 3, pp. 254–261. DOI: 10.21638/11701/spbu10.2021.303.
13. Moldovyan D.N. A practical digital signature scheme based on the hidden logarithm problem. Computer Science Journal of Moldova. 2021, vol 29, no. 2, pp. 206–226.
14. Shuaiting Q., Wenbao H., Yifa Li, Luyao J. Construction of Extended Multivariate Public Key Cryptosystems. International Journal of Network Security. 2016, vol. 18, no. 1, pp. 60−67.
15. Jintai D., Dieter S. Multivariable Public Key Cryptosystems (2004) https://eprint.iacr.org/2004/350.pdf (accessed December 27, 2021)
16. Ding J., Schmidt D. Rainbow, a new multivariable polynomial signature scheme. In Conference on Applied Cryptography and Network Security - ACNS 2005. Springer Lecture Notes in Computer Science. 2005, vol. 3531, pp. 164–175.
17. Moldovyan, A.A. and N.A. Moldovyan. Post-quantum signature algorithms based on the hidden discrete logarithm problem. Computer Science Journal of Moldova. 2018, vol 26, no. 3, pp. 301−313.
18. Moldovyan N.A. Unified Method for Defining Finite Associative Algebras of Arbitrary Even Dimensions. Quasigroups and Related Systems. 2018, vol. 26, no. 2, pp. 263−270.
19. Moldovyan N.A. Signature Schemes on Algebras, Satisfying Enhanced Criterion of Post-quantum Security. Bulletin of Academy of Sciences of Moldova. Mathematics. 2020, no. 2(93), pp. 62-67.
20. Rainbow Signature. One of three NIST Post-quantum Signature Finalists [on line] 2021. https://www.pqcrainbow.org/ (accessed December 27, 2021)
21. Alamelou, Q., O. Blazy, S. Cauchie, and Ph. Gaborit. A code-based group signature scheme. Designs, Codes and Cryptography. 2017, vol. 82, no. 1−2, pp, 469−493. DOI: 10.1007/s10623-016-0276-6.
22. Kosolapov Y.V., Turchenko O.Y. On the construction of a semantically secure modification of the McEliece cryptosystem. Prikl. Diskr. Mat. 2019, no. 45, pp. 33−43. DOI: 10.17223/20710410/45/4.

Research objective: development of measures to ensure cyber resilience of SCADA and WAMS under realized threats, the consequence of which is a decrease in the quality of information required in the control of the electric power system (EPS).Research methods: probabilistic methods, methods of power system reliability analysis, Markov methods.Research result. A comparative analysis of possible states of information collection, transmission, and processing systems (SCADA, WAMS) during cyberattacks on the information and communication system was carried out. SCADA and WAMS cyber resilience models were developed. On the basis of the models proposed, measures to ensure cyber resilience of information collection, transmission, and processing system were put forward
Keywords:  cyber-physical power system; resilience; information collection, processing, and transmission system; false data injection attack; DoS-attack; state estimation.

1. Kwasinski A. Modeling of Cyber-Physical Intra-Dependencies in Electric Power Grids and Their Effect on Resilience. 2020 8th Workshop on Modeling and Simulation of Cyber-Physical Energy Systems. 2020, pp. 1-6. DOI: 10.1109/MSCPES49613.2020.9133702.
2. Zang T., Gao S., Liu B., Huang T., Wang T., Wei X. Integrated Fault Propagation Model Based Vulnerability Assessment of the Electrical Cyber-Physical System under Cyber Attacks. Reliability Engineering & System Safety. 2019. DOI:10.1016/j.ress.2019.04.024.
3. Voropai N. Electric Power System Transformations: A Review of Main Prospects and Challenges. Energies. 2020, vol.13. DOI: 10.3390/en132156392.
4. Oyewole P.A., Jayaweera D. Power System Security with Cyber-Physical Power System Operation. In IEEE Access. 2020, vol. 8, pp. 179970-179982. DOI: 10.1109/ACCESS.2020.3028222.
5. Ni M., Li. M. Reliability Assessment of Cyber Physical Power System Considering Communication Failure in Monitoring Function. International Conference on Power System Technology (POWERCON). 2018, pp. 3010-3015. DOI: 10.1109/POWERCON.2018.8601964.
6. Voropai N.I., Kolosok I.N., Korkina E.S. Problemy povysheniya kiberustoichivosti tsifrovoi podstantsii // Releinaya zashchita i avtomatizatsiya. 2019. № 1(34). S. 78-83.
7. Khokhlov M.V., Gotman N.E. Robastnoe obobshchennoe otsenivanie sostoyanie EES: metod na osnove lineinogo tselochislennogo programmirovaniya // Metodicheskie voprosy issledovaniya nadezhnosti bol’shikh sistem energetiki. 2017. C. 495-504.
8. Kolosok I.N., Gurina L.A. Nechetko-veroyatnostnyi podkhod k obnaruzheniyu oshibok izmerenii pri otsenivanii sostoyaniya EES // Metodicheskie voprosy issledovaniya nadezhnosti bol’shikh sistem energetiki. 2020. C. 70-79.
