№ 4 (56)

Content of 4th issue of magazine «Voprosy kiberbezopasnosti» at 2023:

Title Pages
MACHINE LEARNING METHODS FOR CONTROL OF CRYPTOCURRENCY TRANSACTIONS / V. G. Feklin, V. I. Soloviev, S. A. Korchagin, A. V. Tsaregorodtsev // Cybersecurity issues. – 2023. – № 4(56). – С. 2-11. – DOI: 10.21681/2311-3456-2023-4-2-11.

Abstract
The purpose of the work: to develop a methodology for controlling the circulation of digital financial assets, other digital rights and digital currency to combat corruption based on the analysis of cryptocurrency transactions. Research methods: methods of analysis, comparison, generalization, structural decomposition from the theory of system analysis, machine learning methods. Result obtained: an analysis of the technological possibilities of controlling the circulation of digital financial assets, other digital rights, digital currency was carried out. A new method for controlling the circulation of digital financial assets, other digital rights and digital currency to combat corruption is proposed based on the analysis of cryptocurrency transactions using machine learning methods. A comparison and evaluation of the accuracy of various machine learning methods was carried out: logistic regression, random forest, ensemble methods. A software prototype has been developed that allows for intellectual analysis and control of cryptocurrency transactions. Scientific novelty: a new method for analysing control over the circulation of digital financial assets, other digital rights and digital currency to combat corruption based on the analysis of cryptocurrency transactions, based on big data processing technologies and machine learning methods, is proposed. Contribution of co-authors: Feklin V.G. - analysis of technological capabilities to control the circulation of digital financial assets, other digital rights, digital currency, development of algorithms; Solovyov V.G. - development of a method for controlling the circulation of digital financial assets, general project management; Korchagin S.A. - preparation and analysis of data, software implementation of methods for intellectual analysis and control of cryptocurrency transactions; Tsaregorodtsev A.V. - development of a methodology for analysis of cryptocurrency transactions.
Keywords: digital assets, cryptocurrency transactions, intelligent system, machine learning methods.
References
1. Tatoyan A. A. Ekonomiko-pravovaya priroda cifrovyh finansovyh aktivov //Obrazovanie i pravo. – 2022. – №. 1. – S. 107-111.
2. Soroka E. YU. Pravovaya priroda cifrovyh finansovyh aktivov v zakonodatel’stve Rossijskoj Federacii //Voprosy rossijskogo i mezhdunarodnogo prava. – 2021. – T. 11. – №. 9-1. – S. 84.
3. Shestak V., Kiseleva A., Kolesnikov Y. Taxation Issues for Digital Financial Assets //Social Science Computer Review. – 2021. – С. 08944393211003919.
4. Soloviev V.I., Kontorovich V.K., Feklin V. G. O vozmozhnosti osushchestvleniya kontrolya za oborotom cifrovyh finansovyh aktivov // problemy ekonomiki i yuridicheskoj praktiki Uchrediteli: OOO “Izdatel’skij dom” YUr-VAK”. – 2022. – T. 18. – №. 5. – S. 242-247.
5. Simakov A. A., Neelov V. V. Skhemy prestuplenij s ispol’zovaniem kriptovalyuty //Zakon i pravo. – 2020. – №. 5. – S. 106-109.
6. Bartoletti M. et al. Cryptocurrency scams: analysis and perspectives //Ieee Access. – 2021. – Т. 9. – С. 148353-148373.
7. Tsaregorodtsev A.V., Romanovsky S.V., Volkov S.D., Samoilov V.E. Upravlenie riskami informatcionnoi bezopasnosti tsifrovih produktov finansovoi ekosistemy organizatsii //Modelirovanie, optimizatsiya i informatsionnie tekhnologii. – 2020. – Т. 8. – №. 4(31). – Dostupno po: https://moitvivt.ru/ru/journal/pdf?id=888 DOI:10.26102/2310- 6018/2020.31.4.038.
8. Soloviev V. I., Kontorovich V. K., Feklin V. G., Lavrov D. A. Kontrol’ za soversheniem pravonarushenij v sfere kriptovalyut / // RISK: Resursy, Informaciya, Snabzhenie, Konkurenciya. – 2022. – № 4. – S. 156-160.
9. Mackenzie S. Criminology towards the metaverse: Cryptocurrency scams, grey economy and the technosocial //The British Journal of Criminology. – 2022. – Т. 62. – №. 6. – С. 1537-1552.
10. Pelisova I. P. Ispol’zovanie kriptovalyuty pri sovershenii prestuplenij, predusmotrennyh stat’yami 174-175 UK RF //Sovremennye zakonomernosti i tendencii razvitiya nauk kriminal’nogo cikla. – 2020. – S. 161-163.
11. Kim D., Bilgin M. H., Ryu D. Are suspicious activity reporting requirements for cryptocurrency exchanges effective? //Financial Innovation. – 2021. – Т. 7. – №. 1. – С. 1-17.
12. Roberts H. et al. Media cloud: Massive open source collection of global news on the open web //Proceedings of the International AAAI Conference on Web and Social Media. – 2021. – Т. 15. – С. 1034-1045.
13. Gasser R. et al. Cottontail DB: an open source database system for multimedia retrieval and analysis //Proceedings of the 28th ACM International Conference on Multimedia. – 2020. – С. 4465-4468.
14. Soloviev V.I., Fedotkina O.P., Feklin V.G., Korovin D.I. Tekhnologicheskie vozmozhnosti kontrolya za oborotom cifrovyh finansovyh aktivov
/ // Sovremennaya nauka: aktual’nye problemy teorii i praktiki. Seriya: Ekonomika i pravo. – 2022. – № 11. – S. 87-93.
15. Garipov R. I., Maksimova N. N. Analiz metodicheskih podhodov k ocenke effektivnosti blokchejna //Upravlenie v sovremennyh sistemah. – 2020. – №. 1 (25). – S. 13-17.
16. Nikitin P. V. i dr. Raspoznavanie emocij po audio signalam kak odin iz sposobov bor’by s telefonnym moshennichestvom // Programmnye sistemy i vychislitel’nye metody. – 2022. – №. 3. – S. 1-13.
17. Velasco C. Cybercrime and Artificial Intelligence. An overview of the work of international organizations on criminal justice and the international applicable instruments //ERA Forum. – Berlin/Heidelberg: Springer Berlin Heidelberg, 2022. – Т. 23. – №. 1. – С. 109-126.
18. Jung E. et al. Data mining-based ethereum fraud detection //2019 IEEE International Conference on Blockchain (Blockchain). – IEEE, 2019. – С. 266-273.
19. Wu J. et al. Who are the phishers? phishing scam detection on ethereum via network embedding //IEEE Transactions on Systems, Man, and Cybernetics: Systems. – 2020. – Т. 52. – №. 2. – С. 1156-1166.
20. Chen L. et al. Phishing scams detection in ethereum transaction network //ACM Transactions on Internet Technology (TOIT). – 2020. – Т. 21. – №. 1. – С. 1-16.
21. Senaviratna N., A Cooray T. M. J. Diagnosing multicollinearity of logistic regression model //Asian Journal of Probability and Statistics. – 2019. – Т. 5. – №. 2. – С. 1-9.
22. Kamps J., Trozze A., Kleinberg B. Cryptocurrencies: Boons and curses for fraud prevention //A Fresh Look at Fraud. – Routledge, 2022. – С. 192-219.
23. Andriyanov N. A., Dement’ev V. E., Tashlinskij A. G. Obnaruzhenie ob”ektov na izobrazhenii: ot kriteriev Bajesa i Nejmana–Pirsona k detektoram na baze nejronnyh setej EfficientDet //Komp’yuternaya optika. – 2022. – T. 46. – №. 1. – S. 139-159.23. Chen T. et al.  Xgboost: extreme gradient boosting //R package version 0.4-2. – 2015. – Т. 1. – №. 4. – С. 1-4.
24. Chen T. et al. Xgboost: extreme gradient boosting //R package version 0.4-2. – 2015. – Т. 1. – №. 4. – С. 1-4.
25. Carvalho D. V., Pereira E. M., Cardoso J. S. Machine learning interpretability: A survey on methods and metrics //Electronics. – 2019. – Т. 8. – №. 8. – С. 832.
26. Soleymani R., Granger E., Fumera G. F-measure curves: A tool to visualize classifier performance under imbalance //Pattern Recognition. – 2020. – Т. 100. – С. 107146.
27. Petritoli E., Leccese F., Spagnolo G. S. Inertial Navigation Systems (INS) for Drones: Position Errors Model //2020 IEEE 7th International Workshop on Metrology for AeroSpace (MetroAeroSpace). – IEEE, 2020. – С. 500-504.
28. Childs A. M. et al. Theory of trotter error with commutator scaling //Physical Review X. – 2021. – Т. 11. – №. 1. – С. 011020
2-11
Nashivochnikov, N. V. IDENTIFICATION OF DEVIATIONS IN BEHAVIORAL PATTERNS OF USERS OF CORPORATE INFORMATION RESOURCES USING TOPOLOGICAL FEATURES / N. V. Nashivochnikov // Cybersecurity issues. – 2023. – № 4(56). – С. 12-22. – DOI: 10.21681/2311-3456-2023-4-12-22.

