Biblio

The development of technologies makes it possible to increase the power of information processing systems, but the modernization of processors brings not only an increase in performance but also an increase in the number of errors and vulnerabilities that can allow an attacker to attack the system and gain access to confidential information. White-Box cryptography allows (due to its structure) not only monitoring possible changes but also protects the processed data even with full access of the attacker to the environment. Elliptic Curve Cryptography (ECC) due to its properties, is becoming stronger and stronger in our lives, as it allows you to get strong encryption at a lower cost of processing your own algorithm. This allows you to reduce the load on the system and increase its performance.

In order to overcome a series of problems in the application process of traditional communication engineering in the new era, such as information security, this paper proposes a novel communication engineering application system based on artificial intelligence technology. The application system fully combines the artificial intelligence technology, and applies the artificial intelligence thinking to the reform of traditional communication engineering. Based on this, the application strategy also fully combines the application and development of 5g technology, and strengthens the security of communication engineering in the application process from many aspects. The results show that the application system can give full play to the role of artificial intelligence technology and improve the security of communication process as much as possible, which lays a good foundation for the further development of 5g technology.

Nowadays, Denial of Service (DOS) is a significant cyberattack that can happen on the Internet. This attack can be taken place with more than one attacker that in this case called Distributed Denial of Service (DDOS). The attackers endeavour to make the resources (server & bandwidth) unavailable to legitimate traffic by overwhelming resources with malicious traffic. An appropriate security module is needed to discriminate the malicious flows with high accuracy to prevent the failure resulting from a DDOS attack. In this paper, a DDoS attack discriminator will be designed for Software Defined Network (SDN) architecture so that it can be deployed in the POX controller. The simulation results present that the proposed model can achieve an accuracy of about 99.4%which shows an outstanding percentage of improvement compared with Decision Tree (DT), K-Nearest Neighbour (KNN), Support Vector Machine (SVM) approaches.

In the current scenario, various forms of information are spread everywhere, especially through the Internet. A lot of valuable information is contained in the dissemination, so security issues have always attracted attention. With the emergence of cryptographic algorithms, information security has been further improved. Generally, cryptography encryption is divided into symmetric encryption and asymmetric encryption. Although symmetric encryption has a very fast computation speed and is beneficial to encrypt a large amount of data, the security is not as high as asymmetric encryption. The same pair of keys used in symmetric algorithms leads to security threats. Thus, if the key can be protected, the security could be improved. Using an asymmetric algorithm to protect the key and encrypting the message with a symmetric algorithm would be a good choice. This paper will review security issues in the information transmission and the method of hybrid encryption algorithms that will be widely used in the future. Also, the various characteristics of algorithms in different systems and some typical cases of hybrid encryption will be reviewed and analyzed to showcase the reinforcement by combining algorithms. Hybrid encryption algorithms will improve the security of the transmission without causing more other problems. Additionally, the way how the encryption algorithms combine to strength the security will be discussed with the aid of an example.

This research presents a model for assessing information systems cybersecurity maturity level. The main purpose of the model is to provide comprehensive support for information security specialists and auditors in checking information systems security level, checking security policy implementation, and compliance with security standards. The model synthesized based on controls and practices present in ISO 27001 and ISO 27002 and the neural network of direct signal propagation. The methodology described in this paper can also be extended to synthesis a model for different security control sets and, consequently, to verify compliance with another security standard or policy. The resulting model describes a real non-automated process of assessing the maturity of an IS at an acceptable level and it can be recommended to be used in the process of real audit of Information Security Management Systems.

Network information security pipeline based on the grey relational cluster and neural networks is designed and implemented in this paper. This method is based on the principle that the optimal selected feature set must contain the feature with the highest information entropy gain to the data set category. First, the feature with the largest information gain is selected from all features as the search starting point, and then the sample data set classification mark is fully considered. For the better performance, the neural networks are considered. The network learning ability is directly determined by its complexity. The learning of general complex problems and large sample data will bring about a core dramatic increase in network scale. The proposed model is validated through the simulation.

Cloud storage is a low-cost and convenient storage method, but the nature of cloud storage determines the existence of security risks for data uploaded by users. In order to ensure the security of users' data in third-party cloud platforms, a zero trust security platform for data trusteeship is proposed. The platform introduces the concept of zero trust, which meets the needs of users to upload sensitive data to untrusted third-party cloud platforms by implementing multiple functional modules such as sensitivity analysis service, cipher index service, attribute encryption service.