9. Sourav Sinha, Neeraj Kumar Goyal, Rajib Mall. Survey of combined hardware–software reliability prediction approaches from architectural and system failure viewpoint. International Journal of System Assurance Engineering and Management. 2019, vol. 10, pp. 453-474. DOI: 10.1007/s13198-019-00811-y
10. Diptendu Sinha Roy, Cherukuri Murthy, Dusmanta Kumar Mohanta. Reliability analysis of phasor measurement unit incorporating hardware and software interaction failures. Generation Transmission & Distribution IET. 2015, vol. 9, no. 2, pp. 164-171. DOI: 10.1049/iet-gtd.2014.0115.
11. Uspenskii M.I. Sostavlyayushchie nadezhnosti informatsionnoi seti sistemy monitoringa perekhodnykh rezhimov // Metodicheskie voprosy issledovaniya nadezhnosti bol’shikh sistem energetiki. 2020. C. 370-379.
12. Kolosok I.N., Gurina L.A. Otsenka riskov upravleniya kiberfizicheskoi EES na osnove teorii nechetkikh mnozhestv // Metodicheskie voprosy issledovaniya nadezhnosti bol’shikh sistem energetiki. V 2-kh knigakh. 2019. C. 238-247.
13. A. Ashok, M. Govindarasu and J. Wang. Cyber-Physical Attack-Resilient Wide-Area Monitoring, Protection, and Control for the Power Grid. In Proceedings of the IEEE. July 2017, vol. 105, no. 7, pp. 1389-1407. DOI: 10.1109/JPROC.2017.2686394.
14. Reza Arghandeh, Alexandra von Meier, Laura Mehrmanesh, Lamine Mili On the definition of cyber-physical resilience in power systems. Renewable and Sustainable Energy Reviews, 2016, Vol. 58, pp. 1060-1069. DOI: 10.1016/j.rser.2015.12.193.
15. Craig Poulin, Michael B. Kane, Infrastructure resilience curves: Performance measures and summary metrics. Reliability Engineering & System Safety, Volume 216, 2021, 107926, ISSN 0951-8320, DOI: 10.1016/j.ress.2021.107926.
16. Yasser Almoghathawi, Kash Barker. Component importance measures for interdependent infrastructure network resilience. Computers & Industrial Engineering. 2019, Vol. 133, pp. 153-164. DOI: 10.1016/j.cie.2019.05.001.
17. Daniel A. Sepúlveda Estay, Rishikesh Sahay, Michael B. Barfod, Christian D. Jensen, A systematic review of cyber-resilience assessment frameworks. Computers & Security. 2020, vol. 97, 101996. DOI: 10.1016/j.cose.2020.101996.
18. S. Tang, Z. Liu, L. Wang. Power System Reliability Analysis Considering External and Insider Attacks on the SCADA System. 2020 IEEE/ PES Transmission and Distribution Conference and Exposition (T&D). 2020, pp. 1-5. DOI: 10.1109/TD39804.2020.9299922..
19. T. Bettmann. A Framework for Resilient Data Management for Smart Grids. 2019 IEEE International Symposium on Software Reliability Engineering Workshops (ISSREW). 2019, pp. 85-88. DOI: 10.1109/ISSREW.2019.00048.
20. Kolosok I., Gurina L. Monitoring and analysis of SCADA and WAMS data for EPS digitalization. In: E3S Web of Conferences 209. ID: 
21. Bo Chen, Jianhui Wang, Mohammad Shahidehpour. Cyber–physical perspective on smart grid design and operation. IET Cyber-Physical Systems: Theory & Applications. 2018, vol. 3, pp. 129-141. DOI: 10.1049/iet-cps.2017.0143.
22. T. Yang, H. Wang, G. Wang, H. Jiang. Interval state estimation with Limited PMU against False Data Injection Attack. 2019 IEEE Innovative Smart Grid Technologies - Asia (ISGT Asia). 2019, pp. 3669-3673. DOI: 10.1109/ISGT-Asia.2019.8881161.
23. M. Iqbal, M.A. Iqbal. Attacks due to False Data Injection in Smart Grids: Detection & Protection. 2019 1st Global Power, Energy and Communication Conference (GPECOM). 2019, pp. 451-455. DOI: 10.1109/GPECOM.2019.8778503.
24. F. Li, X. Yan, Y. Xie, Z. Sang, X. Yuan. A Review of Cyber-Attack Methods in Cyber-Physical Power System. 2019 IEEE 8th International Conference on Advanced Power System Automation and Protection (APAP). 2019, pp. 1335-1339. DOI: 10.1109/APAP47170.2019.9225126.
25. Kolosok I.N., Gurina L.A. Otsenka pokazatelei kiberustoichivosti sistem sbora i obrabotki informatsii v EES na osnove polumarkovskikh modelei // Voprosy kiberbezopasnosti. 2021, №6. S. 2-11. DOI: 10.21681/2311-3456-2021-6-2-11.

Purpose: development of an automated system for assessing current threats to the security of software of industrial automation systems based on the technology of Transformers.