Abstract
Purpose of the article: The paper examines the application of topological data analysis to identify and classify patterns of user behavior of corporate information resources in cybersecurity tasks.
Method: the study is based on mathematical concepts of the theory of persistence homologies (simplex complexes, persistence diagrams, filtering functions, topological descriptors), theoretical models of metric spaces.
Result: A formalized definition of topological features is given, properties and relation of Betti curves with persistence diagrams and other known topological descriptors used in topological data analysis are disclosed. The results of practical testing on the time-series data presented in the monitoring system of corporate network users’ work with corporate information resources, confirm that the use of positively defined step functions to construct Betti curves provides an acceptable computational complexity of the procedures required to identify and classify user behavioral patterns. The approach proposed based on topological descriptors and modified desirability functions Harrington functions allows to reliably capture user activity deviation from a typical behavioral pattern, potentially constituting a security incident. Scientific novelty: is the application of topological data analysis using Betti curves to identify and classify user behavior patterns of corporate information resources.
Keywords:  cybersecurity, UEBA, topological data analysis, Betti curves, time series.
References
1. Kashirina I.L., Demchenko M.V. Issledovanie i sravnitel’nyj analiz metodov optimizacii, ispol’zuemyh pri obuchenii nejronnyh sistem//Vestnik VGU, Serija: sistemnyj analiz i informacionnye tehnologii. 2018. № 4. S.123-132. DOI: https://doi.org/10.17308/sait.2018.4/1262.
2. Sadowski G., Litan A., Bussa T., Phillips T. Market Guide for User and Entity Behavior Analytics. Published: 23 April 2018. ID: G00349450. Gartner. 2018.
3. V’jugin V.V. Matematicheskie osnovy mashinnogo obuchenija i prognozirovanija. – M.: MCMNO. 2018. – 484 s.
4. Chazal F., Michel B. An introduction to Topological Data Analysis: fundamental and practical aspects for data scientists. arXiv:1710.04019v2 [math.ST]. 2021. URL: https://arxiv.org/pdf/1710.04019.pdf. DOI: https://doi.org/10.48550/arXiv.1710.04019.
5. Murugan J., D. Robertson. An introduction to Topological Data Analysis for Physicists: From LGM to FRBs. arXiv:1904.11044v1. 2019. URL: https://arxiv.org/pdf/1904.11044.pdf. DOI: https://doi.org/10.48550/arXiv.1904.11044.
6. Orlov G.M., Ignat’eva O.A., Vasin A.G., Nizomutdinov B.A. Sovremennye metody obrabotki i analiza dannyh. – SPb.: Universitet ITMO. 2021. – 147 s.
7. Nashivochnikov N.V., Pustarnakov V.F. Topologicheskie metody analiza v sistemah povedencheskoj analitiki. // Voprosy
kiberbezopasnosti. 2021 №2 (42). S. 26 36. DOI: 10.21681/2311-3456-2021-2-26-36.
8. Wasserman L., Topological data analysis // Annual Review of Statistics and Its Application, 2018. v.5, pp. 501–532. DOI: 10.1146/annurev-statistics-031017-100045.
9. Grines V.Z., Gurevich E.Ja., Zhuzhoma E.V., Pochinka O.V. Klassifikacija sistem Morsa–Smejla i topologicheskaja struktura nesushhih mnogoobrazij // Uspehi matematicheskih nauk. – 2019. t. 74, vyp. 1(445), s. 41–116. DOI: https://doi.org/10.4213/rm9855.
10. Sharafutdinov V.A. Vvedenie v differencial’nuju topologiju i rimanovu geometriju: ucheb. posobie / Novosib. gos. un-t. – Novosibirsk: IPC NGU. 2018. – 282 s.
11. Kolmogorov A.N., Fomin S.V. Jelementy teorii funkcij i funkcional’nogo analiza. — M.: Nauka, 1989. — 624 s.
12. Chalapathy R., Chawla S. Deep Learning for Anomaly Detection: A Survey. arXiv:1901.03407 [cs.LG]. 2019. URL: https://arxiv.org/pdf/1901.03407.pdf.
13. Pun C.S., Xia K., Lee S.X. Persistent-Homology-based Machine Learning and its Applications – A Survey. arXiv preprint arXiv:1811.00252, 2018. 
14. Sheffar D. Introductory Topological Data Analysis. arXiv:2004.04108v1 [math.HO]. 2020. URL: https://arxiv.org/pdf/2004.04108.pdf. DOI: https://doi.org/10.48550/arXiv.2004.04108.
15. Carlsson G., Topological methods for data modelling // Nature Reviews Physics 2. 2020. № 697.
16. Huntsman S., Palladino J., Robinson M. Topology in cyber research. arXiv:2008.03299 [math.AT]. 2020. URL: https://arxiv.org/pdf/2008.03299.pdf.
17. Trevor J. Bihl, Robert J. Gutierrez, Kenneth W. Bauer, Bradley C. Boehmke, Cade Saie. Topological Data Analysis for Enhancing Embedded Analytics for Enterprise Cyber Log Analysis and Forensics // Proceedings of the 53rd Hawaii International Conference on System Sciences. 2020. P. 1937-1946. DOI: 10.24251/HICSS.2020.238.
18. Tauzin G., Lupo U., Tunstall L., P´erez . B.J., Caorsi M., Medina-Mardones A.M., Dassatti A., Hess K. giotto-tda: A topological data analysis toolkit for machine learning and data exploration. arXiv:2004.02551v2 [cs.LG]. 2021. URL: https://arxiv.org/pdf/2004.02551.pdf. DOI: https://doi.org/10.48550/arXiv.2004.02551.
19. Atienza N., Gonzalez-D´ıaz R., Soriano-Trigueros M. On the stability of persistent entropy and new summary functions for TDA. arXiv:1803.08304v7 [cs.IT]. 2020. URL: https://arxiv.org/pdf/1803.08304.pdf. DOI: https://doi.org/10.48550/arXiv.1803.08304.
12-22
APPLICATION OF THE LOGICAL-PROBABILISTIC METHOD IN INFORMATION SECURITY (PART 1) / A. O. Kalashnikov, K. A. Bugajskij, D. S. Birin, B. O. Deryabin, S. O. Tsependa, K. V. Tabakov // Cybersecurity issues. – 2023. – № 4(56). – С. 23-32. – DOI: 10.21681/2311-3456-2023-4-22-32.

Abstract
The purpose of the article: adaptation of the logical-probabilistic method of evaluating complex systems to the tasks of building information security systems in a multi-agent system. Research method: during the research, the main provisions of the methodology of structural analysis, system analysis, decision theory, methods of evaluating events under the condition of incomplete information were used. The result: in this article, it is proposed to consider the issues of information security based on the analysis of the relationship between the subjects and the object of protection. The types of relations “subject-subject”, “subject-object” are defined and the basic axiomatics of relations is given, taking into account the requirements for information protection. Based on axiomatics, formal logical definitions of the main elements of information security are given: violator, defender, user, internal violator, attack, defense, confrontation. According to the results of the analysis of relations, it is shown that the violator and the defender use a single source of information for decision-making, but at the same time their activities in assessing the situation and choosing actions are asymmetric. The analysis of the relations made it possible to give a formal logical description of the processes of interaction of subjects with each other and with the object of protection. What is the basis for the allocation of fractal structures in the information system. Scientific novelty: consideration of information security issues using the apparatus of mathematical and logical relations. Development of formal logical expressions describing the interaction of the violator and the defender with each other, as well as with the object of protection.
Keywords:  information security model, assessment of complex systems, logical-probabilistic method, theory of
relations, system analysis.
References
1. Ryabinin, I.A. Reshenie odnoj zadachi ocenki nadezhnosti strukturno-slozhnoj sistemy raznymi logiko-veroyatnostnymi metodami / I.A. Ryabinin, A.V. Strukov // Modelirovanie i analiz bezopasnosti i riska v slozhnyh sistemah, Sankt-Peterburg, 19–21 iyunya 2019 goda. – Sankt-Peterburg: Sankt-Peterburgskij gosudarstvennyj universitet aerokosmicheskogo priborostroeniya, 2019. – pp. 159-172.
2. Demin, A.V. Glubokoe obuchenie adaptivnyh sistem upravleniya na osnove logiko-veroyatnostnogo podhoda / A.V. Demin // Izvestiya Irkutskogo gosudarstvennogo universiteta. Seriya: Matematika. – 2021. – T. 38. – pp. 65-83. – DOI 10.26516/1997-7670.2021.38.65.
3. Viktorova, V.S. Vychislenie pokazatelej nadezhnosti v nemonotonnyh logiko-veroyatnostnyh modelyah mnogourovnevyh sistem / V.S. Viktorova, A.S. Stepanyanc // Avtomatika i telemekhanika. – 2021. – № 5. – pp. 106-123. – DOI 10.31857/S000523102105007X.
4. Leont’ev, A.S. Matematicheskie modeli ocenki pokazatelej nadezhnosti dlya issledovaniya veroyatnostno-vremennyh harakteristik mnogomashinnyh kompleksov s uchetom otkazov / A.S. Leont’ev, M.S. Timoshkin // Mezhdunarodnyj nauchno-issledovatel’skij
zhurnal. – 2023. – № 1(127). – pp. 1-13. – DOI 10.23670/IRJ.2023.127.27.
5. Puchkova, F.YU. Logiko-veroyatnostnyj metod i ego prakticheskoe ispol’zovanie / F.YU. Puchkova // Informacionnye tekhnologii v processe podgotovki sovremennogo specialista: Mezhvuzovskij sbornik nauchnyh trudov / Ministerstvo prosveshcheniya Rossijskoj1. Ryabinin, I.A. Reshenie odnoj zadachi ocenki nadezhnosti strukturno-slozhnoj sistemy raznymi logiko-veroyatnostnymi metodami / I.A. Ryabinin, A.V. Strukov // Modelirovanie i analiz bezopasnosti i riska v slozhnyh sistemah, Sankt-Peterburg, 19–21 iyunya 2019 goda. – Sankt-Peterburg: Sankt-Peterburgskij gosudarstvennyj universitet aerokosmicheskogo priborostroeniya, 2019. – pp. 159-172.
2. Demin, A.V. Glubokoe obuchenie adaptivnyh sistem upravleniya na osnove logiko-veroyatnostnogo podhoda / A.V. Demin // Izvestiya Irkutskogo gosudarstvennogo universiteta. Seriya: Matematika. – 2021. – T. 38. – pp. 65-83. – DOI 10.26516/1997-7670.2021.38.65.
3. Viktorova, V.S. Vychislenie pokazatelej nadezhnosti v nemonotonnyh logiko-veroyatnostnyh modelyah mnogourovnevyh sistem / V.S. Viktorova, A.S. Stepanyanc // Avtomatika i telemekhanika. – 2021. – № 5. – pp. 106-123. – DOI 10.31857/S000523102105007X.
4. Leont’ev, A.S. Matematicheskie modeli ocenki pokazatelej nadezhnosti dlya issledovaniya veroyatnostno-vremennyh harakteristik mnogomashinnyh kompleksov s uchetom otkazov / A.S. Leont’ev, M.S. Timoshkin // Mezhdunarodnyj nauchno-issledovatel’skij zhurnal. – 2023. – № 1(127). – pp. 1-13. – DOI 10.23670/IRJ.2023.127.27.
5. Puchkova, F.YU. Logiko-veroyatnostnyj metod i ego prakticheskoe ispol’zovanie / F.YU. Puchkova // Informacionnye tekhnologii v processe podgotovki sovremennogo specialista: Mezhvuzovskij sbornik nauchnyh trudov / Ministerstvo prosveshcheniya Rossijskoj Federacii; Federal’noe gosudarstvennoe byudzhetnoe obrazovatel’noe uchrezhdenie vysshego obrazovaniya «Lipeckij gosudarstvennyj pedagogicheskij universitet imeni P.P. SEMENOVA-TYAN-SHANSKOGO». Tom Vypusk 25. – Lipeck: Lipeckij gosudarstvennyj pedagogicheskij universitet imeni P.P. Semenova-Tyan-SHanskogo, 2021. – pp. 187-193.
6. Rossihina, L.V. O primenenii logiko-veroyatnostnogo metoda I.A. Ryabinina dlya analiza riskov informacionnoj bezopasnosti / L.V. Rossihina, O.O. Gubenko, M.A. CHernositova // Aktual’nye problemy deyatel’nosti podrazdelenij UIS: Sbornik materialov Vserossijskoj nauchno-prakticheskoj konferencii, Voronezh, 20 oktyabrya 2022 goda. – Voronezh: Izdatel’sko-poligraficheskij centr “Nauchnaya kniga”, 2022. – pp. 108-109.
7. Karpov, A.V. Model’ kanala utechki informacii na ob”ekte informatizacii / A.V. Karpov // Aktual’nye problemy infotelekommunikacij v nauke i obrazovanii (APINO 2018): VII Mezhdunarodnaya nauchno-tekhnicheskaya i nauchno-metodicheskaya konferenciya. Sbornik nauchnyh statej. V 4-h tomah, Sankt-Peterburg, 28 fevralya – 01 marta 2018 goda / Pod redakciej S.V. Bachevskogo. Tom 2. – SanktPeterburg: Sankt-Peterburgskij gosudarstvennyj universitet telekommunikacij im. prof. M.A. Bonch-Bruevicha, 2018. – pp. 378-382.
8. Metodika kiberneticheskoj ustojchivosti v usloviyah vozdejstviya targetirovannyh kiberneticheskih atak / D.A. Ivanov, M.A. Kocynyak, O.S. Lauta, I.R. Murtazin // Aktual’nye problemy infotelekommunikacij v nauke i obrazovanii (APINO 2018): VII Mezhdunarodnaya nauchno-tekhnicheskaya i nauchno-metodicheskaya konferenciya. Sbornik nauchnyh statej. V 4-h tomah, Sankt-Peterburg, 28 fevralya – 01 marta 2018 goda / Pod redakciej S.V. Bachevskogo. Tom 2. – Sankt-Peterburg: Sankt-Peterburgskij gosudarstvennyj universitet telekommunikacij im. prof. M.A. Bonch-Bruevicha, 2018. – pp. 343-346.
9. Eliseev, N.I. Ocenka urovnya zashchishchennosti avtomatizirovannyh informacionnyh sistem yuridicheski znachimogo elektronnogo dokumentooborota na osnove logiko-veroyatnostnogo metoda / N.I. Eliseev, D.I. Tali, A.A. Oblanenko // Voprosy kiberbezopasnosti. – 2019. – № 6(34). – pp. 7-16. – DOI 10.21681/2311-3456-2019-6-07-16.
10. Kocynyak, M.A. Matematicheskaya model’ targetirovannoj komp’yuternoj ataki / M.A. Kocynyak, O.S. Lauta, D.A. Ivanov // Naukoemkie tekhnologii v kosmicheskih issledovaniyah Zemli. – 2019. – T. 11, № 2. – pp. 73-81. – DOI 10.24411/2409-5419-2018-10261.
11. Belyakova, T.V. Funkcional’naya model’ processa vozdejstviya celevoj komp’yuternoj ataki / T.V. Belyakova, N.V. Sidorov, M.A. Gudkov // Radiolokaciya, navigaciya, svyaz’: Sbornik trudov XXV Mezhdunarodnoj nauchno-tekhnicheskoj konferencii, posvyashchennoj 160-letiyu so dnya rozhdeniya A.S. Popova. V 6-ti tomah, Voronezh, 16–18 aprelya 2019 goda. Tom 2. – Voronezh: Voronezhskij gosudarstvennyj universitet, 2019. – pp. 108-111.
12. Kalashnikov, A.O. Infrastruktura kak kod: formiruetsya novaya real’nost’ informacionnoj bezopasnosti / A.O. Kalashnikov, K.A. Bugajskij // Informaciya i bezopasnost’. – 2019. – T. 22, № 4. – pp. 495-506.
13. Bugajskij, K.A. Rasshirennaya model’ otkrytyh sistem (CHast’ 1) / K. A. Bugajskij, D. S. Birin, B. O. Deryabin, S. O. Cependa // Informaciya i bezopasnost’. – 2022. – T. 25, № 2. – pp. 169-178. – DOI 10.36622/VSTU.2022.25.2.001.
14. Bugajskij, K.A. Rasshirennaya model’ otkrytyh sistem (CHast’ 2) / K.A. Bugajskij, I.S. Pereskokov, A.O. Petrov, A.O. Petrov // Informaciya i bezopasnost’. – 2022. – T. 25, № 3. – pp. 321-330. – DOI 10.36622/VSTU.2022.25.3.001.
15. Bugajskij, K.A. Rasshirennaya model’ otkrytyh sistem (CHast’ 3) / K.A. Bugajskij, B.O. Deryabin, K.V. Tabakov, E.S. Hramchenkova, S.O. Cependa // Informaciya i bezopasnost’. – 2022. – T. 25, № 4. – pp. 501-512.
23-32
Babenko, L. K. HOMOMORPHIC REALIZATION OF THE GAUSS ELIMINATION METHOD / L. K. Babenko, I. D. Rusalovsky // Cybersecurity issues. – 2023. – № 4(56). – С. 33-40. – DOI: 10.21681/2311-3456-2023-4-33-40.

