№ 5 (51)

Purpose: to show the creation and consideration perspective of the ways to build a multi-agent information security system at an informatization object with the implementation of a decentralized and mixed (centralized- decentralized) principle of its design and functioning in order to exclude the extraction of various types of information, data about the characteristics of the informatization object and relationships between its structural elements.Method: the method of functional and structural analysis of technical channels of leaking information circulating in the form of speech information at the informatization objects of the internal affairs bodies in the course of their daily activities or during official activities, as well as ways to build an information security system from leakage through technical channels is applied.Result: the factors determined are those that are necessary to be taken into account when substantiating the composition and functions of agents of a multi-agent information security system, depending on the conditions characterizing the dynamics of the intruder’s actions to obtain protected information, the dynamics of the application of measures and means of protection. It is shown that a multi-agent protection system composition can include two classes of agents - simple and intelligent, and the system itself must be a multilayer structure, each layer of which is tied to a certain type of technical information leakage channels, and contain one or more agents (meta-agents), which provide solution of decision support tasks for information protection in each layer and in the security system as a whole and control of other agents. Examples of the composition and structure of a multi-agent system for protecting against leakage through technical channels, as well as examples of the structure of a simple and intelligent agent for such a system are given.The scientific novelty of the article is in the fact that the idea of creating a multi-agent system is considered for the first time in relation to solving the problem of protecting information from leakage through technical channels, the composition, structure and functions of such systems are determined, as well as the directions for the development of methodological support for their creation and operation.
Keywords: machine learning, informatization object, technical means of receiving, technical channel of information leakage, intelligent agent, means of protection, knowledge base.

1. Avsentiev, O. S. Simulation of processes of information protection of informatiza-tion objects from leakage on technical channels using a Petri-Markov network apparatus / O.S. Avsentiev, A.O. Avsentiev, A.G. Krugov, Yu.K. Yazov. — Tekst : jelektronnyj // Journal of Computational and Engineering Mathematics. — 2021. T. 8. № 2. S. 32-41. — DOI: 10.14529/jcem210201. https://www.elibrary.ru/item.asp?id=46552937 (data obrashhe-nija: 19.08.2022). — Rezhim dostupa: Nauchnaja jelektronnaja biblioteka eLIBRARY.RU.
2. Zashhita informacii v informacionnyh sistemah ot nesankcionirovannogo dostupa: monografija / Ju. K. Jazov, S. V. Solov’ev. — Voronezh: Kvarta, 2018. — 440 s. ISBN 978-5-93737-158-4. — Tekst : neposredstvennyj.
3. Avsent’ev, O. S. K voprosu o formirovanii sistemy zashhity informacii ot utechki po tehnicheskim kanalam, voznikajushhim za schet pobochnyh jelektromagnitnyh izluchenij ob#ektov informatizacii / O. S. Avsent’ev, A. G. Val’de. Tekst : jelektron-nyj // Vestnik Voronezhskogo instituta MVD Rossii. — 2021. № 2. S. 22-33. https://www.elibrary.ru/item.asp?id=46221802 (data obrashhenija: 19.08.2022). — Rezhim do-stupa: Nauchnaja jelektronnaja biblioteka eLIBRARY.RU.
4. Gorodeckij, V. I. Mnogoagentnye sistemy (obzor)/ V. I. Gorodeckij, M. S. Grushinskij, A. V. Habalov. — Tekst jelektronnyj. — 2015. — URL: https://777russia.ru/ book/uploads/OSNOVY%20ROBOTOTEHNIKI/Gorodeckij%20V.I.%2C%20Mnogoagentnye%20sistemy%20
%28obzor%29.doc. (data obrashhenija: 19.08.2022).
5. Wang, H. Multiagent hierarchical cognition difference policy for multiagent cooper-ation / H. Wang., J. Yi., Z. Pu., Z. Liu. – Tekst : jelektronnyj // Algorithms. — 2021. T. 14. № 3. — DOI: 10.3390/a14030098. https://www.elibrary.ru/item.asp?id=45984393 (data obrashhenija: 19.08.2022). — Rezhim dostupa: Nauchnaja jelektronnaja biblioteka eLIBRARY.RU.
6. Hua, Y. Formation-containment tracking for general linear multi-agent systems with a tracking-leader of unknown control input / Y. Hua, X. Dong, L. Han, Q. Li, Z. Ren. -Tekst : jelektronnyj // Systems & Control Letters, vol. 122, pp. 67–76, 2018. URL: https://www.semanticscholar.org/paper/Formation-containment-tracking-for-general-linear-a-Hua-Dong/40c82ecb36b79b62925895ef33ed9fa4
316fef70 (data obrashhenija: 19.08.2022).
7. Wang, L. Distributed continuous-time containment control of heterogeneous multi-agent systems with nonconvex control input constraints / Wang L., Li X., Zhang Y. -Tekst : jelektronnyj // Complexity. 2022. T. 2022. S. 7081091. — DOI: 10.1155/2022/7081091. https://www.elibrary.ru/item.asp?id=49058081 (data obrashhenija: 21.08.2022). — Rezhim do-stupa: Nauchnaja jelektronnaja biblioteka eLIBRARY.RU.
8. Grusho, N. A. Sravnenie arhitektur mnogoagentnyh sistem/ N. A. Grusho, E. E. Timonina. — Tekst : jelektronnyj // Informacionnye tehnologii. — Moskva. — 2019. T. 25. № 5. S. 293-299. https://www.elibrary.ru/item.asp?id=38470623 (data obrashhe-nija: 21.08.2022). — Rezhim dostupa: Nauchnaja jelektronnaja biblioteka eLIBRARY.RU.
9. Zajcev, E. I. Mnogoagentnye sistemy i mnogoagentnye banki znanij / E. I. Zajcev, I. V. Stepanova, R. F. Halabija. — Tekst : jelektronnyj // Uspehi sovre-mennoj nauki. Belgorod — 2017. T. 4. № 4. S. 155-159. https://www.elibrary.ru/item.asp?id=29317763 (data obrashhenija: 23.08.2022). — Rezhim do-stupa: Nauchnaja jelektronnaja biblioteka eLIBRARY.RU.
10. Bezhitskaja, E. A. Mnogoagentnye tehnologii v zadachah upravlenija/ E. A. Bezhitskaja, P. I. Kazanceva. — Tekst : jelektronnyj // Aktual’nye problemy aviacii i kosmonavtiki. Sibirskij gosudarstvennyj universitet nauki i tehnologij im. akad. M.F. Reshetneva. Krasnojarsk – 2018. T. 2. № 4 (14). S. 289-291. https://www.elibrary.ru/item.asp?id=36804784 (data obrashhenija: 23.08.2022). — Rezhim do-stupa: Nauchnaja jelektronnaja biblioteka eLIBRARY.RU.
11. Hovanskov, S. A. Metodika zashhity raspredelennyh vychislenij v mnogo-agentnoj sisteme / S. A. Hovanskov, V. A. Litvinenko, V. S. Hovanskova. — Tekst : jelektronnyj // Izvestija JuFU. Tehnicheskie nauki. 2019. № 4 (206). S. 68-80. — DOI: 10.23683/2311-3103-2019-4-68-80. https://www.elibrary.ru/item.asp?id=42197979 (da-ta obrashhenija: 23.08.2022). — Rezhim dostupa: Nauchnaja jelektronnaja biblioteka eLIBRARY.RU.
12. Koshelev, D. A. Vozmozhnost’ primenenija mnogoagentnoj sistemy dlja ob-naruzhenija vnedrenija i atak / D. A. Koshelev, T.V. Korzh. — Tekst : jelektronnyj // Sbor-nik trudov XXV Mezhdunarodnoj nauchno-tehnicheskoj konferencii, posvjashhennoj 160-letiju so dnja rozhdenija A.S. Popova: Radiolokacija, navigacija, svjaz’. V 6-ti to-mah. 2019. S. 106 – 113. https://www.elibrary.ru/item.asp?id=37394333 (data obrashhenija: 23.08.2022). — Rezhim dostupa: Nauchnaja jelektronnaja biblioteka eLIBRARY.RU.
13. Listopad S.V. Stimuljacija konfliktov agentov v gibridnyh intellektu-al’nyh mnogoagentnyh sistemah / S. V. Listopad, I. A. Kirikov. — Tekst: jelektron-nyj // Sistemy i sredstva informatiki. 2021. T. 31. № 2. S. 47-58. — DOI: 10.14357/08696527210205. https://www.elibrary.ru/item.asp?id=45824719 (data ob-rashhenija: 23.08.2022). — Rezhim dostupa: Nauchnaja jelektronnaja biblioteka eLIBRARY.RU.
14. Gorodeckij, V. I. Mnogoagentnye tehnologii dlja industrial’nyh prilozhenij: real’nost’ i perspektiva / V. I. Gorodeckij, P. O. Skobelev. — Tekst : jelektronnyj // Trudy SPIIRAN, № 6 (55). 2017. S. 11–45. — DOI: 10.15622/sp.55.1. https://www.elibrary.ru/item.asp?id=30685497 (data obrashhenija: 23.08.2022). — Rezhim dostupa: Nauchnaja jelektronnaja biblioteka eLIBRARY.RU. niem stroja robotov pri dinamicheski izmenjajushhihsja uslovijah // Iskusstvennyj intelekt i prinjatie reshenij. –
15. Avsent’ev, A. O. Verbal’naja model’ ugroz utechki informacii po tehniche-skim kanalam v processe sozdanija ob#ektov informatizacii / A. O. Avsent’ev, A. G. Val’de. — Tekst : jelektronnyj // Vestnik Voronezhskogo instituta MVD Rossii. 2022. № 2. S. 65-75. https://www.elibrary.ru/item.asp?id=48732009 (data obrashhenija: 23.08.2022). — Rezhim dostupa: Nauchnaja jelektronnaja biblioteka eLIBRARY.RU.
16. Bezhitskaja, E. A. Obzor i sravnenie programmnyh sredstv dlja realizacii mnogoagentnyh sistem / E. A. Bezhitskaja, S. S. Bezhitskij, P. I. Kazanceva. — Tekst : jelektronnyj // Reshetnevskie chtenija. 2018. S. 102-103. https://www.elibrary.ru/item.asp?id=36741639 (data obrashhenija: 23.08.2022). — Rezhim dostupa: Nauchnaja jelektronnaja biblioteka eLIBRARY.RU.

