Theoretical and Applied Cybersecurity: scientific journal, Vol. 4, No. 1
Постійне посилання зібрання
Переглянути
Перегляд Theoretical and Applied Cybersecurity: scientific journal, Vol. 4, No. 1 за Назва
Зараз показуємо 1 - 16 з 16
Результатів на сторінці
Налаштування сортування
Документ Відкритий доступ Basic concepts, approaches and fundamentals of cyber threat intelligence(Igor Sikorsky Kyiv Polytechnic Institute, 2022) Makovska, Maryna; Kozlenko, OlehДокумент Відкритий доступ Comparison of Tools for Web-Application Brute Forcing(Igor Sikorsky Kyiv Polytechnic Institute, 2022) Chalyi, Oleksii; Kolomytsev, MyhailoFor a long time, threat of web-application authentication break remained a problem not only for users but also for business. This threat still exists, since broken authentication provides a blackhat with full access to accounts of users and business data. This article analyzes software tools for breaking authentication as well as it defines time required for breaking-in depending on different conditions. Based on the results of the analysis, the fastest tool was determined. In order to complete this analysis and determine the fastest tool, own web-application was created.Документ Відкритий доступ Compartment model of informational and suggestive influence(Igor Sikorsky Kyiv Polytechnic Institute, 2022) Nakonechna, YuliiaMathematical modeling use in information operations research makes it possible to qualitatively and quantitatively predict information attack object behavior, as well as to determine and implement effective countermeasures. According to the chosen methodology, a compartmental approach based informational and suggestive influence mathematical model was proposed. The model makes it possible to assess information, communication network participant state and estimate suggestive influence in the moment.Документ Відкритий доступ Construction of Proactive Monitoring Model using Forecasting Techniques in the SCOM Software Complex(Igor Sikorsky Kyiv Polytechnic Institute, 2022) Soldatova, Kateryna; Nosok, SvitlanaThe majority of companies depend on their information systems, the stability of infrastructure operations and the failover of computing resources. Various monitoring tools are mostly used to automate the benchmarking process of company. The company that has a large distributed infrastructure should pay close attention to this process, as it makes the state of operations difficult to maintain, and increases the probability of the loss of functionality for errors or even shutdown of some servers. The one of solutions is reactive monitoring. Reactive monitoring is a technique where system administrators use monitoring tools to continuously collect data that determine the active and current status of information system environment. Measurements obtained from real-time monitoring tools illustrate the performance data of current information environment. However, if we discuss the main metrics of system resources, such as the level of processor load, RAM or disk usage, their change can be quite fast. And for servers that are responsible for critical functions, the problem of full resource usage is important. This problem can be solved with proactive monitoring. The purpose of this article is to construct the proactive monitoring model with time series forecasting hybrid method for the resources load. The final solution will be used in the management pack of software complex System Center Operations Manager (SCOM). The forecasting methods such as Least squares, SMA and EMA were considered in this work.Документ Відкритий доступ Destruction of stego images formed by adaptive embedding methods with dictionary learning methods(Igor Sikorsky Kyiv Polytechnic Institute, 2022) Progonov, DmytroCounteraction to sensitive information leakage that processed by state and private organizations is topical task today. Of special interest are methods for prevention data leakage by usage of hidden (steganographic) communication channels by attackers. Despite wide range of proposed steganalysis methods for detection of embedded messages, theirs performance highly depends on prior information about used embedding methods. As an example, we may mention modern stegdetectors for digital images, which are based on cover rich models and deep convolutional neural networks. Therefore, the stego image destruction methods are widely applied as preventive action. Modern methods for stego image destruction are based on widespread image denoising methods, like median filter and lossy compression. The limitation of such methods is significant changes of image’s statistical features that may disclosure the steganalysis process to attacker. Therefore, development of stego images processing methods that provide reliable destruction of embedded data, and preserving cover image statistical features is needed. The paper is aimed at performance evaluation of applying the novel methods of spectral analysis, namely dictionary learning, for solving this tasks. The obtained results showed limitation of state-of-the-art methods for destruction of stego image formed by adaptive embedding methods, namely considerable changes of image’s statistical parameters. The proposed method allows preserving both minimal changes of a Cover Image (CI) parameters, and ratio of survived bits of embedded message (less than 7%). This makes proposed solution an attractive candidate for reliable destruction of stego images formed by novel embedding methods. However, practical usage of proposed solution requires further improvement of dictionary learning methods, namely decreasing of computation complexity of dictionary forming procedure.