Abstract
Purpose of the work: improving the security of data processing in cloud services through the development and application of methods and algorithms for homomorphic encryption. Research methods: analysis of a possible implementation of the Gaussian elimination method using homomorphic encryption, analysis of existing problems in implementing a homomorphic implementation for the Gaussian elimination method. Research results: analysis of the possibility of performing a homomorphic implementation of the solution of a system of linear algebraic equations (SLAE) by the Gaussian elimination method was performed; problems that arise due to the specifics of the task are noted - the processed data is encrypted and the control algorithm does not have access to it; the solution of the noted problems is proposed; an algorithm for the homomorphic implementation of the Gaussian elimination method is proposed, which allows solving the SLAE over homomorphically encrypted data and obtaining a homomorphically encrypted result containing the numerical solution of the SLAE, as well as an error bit indicating the incompatibility of the system or an infinite number of solutions; the analysis is carried out and the best variant of the ciphertext representation is proposed, which allows avoiding the growth of the ciphertext when solving SLAE containing a large number of variables; the analysis of the proposed implementation is carried out and possible improvements that increase the speed of data processing are considered. Scientific novelty: an algorithm for the homomorphic implementation of the Gaussian elimination method for solving SLAE is proposed, which can be used in cloud services for secure data processing. The algorithm can be used to solve SLAE in its pure form, or as a step of another algorithm.
Keywords:  information security, cryptographic protection, homomorphic cryptography, secure computing, cloud
computing, methods and algorithms.
References
1. Babenko, M. G., Golimblevskaia E. I., Shiriaev E. M. Comparative Analysis of Homomorphic Encryption Algorithms Based on Learning
with Errors // Proceedings of the Institute for System Programming of the RAS. – 2020. – Vol. 32, No. 2. – P. 37-52.
2. L. Babenko, I. Rusalovsky Biblioteka polnost’yu gomomorfnogo shifrovaniya celyh chisel // Izvestija Juzhnogo federal’nogo universiteta.
Tehnicheskie nauki [Proceedings of Southern Federal University. Engineering sciences]. – 2020. – №2. – pp. 79-88.
3. L. Babenko, I. Rusalovsky Metod realizacii gomomorfnogo deleniya chisel // Izvestija Juzhnogo federal’nogo universiteta. Tehnicheskie
nauki [Proceedings of Southern Federal University. Engineering sciences]. – 2020. – №4. – pp. 212-221.
4. L. Babenko, A. Trepacheva O nestojkosti dvuh simmetrichnyh gomomorfnyh kriptosistem, osnovannyh na sisteme ostatochnyh klassov // Trudy Instituta sistemnogo programmirovaniya RAN. – 2019. – Vol. 18, № 1. – pp. 230-262.
5. Arakelov G.G. Voprosy primeneniya prikladnoj gomomorfnoj kriptografii // Voprosy kiberbezopasnosti [Cybersecurity issues]. – 2019. – № 5(33). – pp. 70-74.
6. SHachina, V. A. Gomomorfnaya kriptografiya v bazah dannyh // Prikladnaya matematika i informatika: sovremennye issledovaniya v oblasti estestvennyh i tekhnicheskih nauk: Materialy V Mezhdunarodnoj nauchno-prakticheskoj konferencii (shkoly-seminara) molodyh uchenyh, Tol’yatti, 22–24 aprelya 2019 goda. – 2019. – pp. 468-473.
7. Trusova YU. O., Vovk N. N., Anisimov YU. A. Uvelichenie skorosti gomomorfnogo shifrovaniya na osnove kriptosistemy El’-Gamalya // Matematika i matematicheskoe modelirovanie: Sbornik materialov XIII Vserossijskoj molodezhnoj nauchno-innovacionnoj shkoly, Sarov, 02–04 aprelya 2019 goda. – 2019. – pp. 97-98.
8. Garazha A. A., Gerasimov I. YU., Nikolaev M. V., CHizhov I. V. Ob ispol’zovanii bibliotek polnost’yu gomomorfnogo shifrovaniya // International Journal of Open Information Technologies. – 2021. – Vol. 9, № 3. – pp. 11-22.
9. Volyanskij YU. Usovershenstvovanie sistemy poiska opasnyh slov s ispol’zovaniem gomomorfnogo shifrovaniya // Innovacii. Nauka. Obrazovanie. – 2021. – № 38. – pp. 687-695.
10. Arakelov G. G., Mihalev A. V. Kombinaciya chastichno gomomorfnyh skhem // Elektronnye informacionnye sistemy. – 2020. – № 3(26). – pp. 83-92.
11. Minakov S.S. Osnovnye kriptograficheskie mexanizmy zashhity dannyx, peredavaemyx v oblachnye servisy i seti xraneniya dannyx // Voprosy kiberbezopasnosti [Cybersecurity issues]. – 2020. – № 3(37). – pp. 66-75.
12. Deryabin M. A., Kucherov N. N. Obzor bezopasnyx metodov shifrovaniya dlya oblachnyx vychislenij // Novosti nauki v APK. – 2019. – № 3(12). – pp. 298-303.
13. Babenko L. K., SHumilin A. S., Alekseev D. M. Algoritm obespecheniya zashchity konfidencial’nyh dannyh oblachnoj medicinskoj informacionnoj sistemy // Izvestija Juzhnogo federal’nogo universiteta. Tehnicheskie nauki [Proceedings of Southern Federal University. Engineering sciences]. – 2021. – № 5(222). – pp. 120-134.
14. Minakov S. S. Osnovnye kriptograficheskie mekhanizmy zashchity dannyh, peredavaemyh v oblachnye servisy i seti hraneniya dannyh // Voprosy kiberbezopasnosti [Cybersecurity issues]. – 2020. – № 3(37). – pp. 66-75.
15. Deryabin M. A., Kucherov M. A. Obzor bezopasnyh metodov shifrovaniya dlya oblachnyh vychislenij // Novosti nauki v APK. – 2019. – № 3(12). – pp. 298-303.
16. Rusalovskij I. D., Babenko L.K., Makarevich O.B. Razrabotka metodov gomomorfnogo deleniya // Izvestija Juzhnogo federal’nogo universiteta. Tehnicheskie nauki [Proceedings of Southern Federal University. Engineering sciences]. – 2022. – № 4(228). – pp. 212-221.
17. Liudmila Babenko, Ilya Rusalovsky Homomorphic operations on integers via operations on bits // PROCEEDINGS - 2022 15th International conference on security of information and networks, SIN 2022. — 2022.
33-40
PROTOCOL FOR MUTUAL AUTHENTICATION OF AN OBJECT’S GROUP WITH DYNAMIC TOPOLOGY / Basan A. S. , Basan E. S. , Ishchukova E. A. , Kornilov A. P. // Cybersecurity issues. – 2023. – № 4(56). – С. 41-52. – DOI: 10.21681/2311-3456-2023-4-41-52.