Generally, the defense measures taken against new cyber-attack methods are insufficient for cybersecurity risk management. Contrary to classical attack methods, the existence of undiscovered attack types called' zero-day attacks' can invalidate the actions taken. It is possible with honeypot systems to implement new security measures by recording the attacker's behavior. The purpose of the honeypot is to learn about the methods and tools used by the attacker or malicious activity. In particular, it allows us to discover zero-day attack types and develop new defense methods for them. Attackers have made protocols such as SSH (Secure Shell) and Telnet, which are widely used for remote access to devices, primary targets. In this study, SSHTelnet honeypot was established using Cowrie software. Attackers attempted to connect, and attackers record their activity after providing access. These collected attacker log records and files uploaded to the system are published on Github to other researchers1. We shared the observations and analysis results of attacks on SSH and Telnet protocols with honeypot.

The Internet of Things (IoT) has enabled the rapid pace of the use of communication technology and infiltration of technical systems in a digital world. In terms of power systems generation and operation, a reliable solution for substation automation and smart grid communication is the IEC 61850 standard. It has a robust modelling structure for monitoring, protection, and control and management systems in substations and across the grid. Modern communication technologies are destined for internet use for remote monitoring, settings, and data recovery. However, the communication network is exposed to cyber threats and evident risks in security defense of automated power systems. To tackle these vulnerabilities, the IEC 62351 standard aims to improve security in handling the communication and data transfers in power system automation. This paper discusses the different security measures in communication, information and cyber security solutions in power systems. To further illustrate the novel communication and security schemes of digital substations, a case study using the Victoria University Zone Substation (VUZS) simulator for cybersecurity assessment has been instigated.

Most organizations use web applications for sharing resources and communication via the internet and information security is one of the biggest concerns in most organizations. Web applications are becoming vulnerable to threats and malicious attacks every day, which lead to violation of confidentiality, integrity, and availability of information assets.We have proposed and implemented a new automated tool for the identification and mitigation of Cross-Site Request Forgery (CSRF) vulnerability. A secret token pattern based has been used in the automated tool, which applies effective security mechanism on PHP based web applications, without damaging the content and its functionalities, where the authenticated users can perform web activities securely.

Information level protection standard 2.0 requires trusted verification of system bootstrappers, system programs, etc. of server equipment based on trusted root. According to the requirements of information level protection standard, this paper puts forward a network trusted start-up scheme based on the trusted platform control module to guarantee the security and trust of the server's BIOS firmware, PXE boot file and Linux system file. When publishing BIOS firmware, PXE startup file, Linux system file, the state-secret algorithm SM3 is used to calculate the summary value as the benchmark value, and stored in the trusted platform control module, BIOS firmware, Linux boot file. When the server starts up with PXE, the BIOS firmware is measured by the Trusted Platform Control Module, the BIOS Start Environment Measures PXE Boot File, and the PXE Boot File measures the Linux system file. The trusted platform control module is the trust root level measurement level, the first level of trust level, the trust chain, the implementation of a trusted server operating environment. The method proposed in this paper is tested on the domestic autonomous controllable Sunway server, and the experimental results show that the method proposed in this paper is feasible.

The paper addresses the issue of providing information security to wireless sensor networks using Security Information and Event Management (SIEM) methodology along with multi-agent approach. The concept of wireless sensor networks and providing their information security, including construction of SIEM system architecture, SIEM analysis methodologies and its main features, are considered. The proposed approach is to integrate SIEM system methodology with a multi-agent architecture which includes data collecting agents, coordinating agent (supervisor) and local Intrusion Detection Systems (IDSs) based on artificial immune system mechanisms. Each IDS is used as an agent that performs a primary analysis and sends information about suspicious activity to the server. The server performs correlation analysis, identifies the most significant incidents, and helps to prioritize the incident response. The presented results of computational experiments confirm the effectiveness of the proposed approach.

Information security provides a set of mechanisms to be implemented in the organisation to protect the disclosure of data to the unauthorised person. Access control is the primary security component that allows the user to authorise the consumption of resources and data based on the predefined permissions. However, the access rules are static in nature, which does not adapt to the dynamic environment includes but not limited to healthcare, cloud computing, IoT, National Security and Intelligence Arena and multi-centric system. There is a need for an additional countermeasure in access decision that can adapt to those working conditions to assess the threats and to ensure privacy and security are maintained. Risk analysis is an act of measuring the threats to the system through various means such as, analysing the user behaviour, evaluating the user trust, and security policies. It is a modular component that can be integrated into the existing access control to predict the risk. This study presents the different techniques and approaches applied for risk analysis in access control. Based on the insights gained, this paper formulates the taxonomy of risk analysis and properties that will allow researchers to focus on areas that need to be improved and new features that could be beneficial to stakeholders.