The aim of this article is to study the possibility of creating a speech-like interference (SLI) based on scrambling of the protected speech signal that is resistant to noise cleaning, restoration and reconstruction of distorted speech through processing of its spectrogram images, including the use of the speaker’s voice database.Methods: applied systems analysis, digital spectral-time analysis, digital processing of signals and images,image analysis of sonogramsResults: it is proposed to use as the main indicator of the security of speech information the concept of potential speech intelligibility, methods for assessing potential intelligibility are determined. An algorithm of compensation- type digital noise cleaning using image analysis-synthesis technology has been developed. The requirements for the created SLI are formed, consisting in changing the spetral-temporal envelope of speech, removing («weakening») traces of the harmonic structure of speech, equalizing the capacities of the protected speech signal and the SLI masking it. The approaches to the formation of an SLI resistant to the procedures of digital noise cleaning and reconstruction of distorted sonograms are described, proposals are presented on the methodology for evaluating the effectiveness of interference through the indicator of potential intelligibility. The results obtained will allow to better understand the work of attacking tools, develop methods and means of effectively countering possible threats, and expand the capabilities of existing speech information protection systems.The scientific novelty consists in the development of criteria for evaluating the effectiveness of speech-like interference, taking into account the capabilities of the intruder to restore the intelligibility of distorted speech messages, proposed methods for the formation of scrambler-type SLI that meet such criteria, substantiated proposals to improve existing methods for assessing and monitoring the security of speech information from its leakage through technical channels.
Keywords: acoustic speech reconnaissance means, speech information protection, speech intelligibility,
acoustic interference, speech signal.

1. Avdeev V.B., Trushin V.A., Kungurov M.A. Unificirovannaja rechepodobnaja pomeha dlja sredstv aktivnoj zashhity rechevoj informacii // Tr. SPIIRAN. 2020. Vypusk 19. T. 5. S. 991–1017.
2. Asjaev G.D., Antjasov I.S. Ocenka jeffektivnosti primenenija shumovyh «rechepodobnyh» pomeh dlja zashhity akusticheskoj informacii // Vestnik UrFO 2018. № 2(28). S. 19–24.
3. Trushin V.A., Ivanov A.V. Vozmozhnosti snizhenija integral’nogo urovnja pomehi v sredstvah aktivnoj zashhity rechevoj informacii (sostojanie i perspektivy) // Doklady TUSUR. 2018. T. 21. № 2. S. 38–42.
4. Horev A.A., Carev N.V. Sposob i algoritm formirovanija rechepodobnoj pomehi // Vestnik VGU, serija: Sistemnyj analiz i informacionnye tehnologii. 2017. № 1. S. 57–67.
5. Trushin V.A. The analysis of the formant method of speech intelligibility estimation as a method of performing indirect measurements // Nauchnyj vestnik NGTU. 2019. № 4 S. 135-146.
6. Kozlachkov S.B., Dvorjankin S.V., Vasilevskaja N.V. Foneticheskaja funkcija A.A. Pirogova i pomehoustojchivost’ kanala rechevoj kommunikacii // Rechevye tehnologii. 2018. № 1-2. S. 105-110.
7. Dvorjankin S.V., Dvorjankin N.S., Ustinov R.A. Razvitie tehnologij obraznogo analiza-sinteza akusticheskoj (rechevoj) informacii v sistemah upravlenija, bezopasnosti i svjazi // Bezopasnost’ informacionnyh tehnologij =IT Security. Tom 26, № 1. 2019. C. 64–76. DOI: http://dx.doi.org/10.26583/bit.2019.1.07
8. Dvorjankin S.V., Zenov A.E., Ustinov R.A., Dvorjankin N.S. Kodirovanie izobrazhenij spektrogramm dlja obespechenija peremennoj skorosti peredachi audiodannyh s sohraneniem kachestva ih zvuchanija // Bezopasnost’ informacionnyh tehnologij 2021. T. 28. № 4. S. 22-38.
9. Dvorjankin S.V., Ulengov S.V., Ustinov R.A., Dvorjankin N.S., Antipenko A.O. Sistemnoe modelirovanie rechepodobnyh signalov i ego primenenie v sfere bezopasnosti, svjazi i upravlenija // Bezopasnost’ informacionnyh tehnologij. 2019. — T. 26. № 4. — S. 101-119.
10. Mnogojazychnyj sintez rechi s klonirovaniem [Jelektronnyj resurs] – Rezhim dostupa: https://habr.com/ru/post/465941/ (data obrashhenija: 22.02.2022)
11. WaveNet: A Generative Model for Raw Audio / Aaron van den Oord, Sander Dieleman, Heiga Zen, Karen Simonyan, Oriol Vinyals, Alex Graves, Nal Kalchbrenner, Andrew Senior, Koray Kavukcuoglu [Jelektronnyj resurs] – Rezhim dostupa: https://arxiv.org/abs/1609.03499 (data obrashhenija: 22.02.2022).
12. Dvorjankin S.V., Dvorjankin N.S. Sredstva, sposoby i priznaki klonirovanija rechi. Sbornik statej po materialam IV Mezhdunarodnoj nauchno-prakticheskoj konferencii «Informacionnaja bezopasnost’: vchera, segodnja, zavtra» pod redakciej V.V. Arutjunova. Moskva, RGGU, 2021. S. 103 111.
13. Alyushin A.M., Dvoryankin S.V. Acoustic pattern recognition technology based on the Viola-Jones approach for VR and AR systems. V sbornike: Brain-Inspired Cognitive Architectures for Artificial Intelligence: BICA*AI 2020. Proceedings of the 11th Annual Meeting of the BICA Society. Ser. «Advances in Intelligent Systems and Computing» 2021. S. 1-8.
14. Blintsov V., Nuzhniy S., Kasianov Y., Korytskyi V. Development of a mathematical model of scrambler-type speech-like interference generator for system of prevent speech information from leaking via acoustic and vibration channels // Technology audit and production reserves. 2019. vol. 5. no. 2(49). pp. 19-26.
15. Kozlachkov S. B., Dvorjankin S.V., Bonch-Bruevich A.M. Principy formirovanija testovyh rechevyh signalov pri ocenkah jeffektivnosti tehnologij shumoochistki // Voprosy kiberbezopasnosti. 2018. № 3(27). S. 9-15. DOI:10.21681/2311-3456-2018-3-09-15