Документ Відкритий доступ Estimating probable electoral losses using gaming approach in the conditions of information countermeasures(Igor Sikorsky Kyiv Polytechnic Institute, 2022) Tereshchenko, Ivan; Myronets, AlinaThe task of assessing the destructive effects on information is considered public safety on the example of electoral losses in the process of information opposition. To find a solution to the above problem, it is proposed a non-linear model based on process modeling pre-election races. Based on similar studies, it was the impact of destructive informational influences on certain security is considered layers of society. A case study where an adversary advances its narratives for capture of a part of society in its information field, as well as his keeping under its influence at the expense of existing agents. For this purpose he involves influence agents who act in two groups. For the specified situation it was the process of transition of the electorate to the information environment is simulated opponent. The following groups of objects were considered in the model: our agents, which functionally, they only oppose the agents of the adversary, groups of society, divided according to the possible impact on them, and two groups of agents enemy, each of which can change as a result of losses and necessity keeping under its influence members of the social groups that reacted positively on the information narratives of the adversary. As a result, the simulation was carried out assessment of probable electoral losses, which provides grounds for determination optimal counteraction to destructive informational influences.Документ Відкритий доступ Formation Networks of Terms for Identifying Semantic Similarity or Difference Degree of Texts in Cybersecurity(Igor Sikorsky Kyiv Polytechnic Institute, 2022) Dmytrenko, OlehThis paper devoted the problem of identifying a semantic similarity degree or difference of text in cybersecurity field. The paper presents a method for comparing text documents based on the formation and comparison of the corresponding semantic networks. The directed weighted network of terms, where the nodes of such networks are key terms of the text, and edges are semantic relationships between these terms in the text are considered as a semantic network. The algorithm for formation semantic networks as one of the types of ontologies is also presented. Formation of network of term includes pre-processing of text data, extraction of key terms, construction of undirected network of terms (using the algorithm of horizontal visibility graph), determining undirected connections between terms, and further determining the directions of connections and their weight values. The Frobenius norm of the difference of matrices corresponding to the semantic networks is considered to compare the semantic networks. An identifying the critically different texts that can have similar keywords but different semantic between them is important to ensure cybersecurity. Also, the proposed approach can be helpful while solving the problem of accumulating text data semantically similar in content. In general, this approach can also be used in systems of automatic information retrieval to determine the degree of similarity or difference in the structure and semantics of texts and identify the sources of information that have a destructive impact on the information space.Документ Відкритий доступ Model of rules for malicious input parameters detection(Igor Sikorsky Kyiv Polytechnic Institute, 2022) Korzhenevskyi, Oleksandr; Graivoronskyi, MykolaThis article is devoted to detection of advanced techniques of malicious input parameter injections and web application firewall (WAF) bypass. The authors have proposed a hierarchical model for detection rules definition, which allows to edit different fragments separately. This model has been implemented with the usage of Backus-Naur form and ANTLR4 (generator of parsers and lexers). The solution has been tested using some popular web application scanners. The testing environment has been created with Python3. The results of research have been compared with the corresponding ones for the existing open source solution – libinjection. The main accent has been made to SQL injcetions and Cross-Site Scripting attacks.