Abstract
Purpose: The aim of the work is to develop a mutual authentication protocol for a group of objects with a dynamic topology (for example, for a swarm of unmanned aerial vehicles (UAVs)), which jointly perform a common task. It is important to take into account that each individual object of the group has a limited energy reserve. It is necessary to take into account the fact that an object can be disconnected from the network and then reconnected to it, so the protocol must provide a way to re-authenticate the objects of the group mutually. Also, objects must be able to transmit data to the control node, which is called the base station (BS). When designing a protocol, it is important to take into account that the risks of opening the transmitted information should be minimized if an attacker gains physical access to the group object's memory.
Method: The method is based on the use of the mathematical apparatus of probability theory, mathematical statistics, information theory, cryptography. As cryptographic primitives, a pseudo-random sequence generator, hash functions, symmetric encryption, and a physically non-cloneable function are used.
Results: The analysis of existing approaches to mutual authentication and data transfer in a group of objects with dynamic topology is carried out. A UAV mutual authentication protocol is proposed, which solves a number of important tasks, such as: dynamic change of the encryption key, absence of highly loaded calculations for dynamic network elements, scalability, and the possibility of data exchange between network participants. The developed protocol is based on the use of several basic algorithms: an algorithm for constructing a spanning tree, an algorithm for performing UAV mutual authentication and organizing data transfer, and an algorithm for performing UAV authentication in front of the BS. A simulation example is provided to illustrate the developed solution with dedicated phases and analyze the transmission of messages in it within two UAVs. The scientific novelty primarily lies in the fact that in the developed authentication protocol, special attention is paid to the problem of stability of the authentication scheme and reconfiguration of the UAV network, and also takes into account the problem of low computing power, most of the highly loaded calculations that occupy the processor are transferred to the BS - the most powerful computing element of the network . The above solution ensures the change of the session key with the presence of a minimum of pre-established information and the constant updating of the key between network elements.
Keywords: unmanned aerial vehicle, base station, authentication, cryptography, encryption, pseudo-random
number, spanning tree, network, hash function, timestamp, request, response, scalability, fault tolerance.
References
1. Diwankshi Sharma, Aabid Rashid, Sumeet Gupta, Sachin Kr. Gupta A Functional Encryption Technique in UAV Integrated HetNet: A Proposed Model // International Journal of Simulation: Systems, Science & Technology. March 2019. DOI 10.5013/IJSSST.a.20.S1.07.- 7.1-7.7 https://ijssst.info/Vol-20/No-S1/paper7.pdf
2. G. Choudhary, V. Sharma, I. You, K. Yim, I.-R. Chen, and J.-H. Cho, “Intrusion Detection Systems for Networked Unmanned Aerial Vehicles: A Survey,” 14th IEEE International Wireless Communications & Mobile Computing Conference, Limassol, Cyprus, pp. 560-565, June 2018.
3. Aabid Rashid, Diwankshi Sharma, Tufail A. Lone, Sumeet Gupta, Sachin Kr. Gupta Identity-Based Encryption in UAV Assisted HetNets: A Survey. 10th ICCCNT 2019 July 6-8, 2019, IIT – Kanpur Kanpur, India-IEEE – 45670.
4. Ashutosh Singandhupe, Hung Manh La, David Feil-Seifer Reliable Security Algorithm for Drones Using Individual Characteristics From an EEG Signal. DOI 10.1109/ACCESS.2018.2827362, IEEE Access April 2018.
5. Guang Yang, Ming Xiao, Muhammad Alam, Yongming Huang “Low-Latency Heterogeneous Networks Millimeter-Wave Communications,” IEEE Communication Magazine, Vol.56, pp. 124-129, January 2018. doi:10.1109/MCOM.2018.1700874
6. Z. Ali, S. A. Chaudhry, M. S. Ramzan, And F. Al-Turjman, ”Securing Smart City Surveillance: A Lightweight Authentication Mechanism for Unmanned Vehicles”, Human-driven Edge Computing (HEC), IEEE Access, Volume: 8, pp 43711 — 43724, 2020.
7. Sana Benzarti, Bayrem Triki, and Ouajdi Korbaa Drone authentication using ID-Based Signcryption in LoRaWAN network.- December 2019.- Conference: International Conference on Intelligent Systems Design and Applications (ISDA)At: South Africa, PretoriaVolume: https://link.springer.com/chapter/10.1007/978-3-030-49342-4_20
8. Sana Benzarti, Bayrem Triki, and Ouajdi Korbaa Drone partial temporary authentication in Journal of Information Assurance and Security. ISSN 1554-1010 Volume 15 (2020) pp. 126-135.
9. Chen, L.; Qian, S.; Lim, M.; Wang, S. An enhanced direct anonymous attestation scheme with mutual authentication for networkconnected UAV communication systems. China Commun. 2018, 15, 61–76.
10. Chin-Ling Chen, Yong-Yuan Deng, Wei Weng, Chi-Hua Chen, Yi-Jui Chiu and Chih-Ming Wu A Traceable and Privacy-Preserving Authentication for UAV Communication Control System.- Received: 15 November 2019; Accepted: 20 December 2019; Published: 1 January 2020.-Electronics 2020, 9, 62; doi:10.3390/electronics9010062
11. García-Magariño, I.; Lacuesta, R.; Rajarajan, M.; Lloret, J. Security in networks of unmanned aerial vehicles for surveillance with an agent-based approach inspired by the principles of blockchain. Ad Hoc Netw. 2019, 86, 72–82.
12. Gemalto, Actility AND Semtech, ”LoRaWA SECURITY A WHITE PAPER PREPARED FOR THE LoRa ALLIANCE”, [Online]. Available: https://loraalliance.org/sites/default/files/2018- 04/lora alliance security whitepaper.pdf, (2019, Ferbruary).
13. I. Praveen, M. Sethumadhavan, ”Partial Password Authentication using Vector Decomposition”, International Journal of Pure and Applied Mathematics, volume 118, Number 7 Special Issue, pp. 381-385, 2018.
14. J. Srinivas, A. K. Das, N. Kumar, and J.J. P. C.Rodrigues, ”TCALAS: Temporal Credential Based Anonymous Lightweight Authentication Scheme for Internet of Drones Environment”, IEEE Transactions on Vehicular Technology, Volume: 68 , Issue: 7, pp. 6903 — 6916, July 2019. 15. A Lightweight Authentication Protocol for UAV Networks Based on Security and Computational Resource Optimization / Yuan Lei, Lining Zeng, Yan-Xing Li et al.
16. Amassing the Security: An Enhanced Authentication Protocol for Drone Communications over 5G Networks / Tsuyang Wu, Xinglan Guo,
Yehcheng Chen, Saru Kumari and Chienming Chen // Drones 2022– 6.– 10.
17. Gaurang Bansal, S-MAPS: Scalable Mutual Authentication Protocol for Dynamic UAV Swarms / Gaurang Bansal, Biplab Sikdar.
18. Sposob postroenija sistemy opoznavanija svoj-chuzhoj na osnove protokola s nulevym razglasheniem / Kalmykov I. A., Sarkisov A. B., Kalmykov M. I. i dr. // https://patents.google.com/patent/RU2570700C1/ru
19. Borisov K.V., Ljubushkina I.E., Panasenko S.P. i dr. Sposob, sistema i ustrojstvo kriptograficheskoj zashhity kanalov svjazi bespilotnyh aviacionnyh kompleksov // Patent №2704268, opublikovan 25.10.2019 — https://i.moscow/patents/ru2704268c1_20191025
41-52
Shumilin, A. S. METHOD OF PERSONAL DATA PROTECTION IN A MEDICAL CLOUD SYSTEM / A. S. Shumilin // Cybersecurity issues. – 2023. – № 4(56). – С. 53-64. – DOI: 10.21681/2311-3456-2023-4-53-64.