Methods: comparison of the set of identified software vulnerabilities, corresponding tactics (techniques) and relevant threats to information security by assessing the semantic proximity metrics of their text descriptions using Text Mining technology based on transformers models. Practical relevance: an automated system for assessing current software security threats has been developed, which makes it possible to compare and rank information and cyber security threats for identified vulnerabilities from the FSTEC of Russia Information Security Threats Databank, to automate the selection of techniques and tactics for constructing threat scenarios. The results of the comparative analysis show that the use of this system makes it possible to simplify the procedure for selecting potential threats and comparing vulnerabilities to them, in addition, a possible set of tactics and techniques is automatically generated, which makes it possible to reduce the time spent on building scenarios for the implementation of threats.
Keywords: software vulnerabilities, information security threats, Text Mining, vector word representation, semantic similarity.

1. Bengfort B., Bilbro R., Okeda T. Prikladnoj analiz tekstovy`x danny`x na Python. Mashinnoe obuchenie i sozdanie prilozhenij obrabotki estestvennogo yazy`ka / Per. s angl. SPb: Piter, 2019. 368 p.
2. Datta P., Lodinger N., Namin S., Jones S. Cyber-Attack Consequence Prediction. In Proceedings of the 3rd Workshop on Big Data Engineering and Analytics in Cyber-Physical Systems. 9 p. Available at: https://arxiv.org/pdf/2012.00648.pdf (accessed December 27, 2021).
3. Lee Y., Shin S. Toward Semantic Assessment of Vulnerability Severity: A Text Mining Approach. In Proceedings of ACM CIKM Workshop (EYRE ̓18). Available at: https://www.CEUR-WS.org/Vol1-2482/papers.pdf (accessed December 27, 2021).
4. Noel S. Text Mining for Modeling Cyberattacks // Chapter 14 in the book: Handbook of Statistics. Elsevier B.V. (Part C: Applications and Linguistic Diversity). 2018, vol. 38, pp. 461-515. DOI: 10.1016 / bs.host.2018.06.001.
5. Doronin A.K., Lipniczkij V.A., Predskazatel`naya model` mashinnogo obucheniya dlya resheniya zadachi klassifikacii uyazvimostej komp`yuterny`x sistem // Materialy` Mezhdunar. nauchn. konf. «Informacionny`e texnologii i sistemy» [Information Technologies and Systems 2018 (ITS 2018)]. Minsk, 25 October 2018. pp 94-95.
6. Vasilyev V.I., Vulfin A.M., Kuchkarova N.V. Avtomatizaciya analiza uyazvimostej programmnogo obespecheniya na osnove texnologii Text Mining // Voprosy` kiberbezopasnosti [Cybersecurity issues], 2020, no. 4(38), pp. 22-31.
7. Vasilyev V.I., Vul`fin A.M., Kirillova A.D., Nikonov A.V. Sistema ocenki metrik opasnosti uyazvimostej na osnove texnologij semanticheskogo analiza danny`x // Vestnik UrFO. Bezopasnost` v informacionnoj sfere [Bulletin of the Ural Federal District. Security in the Information Sphere], 2021, no. 2(40), pp. 31-43.
8. Vasilyev V.I., Vulfin A.M., Kirillova A.D., Kuchkarova N.V. Metodika ocenki aktual`nny`x ugroz i uyazvimostej na osnove texnologii kognitivnogo modelirovaniya i Text Mining // Sistemy upravleniya, svyazi i bezopasnosti [Systems of Control, Communication and Security], 2021, no. 3, pp. 110-134.
9. Mikolov T., Chen K., Corrado G., Dean J. Efficient Estimation of Word Representation in Vector Space // arXiv, 2013. Available at: https://arxiv.org/abs/1301.3781/ (accessed 27 December 2021).
10. Nikolenko S., Kadurin A., Arxangel`skaya E. Glubokoe obuchenie: Pogruzhenie v mir nejronny`x setej. – SPb.: Piter. pp. 219-480.
11. Vaswani A., Shazeer N. Parmar N., et al. Attantion is All You Need // arXiv, 2017. Available at: https://arxiv.org/abs/1706.03762 (accessed December 27, 2021).
12. Kuratov Yu.M. Specializaciya yazy`kovy`x modelej dlya primeneniya k zadacham obrabotki estestvennogo yazy`ka / Diss. k.f.-m.n. po specz-ti 05.13.17. – M.: MFTI, 2020. 121 p.
13. Sank V., Debut L., Chaumond J., Wolf Th. Distil BERT, a distilled verstion of BERT: smaller, faster, cheaper and lighter // arXiv:1910.01108 v4. Available at: https://arxiv.org/abs/1910.01108 (accessed December 27, 2021).
14. Kuratov Yu., Arkhipov M. Adaptation оf Deep Bidirectional Multilingual Transformers for Russian Language // arXiv, 2019. Available at: https://arxiv.org/pdf/1905.07213.pdf (accessed December 27, 2021).
15. Kanakogi K. et al. Tracing CVE Vulnerability Information to CAPEC Attack Patterns Using Natural Language Processing Techniques // Information, 2021, vol. 12, no. 8, pp. 298.