Документ Відкритий доступ On Multivariate Algorithms of Digital Signatures Based on Maps of Unbounded Degree Acting on Secure El Gamal Type Mode(Igor Sikorsky Kyiv Polytechnic Institute, 2022) Ustimenko, V. O.Multivariate cryptography studies applications of endomorphisms of K[x1 x2, …, xn] where K is a finite commutative ring given in the standard form xi →f1 (x1, x2,…, xn), i=1, 2,…, n. The importance of this direction for the constructions of multivariate digital signatures systems is well known. Close attention of researchers directed towards studies of perspectives of efficient quadratic unbalanced rainbow oil and vinegar system (RUOV) presented for NIST postquantum certification. Various cryptanalytic studies of these signature systems were completed. During Third Round of NIST standardisation projects ROUV digital signature system were rejected. Recently some options to seriously modify theses algorithms as well as all multivariate signature systems which alow to avoid already known attacks were suggested. One of the modifications is to use protocol of noncommutative multivariate cryptography based on platform of endomorphisms of degree 2 and 3. The secure protocol allows safe transfer of quadratic multivariate map from one correspondent to another. So the quadratic map developed for digital signature scheme can be used in a private mode. This scheme requires periodic usage of the protocol with the change of generators and the modification of quadratic multivariate maps. Other modification suggests combination of multivariate map of unbounded degree of size O(n) and density of each fi of size O(1). The resulting map F in its standard form is given as the public rule. We suggest the usage of the last algorithm on the secure El Gamal mode. It means that correspondents use protocols of Noncommutative Cryptography with two multivariate platforms to elaborate safely a collision endomorphism G: xi → gi of linear unbounded degree such that densities of each gi are of size O(n2 ). One of correspondents generates mentioned above F and sends F+G to his/her partner. The security of the protocol and entire digital signature scheme rests on the complexity of NP hard word problem of finding decomposition of given endomorphism G of K[x1,x2,…,xn] into composition of given generators 1G, 2G, …tG, t>1 of the semigroup of End(K[x1,x2,…,xn]). Differently from the usage of quadratic map on El Gamal mode the case of unbounded degree allows single usage of the protocol because the task to approximate F via interception of hashed messages and corresponding signatures is unfeasible in this case.Документ Відкритий доступ On the Security of Qalqan Cipher Against Differential Cryptanalysis(Igor Sikorsky Kyiv Polytechnic Institute, 2022) Yakovliev, Serhii; Stolovych, MykhailoAbstract In 2021, the first version of block cipher Qalqan was presented. It is positioned as a candidate to the future national encryption standard of the Republic of Kazakhstan. This cipher features the usage of addition by different modules for mixing the round keys and for linear layer. In this work, we consider some cryptographic properties of Qalqan, related with the security against differential and linear cryptanalysis. We present variations of cipher’s S-box with better cryptographic properties. We prove that branch number of Qalqan’s linear layer is equal to 3, and the layer itself has a significant amount of fixed points. Also, we build a set of multi-round differential characteristics with high probabilities for the modified version of the Qalqan cipher, which uses only addition modulo 256. With these results, we can argue that the declared security of Qalqan against differential and linear cryptanalysis should be reconsidered.Документ Відкритий доступ Peculiarities of phishing threats and preventive measures in the conditions of war in Ukraine(Igor Sikorsky Kyiv Polytechnic Institute, 2022) Shevchenko, Hryhorii; Stopochkina, Iryna; Babenko, IvanThe paper is devoted to the study of the peculiarities of phishing attacks on the personnel of enterprises and institutions of Ukraine during the war period (from February 2022- till now). The life cycle of the most popular attacks is analyzed. The focus is made on email phishing, which is the most popular for attacks on enterprises. A list of typical topics of phishing emails, psychological vectors of phishing influence, typical for attacks on Ukrainian users, additional factors that contribute to the success of attacks have been revealed. A countermeasures for phishing attacks prevention have been recommended. A list of phishing keywords was collected and templates were developed, a software solution based on artificial intelligence approaches was proposed to automate the generation of phishing letters in Ukrainian that can be used during "false alarms" and staff training in large enterprises.