The purpose of the article: elimination of the gap in existing need in the set of clear and objective security and privacy metrics for the IoT devices users and manufacturers and an absence of such a set incorporating the interconnected security and privacy metrics, the algorithms for their calculation and generation of the integral clear and objective score by the development of the security and privacy measuring system for the IoT devices.Research method: theoretical and system analysis for determination and classification of the security and privacy metrics, semantic analysis for generating of the semantic model of personal data processing scenarios, analytical modeling methods for generating of the attack traces, log analysis methods, statistical methods and machine learning methods for searching of the anomalies in device behavior, development of the database and software implementing the proposed security and privacy measuring system.The result obtained: the security and privacy measuring system for the IoT devices users and manufacturers is proposed. The proposed system allows automated calculation of the security and privacy metrics based on the available data on the device and generation of the integral security and privacy score. The hierarchy of security and privacy metrics is developed in the scope of the proposed system. The proposed metrics are calculated using static and dynamic data on the device and its behavior. Original algorithms for calculation of the outlined metrics are developed, including the algorithms for calculation of the integral security and privacy score. The architecture of the security measuring system is developed. It integrates the components implementing the developed algorithms for metrics calculation. The system operation is demonstrated on the case study.The area of use of the proposed approach - the developed security and privacy measuring system can be used by the IoT devices manufacturers to analyse their security and privacy, and to provide the users with simple and clear security and privacy metrics.Novelty: the hierarchy of static and dynamic security and privacy metrics for the Internet of Things is developed; the approach to security and privacy assessment for the Internet of Things on the basis of the developed metrics and available data is proposed; novel algorithms for metrics calculation are developed; novel algorithms for integral metrics calculation considering available data are developed.Contribution: Fedorchenko E. - development of the approach, metrics hierarchy, and system architecture, problem statement for the components and their development, Novikova E. - the component for calculation of privacy risks, the component for calculation of integral risk scores, Kotenko I. - project management, problem statement, system architecture, Gaifulina D. - the component for event logs processing and integration, Tushkanova O., Murenin I. - the component for calculation of the dynamic risks score using statistical methods and machine learning, Levshun D. - metrics database, the component for calculation of the static risk score, Meleshko A. - the component for readability assessment, Kolomeets M. - the component for privacy risks assessment on the basis of *.apk files, the component for the dynamic risk score calculation considering attacks traces. All authors participated in the writing of the article.
Keywords: security assessment, internet of things, metrics, integral scores, static information, dynamic information, semantics, ontology, cyber attack, information system, data mining, anomalies, attack traces.