16. Kanakogi K. et al. Tracing CAPEC Attack Patterns from CVE Vulnerability Information using Natural Language Processing Technique. In Proceedings of the 54th Hawaii International Conference on System Sciences. 2021, pp. 6996.
17. Sakhovskiy A. et al. RuSimpleSentEval-2021 shared task: evaluating sentence simplification for Russian //Proceedings of the International Conference “Dialogue. – 2021. – С. 607-617.
18. Mendsaikhan O. et al. Identification of cybersecurity specific content using the Doc2Vec language model // 2019 IEEE 43rd Annual Computer Software and Applications Conference (COMPSAC). IEEE, 2019, vol. 1, pp. 396-401.
19. Kim D. et al. Multi-co-training for document classification using various document representations: TF–IDF, LDA, and Doc2Vec // Information Sciences. – 2019. – Т. 477. – С. 15-29.
20. Li J., Zhang H., Wei Z. The weighted word2vec paragraph vectors for anomaly detection over HTTP traffic // IEEE Access, 2020, vol. 8, pp. 141787-141798.
21. Shahid M.R., Debar H. CVSS- BERT: Explainable Natural Language Processing to Determine the Severity of a Computer Security Vulnerability from its Description //arXiv:2011.08510v1 [cs.CL] 16 Nov 2021. 

The purpose of the study: to improve security of signi cant objects of critical information infrastructure in conditions of destructive information impact, implemented in the form of advanced persistent threat (APT).Methods: comparative analysis of destructive information impact within the framework of a systematic approach; Markov theory of evolutionary processes; synergetics.Results: the authors carried out analysis of APT properties and their impact on objects of critical information infrastructure. To identify APTs, the use of a combination of various detection methods with the priority of heuristic analysis is substantiated. A scheme has been developed for the implementation of the method for assessing the state of an object of a critical information infrastructure based on a modi ed Markov-parametric model with a system for detecting computer attacks integrated into its structure. The preliminary assessment of computer attacks danger level as well as development of recommendations for their neutralization simultaneously with conducting the assessment of the properties and characteristics of destructive information impact are proposed.
Keywords: destructive information impact, APT, Markov parameterized model, state assessment, object of critical
information infrastructure.

1. Gos’kova D.A., Massel’ A.G. Tekhnologiya analiza kiberugroz i ocenka riskov kiberbezopasnosti kriticheskoj infrastruktury // Voprosy kiberbezopasnosti [Cybersecurity issues]. 2019. №2. S. 42-49. DOI:10.21681/2311-3456-2019-2-42-49
2. Skryl’ S.V., Gajfulin V.V., Domrachev D.V., Sychev V.M., Grachyova YU.V. Aktual’nye voprosy problematiki ocenki ugroz komp’yuternyh atak na informacionnye resursy znachimyh ob”ektov kriticheskoj informacionnoj infrastruktury // Bezopasnost’ informacionnyh tekhnologij. 2021. T. 28. № 1. S. 84-94. DOI: 10.26583/bit.2021.1.07
3. Grachkov I.A. Informacionnaya bezopasnost’ ASU TP: vozmozhnye vektora ataki i metody zashchity // Bezopasnost’ informacionnyh tekhnologij. 2018. T. 25. № 1. S. 90-98.
4. Kondakov S.E., Rud’ I.S. Model’ processa provedeniya komp’yuternyh atak s ispol’zovaniem special’nyh informacionnyh vozdejstvij // Voprosy kiberbezopasnosti [Cybersecurity issues]. 2021. №5. S. 12-20. DOI: 10.21681/2311-3456-2021-5-12-20.
5. Tanygin M.O, Budnikova YU.A., BulgakovA.S., Marchenko M.A. Model’ ocenki ushcherba ot incidentov informacionnoj bezopasnosti. // Bezopasnost’ informacionnyh tekhnologij. 2021. № 2. str. 98-106.
6. Vasil’ev V.I., Kirillova A.D, Vul’fin A.M. Kognitivnoe modelirovanie vektora kiberatak na osnove metashablonov Sapec // Voprosy kiberbezopasnosti [Cybersecurity issues]. 2021. № 2. S. 2-16. DOI: 10.21681/2311-3456-2021-2-2-16.
7. Krasnov A.E., Mosolov A.S., Feoktistova N.A. Ocenivanie ustojchivosti kriticheskih informacionnyh infrastruktur k ugrozam informacionnoj bezopasnosti // Bezopasnost’ informacionnyh tekhnologij. 2021. T. 28. № 1.S. 106-120. DOI: 10.26583/bit.2021.1.09.
8. Maksimova E.A. Kognitivnoe modelirovanie destruktivnyh zloumyshlennyh vozdejstvij na ob”ektah kriticheskoj informacionnoj infrastruktury // Trudy uchebnyh zavedenij svyazi. 2020. T. 6. № 4. S. 91-103. DOI:10.31854/1813-324X-2020-6-4-91-103.