Abstract
The task of ensuring secure storage and data transmission in information systems is becoming more relevant nowadays due to digitalization processes that are actively integrating into all areas of people activity. The medical industry requires special attention, especially, the task of ensuring the security of patient data, who are users of medical information systems (MIS). Purpose of the work: development of a method for ensuring data security in terms of transferring and storage of personal patients' data who use the MIS which have built based on distributed cloud architecture. Research method: the analysis of possible ways to ensure personal data security in distributed information systems based on a secret sharing protocol. The analysis of existing problems in terms of protection methods implementation in cloud-based systems. Analysis of violator model and attack methods.
Results: in terms of this paper, the use of a secret sharing protocol was justified as the basis for a method of ensuring the protection of patients' personal data in a cloud-based medical information system. Among several candidates with a similar functionality, the optimal secret sharing scheme was determined, taking into account the specifics of the task. The choice of the scheme has justified by the presence of such advantages as the properties of perfection, ideality, as well as the speed of execution the basic operations over other candidates. The experiments have been performed and the results have been obtained that have confirmed the correct choice of the secret sharing scheme (Shamir). Based on the chosen scheme, an implementation of the method for ensuring the security of patients' personal data in cloud medical information system has proposed. The authors proposed a cloud medical system architecture that allows to integrate a protection mechanism to be able to test how the proposed method works.
Keywords: encryption, cryptography, cloud computing security, personal data protection, secret sharing scheme,
information systems.
References
1. Solov’eva I. A., Jur’eva E. A., Kustova T. V., Beljaeva A. V., Tkachenko O. V., Narkevich A. N. Uroki pandemii: trendy cifrovizacii medicinskogo obrazovanija v jepohu covid-19 // Siberian Journal of Life Sciences and Agriculture. 2022. №6, s 265 – 268.
2. Vaulin G. F., Tihomirova A. A., Kotikov P. E. Zashhita personal’nyh dannyh pacientov v medicinskih informacionnyh sistemah // FORCIPE, 2022, № S2, s. 111– 112.
3. Vol’skaja E., Aleksandrova O. Zashhita personal’nyh dannyh pacientov // Remedium. 2018. №10, s. 6 – 9.
4. Mirabova L. Sovremennaja zashhita informacii i kiberbezopasnost’ // Nauchnyj zhurnal CETERIS PARIBUS, 2023, no 4. s. 56 – 57.
5. Zonova D. Ju. Issledovanie kiberbezopasnosti predprijatij // Colloquium-journal. 2023. №2 (161), s. 17 – 19.
6. Babenko L.K., Shumilin A.S., Alekseev D.M. Algoritm obespechenija bezopasnosti konfidencial’nyh dannyh medicinskoj informacionnoj sistemy hranenija i obrabotki rezul’tatov obsledovanij // Izvestija JuFU. Tehnicheskie nauki. 2020. №5 (215), s. 6 – 8.
7. Uteshev A.Ju., Marov A.V. Faulty share detection in Shamir’s secret sharing // Vestnik SPbGU. Serija 10. Prikladnaja matematika. Informatika. Processy upravlenija. 2019. №2, c. 274 – 277.
8. Davydov V. V., Hucaeva A. F., Ioganson I. D., Dakuo Zh.-M. N., Bezzateev S. V. Usovershenstvovannaja shema porogovoj podpisi csi-fish so svojstvom bystroj sborki sekreta // Vestnik SibGUTI. 2023. №1 (60), c. 4 – 5.
9. Jeeva Selvaraj, Wen-Cheng Lai, Balasubramanian Prabhu Kavin, Kavitha C. and Gan Hong Seng Cryptographic Encryption and Optimization for Internet of Things Based Medical Image Security // Electronics 2023, №12. – 1636, March 2023, - pp. 42 – 43.
10. Shobana Pritha, Dr. A. Sasi Kumar Healthcare information system using cloud security // International Journal of Engineering & Technology 7 (2.33), 2018.
11. Gridnev V. A., Selivanov A. Ju., Programmnoe obespechenie, realizujushhee algoritm Shamira v stojkih chastnyh kriptosistemah // Pravovaja informatika. 2021. №3, s. 53 – 57.
12. Maha Tebaa, Said EL Hajii Secure Cloud Computing through Homomorphic Encryption // International Journal of Advancements in Computing Technology, Volume 5, №16, December 2019, pp. 172 –174.
13. Ruba Awadallah, Azman Samsudin Homomorphic Encryption for Cloud Computing and Its Challenges // IEEE 7th International Conference on Engineering Technologies and Applied Sciences (ICETAS), December 2020, pp. 34 – 38.
14. A. A. Izang, Y. A. Mensah, O. J. Omotosho, and C. P. Obioma Overview of Cloud Computing and Recent Addendum // Journal of Communications Technology, Electronics and Computer Science, Vol. 5, 2019.
15. K. Muhammad, and Y. Z. Shao A survey on top security threats in cloud computin // International Journal of Advanced Computer Science and Applications (IJACSA), 2018, Vol. 6, no. 3, pp.109 – 113.
16. A. Acar, H. Aksu, A. S. Uluagac, M. Conti A survey on homomorphic encryption schemes: Theory and implementation // ACM Computing Surveys (CSUR), 2018, vol. 51, no. 4, pp. 1 – 3.
17. X. Liu, K. K. R. Choo, R. H. Deng, R. Lu, and J. Weng Efficient and Privacy-Preserving Outsourced Calculation of Rational Numbers // IEEE Trans. Dependable Secur. Comput., 2018, vol. 15, no. 1, pp. 27 – 39.
53-64
Pavlenko, E. Y. STUDY OF THE EFFECT OF ATTACKS ON STRUCTURAL AND PARAMETRIC METRICS OF NETWORKS WITH ADAPTIVE TOPOLOGY / E. Y. Pavlenko // Cybersecurity issues. – 2023. – № 4(56). – С. 65-71. – DOI: 10.21681/2311-3456-2023-4-65-71.

Abstract
The purpose of the article: analysis of sensitivity of structural and parametric metrics of networks with adaptive topology to computer attacks of different types. Main research methods: system analysis of existing structural metrics to assess the state of computer networks, theoretical formalization, conducting an experiment.
Result: the proposed approach allowed us to estimate in practice the impact of various types of computer attacks, specific to networks with adaptive topology, in particular, insomnia type attacks, sinkhole and Sybil attacks. Practical modeling of adaptive network infrastructure using graph theory has yielded a unique dataset that allows us to compute both structural and parametric methods for assessing network state. Also, the proposed approach, which combines the simultaneous estimation of structural and parametric metrics for network nodes, demonstrated flexibility in terms of recognizing various network attacks, some of which are more clearly manifested in network traffic, and another part in changes in the network topology. Extension of the proposed approach in terms of used metrics will allow to evaluate the security of the current state of the network at three levels: at the level of the entire network or its individual segments (structural metrics), at the level of critical nodes (structural and parametric metrics) and at the level of devices (parametric metrics). Scientific novelty: by means of simulation using graph theory a new data set has been created, which contains the characteristics of networks with adaptive network topology functioning in normal conditions and under the influence of specific computer attacks. The key difference from the known simulation models of dynamic networks and the data sets formed on their basis is the ability to simultaneously analyze the network data exchanged by nodes, the physical performance of the nodes and the structure of the network.
Keywords: Computer attacks, networks with adaptive topology, centrality metrics, signal level, Smart Grid networks, sinkhole attack, Sybil attack.
References
1. Macana C. Cyber Physical Energy Systems Modules for Power Sharing Controllers in Inverter Based Microgrids / C. Macana, A. Abdou, H. Pota, J. Guerrero, J. Vasquez // Inventions. – 2018. – Vol. 3. – № 3. – P. 1-21.
2. Liang Y. Smart Grid Project Benefit Evaluation Based on a Hybrid Intelligent Model / Y. Liang, Y. Fan, Y. Peng, H. An // Sustainability. – 2022. – Т. 14. – №. 17. – P. 10991.
3. Mohanty S. Demand side management of electric vehicles in smart grids: A survey on strategies, challenges, modelling, modeling, and optimization / S. Mohanty, S. Panda, S. M. Parida, P. K. Rout, B. K. Sahu, M. Bajaj, H. M. Zawbaa, N. M. Kumar, S. Kamel //Energy Reports. – 2022. – Т. 8. – С. 12466-12490.
4. Pavlenko E.YU. Raspoznavanie kiberugroz na adaptivnuyu setevuyu topologiyu krupnomasshtabnyh sistem na osnove rekurrentnoj nejronnoj seti / E.YU. Pavlenko, N.V. Gololobov, D.S. Lavrova, A.V. Kozachok // Voprosy kiberbezopasnosti. – 2022. - №6(52). – S. 93-99.
5. Petrenko A. S. Sistema obnaruzheniya anomalij funkcionirovaniya tekhnologicheskih platform cifrovoj ekonomiki / A. S. Petrenko, S. A. Petrenko // Informacionnye sistemy i tekhnologii v modelirovanii i upravlenii: Sbornik materialov III Vserossijskoj nauchnoprakticheskoj konferencii s mezhdunarodnym uchastiem, posvyashchennoj 100-letiyu Krymskogo federal’nogo universiteta imeni V.I.
Vernadskogo, YAlta, 21–23 maya 2018 goda / YAlta: Obshchestvo s ogranichennoj otvetstvennost’yu «Izdatel’stvo Tipografiya «Arial», 2018. – S. 199-204. – EDN UVTHBC.
6. Branitskiy A. Applying artificial intelligence methods to network attack detection / A. Branitskiy, I. Kotenko // Intelligent Systems Reference Library. – 2019. – Vol. 151. – P. 115-149. – DOI 10.1007/978-3-319-98842-9_5. – EDN MAYKTJ.
7. Sheluhin O. I. Modifikaciya algoritma obnaruzheniya setevyh atak metodom fiksacii skachkov fraktal’noj razmernosti v rezhime Online / O. I. SHeluhin, C. YU. Rybakov, A. V. Vanyushina // Trudy uchebnyh zavedenij svyazi. – 2022. – T. 8. – №. 3. – S. 117-126.
8. Kononov R. V. Mnogoklassovaya klassifikaciya setevyh atak metodami intellektual’nogo analiza / R. V. Kononov, O. I. SHeluhin // Telekommunikacii i informacionnye tekhnologii. – 2022. – T. 9, № 1. – S. 11-16. – EDN AMBLME.
9. Abdelhamid A., Elsayed M. S., Jurcut A. D., & Azer M. A. A Lightweight Anomaly Detection System for Black Hole Attack. Electronics. – 2023. – 12(6), 1294.
10. Tangade S., Kumaar R. A., Malavika S., Monisha S., & Azam F. Detection of Malicious Nodes in Flying Ad-hoc Network with Supervised Machine Learning. In 2022 Third International Conference on Smart Technologies in Computing, Electrical and Electronics (ICSTCEE). – 2022. – Pp. 1-5. IEEE.
11. Gupta C., Singh L., & Tiwari R. Wormhole attack detection techniques in ad-hoc network: A systematic review. Open Computer Science. – 2022. – 12(1), 260-288.
12. Feng F., Liu X., Yong B., Zhou R., & Zhou Q. Anomaly detection in ad-hoc networks based on deep learning model: A plug and play device.
Ad Hoc Networks. – 2019. – 84, 82-89.
13. Meddeb, R., Jemili, F., Triki, B., & Korbaa, O. Anomaly-based behavioral detection in mobile Ad-Hoc networks. Procedia Computer Science. – 2019. – 159, P. 77-86.
14. Srinivas, V. L., Wu, J. Topology and parameter identification of distribution network using smart meter and µPMU measurements / V. L. Srinivas, J. Wu // IEEE Transactions on Instrumentation and Measurement. – 2022. – №71. – P. 1-14.
15. Svincov YU.A. Problemy bezopasnosti v besprovodnoj sensornoj seti-obzor. Problemy nauki 4 (52). – 2020 – C. 28-31.
65-71
Boger, A. M. MATHEMATICAL MODEL OF THE VECTOR OF A DDOS ATTACK ON THE ICS USING THE METHOD OF TOPOLOGICAL TRANSFORMATION OF STOCHASTIC NETWORKS / A. M. Boger, A. N. Sokolov // Cybersecurity issues. – 2023. – № 4(56). – С. 72-79. – DOI: 10.21681/2311-3456-2023-4-72-79.