1. Doynikova E., Chechulin A., Kotenko I. Analytical attack modeling and security assessment based on the common vulnerability scoring system // Proceedings of the XXth Conference of Open Innovations Association FRUCT, 2017. P. 53–61. 10.23919/FRUCT.2017.8071292.
2. Wei R., Cai L., Yu A., Meng D. AGE: Authentication Graph Embedding for Detecting Anomalous Login Activities, 2020. doi: 10.1007/978-3-030-41579-2_20.
3. Ardagna C.A., De Capitani di Vimercati S., Samarati P. Enhancing User Privacy Through Data Handling Policies // eds: Damiani E., Liu P., Proc. of the Data and Applications Security, 2006, LNCS, vol. 4127, Springer, Berlin, Heidelberg.
4. Pardo R., Le Métayer D. Analysis of Privacy Policies to Enhance Informed Consent // Proc. of the Data and Applications Security and Privacy XXXIII (DBSec), eds.: Foley S., LNCS, vol. 11559, Springer, Cham, 2019.
5. Tesfay W.B., Hofmann P., Nakamura T., Kiyomoto S., Serna J. PrivacyGuide: Towards an Implementation of the EU GDPR on Internet Privacy Policy Evaluation // Proceedings of the Fourth ACM International Workshop on Security and Privacy Analytics (IWSPA ’18), Association for Computing Machinery, New York, NY, USA, 2018. P. 15–21. doi: https://doi.org/10.1145/3180445.3180447.
6. Kincaid J.P., Fishburne R.P., Rogers R.L., Chissom B.S. Derivation of new readability formulas (automated readability index, fog count, and flesch reading ease formula) for Navy enlisted personnel. Research Branch Report 8–75. Chief of Naval Technical Training: Naval Air Station Memphis, 1975.
7. Najib Warsun, Sulistyo Selo, Widyawan Widyawan. Survey on Trust Calculation Methods in Internet of Things // Procedia Computer Science, 161, 2019. P. 1300–1307. doi: 10.1016/j.procs.2019.11.245.
8. De S. J., Metayer D. L. Privacy Risk Analysis to Enable Informed Privacy Settings // Proc. of the 2018 IEEE European Symposium on Security and Privacy Workshops (EuroS&PW), London, 2018. P. 95–102.
9. Bar-Sinai M., Sweeney L., Crosas M. DataTags, Data Handling Policy Spaces and the Tags Language // Proc. of the 2016 IEEE Security and Privacy Workshops (SPW), San Jose, CA, 2016. P. 1–8.
10. Metayer D. L. A Formal Privacy Management Framework // eds.: Degano P., Guttman J., Martinelli F., Proc. of the Formal Aspects in Security and Trust (FAST), 2008, LNCS, vol. 5491, Springer, Berlin, Heidelberg, 2009.
11. Pandit H.J., Fatema K., O’Sullivan D., Lewis D.: GDPRtEXT - GDPR as a Linked Data Resource // eds.: Gangemi A. et al., Proc. of The Semantic Web (ESWC), 2018, LNCS, vol. 10843, Springer, Cham, 2018.
12. Roman Ushakov, Elena Doynikova, Evgenia Novikova, Igor Kotenko. CPE and CVE based Technique for Software Security Risk Assessment // The 11th IEEE International Conference on Intelligent Data Acquisition and Advanced Computing Systems: Technology and Applications (IDAACS 2021), 2021. 22-25 September, 2021, Cracow, Poland. P. 353-356. DOI:10.1109/IDAACS53288.2021.9660968.
13. Novikova E., Doynikova E., Kotenko I. P2Onto: Making Privacy Policies Transparent // The 3rd International Workshop on Attacks and Defenses for Internet-of-Things (ADIoT 2020), In Conjunction with ESORICS 2020. 4-6 November 2020, Paris, France. / Computer Security, Lecture Notes in Computer Science (LNCS), Springer. 2020. vol. 12501 LNCS. pp. 235-252. DOI: https://doi.org/10.1007/978-3-030-64330-0_15 (WoS, Scopus) eLIBRARY ID: 45049659.
14. Kotenko I., Fedorchenko A., Saenko I., Kushnerevich A. Big data technologies for of security event correlation based on type accounting // Cybersecurity issues. 2017. No. 5 (23). С.2-16. DOI: 10.21681/2311-3456-2017-5-2-16.
15. Schölkopf B., Platt J. C., Shawe-Taylor J., Smola A. J., Williamson R. C. Estimating the Support of a High-Dimensional Distribution //
Neural Computation, 13, 7, 2001. P. 1443–1471. doi:10.1162/089976601750264965.
16. Rousseeuw P.J., Van Driessen K. A fast algorithm for the minimum covariance determinant estimator // Technometrics, 41, 3, 1999. P. 212.
17. Liu F. T., Ting K. M., Zhou Z.-H. Isolation-Based Anomaly Detection // ACM Transactions on Knowledge Discovery from Data, 6, 1, 2012. P. 1–39. doi:10.1145/2133360.2133363.
18. Peltier T.R. Information security risk analysis, 3d edition, CRC Press, 2010, 456 p.
19. Khouzani MHR., Liu Z., Malacaria P. Scalable min-max multi-objective optimization over probabilistic attack graphs // European Journal of Operational Research, vol. 278, issue 3, 2019. P. 894–903.
20. Novikova E., Doynikova E., Gaifulina D., Kotenko I. Construction and Analysis of Integral User-Oriented Trustworthiness Metrics // Electronics. – 2022. – 11(2): 234. ‑ https://doi.org/10.3390/electronics11020234.
21. Security assessment and selection of countermeasures for cybersecurity management. Monograph / E.V. Doinikov and I.V. Kotenko. St. Petersburg: Nauka Publishing House, 2021. - 197 p. ISBN 978-5-907366-23-7.

Purpose of the article: development of a mechanism for evaluating the actions of agents of complex informationsystems from the point of view of information security.Research method: game-theoretic models using stochastic modeling methods.The result: typical operations of the violator and defender are defined. A game-theoretic model based on a game with nature has been developed to determine the results of an attack on a separate element of a complex network. Based on the zero-sum game, a model of agent confrontation based on the results of the game with nature has been developed. For the game with nature and the zero-sum game, the strategies of agents' actions are defined. A formal description of the model is given, and it is shown that the simulation result is determined by six parameters that do not depend on a particular type of network graph.
Keywords: information security model, assessment of complex systems, Monte Carlo method, strategy of confrontation, playing with nature. 

1. Raghavendra Chalapathy, Sanjay Chawla. Deep learning for anomaly detection: A survey. https://arxiv.org/pdf/1901.03407.pdf. (Data obrashhenija: 25.07.2022).
2. Liu Hua Yeo, Xiangtong Che, Shalini Lakkaraju. Understanding Modern Intrusion Detection Systems: A Survey. – URL: https://arxiv.org/pdf/1708.07174 (data obrashhenija: 01.09.2022).
3. Sozykin A.V. Obzor metodov obuchenija glubokih nejronnyh setej // Vestnik JuUrGU. Serija: Vychislitel’naja matematika i informatika. 2017. T. 6, № 3. S. 28–59. DOI: 10.14529/cmse170303.
4. Gajfulina D.A., Kotenko I.V. Primenenie metodov glubokogo obuchenija v zadachah kiberbezopasnosti. Chast’ 2. Voprosy
kiberbezopasnosti. 2020. № 4(38) . DOI:10.21681/2311-3456-2020-04-11-21.
5. Yang Xin, Mingcheng Gao, Haixia Hou. Machine Learning and Deep Learning Methods for Cybersecurity https://www.researchgate.net/publication/325159145. (Data obrashhenija: 25.08.2022).
6. On the Effectiveness of Machine and Deep Learning for Cyber Security Giovanni Apruzzese, Michele Colajanni, Luca Ferretti. 2018 10th International Conference on Cyber Conflict CyCon. https://ccdcoe.org/uploads/2018/10/Art-19-On-the-Effectiveness-of-Machineand-Deep-Learning-for-Cyber-Security.pdf. (Data obrashhenija: 25.08.2022).
7. Pushpa Iyer, Tanvi Jadhav. Analysis of Modern Intrusion Detection Algorithms and Developing a Smart IDS, 2021 International Conference on Intelligent Technologies (CONIT). – URL: https://ieeexplore.ieee.org/document/ 9498519/ (Data obrashhenija: 30.07.2022).
8. Yin C., Zhu Y., Liu S., Fei J., Zhang H. An Enhancing Framework for Botnet Detection Using Generative Adversarial Networks // 2018 International Conference on Artificial Intelligence and Big Data (ICAIBD). IEEE, 2018. P. 228-234. (Data obrashhenija: 5.09.2022).
9. Zunin, V. V. Intel OpenVINO™ Toolkit: analiz proizvoditel’nosti vypolnenija generativno-sostjazatel’nyh nejronnyh setej / V. V. Zunin, A. Ju. Romanov // Problemy razrabotki perspektivnyh mikro- i nanojelektronnyh sistem (MJeS). – 2021. – № 2. – S. 83-90. – DOI: 10.31114/2078-7707-2021-2-83-90. – EDN QWXODC.
10. Chen H., Jiang L. GAN-based method for cyber-intrusion detection // arXiv preprint arXiv:1904.02426, 2019. P. 1-6. (Data obrashhenija: 25.08.2022).
11. Yin C., Zhu Y., Fei J., He X. A Deep Learning Approach for Intrusion Detection Using Recurrent Neural Networks // IEEE Access, 2017. Vol. 5. P. 21954-21961. (data obrashhenija: 5.09.2022).
12. Zhu M., Ye K., Wang Y., Xu C.Z. A Deep Learning Approach for Network Anomaly Detection Based on AMF-LSTM // IFIP International Conference on Network and Parallel Computing Springer, Cham, 2018. P. 137-141. (Data obrashhenija: 5.09.2022).
13. Manavi M., Zhang Y. A New Intrusion Detection System Based on Gated Recurrent Unit (GRU) and Genetic Algorithm // International Conference on Security, Privacy and Anonymity in Computation, Communication and Storage, Springer, Cham, 2019. P. 368-383. (data obrashhenija: 5.09.2022).
14. Zuev V.N.. Obnaruzhenie anomalij setevogo trafika metodom glubokogo obuchenija Programmnye produkty i sistemy / Software & Systems 1 (34) 2021. T. 34. № 1. S. 091–097. DOI: 10.15827/0236-235X.133.091-097
15. Nejrosetevaja tehnologija obnaruzhenija anomal’nogo setevogo trafika / V. A. Chastikova, S. A. Zherlicyn, Ja. I. Volja, V. V. Sotnikov // Prikaspijskij zhurnal: upravlenie i vysokie tehnologii. – 2020. – № 1(49). – S. 20-32. – DOI 10.21672/2074-1707.2020.49.4.020-032. – EDN WUCDII.
16. Kazhemskij M.A., Sheluhin O.I. Mnogoklassovaja klassifikacija setevyh atak na informacionnye resursy metodami mashinnogo obuchenija // Trudy uchebnyh zavedenij svjazi. 2019. T. 5. № 1. S. 107-115.
17. Modelirovanie identifikacii profilja kiberatak na osnove analiza povedenija ustrojstv v seti. Bolodurina I.P., Parfjonov D.I., Zabrodina L.S.
i dr. Vestnik JuUrGU. Serija «Komp’juternye tehnologii, upravlenie, radiojelektronika». 2019. T. 19, № 4. S. 48–59.
18. Nechahin V. A., Pishhik B. N. Primenenie metodov glubinnogo obuchenija dlja obnaruzhenija vtorzhenij // Vestnik NGU. Serija: Informacionnye tehnologii. 2019. T. 17, №2. S. 114–121. DOI: 10.25205/1818-7900-2019-17-2-114-121
19. Jain G., Sharma M., Agarwal B. Optimizing semantic LSTM for spam detection // International Journal of Information Technology. 2019. Vol. 11. No. 2. P. 239-250.
20. Jason Brownlee How to Develop LSTM Models for Time Series Forecasting. – URL: https://machinelearningmastery.com/how-todevelop-lstm-models-for-time-series-forecasting/ (Data obrashhenija: 10.09.2022).
21. Alex Graves Generating Sequences with Recurrent Neural Networks. University of Toronto (2014). – URL: https://arxiv.org/pdf/1308.0850v5.pdf (Data obrashhenija: 10.09.2022).