9. Ostrejkovskij V.A., Lysenkova S.A. Koncepciya sovremennyh podhodov k urovnyam opisaniya processov stareniya strukturno i funkcional’no slozhnyh kriticheski vazhnyh sistem s dlitel’nymi srokami aktivnogo sushchestvovaniya // Nadezhnost’ i kachestvo slozhnyh sistem. 2021. № 3. S. 5-12. DOI: 10.21685/2307-4205-2021-3-1.
10. Kubarev A.V., Lapsar’ A.P., Fedorova YA.V. Povyshenie bezopasnosti ekspluatacii znachimyh ob”ektov kriticheskoj infrastruktury s ispol’zovaniem parametricheskih modelej evolyucii // Voprosy kiberbezopasnosti [Cybersecurity issues]. 2020. № 1. S. 8-17. DOI:10.21681/2311-3456-2020-1-8-17.
11. Voronin E.A., Dar’ina A.N., Diveev A.I., Prokop’ev I.V., YUrkov N.K. U istokov teorii nadezhnosti slozhnyh sistem // Nadezhnost’ i kachestvo slozhnyh sistem. № 1. 2020. S. 3-4.
12. Kubarev A.V., Lapsar’ A.P., Asyutikov A.A. Sintez modeli ob”ekta kriticheskoj informacionnoj infrastruktury dlya bezopasnogo funkcionirovaniya tekhnicheskoj sistemy v usloviyah destruktivnogo informacionnogo vozdejstviya // Voprosy kiberbezopasnosti [Cybersecurity issues]. 2020. №6. S. 48-56. DOI: 10.681/2311-3456-2020-6-48-56.
13. Bachmanov D. A. Issledovanie voprosov sovershenstvovaniya sistem zashchity ot DDos-atak na osnove kompleksnogo analiza sovremennyh mekhanizmov protivodejstviya / Bachmanov D. A., Ochered’ko A. R., Putyato M. M., Makaryan A. S. // Prikaspijskij zhurnal: upravlenie i vysokie tekhnologii. – 2021. – №1. – S. 63-74.
14. Podkopaev A.V., Podkopaev I.A. Centralizovannyj adaptivnyj algoritm ocenki bezotkaznosti slozhnyh tekhnicheskih sistem razlichnoj entropii // Nadezhnost’ i kachestvo slozhnyh sistem. № 1. 2020. S. 49-56. DOI: 10.21685/2307-4205-2020-1-6.
15. Orlova D.E. Kompleks programm dlya resheniya zadach modelirovaniya, optimizacii i ocenki ustojchivosti kompleksnoj bezopasnosti ob”ektov kriticheskogo primeneniya // Modelirovanie, optimizaciya i informacionnye tekhnologii. 2020. T. 8. № 1. S. 43-44. DOI: 10.26102/2310-6018/2020.28.1.036
16. Andryuhin E.V., Ridli M.K., Pravikov D.I., Prognozirovanie sboev i otkazov v raspredelennyh sistemah upravleniya na osnove modelej prognozirovaniya vremennyh ryadov // Voprosy kiberbezopasnosti [Cybersecurity issues]. 2019. № 3. S. 24-32. DOI:10.21681/2311-3456-2019-3-24-32.
17. Lifshic I.I., Fatkieva R.R. Model’ integrirovannoj sistemy menedzhmenta dlya obespecheniya bezopasnosti slozhnyh ob”ektov // Voprosy kiberbezopasnosti [Cybersecurity issues]. 2018. №1. S. 64-71. DOI:10.21681/2311-3456-2018-1-64-71.
18. Pankin A.M. Osnovnye voprosy metodologii diagnostirovaniya slozhnyh tekhnicheskih ob”ektov // Nadezhnost’ i kachestvo slozhnyh sistem. № 2. 2021. S. 62-69. DOI: 10.21685/2307-4205-2021-2-6.
19. Severcev N.A., Dar’ina A.N. Primenenie kriteriev podobiya pri resursnoj otrabotke slozhnyh tekhnicheskih sistem i izdelij // Nadezhnost’ i kachestvo slozhnyh sistem. № 4. 2020. S. 5-14. DOI: 10.21685/2307-4205-2020-4-1.
20. Lavrova D.S., Zegzhda D.P., Zajceva E.A Modelirovanie setevoj infrastruktury slozhnyh ob”ektov dlya resheniya zadachi protivodejstviya kiberatakam // Voprosy kiberbezopasnosti [Cybersecurity issues]. 2019. №2. S. 13-20. DOI: 10.21681/2311-3456-2019-2-13-20.
21. Salkucan A.A., Gavdan G.P., Poluyanov A.A. Metodika opredeleniya kriticheskih processov na ob”ektah informacionnoj infrastruktury // Bezopasnost’ informacionnyh tekhnologij. 2020. T. 27. № 2. S. 18-34. DOI: 10.26583/bit.2020.2.02.
22. Grishko A.K., Lysenko A.V., Moiseev S.A. Prognozirovanie i optimizaciya upravleniya processov proektirovaniya slozhnyh tekhnicheskih sistem v masshtabe real’nogo vremeni // Nadezhnost’ i kachestvo slozhnyh sistem. № 1. 2018. S. 40-45. DOI: 10.21685/2307-4205-2018-1-5.