Inter-substation Generic Object Oriented Substation Events (GOOSE) communications that are used for critical protection functions have several cyber-security vulnerabilities. GOOSE messages are directly mapped to the Layer 2 Ethernet without network and transport layer headers that provide data encapsulation. The high-status-number attack is a malicious attack on GOOSE messages that allows hackers to completely take over intelligent electronic devices (IEDs) subscribing to GOOSE communications. The status-number parameter of GOOSE messages, stNum is tampered with in these attacks. Given the strict delivery time requirement of 3 ms for GOOSE messaging, it is infeasible to encrypt the GOOSE payload. This work proposes to secure the sensitive stNum parameter of the GOOSE payload using systematically encoded polynomial codes. Exploiting linear codes allows for the security features to be encoded in linear time, in contrast to complex hashing algorithms. At the subscribing IED, the security feature is used to verify that the stNum parameter has not been tampered with during transmission in the insecure medium. The decoding and verification using syndrome computation at the subscriber IED is also accomplished in linear time.

When modeling information security systems (ISS), the vast majority of works offer various models of threats to the object of protection (threat trees, Petri nets, etc.). However, ISS is not only a mean to prevent threats or reduce damage from their implementation, but also other components - the qualifications of employees responsible for IS, the internal climate in the team, the company's position on the market, and many others. The article considers the cognitive model of the state of the information security system of an average organization. The model is a weighted oriented graph, its' vertices are standard elements of the organization's information security system. The most significant factors affecting the condition of information security of the organization are identified based on the model. Influencing these factors is providing the most effect if IS level.

The paper discusses a prototype of a database, which can be used for operation in a decentralized mode for an information system. In this project, the focus is on creation of a data structure model that provides flexibility of business processes. The research is based on the development of a model for decentralized access rights distribution by including users in groups where they are assigned similar roles using consensus of other group members. This paper summarizes the main technologies that were used to ensure information security of the decentralized storage, the mechanisms for fixing access rights to an object access (the minimum entity of the system), describes a process of the data access control at the role level and an algorithm for managing the consensus for applying changes.

Blockchain is developing rapidly in various domains for its security. Nowadays, one of the most crucial fundamental concerns is internet security. Blockchain is a novel solution to enhance the security of network applications. However, there are no precise frameworks to secure the Internet of Vehicle (IoV) using Blockchain technology. In this paper, a blockchain-based smart internet of vehicle (BSIoV) framework has been proposed due to the cooperative, collaborative, transparent, and secure characteristics of Blockchain. The main contribution of the proposed work is to connect vehicle-related authorities together to fix a secure and transparent vehicle-to-everything (V2X) communication through the peer-to-peer network connection and provide secure services to the intelligent transport systems. A key management strategy has been included to identify a vehicle in this proposed system. The proposed framework can also provide a significant solution for the data security and safety of the connected vehicles in blockchain network.

The paper proposes a method for solving problems of classifying multi-step attacks on wireless sensor networks in the conditions of uncertainty (incompleteness and inconsistency) of the observed signs of attacks. The method aims to eliminate the uncertainty of classification of attacks on networks of this class one the base of the use of neural network approaches to the processing of incomplete and contradictory knowledge on possible attack characteristics. It allows increasing objectivity (accuracy and reliability) of information security monitoring in modern software and hardware systems and Internet of Things networks that actively exploit advantages of wireless sensor networks.

As a new type of complex system, multi delay network in the field of information security undertakes the important responsibility of solving information congestion, balancing network bandwidth and traffic. The problems of data loss, program failure and a large number of system downtime still exist in the conventional multi delay system when dealing with the problem of information jam, which makes the corresponding reliability of the whole system greatly reduced. Based on this, this paper mainly studies and analyzes the stability system and reliability of the corresponding multi delay system in the information security perspective. In this paper, the stability and reliability analysis of multi delay systems based on linear matrix and specific function environment is innovatively proposed. Finally, the sufficient conditions of robust asymptotic stability of multi delay systems are obtained. At the same time, the relevant stability conditions and robust stability conditions of multi delay feedback switched systems are given by simulation. In the experimental part, the corresponding data and conclusions are simulated. The simulation results show that the reliability and stability analysis data of multi delay system proposed in this paper have certain experimental value.