Objective: develop model, algorithmic and software for detecting in real time attempts to disrupt the correct functioning of critical information infrastructure systems with neural network technologies.Methods analysis of modern machine learning methods and neural network technologies, synthesis and modeling of correct behavior of programs, algorithmization of learning processes and application of neural networks, experimental studies of developed algorithms and programs on the stand.Study results: The characteristics of machine learning methods and neural network technologies used to detect software and technical impacts and information security incidents are given. The method for solving this problem based on neural networks with LSTM and FFN architectures has been developed. The description of the algorithm and fragments of the software implementation of the method in the programming languages Python3 and Go using Tensorflow and Keras libraries is given. An important advantage of the proposed approach is the possibility of adapting the neural network in the event of a change in the mode and conditions of operation of the system. The results obtained during the experiments indicate the possibility and expediency of using this approach to detect software and technical impacts on critical information infrastructure systems on a time scale close to real with a high level of reliability.Scientific novelty: consists in the application of deep learning technology based on a long-term short-term neural network LSTM, which has the ability to adapt to changing modes and conditions, to solve the problem of detecting signs of a violation of the correct functioning of nodes of information and telecommunications systems in real time.
Keywords: anomaly detection, deep learning, intrusion detection systems, loss function, machine learning methods, recurrent neural networks, time series

1. Raghavendra Chalapathy, Sanjay Chawla. Deep learning for anomaly detection: A survey. https://arxiv.org/pdf/1901.03407.pdf. (Data obrashhenija: 25.07.2022).
2. Liu Hua Yeo, Xiangtong Che, Shalini Lakkaraju. Understanding Modern Intrusion Detection Systems: A Survey. – URL: https://arxiv.org/pdf/1708.07174 (data obrashhenija: 01.09.2022).
3. Sozykin A.V. Obzor metodov obuchenija glubokih nejronnyh setej // Vestnik JuUrGU. Serija: Vychislitel’naja matematika i informatika. 2017. T. 6, № 3. S. 28–59. DOI: 10.14529/cmse170303.
4. Gajfulina D.A., Kotenko I.V. Primenenie metodov glubokogo obuchenija v zadachah kiberbezopasnosti. Chast’ 2. Voprosy
kiberbezopasnosti. 2020. № 4(38) . DOI:10.21681/2311-3456-2020-04-11-21.
5. Yang Xin, Mingcheng Gao, Haixia Hou. Machine Learning and Deep Learning Methods for Cybersecurity https://www.researchgate.net/publication/325159145. (Data obrashhenija: 25.08.2022).
6. On the Effectiveness of Machine and Deep Learning for Cyber Security Giovanni Apruzzese, Michele Colajanni, Luca Ferretti. 2018 10th International Conference on Cyber Conflict CyCon. https://ccdcoe.org/uploads/2018/10/Art-19-On-the-Effectiveness-of-Machineand-Deep-Learning-for-Cyber-Security.pdf. (Data obrashhenija: 25.08.2022).
7. Pushpa Iyer, Tanvi Jadhav. Analysis of Modern Intrusion Detection Algorithms and Developing a Smart IDS, 2021 International Conference
on Intelligent Technologies (CONIT). – URL: https://ieeexplore.ieee.org/document/ 9498519/ (Data obrashhenija: 30.07.2022).
8. Yin C., Zhu Y., Liu S., Fei J., Zhang H. An Enhancing Framework for Botnet Detection Using Generative Adversarial Networks // 2018 International Conference on Artificial Intelligence and Big Data (ICAIBD). IEEE, 2018. P. 228-234. (Data obrashhenija: 5.09.2022).
9. Zunin, V. V. Intel OpenVINO™ Toolkit: analiz proizvoditel’nosti vypolnenija generativno-sostjazatel’nyh nejronnyh setej / V. V. Zunin, A. Ju. Romanov // Problemy razrabotki perspektivnyh mikro- i nanojelektronnyh sistem (MJeS). – 2021. – № 2. – S. 83-90. – DOI: 10.31114/2078-7707-2021-2-83-90. – EDN QWXODC.
10. Chen H., Jiang L. GAN-based method for cyber-intrusion detection // arXiv preprint arXiv:1904.02426, 2019. P. 1-6. (Data obrashhenija: 25.08.2022).
11. Yin C., Zhu Y., Fei J., He X. A Deep Learning Approach for Intrusion Detection Using Recurrent Neural Networks // IEEE Access, 2017. Vol. 5. P. 21954-21961. (data obrashhenija: 5.09.2022).
12. Zhu M., Ye K., Wang Y., Xu C.Z. A Deep Learning Approach for Network Anomaly Detection Based on AMF-LSTM // IFIP International Conference on Network and Parallel Computing Springer, Cham, 2018. P. 137-141. (Data obrashhenija: 5.09.2022).
13. Manavi M., Zhang Y. A New Intrusion Detection System Based on Gated Recurrent Unit (GRU) and Genetic Algorithm // International Conference on Security, Privacy and Anonymity in Computation, Communication and Storage, Springer, Cham, 2019. P. 368-383. (data obrashhenija: 5.09.2022).
14. Zuev V.N.. Obnaruzhenie anomalij setevogo trafika metodom glubokogo obuchenija Programmnye produkty i sistemy / Software & Systems 1 (34) 2021. T. 34. № 1. S. 091–097. DOI: 10.15827/0236-235X.133.091-097
15. Nejrosetevaja tehnologija obnaruzhenija anomal’nogo setevogo trafika / V. A. Chastikova, S. A. Zherlicyn, Ja. I. Volja, V. V. Sotnikov // Prikaspijskij zhurnal: upravlenie i vysokie tehnologii. – 2020. – № 1(49). – S. 20-32. – DOI 10.21672/2074-1707.2020.49.4.020-032. – EDN WUCDII.
16. Kazhemskij M.A., Sheluhin O.I. Mnogoklassovaja klassifikacija setevyh atak na informacionnye resursy metodami mashinnogo obuchenija // Trudy uchebnyh zavedenij svjazi. 2019. T. 5. № 1. S. 107-115.
17. Modelirovanie identifikacii profilja kiberatak na osnove analiza povedenija ustrojstv v seti. Bolodurina I.P., Parfjonov D.I., Zabrodina L.S.
i dr. Vestnik JuUrGU. Serija «Komp’juternye tehnologii, upravlenie, radiojelektronika». 2019. T. 19, № 4. S. 48–59.
18. Nechahin V. A., Pishhik B. N. Primenenie metodov glubinnogo obuchenija dlja obnaruzhenija vtorzhenij // Vestnik NGU. Serija: Informacionnye tehnologii. 2019. T. 17, №2. S. 114–121. DOI: 10.25205/1818-7900-2019-17-2-114-121
19. Jain G., Sharma M., Agarwal B. Optimizing semantic LSTM for spam detection // International Journal of Information Technology. 2019. Vol. 11. No. 2. P. 239-250.
20. Jason Brownlee How to Develop LSTM Models for Time Series Forecasting. – URL: https://machinelearningmastery.com/how-todevelop-lstm-models-for-time-series-forecasting/ (Data obrashhenija: 10.09.2022).
21. Alex Graves Generating Sequences with Recurrent Neural Networks. University of Toronto (2014). – URL: https://arxiv.org/pdf/1308.0850v5.pdf (Data obrashhenija: 10.09.2022).