23. Severcev N.A., Beckov A.V., Dar’ina A.N. Metody i modeli sozdaniya avtomatizirovannyh sredstv kontrolya dlya povysheniya bezopasnosti funkcionirovaniya tekhnicheskih sistem // Nadezhnost’ i kachestvo slozhnyh sistem. № 2. 2019. S. 19-26. DOI: 10.21685/2307-4205-2019-2-3.

Keywords: malware, hypervisors, correct functioning profile, rootkit mechanisms, hardware virtualization technologies.

1. Mihalevich I. F. Trebovanija, principy, praktika sozdanija otechestvennyh apparatno-programmnyh platform dlja avtomatizirovannyh
sistem v zashhishhennom ispolnenii kriticheskoj informacionnoj infrastruktury Rossijskoj Federacii. // Intellektual’nye sistemy. Teorija
i prilozhenija. – 2018. – T.22. Vyp.4. S.11–30.
2. Borisov, A.L. Analiz podhoda k sozdaniju doverennyh programmno-apparatnyh platform dlja organov gosudarstvennogo upravlenija,
silovyh ministerstv i vedomstv / A.L. Borisov, Ju.V. Sosnin, A.L. Oruzhejnikov // Ohrana, bezopasnost’, svjaz’. – 2016. – № 1-2. – S.
61-65.
3. Botacin, Marcus & De Geus, Paulo & Grégio, André. (2019). “VANILLA” malware: vanishing antiviruses by interleaving layers and layers of
attacks. Journal of Computer Virology and Hacking Techniques. 15. 10.1007/s11416-019-00333-y (data obrashhenija: 30.09.2021).
4. Saharov D.V., Kovcur M.M., Bahtin D.V. Model’ zashhity ot jeksplojtov i rutkitov s posledujushhim analizom i ocenkoj incidentov //
Naukoemkie tehnologii v kosmicheskih issledovanijah Zemli. 2019. T. 11. № 5. S. 22–31. doi: 10.24411/2409-5419-2018-10284.
5. Botacin, Marcus & De Geus, Paulo & Grégio, André. Who Watches the Watchmen: A Security-focused Review on Current State-of-theart Techniques, Tools, and Methods for Systems and Binary Analysis on Modern Platforms. //ACM Computing SurveysVolume 51 Issue
4 September 2018. Article No.: 69 pp 1–34. URL: https://dl.acm.org/doi/abs/10.1145/3199673 (data obrashhenija: 30.09.2021).
6. A Survey of Stealth Malware Attacks, Mitigation Measures, and Steps Toward Autonomous Open World Solutions. Ethan M. Rudd,
Andras Rozsa, Manuel Günther, and Terrance E. Boul. URL: https://arxiv.org/pdf/1603.06028.pdf. (data obrashhenija: 30.09.2021).
7. O.L. Fraser, N. Zincir-Heywood, M. Heywood, and J.T. Jacobs. Return-oriented programme evolution with ROPER: a proof of concept. In
Proc. of the Genetic and Evolutionary Computation Conference Companion, 2017, pp. 1447–1454.
8. N.R. Weidler, D. Brown, S.A. Mitchell, J. Anderson, J.R. Williams, A. Costley, C. Kunz, C. Wilkinson, R. Wehbe, and R. Gerdes. Return-oriented programming on a resource constrained device. Sustainable Computing: Informatics and Systems, vol. 22, 2019, pp. 244-256.
9. Countering Persistent Kernel Rootkits Through Systematic Hook Discovery. /Zhi Wang, Xuxian Jiang, Weidong Cui, Xinyuan Wang. // North Carolina State University Microsoft Research George Mason University. URL: https://www.csc2.ncsu.edu/faculty/xjiang4/pubs/
RAID08_HookMap.pdf (data obrashhenija 24.09.2021).
10. Vishnjakov A.V., Nurmuhametov A.R. Obzor metodov avtomatizirovannoj generacii jeksplojtov povtornogo ispol’zovanija koda. Trudy ISP RAN, tom 31, vyp. 6, 2019 g., str. 99–124.
11. Gabor Pek. New Methods for Detecting Malware Infections and New Attacks against Hardware Virtualization Ph.D. Dissertation URL: https://repozitorium.omikk.bme.hu/bitstream/handle/10890/1409/ertekezes.pdf (data obrashhenija 23.09.2021).
12. Fursova N.I. Metody monitoringa ob#ektov operacionnoj sistemy, vypolnjajushhejsja v virtual’noj mashine. Dissertacija na soiskanie uchjonoj stepeni kandidata tehnicheskih nauk. Velikij Novgorod — 2017. 120 s.
13. William Augusto Rodrigues de Souza. On Using the System Management Mode for Security Purposes. Department of Mathematics Royal Holloway, University of London. URL: https://pure.royalholloway.ac.uk/portal/files/28250097/Thesis.pdf (data obrashhenija 23.09.2021).