Abstract
Aim: development of a mathematical model of the vector of a DDoS attack on the network infrastructure of an Industrial Control System to estimate the average time of its successful implementation. Research method: a mathematical model of the DDoS attack vector was built using the method of topological transformation of stochastic networks. The verification of the obtained calculated data was carried out using an experimental stand that simulates the operation of a network of an Industrial Control System and is under the influence of a DDoS attack.
Result: a model of an intruder that organizes a DDoS attack on the network of an Industrial Control System has been developed, which is a sequence of actions of the intruder and the processes he creates. The dependencies of the processes created by the intruder and the probabilistic transitions between them are described. The input parameters of the mathematical model are defined as the average duration of each of the processes. Based on the processes described in the intruder’s model, a stochastic network was compiled, and a characteristic equation was constructed that allows obtaining an approximate function of the DDoS attack vector. The output data is obtained in the form of the average time of a successful DDoS attack, as well as the dependence of the probability of a successful DDoS attack on its duration in time. At the stand “Information security in industrial systems” several experiments were carried out that implement a DDoS attack and allow us to conclude that the real time of a successful DDoS attack is consistent with the one calculated using the constructed mathematical model. Scientific novelty of the research: a mathematical model of the vector of a DDoS attack on the network infrastructure of an Industrial Control System has been developed, which is distinguished using the method of topological transformation of a stochastic network to build an intruder model and estimate the average time of a successful DDoS attack, regardless of its type and intensity. The developed model differs from the existing ones by the absence of the need to consider a certain type of DDoS attack and its intensity, as well as by the presence of an estimate of the duration of the intruder’s preliminary actions.
Keywords: Industrial Control System (ICS), information protection, cyberattack, mathematical model, intruder model, topological transformation of a stochastic network.
References
1. Abdulin A. A. Issledovanie programmnyh reshenij dlya obespecheniya informacionnoj bezopasnosti promyshlennyh setej avtomatizirovannyh sistem upravleniya tekhnologicheskimi processami / A. A. Abdulin, A. N. Sokolov // Vestnik UrFO. Bezopasnost’ v informacionnoj sfere. – 2021. – № 1(39). – S. 43–53.
2. Sokolov A. N. Razrabotka modelej i metodov rannego obnaruzheniya kiberatak na ob”ekty energetiki metallurgicheskogo predpriyatiya / A. N. Sokolov, A. N. Ragozin, A. E. Barinov [i dr.] // Vestnik UrFO. Bezopasnost’ v informacionnoj sfere. – 2021. – № 3(41). – S. 65–87.
3. Simona Ramanauskaitė, Antanas Cenys. Composite Dos Attack Model// Mokslas - Lietuvos ateitis – 2022.–T. 4. – S. 20–26. – DOI:10.3846/mla.2022.05.
4. Juan Fernando Balarezo, Song Wang, Karina Gomez Chavez, Akram Al-Hourani, Sithamparanathan Kandeepan. A survey on DoS/DDoS attacks mathematical modelling for traditional, SDN and virtual networks// Engineering Science and Technology, an International Journal. – 2022. – T. 31. – DOI: 10.1016/j.jestch.2021.09.011.
5. Yang H. Evaluation of DDOS Attack Degree Based on GRA-TOPSIS Model. / H. Yang, R. Jiang, C. Zhao, A. Li // 2019 International Conference on Smart Grid and Electrical Automation (ICSGEA). – 2019. – C. 547-552. – DOI: 10.1109/ICSGEA.2019.00129.
6. Guo W. The Evaluation of DDoS Attack Effect Based on Neural Network / Guo, Wei & Qiu, Han & Liu, Zimian & Zhu, Junhu & Wang, Qingxian. // Security and Communication Networks. – 2022. – T. 6. – C. 1-16. –DOI: 10.1155/2022/5166323.
7. Khundrakpam Johnson Singh, Tanmay De. Mathematical modelling of DDoS attack and detection using correlation// Journal of Cyber Security Technology. – 2019. – S.175-186. – DOI: 10.1080/23742917.2019.1384213
8. Bimal Kumar Mishra, Ajit Kumar Keshri, Dheeresh Kumar Mallick, Binay Kumar Mishra. Mathematical model on distributed denial of service attack through Internet of things in a network// Nonlinear Engineering.– 2019. – T. 8. – #1.– S. 486-495. –DOI:10.1515/nleng-2017-0094
9. Slinin, A. V. Intellektual’naya sistema ocenki riskov informacionnoj bezopasnosti ASU TP ob”ekta neftedobychi / A. V. Slinin, V. I. Vasil’ev // Informacionnye tekhnologii intellektual’noj podderzhki prinyatiya reshenij : Trudy VII Vserossijskoj nauchnoj konferencii (s
priglasheniem zarubezhnyh uchenyh). V 3-h tomah, Ufa, 28–30 maya 2019 goda. Tom 1. – Ufa: GOU VPO “Ufimskij gosudarstvennyj aviacionnyj tekhnicheskij universitet”, 2019. – S. 207-214.
10. Rimsha, A. S. Analiz sredstv obespecheniya informacionnoj bezopasnosti ASU TP gazodobyvayushchih predpriyatij / A. S. Rimsha, K. S. Rimsha // Prikaspijskij zhurnal: upravlenie i vysokie tekhnologii. – 2019. – № 3(47). – S. 102-121. DOI: 10.21672/2074‑1707.2019.47.3.102‑121
11. Boger, A. M. Ocenka vozdejstvij DOS-ataki na trafik obmena dannymi mezhdu programmiruemymi logicheskimi kontrollerami SIMATIC 1510 i SIMATIC 1512 / A. M. Boger, A. N. Sokolov, I. A. Morozov // Vestnik UrFO. Bezopasnost’ v informacionnoj sfere. – 2022. – № 4(46). – S. 88-96. – DOI 10.14529/secur220410
12. Wang Z. A Survey on Programmable Logic Controller Vulnerabilities, Attacks, Detections, and Forensics/ Z. Wang, Y. Zhang, Y. Chen [i dr.]// Processes. – 2023. – T. 11. – № 918. – DOI: 10.3390/pr11030918
13. Basan A.S. Adaptivnaya sistema zashchity sensornyh setej ot aktivnyh atak/ A.S. Basan, E.S. Basan, O.YU. Peskova [i dr.] // Voprosy kiberbezopasnosti. – 2022. – № 6(52)– S. 22–39. – DOI :10.21681/2311-3456-2022-6-22-39
14. Kotenko I.V. Podsistema preduprezhdeniya komp’yuternyh atak na ob”ekty kriticheskoj informacionnoj infrastruktury: analiz funkcionirovaniya i realizacii / I.V. Kotenko, I.B. Saenko, R.I. Zaharchenko, D.V. Velichko // Voprosy kiberbezopasnosti. – 2023. – № 1(53)– S. 13–27. – DOI : 10.21681/2311-3456-2023-1-13-27
15. Bekbaev G. A. Podhod k modelirovaniyu processa DDoS-ataki na informacionno-telekommunikacionnuyu set’ zheleznodorozhnogo transporta/ G. A. Bekbaev, A. A. Privalov, O. A. Turdiev// Vestnik SamGUPS. – 2018. – № 1(39). – S. 100-108.
72-79
Izrailov, K. E. DIFFERENT GENESIS ATTACKS TO COMPLEX OBJECTS DETECTING METHOD BASED ON CONDITION INFORMATION. PART 2. ALGORITHM, MODEL AND EXPERIMENT / K. E. Izrailov, M. V. Buinevich // Cybersecurity issues. – 2023. – № 4(56). – С. 80-93. – DOI: 10.21681/2311-3456-2023-4-80-93.