The aim of the work is to develop a way to identify complex computer incidents carried out by attackers byexploiting vulnerabilities of information systems.The research method is the analysis of entries in the system logs of the Microsoft Windows operating systemusing the Random Forest machine learning algorithm.The result obtained: despite the wide variety of different types of malicious software used by attackers in conducting computer attacks, they all leave traces of their functioning to the network infrastructure that has been exposed to unauthorized effects. One of the ways to identify computer incidents is to examine the log files of various information systems, including the system logs of the operating system for the identification of hidden patterns and various anomalies. The functioning of any computer program can be represented as a unique set of records in the system logs of the operating system, which can be considered as features of an object. The paper analyzes the Security log of the operating system after exploiting various vulnerabilities that are popular in the hacker environment. On the data set formed in this way using a machine learning algorithm, a model is built that allows you to further identify objects that have been exposed to unauthorized effect.The scientific novelty consists in creating a way to identify complex computer incidents based on the results ofstudying the logs of the operating system using a machine learning algorithm.
Keywords: computer attacks, unauthorized impact, analysis of system logs, Security log, machine learning algorithms.

1. R. Badhwar, The CISO’s Next Frontier: AI, Post-Quantum Cryptography and Advanced Security Paradigms // Springer. – 2021. – P.
279–285. 2. N. Dutta, N. Jadav, S. Tanwar, Cyber Security: Issues and Current Trends // Springer. – 2021. – P. 129–141.
3. S. James, Carbanak Threatens Critical Infrastructure: Cybercriminal APTs Merit Significant Investigation and Discussion / S. James. – Washington, DC, USA: ICIT, 2017. – 16 p.
4. Markus Ring, Daniel Schlör, Sarah Wunderlich, Dieter Landes, Andreas Hotho, Malware detection on windows audit logs using LSTMs // Computers & Security. – 2021. – Vol. 109. – P. 1‑12.
5. Thomas T. Machine learning approaches in cyber security analytics / Tony Thomas, Athira P Vijaya-raghavan, Sabu Emmanuel. – Singapore: Springer, 2020. – 217 p.
6. Zico J. Kolter, Marcus A. Maloof, Learning to Detect Malicious Executables in the Wild // Journal of Machine Learning Research. – 2006. – Vol. 7. – P. 2721-2744.
7. Joseph Rabaiotti, Counter Intrusion Software: Malware Detection using Process Behaviour Classification and Machine Learning [Online]. – URL: http://citeseerx.ist.psu.edu/viewdoc/download?doi=10.1.1.102.2417 &rep=rep1&type=pdf.
8. Shu He, Gene Moo Lee, Sukjin Han, Andrew B. Whinston, How would information disclosure influence organizations’ outbound spam volume? Evidence from a field experiment // Journal of Cybersecurity. – 2016. – Vol. 2. – P. 99-118.9. C. Kruegel, T. Toth, Using decision trees to improve signature-based intrusion detection // 6th International Workshop on the Recent Advances in Intrusion Detection, West Lafayette. – 2003. – Р. 173–191.
10. Sean Miller, Curtis C.R. Busby-Earle, Multi-Perspective Machine Learning a Classifier Ensemble Method for Intrusion Detection // The 2017 International Conference on Machine Learning and Soft Computing. – 2017. - P. 7-12.
11. Farah Jemili, Montassar Zaghdoud, Mohamed Ben Ahmed, A framework for an adaptive intrusion detection system using Bayesian network // Intelligence and Security Informatics, IEEE. – 2007.
12. Gilbert R. Hendry, Shanchieh Jay Yang, Intrusion signature creation via clustering anomalies // SPIE Defense and Security Symposium, International Society for Optics and Photonics. – 2008.
13. Cannady, Artificial neural networks for misuse detection // Proceedings of the 1998 National Information Systems Security Conference, Arlington, VA. – 1998. - Р. 443.
14. Wun-Hwa Chen, Sheng-Hsun Hsu, Hwang-Pin Shen, Application of SVM and ANN for intrusion detection // Computers & Operations Research. – 2005. – Vol. 32. – No. 10. – P. 2617-2634.
15. Bernhard Schölkopf, Robert C. Williamson, Alex Smola, John Shawe-Taylor, John Platt, Support vector method for novelty detection // Advances in Neural Information Processing Systems. – 2000. – P. 582-588.
16. Markov A.S. Tehnicheskaja zashhita informacii. Kurs lekcij. M. 2020. 220 s. ISBN 978-5-6045553-0-9