14. Zhang, Fengwei & Leach, Kevin & Stavrou, Angelos & Wang, Haining & Sun, Kun. (2015). Using Hardware Features for Increased Debugging Transparency. 2015. 55-69. 10.1109/SP.2015.11.
15. Botacin M. F., Hardware-assisted malware analysis / Marcus Felipe Botacin. – Campinas, SP: [s.n.], 2017. URL: https://www.lasca.ic.unicamp.br/paulo/teses/20170728-MSc-Marcus.Felipe.Botacin-Hardware.Assisted.Malware.Analysis.pdf (data obrashhenija 23.09.2021).
16. E. J. Schwartz, T. Avgerinos, and D. Brumley. All you ever wanted to know about dynamic taint analysis and forward symbolic execution (but might have been afraid to ask). In Proc. of the IEEE Symposium on Security and Privacy, 2019, pp. 317– 331.
17. Malware Dynamic Analysis Evasion Techniques: A Survey Amir Aanian, Salman Niksefat, Babak Sadeghiyan, and David Baptiste. URL:https://www.researchgate.net/publication/328758559_Malware_Dynamic_Analysis_Evasion_Techniques_A_Survey (data obrashhenija 24.09.2021).
18. Zhukov, A. E. Modeli vypolnenija processornyh instrukcij v uslovijah protivodejstvija so storony narushitelja dlja komp’juternyh sistem s podderzhkoj tehnologii apparatnoj virtualizacii / A. E. Zhukov, I. Ju. Korkin, B. M. Suhinin // Bezopasnost’ informacionnyh tehnologij. – 2012. – T. 19. – № 2. – S. 85-89.
19. Vel’der S.Je., Lukin M. A., Shalyto A. A., Jaminov B. R. Verifikacija avtomatnyh programm. SPb: Nauka, 2011. 244 s.
20. Tvardovskij A.S., Laputenko A.V. O vozmozhnostjah avtomatnogo opisanija parallel’noj kompozicii vremennyh avtomatov // Trudy Instituta sistemnogo programmirovanija RAN. 2018; 30(1):25-40. – URL: https://doi.org/10.15514/ISPRAS-2018-30(1)-2 (data obrashhenija 24.09.2021).
21. Bykovskij S.V. Metod vstroennoj dinamicheskoj aktualizacii funkcional’nyh modelej sistem na kristalle // Izvestija vysshih uchebnyh zavedenij. Priborostroenie. 2015. T. 58, № 3. S. 197-202.
22. Belous, A. Doverennaja JeKB dlja doverennyh apparatno-programmnyh platform: problemy i puti reshenija. Chast’ 1 // Jelektronika: Nauka, tehnologija, biznes. – 2021. – № 3(204). – S. 98-104. – DOI 10.22184/1992-4178.2021.204.3.98.104.
23. Unvelling the kernel: rootkit discovery using select automated kernel memory differencing. A. Zaki, Benjamin Humphrey Sophos, UK. URL: https://www.virusbulletin.com/uploads/pdf/conference/vb2014/VB2014-ZakiHumphrey.pdf (data obrashhenija 24.09.2021).

The purpose of the article: development of the method for detecting anomalous behavior of users of data centers based on the use of arti cial neural networks.Research method: theoretical and system analysis of open data sources for detecting SQL queries and creating arti cial neural networks, development and software implementation of a method for detecting anomalous behavior of data center users using arti cial neural networks, experimental evaluation of the developed method.The result obtained: an approach to detecting anomalous behavior of users of data centers is proposed, based on the introduction of an analytical block containing a module of arti cial neural networks into the protection system. The structure of an arti cial neural network is proposed in the form of seven sequentially connected neural layers of a xed dimension with different activation functions. The procedure for generating a data set for training a neural network based on a set of database log records is described. Examples of the implementation and experimental evaluation of the proposed method are given, con rming its effectiveness and high ef ciency.The area of use of the proposed approach is anomaly and cyberattack detection components designed to improve the ef ciency of information security monitoring and management systems.
Keywords: cyber security, data center, anomaly detection, artificial neural network, analytical unit.

1. Kozhankov V.N., Ivanov I.I., Bondarenko E.Yu., Moiseev A.S. Analysis of the regulatory legal framework in the field of creation and operation of data processing centers // Information security is an urgent problem of our time. Improving educational technologies for training specialists in the field of information security. 2021. Vol. 1. No. 1(14). P. 122-125 (in Russian).
2. Kasenova D.A. The need to ensure information security of the data center // Modern Science. 2021. No. 10-1. P. 436-439 (in Russian).
3. Legislative, legal, organizational and technical support of information security of automated systems and information and computer networks. Kotenko I.V., Kotukhov M.M., Markov A.S., et al. Edited by I.V. Kotenko / St. Petersburg, 2000. 190 p. (in Russian).
4. Kotenko I.V., Polubelova O.V., Saenko I.B., Chechulin A.A. Application of ontologies and inference for managing security information and events // High availability systems, Vol.8, No. 2, 2012. P. 100-108 (in Russian).
5. Kotenko I., Stepashkin M. Network Security Evaluation based on Simulation of Malefactor’s Behavior // Proceedings. International Conference on Security and Cryptography, SECRYPT 2006. Polytechnic Institute of Setubal. Setubal, 2006. P. 339-344.