Документ Відкритий доступ Systems of Linear Restrictions Over a Finite Field(Igor Sikorsky Kyiv Polytechnic Institute, 2022) Kurinnyi, OlehThis paper considers the problem of recovering an unknown vector based on partial information presented in the form of certain linear dependencies. Such problem is an alternative to the standard one of solving a system of polynomial equations over a finite field, which arises in the context of algebraic cryptanalysis of stream ciphers, and it models a situation when it’s not possible to formulate specific equations with an unknown vector, but certain restrictions on linear dependencies with this vector. To formalize such linear dependencies, the notation of the system of linear restrictions over a finite field is introduced, and the problem of recovering the unknown vector is replaced by the problem of solving the system of linear restrictions over a finite field. In this paper, we researched some properties of this problem using its equivalent forms and important partial cases.Документ Відкритий доступ The analysis of cybersecurity subject area terms based on the information diffusion model(Igor Sikorsky Kyiv Polytechnic Institute, 2022) Lande, Dmytro; Novikov, Olexiy; Manko, DmytroThis research describes a comparison of the information diffusion model, built on the basis of cellular automata with the real statistics the dynamics of the use of terms from the field of cybersecurity in the information flows of the Internet. The information diffusion model is used with different parameters of the intensity of the information propagation. The cross-correlation of dynamics of the dissemination of new information in the model with the dynamics of the occurrence of concepts of the real subject area has been calculated. A high correlation dynamic of the terms occurrence with the dynamics given by the model at the selected parameters is shown. The research results allow fixing the model parameters that can further perform forecasting. The advantage of the information diffusion model based on cellular automata is the simplicity and clarity of a small number of parameters, and the ability to change them in accordance with the data on the actual occurrence of special terminology in information flows. The dynamics of the information diffusion model under various parameters allows us to determine centroids for the subsequent clustering of domain terms.Документ Відкритий доступ The inverse problem of Q-analysis of complex systems structure in cyber security(Igor Sikorsky Kyiv Polytechnic Institute, 2022) Polutsyganova, V. I.; Smirnov, S. A.It is considered the inverse problem of Q-analysis. In the course of the research, an algorithm for the recovery of simplicial complexes from elementary simplex using local maps and a structural tree was developed. This algorithm will reduce the amount of data stored and improve the management process if the simplicial complex describes a real big complex system wich it can imagine cyber security system.Документ Відкритий доступ The Modification of the Quantum-Resistant AJPS-1 Cryptographic Primitive(Igor Sikorsky Kyiv Polytechnic Institute, 2022) Yadukha, DariyaIn recent years, quantum-resistant cryptography has been steadily developing, which is due, in particular, to the post-quantum cryptosystems competition of the National Institute of Standards and Technology (NIST), which has been ongoing since 2017. One of the participants in the first round of the competition is the AJPS cryptosystem. In this work, we propose the modification of the AJPS cryptosystem for bit-by-bit encryption by changing the numbers class used in the cryptosystem as a module. This modification increases the variability of the cryptosystem parameters.Документ Відкритий доступ Vulnerability detection in the network traffic flow of the RADIUS protocol based on the object-oriented model(Igor Sikorsky Kyiv Polytechnic Institute, 2022) Galchynsky, Leonid; Murtazina, AminaThe RADIUS protocol was analyzed from the point of view of its functionality and security. The internal structure and the division into functions were shown. There were described the structure of the RADIUS network, the functions of the network access server or NAS, and the RADIUS server. The advantages of the centralized secure data processing technology based on the RADIUS protocol were shown. Mechanisms of secure processing of requests at the authentication and authorization stage were described. Sources and types of protocol vulnerabilities were studied and possible attack scenarios were identified. The relevance of creating models for evaluating the vulnerabilities of the RADIUS protocol was substantiated, and the methodology for building the model was chosen. An object-oriented model of the RADIUS protocol has been developed. A software application was developed and various attacks on the RADIUS protocol were tested. A number of potential vulnerabilities have been identified.