Abstract
The goal of the study is to create a method of detecting attacks on complex objects and processes by evaluating and predicting their state; the method is based on 7 principles proposed by the authors earlier; a feature of method is its invariance with respect to the genesis of attacks. Research methods: system analysis, analytical modeling methods, statistical methods and machine learning, software code development for the implementation of estimation and prediction algorithms.
Result: proposed method of attack detection on a complex object that uses assessment of current and future prediction states; the description of method is given in schematic and analytical form using a cross-cutting example from information security field; theoretical significance lies in the scientific and methodological apparatus of assessment and prediction development of states different structure objects; the practical significance lies in the possibility of direct implementation of software prototype with potentially high efficiency. In the second part of the paper all stages of the method are algorithmized, which allows us to obtain an analytical model of attack detection. A methodology for managing the detection process, developed in the interests of practical application of the proposed scientific and methodological apparatus, is presented. The course of the experiment on the application of the method for a hypothetical example of attacks on a network node is described. The degree of utilization of the 7 principles developed by the authors in previous studies, which form the basis of the methods of estimating and predicting the state of complex objects, is shown. The scientific novelty is to create a method of detecting attacks on a complex object (or process), which is based on a fundamentally new approach to the evaluation and prediction of its state, obtained by the authors in previous studies. As a result, this method is applicable to subject area without taking into account its specificity, which in particular is achieved through the use of author’s original intellectual fuzzy graph-oriented model. In contrast to the large number of information systems attacks detection methods, this method is described not only in terms of graphical scheme and steps sequence, but also using analytical record of algorithms that allows to apply to it certain mathematical apparatuses (for example, to justify the performance or optimization of individual steps).
Keywords: information technology, information security, complex object, complex process, attack detection method, analytical algorithm, experiment.
References
1. Izrailov K.Ye., Buynevich M.V. Metod obnaruzheniya atak razlichnogo geneza na slozhnyye ob»yekty na osnove informatsii sostoyaniya. Chast’ 1 // Voprosy kiberbezopasnosti. 2023. № 3(55). S. 90-100. (in Russian) DOI: 10.21681/2311-3456-2023-3-90-100
2. Tret’yakov V.A., Kulikov G.V., Luk’yanets YU.F. Printsipy postroyeniya bol’shikh territorial’no raspredelennykh avtomatizirovannykh sistem // Rossiyskiy tekhnologicheskiy zhurnal. 2020. T. 8. № 1 (33). S. 34-42. (in Russian) DOI: 10.32362/2500-316X-2020-8-1-34-42
3. Shchepetov V.V., Nikiforov A.V. Algoritm postroyeniya grafovogo predstavleniya stsenariya povedeniya ob»yekta // Sovremennyye tekhnologii v teorii i praktike programmirovaniya sbornik materialov konferentsii (Sankt-Peterburg, 26 aprelya 2022 goda). 2022. – S. 63-64. (in Russian)
4. Kotsyuruba Ye.R. Ispol’zovaniye approksimatsionnykh sposobov dlya analiza nepolnoy navigatsionnoy informatsii // Ekspluatatsiya morskogo transporta. 2019. № 4 (93). S. 38-44. (in Russian) DOI: 10.34046/aumsuomt93/7
5. Kudrova N.A., Rozhkova V.Ye. Metodicheskiy apparat vyyavleniya tendentsii razvitiya regional’nykh integrirovannykh struktur // Transportnoye delo Rossii. 2012. № 6-1. S. 207-209. (in Russian)
6. Badanina N.D., Zinchenko A.A., Sudakov V.A. Ranzhirovaniye ob”yektov na osnove nechetkoy klasterizatsii // Preprinty IPM im. M.V. Keldysha. 2022. № 68. S. 1-12. (in Russian) DOI: 10.20948/prepr-2022-68
7. Oreshkov V.I. Vybor chisla klasterov v algoritme k-srednikh s ispol’zovaniyem entropii klasternykh resheniy // Vestnik Ryazanskogo gosudarstvennogo radiotekhnicheskogo universiteta. 2021. № 77. S. 81-92. (in Russian) DOI: 10.21667/1995-4565-2021-77-81-92
8. Klyachkin V.N., Kuvayskova YU.Ye., Lomovtseva N.A. Diagnostika sostoyaniya tekhnicheskogo ob»yekta s pomoshch’yu klassifikatsii metodami mashinnogo obucheniya // Programmnyye produkty i sistemy. 2021. № 4. S. 572-578. (in Russian) DOI: 10.15827/0236-235X.136.572-578
9. Mantserov S.A. Neyronechetkaya klassifikatsiya tekhnicheskikh sostoyaniy ob»yektov slozhnoy struktury // Informatsionnyye
tekhnologii. 2023. T. 29. № 2. S. 91-97. (in Russian) DOI: 10.17587/it.29.91-97
10. Sukhoparov M.Ye., Semenov V.V., Lebedev I.S. Model’ povedeniya dlya klassifikatsii sostoyaniya informatsionnoy bezopasnosti avtonomnogo ob»yekta // Problemy informatsionnoy bezopasnosti. Komp’yuternyye sistemy. 2019. № 4. S. 26-34. (in Russian)
11. Dobryshin M.M., Zakalkin P.V. Model’ komp’yuternoy ataki tipa «phishing» na lokal’nuyu komp’yuternuyu set’ // Voprosy kiberbezopasnosti. 2021. № 2 (42). S. 17-25. DOI: 10.21681/2311-3456-2021-2-17-25 (in Russian)
12. Kotsynyak M.A., Lauta O.S., Ivanov D.A. Matematicheskaya model’ targetirovannoy komp’yuternoy ataki // Naukoyemkiye tekhnologii v
kosmicheskikh issledovaniyakh Zemli. 2019. T. 11. № 2. S. 73-81. (in Russian) DOI: 10.24411/2409-5419-2018-10261
13. Galakhov Ye.M., Sobchuk V.V. Razvitiye modeley kiberatak v ploskosti informatsionnoy bezopasnosti predpriyatiya //
Telekommunikatsionnyye i informatsionnyye tekhnologii. 2019. № 4 (65). S. 12-24. (in Russian)
14. Navruzov E.R. O formirovanii baz pretsedentov dlya resheniya zadach informatsionnoy bezopasnosti // Vestnik RGGU. Seriya: Informatika.
Informatsionnaya bezopasnost’. Matematika. 2022. № 3. S. 66-84. (in Russian) DOI: 10.28995/2686-679X-2022-3-66-84
15. Sukhov A.M., Krupenin A.V., Yakunin V.I. Metod otsenivaniya effektivnosti protsessov funktsionirovaniya sistemy obnaruzheniya preduprezhdeniya i likvidatsii posledstviy komp‘yuternykh atak // I-methods. 2021. T. 13. № 3. (in Russian)
16. Izrailov K.Ye., Buynevich M.V., Kotenko I.V., Desnitskiy V.A. Otsenivaniye i prognozirovaniye sostoyaniya slozhnykh ob»yektov: primeneniye dlya informatsionnoy bezopasnosti // Voprosy kiberbezopasnosti. 2022. № 6(52). S. 2-21. (in Russian) DOI: 10.21681/2311-3456-2022-6-2-21
17. Borisov A.V., Miller G.B., Stefanovich A.I. Upravlyayemyye markovskiye skachkoobraznyye protsessy. II. Monitoring i optimizatsiya funktsionirovaniya TCP-soyedineniy // Izvestiya Rossiy-skoy akademii nauk. Teoriya i sistemy upravleniya. 2019. № 1. S. 13-30. (in Russian) DOI: 10.1134/S0002338819010049
80-93
Gurina, L. A. DEVELOPMENT OF AN INTEGRATED APPROACH TO ENSURING THE CYBER SECURITY OF INTERCONNECTED INFORMATION SYSTEMS UNDER INTELLIGENT MANAGEMENT OF A MICROGRID COMMUNITY / L. A. Gurina, N. V. Tomin // Cybersecurity issues. – 2023. – № 4(56). – С. 94-104. – DOI: 10.21681/2311-3456-2023-4-94-104.

Abstract
The research aims to develop approach to ensure the cybersecurity of the information and communication infrastructure of the energy community. The research relies on the multi-agent reinforcement learning, Markov processes, probabilistic methods. Research result: Potential threats and vulnerabilities of the information and communication infrastructure of the microgrid community are analyzed. A proposed model of microgrid coalitions take into account such factors as cybersecurity risks, the mutual influence of available microgrid resources to protect against cyber-attacks, and the mutual influence of the consequences of cyber threats. The developed method determines the effectiveness of protection against cyber threats with and without coalitions for the microgrid community. Research result: ways of forming energy communities are considered, various structures for managing such communities are analyzed, threats and vulnerabilities of information systems, possible failures and faults during cyber-attacks that can lead to errors in the formation of control actions are identified. An approach has been developed to ensure the cybersecurity of interconnected information systems of the microgrid community. The scientific novelty lies in the fact that in order to ensure the cybersecurity of information and communication infrastructure with multi-agent management of the energy community of microgrids, an approach is proposed, the methodology of which is to model the energy community, simulate cyber-attacks, assess the consequences of cyber-attacks and develop methods and means of protecting interdependent information systems from cyber-attacks.
Keywords:  distributed energy, energy community, microgrid, multi-agent management, cybersecurity risks, cyber-attack models.
References
1. Gjorgievski V.Z., Cundeva S., Georghiou G.E.. Social arrangements, technical designs and impacts of energy communities: A review // Renewable Energy. 2021, vol. 169, pp. 1138-1156. DOI: 10.1016/j.renene.2021.01.078.
2. Warneryd M., Hakansson M., Karltorp K. Unpacking the complexity of community microgrids: A review of institutions’ roles for development of microgrids // Renewable and Sustainable Energy Reviews. 2020, 121, 109690, DOI: 10.1016/j.rser.2019.109690.
3. N. V. Tomin, V. A. SHakirov, V. G. Kurbackij, D. N. Sidorov, D. A. Korev. Energeticheskie soobshchestva s vozobnovlyaemymi istochnikami energii: effektivnoe planirovanie i upravlenie v usloviyah mnogokriterial’nosti. CHast’ 1 // Elektroenergiya: peredacha i raspredelenie [Electricity: transmission and distribution]. 2023, № 3(78), c. 18-27.
4. The Microgrid Case Studies: Community Resilience for Natural Disasters, 2020 https://sepapower.org/resource/the-microgrid-casestudies-community-resilience-for-natural-disasters/
5. Voropaj N.I. Napravleniya i problemy transformacii elektroenergeticheskih sistem // Elektrichestvo [Elektrichestvo]. 2020, №7, s. 12-21. DOI:10.24160/00135380202071221.
6. Xiaojie Xu, Xiuwen Fu. Analysis on Cascading Failures of Directed–Undirected Interdependent Networks with Different Coupling Patterns // Entropy. 2023, vol. 25, no.3, 471. DOI: 10.3390/e25030471.
7. Ilyushin P.V., Vol’nyj V.S. Obzor struktur mikrosetej nizkogo napryazheniya s raspredelennymi istochnikami energii // Relejnaya zashchita i avtomatizaciya [Relay protection and automation]. 2023, № 1(50), s. 68-80.
8. Diptish Saha, Najmeh Bazmohammadi, Juan C. Vasquez, Josep M. Guerrero. Multiple Microgrids: A Review of Architectures and Operation and Control Strategies // Energies. 2023, 16(2), 600. DOI: 10.3390/en16020600.
9. Rabeb Ben Amor, Salwa Elloumi. Decentralized Control Approaches of Large-Scale Interconnected Systems // Advances in Science, Technology and Engineering Systems Journal. 2018, 3(1), pp. 394-403. DOI: 10.25046/aj030148.
10. A. H. El-Ebiary, M. Mokhtar, M. A. Attia and M. I. Marei. A Distributed Adaptive Control Strategy for Meshed DC Microgrids. 2023 IEEE Conference on Power Electronics and Renewable Energy (CPERE), Luxor, Egypt. 2023, pp. 1-6, doi: 10.1109/CPERE56564.2023.10119627.
11. P. Kant, P. Singhal, M. K. Mahto and D. Jain. Control strategies for DC Microgrids: An overview. 2022 2nd International Conference
on Power Electronics & IoT Applications in Renewable Energy and its Control (PARC), Mathura, India. 2022, pp. 1-6, doi: 10.1109/PARC52418.2022.9726636.
12. Y. Wang, A. O. Rousis and G. Strbac. On microgrids and resilience: A comprehensive review on modeling and operational strategies // Renewable and Sustainable Energy Reviews. 2020, vol. 134. DOI: 10.1016/j.rser.2020.110313.
13. X. Zhang, M. Dong and J. Ou. A distributed cooperative control strategy based on consensus algorithm in DC microgrid. 2018 13th IEEE Conference on Industrial Electronics and Applications (ICIEA), Wuhan, China. 2018, pp. 243-248. DOI: 10.1109/ICIEA.2018.8397722.
14. M. Rekik, Z. Chtourou, C. Gransart and A. Atieh. A Cyber-Physical Threat Analysis for Microgrids. 2018 15th International Multi-Conference on Systems, Signals & Devices (SSD), Yasmine Hammamet, Tunisia. 2018, pp. 731-737. DOI: 10.1109/SSD.2018.8570411.
15. Kolosok I.N., Gurina L.A. Ocenka riskov upravleniya kiberfizicheskoj EES na osnove teorii nechetkih mnozhestv. Metodicheskie voprosy issledovaniya nadezhnosti bol’shih sistem energetiki [Methodological issues in the study of the reliability of large energy systems]. V 2-h knigah. 2019, s. 238-247.
16. Kolosok I.N., Gurina L.A. Otsenka pokazatelei kiberustoichivosti sistem sbora i obrabotki informatsii v EES na osnove polumarkovskikh modelei // Voprosy kiberbezopasnosti [Cybersecurity issues]. 2021, №6. S. 2-11. DOI: 10.21681/2311-3456-2021-6-2-11.
17. Abhinav, H. Modares, F. L. Lewis, F. Ferrese, and A. Davoudi. Synchrony in networked microgrids under attacks // IEEE Trans. Smart Grid, vol. 9, no. 6, pp. 6731–6741, 2018.
18. K. Gupta, S. Sahoo, R. Mohanty, B. K. Panigrahi and F. Blaabjerg. Decentralized Anomaly Identification in Cyber-Physical DC Microgrids. 2022 IEEE Energy Conversion Congress and Exposition (ECCE), Detroit, MI, USA. 2022, pp. 1-6. DOI: 10.1109/ECCE50734.2022.9947581.
19. Gurina L.A., Ajzenberg N.I. Poisk effektivogo resheniya po obespecheniyu zashchity ot kiberugroz soobshchestva mikrosetej so vzaimosvyazannymi informacionnymi sistemami // Voprosy kiberbezopasnosti [Cybersecurity issues]. 2023, № 3.
20. Tomin N., Voropai N., Kurbatsky V., Rehtanz C. Management of Voltage Flexibility from Inverter-Based Distributed Generation Using Multi-Agent Reinforcement Learning // Energies. 2021, 14, 8270. DOI: 10.3390/en14248270.
21. Zhang, K.; Yang, Z.; Liu, H.; Zhang, T.; Basar, T. Fully decentralized multi-agent reinforcement learning with networked agents. arXiv 2018, arXiv:1802.08757.
22. S. Sahoo, J. C. H. Peng, S. Mishra, and T. Dragicevic. Distributed Screening of Hijacking Attacks in DC Microgrids // IEEE Trans. Power Electron. 2020, vol. 35, no. 7, pp. 7574–7582. 2020. DOI: 10.1109/TPEL.2019.2957071.
23. S. Mo, W. -H. Chen and X. Lu. Distributed hybrid secondary control strategy for DC microgrid group based on multi-agent system.2021 33rd Chinese Control and Decision Conference (CCDC), Kunming, China. 2021, pp. 109-114. DOI: 10.1109/CCDC52312.2021.9602249.
94-104
Iskhakov, A. Yu. PROACTIVE SEARCH FOR INTERNAL THREATS TO INFORMATION SECURITY IN CONDITIONS OF CONSTRAINTS / A. Yu. Iskhakov, K. A. Gaiduk // Cybersecurity issues. – 2023. – № 4(56). – С. 105-119. – DOI: 10.21681/2311-3456-2023-4-105-119.