Due to the steady growth of various sophisticated types of malware, different malware analysis systems are becoming more and more demanded. While there are various automatic approaches available to identify and detect malware, the malware analysis is still time-consuming process. The visualization-driven techniques may significantly increase the efficiency of the malware analysis process by involving human visual system which is a powerful pattern seeker. In this paper the authors reviewed different visualization methods, examined their features and tasks solved with their help. The paper presents the most commonly used approaches and discusses open challenges in malware visual analytics.

Digitalization of production and management as the imperatives of Industry 4.0 stipulated the requirements of state regulators for informing and training personnel of a significant object of critical information infrastructure. However, the attention of industrial enterprises to this problem is assessed as insufficient. This determines the relevance and purpose of this article - to develop a methodology and tool for raising the awareness of workers of an industrial enterprise about information security (IS) of significant objects of critical information infrastructure. The article reveals the features of training at industrial enterprises associated with a high level of development of safety and labor protection systems. Traditional and innovative methods and means of training personnel at the workplace within the framework of these systems and their opportunities for training in the field of information security are shown. The specificity of the content and forms of training employees on the security of critical information infrastructure has been substantiated. The scientific novelty of the study consists in the development of methods and software applications that can perform the functions of identifying personal qualities of employees; testing the input level of their knowledge in the field of IS; testing for knowledge of IS rules (by the example of a response to socio-engineering attacks); planning an individual thematic plan for employee training; automatic creation of a modular program and its content; automatic notification of the employee about the training schedule at the workplace; organization of training according to the schedule; control self-testing and testing the level of knowledge of the employee after training; organizing a survey to determine satisfaction with employee training. The practical significance of the work lies in the possibility of implementing the developed software application in industrial enterprises, which is confirmed by the successful results of its testing.

Practical activities usually require the ability to simultaneously work with internal, distributed information resources and access to the Internet. The need to solve this problem necessitates the use of appropriate administrative and technical methods to protect information. Such methods relate to the idea of domain isolation. This paper considers the principles of implementation and properties of an "Endpoint Cloud Terminal" that is general-purpose software tool with built-in security instruments. This apparatus solves the problem by combining an arbitrary number of isolated and independent workplaces on one hardware unit, a personal computer.

As organizations increasingly view information as one of their most valuable assets, which supports the creation and distribution of their products and services, information security will be an integral part of the design and operation of organizational business processes. Yet, risks associated with cyber-attacks are on the rise. Organizations that are subjected to attacks can suffer significant reputational damage as well as loss of information and knowledge. As a consequence, effective leadership is cited as a critical factor for ensuring corporate level attention for information security. However, there is a lack of empirical understanding as to the roles strategic leaders play in shaping and supporting the cyber-security strategy. This article seeks to address this gap in the literature by focusing on how senior leaders support the cyber-security strategy. The authors conducted a series of exploratory interviews with leaders in the positions of Chief Information Officer, Chief Security Information Officer, and Chief Technology Officer. The findings revealed that leaders are engaged in both transitional, where the focus is on improving governance and integration and transformational support, which involves fostering a new cultural mindset for cyber-resiliency and the development of an ecosystem approach to security thinking.

This paper describes the development of a module for calculating security zones in the cloud service of APCS modeling. A mathematical model based on graph theory is used. This allows you to describe access relationships between objects and security policy subjects. A comparative analysis of algorithms for traversing graph vertices is performed in order to select a suitable method for allocating security zones. The implemented algorithm for calculating security zones was added to the cloud service omole.ws.

Nowadays, industrial control systems are increasingly subject to cyber-attacks. In this regard, the relevance of ICS modeling for security research and for teaching employees the basics of information security is increasing. Most of the existing testbeds for research on information security of industrial control systems are software and hardware solutions that contain elements of industrial equipment. However, when implementing distance-learning programs, it is not possible to fully use such testbeds. This paper describes the approach of complete virtualization of technological processes in ICS based on the open source programmable logic controller OpenPLC. This enables a complete information security training from any device with Internet access. A unique feature of this stand is also the support of several PLCs and a lower-level subsystem implemented by a distributed I/O system. The study describes the implementation scheme of the stand, and several case of reproduction of attacks. Scaling approaches for this solution are also considered.