Purpose of work: study of existing standards of compromise indicators and methods of their exchange forenrichment of protection systems of information and cyber-physical systems.Research method: systematic analysis of open sources of data on indicators of compromise, standards of their description and methods of exchange in the organization of cyberintelligence.The result obtained: the actual problems of proactive search of threats are formulated on the example of the application of open sources of indicators of compromise in the processing of event flows in security event management systems. The classification of indicators derived from internal sources is proposed. The main problems of processing dynamic threat data streams under changing attack vectors are formulated.It was found that the threat intelligence industry currently lacks a unified solution in terms of standardization of information exchange between different platforms, but there are a number of dominant standards and formats of such data exchange. In the course of preparing the review of existing, the tasks of identifying previously unknown attack methods based on the use of open sources of indicators of compromise in data processing in security incident management systems were considered and structured, and methods for their solution were proposed.Scientific novelty: the presented article is one of the first domestic works, devoted to the analysis of research in recent years in the field of organization of work with threat intelligence data sources. Reviewed and systematized the sources of indicators of compromise and proposed their classification. Formulated the main problems of processing dynamic threat data streams under conditions of variable attack vectors.
Keywords: compromise indicator, cyber-intelligence, context, cyber-physical system, security event management system, enrichment, ranking

1. Liao X., Yuan K., Wang Z., Li Z., Xing L., Beyah R. Acing the IOC Game: Toward Automatic Discovery and Analysis of Open-Source Cyber Threat Intelligence // Proceedings of the 2016 ACM SIGSAC Conference on Computer and Communications Security. – 2016. – P. 755-766.
2. Sauerwein C., Sillaber C., Mussmann A., Breu R. Threat Intelligence Sharing Platforms: An Exploratory Study of Software Vendors and Research Perspectives // Wirtschaftsinformatik und Angewandte Informatik. – 2017. – P. 837-851.
3. Zrahia A. Threat intelligence sharing between cybersecurity vendors: Network, dyadic, and agent views // Journal of Cybersecurity. – 2018. – Vol. 4, issue 1. – P. 1–16.
4. Brown S., Gommers J., Serrano O. From Cyber Security Information Sharing to Threat Management // Proceedings of the 2nd ACM Workshop on Information Sharing and Collaborative Security. – Denver, CO, USA, 12–16 October 2015. – P. 43–49.
5. Liu R., Zhao Z., Sun C., Yang X., Gong X., Zhang J. A Research and Analysis Method of Open-Source Threat Intelligence Data // Communications in Computer and Information Science (CCIS). – 2017. – Vol. 727. – P. 352–363.
6. Sauerwein C., Pekaric I., Felderer M., Breu R. An analysis and classification of public information security data sources used in research and practice // Computers & Security. – 2019. – Vol. 82. – P. 140-155.
7. Abu M.S.; Selamat S.R., Ariffin A., Yusof R. Cyber Threat Intelligence – Issue and Challenges. Indones // Indonesian Journal of Electrical Engineering and Computer Science. – 2018. Vol. 10, no. 1. – P. 371–379.
8. Pala A., Zhuang J. Information sharing in cybersecurity: A review // Decision Analysis. – 2019. – Vol. 16, no. 3. – P. 172-196.
9. Tounsi W., Rais H. A survey on technical threat intelligence in the age of sophisticated cyber-attacks // Computer Security. – 2018. – Vol. 72. – P. 212–233.
10. Menges F., Pernul G. A comparative analysis of incident reporting formats // Computer Security. –2018. – Vol. 73. – P. 87-101.
11. Mavroeidis V., Bromander S. Cyber threat intelligence model: An evaluation of taxonomies, sharing standards, and ontologies within cyber threat intelligence // Proceedings of the 2017 European Intelligence and Security Informatics Conference (EISIC). – Athens, Greece: IEEE, 2017. – P. 91–98.
12. Skopik F. Collaborative Cyber Threat Intelligence: Detecting and Responding to Advanced Cyber Attacks at National Level. – CRC Press: Boca Raton, FL, USA, 2018. – 446 p.
13. Burger E.W., Goodman M.D., Kampanakis P., Zhu K.A. Taxonomy model for cyber threat intelligence information exchange technologies // Proceedings of the ACM Workshop on Information Sharing & Collaborative Security (WISCS). – Scottsdale, AZ, USA, 3 November 2014. – P. 51–60.
14. Asgarli E., Burger E. Semantic ontologies for cyber threat sharing standards // Proceedings of the 2016 IEEE Symposium on Technologies for Homeland Security (HST). – Waltham, MA, USA: IEEE, 2016. – P. 1-6.
15. Serrano O., Dandurand L., Brown S. On the Design of a Cyber Security Data Sharing System // Proceedings of the ACM Workshop on Information Sharing & Collaborative Security (WISCS). – Scottsdale, AZ, USA, 3 November 2014. – P. 61–69.
16. Sullivan C., Burger E. “In the public interest”: The privacy implications of international business-to-business sharing of cyber-threat intelligence // Computer Law & Security Review. – 2017. – Vol. 33, issue 1. – P. 14–29.
17. Zibak A., Simpson A. Cyber threat information sharing: Perceived benefits and barriers // Proceedings of the 14th International Conference on Availability, Reliability and Security. – Canterbury, UK, 26–29 August 2019. – P. 1–9.
18. Wagner C., Dulaunoy A., Wagener G., Iklody A. MISP: The Design and Implementation of a Collaborative Threat Intelligence Sharing Platform // Proceedings of the 2016 ACM on Workshop on Information Sharing and Collaborative Security. – Vienna, Austria, 24 October 2016. – P. 49-56.
19. Friedman J., Bouchard M. Definitive Guide to Cyber Threat Intelligence. – CyberEdge: Annapolis, MD, USA, 2015. – 72 p.
20. Bryant B., Saiedian H. Improving SIEM Alert Metadata Aggregation with a Novel Kill-Chain Based Classification Model // Computers & Security. – 2020. – Vol. 94. – P. 101817.
21. Shameli-Sendi A., Louafi H., He W., Cheriet M. Dynamic Optimal Countermeasure Selection for Intrusion Response System // IEEE Transactions on Dependable and Secure Computing. – 2018. – Vol. 15, no. 5. – P. 755-770.
22. Farnham G., Leune K. Tools and standards for cyber threat intelligence projects // SANS Institute. – 2013. – Vol. 3., no. 2. – P. 25-31.
23. Schaberreiter T., Kupfersberger V., Rantos K., Spyros A., Papanikolaou A., Ilioudis C., Quirchmayr G. A quantitative evaluation of trust in the quality of cyber threat intelligence sources // Proceedings of the 14th International Conference on Availability, Reliability and Security. – 2019. – P. 1 10.
24. Bianco D.J. The Pyramid of Pain [Jelektronnyj resurs]. – 2013. – URL: http://detect-respond.blogspot.com/2013/03/the-pyramid-ofpain.html (data obrashhenija: 05.08.2022).
25. Mokaddem S., Wagener G., Dulaunoy A., Iklody A. Taxonomy driven indicator scoring in MISP threat intelligence platforms [Jelektronnyj resurs]. – 2019. – URL: https://arxiv.org/abs/1902.03914 (data obrashhenija: 05.08.2022).
26. Appala, S.; Cam–Winget, N.; McGrew, D.A.; Verma, J. An actionable threat intelligence system using a publish–subscribe communications model. In Proceedings of the 2nd ACM Workshop on Information Sharing and Collaborative Security, Denver, CO, USA, 12–16 October 2015; pp. 61–70.
27. Wagner, T.D. Cyber Threat Intelligence for “Things”. In Proceedings of the 2019 International Conference on Cyber Situational Awareness, Data Analytics and Assessment (Cyber SA), Oxford, UK, 3 4 June 2019; pp. 1–2.
28. Menges, F.; Sperl, C.; Pernul, G. Unifying cyber threat intelligence. In Trust, Privacy and Security in Digital Business (TrustBus), Lecture
Notes in Computer Science; Springer: Berlin, Germany, 2019; Volume 11711, pp. 161–175.
29. Wagner T.D., Mahbub K., Palomar E., Abdallah A.E. Cyber threat intelligence sharing: Survey and research directions // Computer Security. – 2019. – Vol. 87. – P. 101589
30. Lavrova D.S. An approach to developing the SIEM system for the Internet of Things // Automatic Control and Computer Sciences. – 2016. – Vol. 50. – P. 673-681.
31. Raju B.K., Geethakumari G. Event correlation in cloud: a forensic perspective // Computing. – 2016. – Vol. 98, no. 11. – P. 1203–1224.