Abstract
Purpose of work: research of methods for detecting internal threats to information security and improving their effectiveness through the modernization of the approach to building an internal threat detection system. Research method: system analysis of open data sources on methods for detecting internal threats to information security; construction of a model based on the application of machine learning methods; methods for sample formation and training, assessment of anomaly based on decision-making methods. The result obtained: The article presents a study of existing methods and models for detecting internal threats based on unsupervised machine learning, including multi-layer artificial neural networks. An approach to building an internal threat detection system is described and formalized, which is then applied to an existing dataset to evaluate the effectiveness of the models. The uniqueness of the proposed approach lies in the ability to detect internal threats for each record individually, as well as for each user based on the number of anomalous records. The described methods for data extraction, aggregation, and representation, formulated with the constraints of real systems in mind, were applied to a dataset of user actions over a day. Evaluations of model effectiveness were calculated for anomaly record decision-making approaches and each user. The obtained evaluations can be interpreted as a result of the models’ generalization abilities and the peculiarities of calculating anomaly values. Scientific novelty: the article presents an approach to detecting internal threats to information security that differs in the ability to detect internal threats for each record individually, as well as for each user based on the number of anomalous records.
Keywords:  internal threats, insider, threat detection, information security, anomalies, machine learning, artificial neural networks.
References
1. Al-Mhiqani M.N., Ahmad R., Abidin Z.Z., Abdulkareem K.H., Mohammed M.A., Gupta D., Shankar K. A new intelligent multilayer framework for insider threat detection // Computers & Electrical Engineering. – 2022. – Vol. 97. – P. 107597. – DOI: 10.1016/j.compeleceng.2021.107597.
2. Kim A., Oh J., Ryu J., Lee K. A Review of Insider Threat Detection Approaches with IoT Perspective // IEEE Access. – 2020. – Vol. 8. – P. 78847-78867. – DOI: 10.1109/ACCESS.2020.2990195.
3. Kim J., Park M., Kim H., Cho S., Kang P. Insider Threat Detection Based on user Behavior Modeling and Anomaly Detection Algorithms // Applied Sciences. – 2019. – Vol. 9. – P. 4018. – DOI: 10.3390/app9194018.
4. Al-Mhiqani M.N., Ahmad R., Abidin Z.Z., Yassin W., Hassan A., Abdulkareem K.H., Ali N.S., Yunos Z. A review of insider threat detection: Classification, machine learning techniques, datasets, open challenges, and recommendations // Applied Sciences. – 2020. – Vol. 10, no. 15. – P. 5208. – DOI: 10.3390/app10155208.
5. Goodfellow I., Bengio Y., Courville A. Deep learning. – MIT press, 2016.
6. Yuan S., Wu X. Deep learning for insider threat detection: Review, challenges and opportunities // Computers & Security. – 2021. – Vol. 104. – P. 102221. – DOI: 10.1016/j.cose.2021.102221.
7. Chauhan V. K., Dahiya K., Sharma A. Problem formulations and solvers in linear SVM: a review // Artificial Intelligence Review. – 2019. – Vol. 52, no. 2. – P. 803-855. – DOI: 10.1007/s10462-018-9614-6.
8. Khan S.S., Madden M.G. One-class classification: taxonomy of study and review of techniques // The Knowledge Engineering Review. – 2014. – Vol. 29, no. 3. – P. 345-374. – DOI: 10.1017/S026988891300043X.
9. Hurst W., Tekinerdogan B., Alskaif T., Boddy A. Securing electronic health records against insider-threats: A supervised machine learning approach // Smart Health. – 2022. – Vol. 26, no. 9. – P. 100354. – DOI: 10.1016/j.smhl.2022.100354.
10. Le D. C., Zincir-Heywood N. Anomaly detection for insider threats using unsupervised ensembles // IEEE Transactions on Network and Service Management. – 2021. – Vol. 18, no. 2. – P. 1152-1164. – DOI: 10.1109/TNSM.2021.3071928.
11. Sadaf K., Sultana J. Intrusion detection based on autoencoder and isolation forest in fog computing // IEEE Access. – 2020. – Vol. 8. – P. 167059-167068. – DOI: 10.1109/ACCESS.2020.3022855.
12. Hariri S., Kind M. C., Brunner R. J. Extended isolation forest // IEEE Transactions on Knowledge and Data Engineering. – 2019. – Vol. 33, no. 4. – P. 1479-1489. – DOI: 10.1109/TKDE.2019.2947676.
13. Pouyanfar S., Sadiq S., Yan Y., Tian H., Tao Y, Reyes M.P., Shyu M.-L., Chen S.-C., Iyengar S.S. A survey on deep learning: Algorithms, techniques, and applications // ACM Computing Surveys (CSUR). – 2018. – Vol. 51, no. 5. – P. 1-36. – DOI: 10.1145/3234150.
14. Merrill N., Eskandarian A. Modified autoencoder training and scoring for robust unsupervised anomaly detection in deep learning // IEEE Access. – 2020. – Vol. 8. – P. 101824-101833. – DOI: 10.1109/ACCESS.2020.2997327.
15. Pantelidis E., Bendiab S., Kolokotronis N. Insider threat detection using deep autoencoder and variational autoencoder neural networks // 2021 IEEE International Conference on Cyber Security and Resilience (CSR). – IEEE, 2021. – P. 129-134. – DOI: 10.1109/CSR51186.2021.9527925.
16. Tang T.A., Mhamdi L., McLernon D., Zaidi S.A.R., Ghogho M. Deep Recurrent Neural Network for Intrusion Detection in SDN-based Networks // 2018 4th IEEE Conference on Network Softwarization and Workshops (NetSoft). – IEEE, 2018. – P. 202-206. – DOI: 10.1109/NETSOFT.2018.8460090.
17. Buber E., Diri B. Web page classification using RNN // Procedia Computer Science. – 2019. – Vol. 154. – P. 62-72. – DOI: 10.1016/j.procs.2019.06.011.
18. Sharma B., Pokharel P., Joshi B. User behavior analytics for anomaly detection using LSTM autoencoder-insider threat detection // Proceedings of the 11th International Conference on Advances in Information Technology. – Bangkok, Thailand, 2020. – P. 1–9. – DOI: 10.1145/3406601.3406610.
19. Gajduk K.A., Ishakov A.Ju. K voprosu o realizacii algoritmov vyjavlenija vnutrennih ugroz s primeneniem mashinnogo obuchenija // Vestnik SibGUTI. – 2022. – № 16(4). – S. 80-95. – DOI: 10.55648/1998-6920-2022-16-4-80-95.
20. Lindauer B. Insider Threat Test Dataset. Carnegie Mellon University. Dataset. – URL: https://doi.org/10.1184/R1/12841247.v1 (accessed: 19.07.2023).
21. Le D.C., Zincir-Heywood N., Heywood M.I. Analyzing data granularity levels for insider threat detection using machine learning // IEEE Transactions on Network and Service Management. – 2020. – Vol. 17, no. 1. – P. 30-44. – DOI:10.1109/TNSM.2020.2967721.
22. Al-Shehari T., Alsowail R.A. An Insider Data Leakage Detection Using One-Hot Encoding, Synthetic Minority Oversampling and Machine Learning Techniques // Entropy. – 2021. – Vol. 23, no. 10. – P. 1258. – DOI: 10.3390/e23101258.
23. Li X., Wang Y., Basu S., Kumbier K., Yu B. A debiased MDI feature importance measure for random forests // Advances in Neural Information Processing Systems. – 2019. – Vol. 32. – P. 1-19.
24. Lundberg S.M., Lee S.I. A unified approach to interpreting model predictions // Advances in Neural Information Processing Systems. – 2017. – Vol. 30. – P. 1-10.
25. Le D.C., Zincir-Heywood A.N. Machine learning based insider threat modelling and detection // 2019 IFIP/IEEE Symposium on Integrated Network and Service Management (IM). – IEEE, 2019. – P. 1-6.
26. Bartoszewski F.W., Just, M., Lones, M.A., Mandrychenko, O. Anomaly Detection for Insider Threats: An Objective Comparison of Machine Learning Models and Ensembles // ICT Systems Security and Privacy Protection: 36th IFIP TC 11 International Conference, SEC 2021. – Cham : Springer International Publishing, 2021. – P. 367-381. – DOI: 10.1007/978-3-030-78120-0_24.
105-119

Be the first to comment

Leave a Reply

Your email address will not be published.


*


This site uses Akismet to reduce spam. Learn how your comment data is processed.