6. Gaydyshev I.P. Assessment of the quality of binary classifiers // Bulletin of the Omsk University. 2016. No. 1(79). P. 14-17 (in Russian).
7. Kurt M.N., Yilmaz Y., Wang X. Sequential Model-Free Anomaly Detection for Big Data Streams // 2019 57th Annual Allerton Conference on Communication, Control, and Computing (Allerton), 2019, pp. 421-425, doi: 10.1109/ALLERTON.2019.8919759.
8. Ramapatruni S., Narayanan S.N., Mittal S., Joshi A., Joshi K. Anomaly Detection Models for Smart Home Security // 2019 IEEE 5th Intl Conference on Big Data Security on Cloud (BigDataSecurity), IEEE Intl Conference on High Performance and Smart Computing, (HPSC) and IEEE Intl Conference on Intelligent Data and Security (IDS). 2019. Pp. 19-24. DOI: 10.1109/BigDataSecurity-HPSCIDS.2019.00015.
9. Wang E., Song Y., Xu S., Guo J., Qu P., Pang T. A detection model for anomaly on ADS-B data // 2020 15th IEEE Conference on Industrial Electronics and Applications (ICIEA). 2020. Pp. 990-994. DOI: 10.1109/ICIEA48937.2020.9248249.
10. Tryasuchkin V.A., Sintseva M.M. Investigation of optimization of hyperparameters of the k-nearest neighbors’ algorithm // Bulletin of the Penza State University. 2019. No. 2 (26). P. 63-68 (in Russian).
11. Kharitonov S.P. The “nearest neighbor” method for the mathematical evaluation of the distribution of biological objects on a plane and on a line // Bulletin of the Nizhny Novgorod University named N.I. Lobachevsky. Series: Biology. 2005. No. 1. P. 213-221 (in Russian).
12. Bogdanov A.I. Statistical tests of the stability of mathematical forecasting models // Bulletin of the St. Petersburg State University of Technology and Design. Series 1: Natural and technical sciences. 2019. No. 4. P. 9-13 (in Russian).
13. Baranov V.A., Konyshev M.Yu., Privalov A.A., Shestakov A.V. Verification of cryptographic algorithms based on the use of the method of simulation of binary random sequences with given statistical properties // Science-intensive technologies in space research of the Earth. 2019. Vol. 11. No. 6. P. 45-52. DOI: 10.24411/2409-5419-2018-10294 (in Russian).
14. Pekunov V.V. Induction of rules for transforming a natural language problem statement into a semantic model for generating a solver // Program Systems and Computational Methods. 2020. No. 3. P. 29-39. DOI: 10.7256/2454-0714.2020.3.33789 (in Russian).
15. Burkova E.V., Izvekova L.A. Application of the data clustering method for solving the problem of information security risk assessment // National Security and Strategic Planning. 2019. No. 2 (26). P. 81-86 (in Russian).
16. Astapov V.N. Ellipsoid Estimation of Linear Regression Parameters under Constraints on the Vector of Input Functions // International Journal of Applied and Fundamental Research. 2018. No. 10. P. 9-15 (in Russian).
17. Kulikov A.L., Bezdushny D.I., Sharygin M.V., Osokin V.Yu. Analysis of the application of the support vector machine in multidimensional relay protection. Proceedings of the Russian Academy of Sciences. Energy. 2020. No. 2. P. 123-132 (in Russian).
18. Yin A., Zhang C. BOFE: Anomaly Detection in Linear Time Based on Feature Estimation // 2018 IEEE International Conference on Data Mining Workshops (ICDMW). 2018. Pp. 1128-1133. DOI: 10.1109/ICDMW.2018.00162.
19. Pratap U., Canudas-de-Wit C., Garin F. Average state estimation in presence of outliers // 2020 59th IEEE Conference on Decision and Control (CDC). 2020. Pp. 6058-6063. DOI: 10.1109/CDC42340.2020.9303809.
20. Smirnova E.V., Abacharaeva E.R. Modern Threats of Virus Attacks on Computer Networks and Criteria for Their Evaluation // Engineering and Information Systems Technologies. 2020. No. 3. P. 3-12 (in Russian).
21. Telnov V.P. Contextual search as a technology for extracting knowledge on the Internet // Program engineering. 2017. Vol. 8. No. 1. З. 26-37. DOI: 10.17587/prin.8.26-37 (in Russian).
22. Stadnik A.N., Alpeev E.V., Skryl S.V. Methodology for the formation of a classification base for computer attacks based on the use of intelligent analysis of computer attack signatures. Questions of defense technology. Series 16: Technical means of countering terrorism. 2021. No. 3-4 (153-154). P. 108-116 (in Russian).
23. Li D., Qiao Z., Song T., Jin Q. Adaptive Natural Policy Gradient in Reinforcement Learning // 2018 IEEE 7th Data Driven Control and Learning Systems Conference (DDCLS). 2018. Pp. 605-610. DOI: 10.1109/DDCLS.2018.8515994.