Formulation of the problem: the main catalysts for the development of cyber-physical systems are currently the growth of artificial intelligence and the creation of digital twins that have a complex vertical structure and exchange data for joint learning. At the same time, the empowerment of digital twins as data owners can lead to critical consequences in the field of ensuring the security of data systems. The development of evolutionary methods for ensuring information security, and in particular, methods for authenticating digital twins, is a fundamental issue on the way to the development of cyber-physical systems.Objective: analysis of aspects and principles of building a system and the process of authenticating digital twins in dynamic and scalable cyber-physical systems, organizing the process under study, indicators of its effectiveness and criteria for their evaluation.Methods used: system analysis, tuple algebra, methods for designing and evaluating the efficiency of complex systems.Novelty: the use of a multi-agent structure of the digital twin authentication system, which makes it possible to achieve guaranteed awareness of the security status of the system as a whole and respond appropriately in case of compromising events. The implementation of intelligent authentication management is proposed to be carried out using the application capabilities of tuple algebra, which takes into account differences in the structures of traditional and intelligent systems, as well as the difficulties of parallelization in distributed systems. To increase the stability of the multi-agent authentication system, the possibility of using cryptocode protocols is considered, which makes it possible to ensure the restoration of reliable authentication data in case of failures.Result: substantiation of new principles and technological solutions in the field of high-level design of cyber- physical systems.
Keywords: robotic complexes, artificial intelligence, multi-agent system, algebra of motorcades, cryptocode constructions, fuzzy integral.

1. Cardin O. Classification of cyber-physical production systems applications: Proposition of an analysis framework // Computers in Industry, 2018, DOI: 10.1016/j.compind.2018.10.002.
2. Wen Tong, Peiying Zhu. 6G: The Next Horizon. From Connected People and Things to Connected Intelligence // Cambridge University Press, 2021. ISBN 978-1-108-83932-7
3. Huang Z., Shen Y., Li J., Fey M., Brecher C. AI-Driven Digital Twins // Sensors, 2021, 21, 6340. HTTPS: //doi.org/10.3390/s21196340.
4. Fuller A., Fan Z., Day C., Barlow C. Digital Twin: Enabling Technologies, Challenges and Open Research // IEEE Access, 2020. DOI 10.1109/ACCESS.2020.2998358.
5. Jamil S., Rahman M., Fawad. A comprehensive Survey of Digital Twins and Federated Learning for Industrial Internet of Things (IIoT), Internet of Vehicles (IoV) and Internet of Drones (IoD) // Appl. Syst. Innov. 2022, 5, 56. HTTPS://doi.org/10.3390/asi5030056.
6. De Silva Mendonca R., de Oliveira Lins S., de Bessa I.V., de Carvalho Ayres F.A.Jr., de Medeiros R.L.P., de Lucena V.F.Jr. Digital Twin Applications: A Survey of Recent Advances and Challenges // Process, 2022, 10, 744. HTTPS: doi.org/10.3390/pr10040744.
7. Enad E.H., Younis S. Machine Learning based Decision Strategies for Physical Layer Authentication in Wireless Systems // 2020 2nd Annual International Conference on Information and Sciences (AiCIS), 2020, pp. 114-118. DOI: 10.1109/AICIS51645.2020.00028.
8. Jiang J.-R. Short Survey on Physical Layer Authentication by Machine-Learning for 5G-based Internet of Things // 2020 3rd IEEE International Conference on Knowledge Innovation and Invention (ICKII), 2020, pp. 41-44. DOI: 10.1109/ICKII50300.2020.9318879.
9. Yoon J., Lee Y., Hwang E. Machine Learning-based Physical Layer Authentication using Neighborhood Component Analysis in MIMO Wireless Communications // 2019 International Conference on Information and Communication Technology Convergence (ICTC), 2019, pp. 63-65.
10. Fang H., Wang X., Tomasin S. Machine Learning for Intelligent Authentication in 5G and Beyond Wireless Networks // IEEE Wireless Communications, 2019, Vol. 26, N. 5, pp. 55-61. DOI: 10.1109/MWC.001.1900054.
11. Bordel S.B., Alcarria R., Robles T., Martín D. Cyber-physical systems: Extending pervasive sensing from control theory to the Internet of Things // Pervasive and Mobile Computing, 40. DOI: 10.1016/j.pmcj.2017.06.011.
12. Ferrag M.A., Maglaras L.A., Janicke H., Jiang J., Shu L. Authentication Protocol for Internet of Things: A Comprehensive Survey // Security and Communication Networks, 2017. HTTPS://doi.org/10.1155/2017/6562953.
13. Alguliev R., Imamverdiyev Y., Sukhostat L., Cyber-phesical systems and their security issues // Computer in Industry, 100, 2018, pp.
212-223. HTTPS://doi.org/10.1016/j.compind. 2018.04.017.
14. Shaikh H.A., Monjil M.B., Chen S., Farahmandi F., Asadizanjani N., Tehranipoor M., Rahman F. Digital Twin for Secure Semiconductor Lifecycle Management: Prospects and Applications // Future Hardware Security Research Series, 2022.
15. Patent № 2763165 Rossijskaja Federacija, MPK G01S 13/78 (2006.01). Sposob i sistema opoznavanija malogabaritnyh
robototehnicheskih sredstv: № 2021102008: zajavl. 28.01.2021: opublikovano 28.12.2021 / Baljuk A.A., Mahov D.S., Fin’ko O.A., Shpyrnja I.V.; zajavitel’ KVVU. – 14 s.
16. Kulik B.A. Logika i matematika: prosto o slozhnyh metodah logicheskogo analiza / B.A. Kulik; pod obshh. red. A.Ja. Fridmana. – SPb.: Politehnika, 2020. – 141 s.
17. Samoylenko D., Eremeev M., Finko O., Dichenko S. Protection of Information from Imitation on the Basis of Crypt-Code Structures // Advances in Soft and Hard Computing ACS 2018. Advances in Intelligent Systems and Computing. Springer. Cham, 2019, pp. 317-331.
18. Dichenko S.A., Fin’ko O.A. Gibridnyj kripto-kodovyj metod kontrolja i vosstanovlenija celostnosti dannyh dlja zashhishhennyh informacionnoanaliticheskih sistem // Voprosy kiberbezopasnosti. 2019, № 6(34), s. 17-36. DOI:10.21681/2311-3456-2019-6-17-36
19. Dichenko S.A., Finko O.A. Controlling and Restoring the Integrity of Multi-Dimensional Data Arrays Through Cryptocode Constructs // Programming and Computer Software. 2021, 47, № 6, pp. 415-425.
20. Dichenko S.A., Fin’ko O.A. Kontrol’ i vosstanovlenie celostnosti mnogomerny