Theoretical and Applied Cybersecurity: scientific journal, Vol. 3, No. 1
Постійне посилання зібрання
Переглянути
Перегляд Theoretical and Applied Cybersecurity: scientific journal, Vol. 3, No. 1 за Назва
Зараз показуємо 1 - 11 з 11
Результатів на сторінці
Налаштування сортування
Документ Відкритий доступ Comparative analysis of machine learning methods for detecting malicious files(Igor Sikorsky Kyiv Polytechnic Institute, 2021) Nafiiev, Alan; Kholodulkin, Hlib; Rodionov, AndriiNowadays, one of the most critical cyber security problems is the fight against malicious software, precisely, the problem of detecting it. Every year, new modern computer viruses are created that are capable of mutation and changing while running. But unfortunately, the developers of antivirus software do not have time to quickly add all types of malicious programs to the signature databases. In this regard, it is sensible to use heuristic detection methods based on algorithms of machine learning. The purpose of this paper is to present several classification methods based on machine learning techniques for detecting zero-day attacks. In particular, the following algorithms were tested: random forest classifier, support vector classifier, greed search in svc, and k-nearest neighbors. The dataset was taken from the Kaggle website. It consists of 19611 executable files of the PE format, 14599 of which are malicious, and 5012 files are benign. This article presents recommended classification and detection methods with advanced analysis of important metrics that allow you to assess and compare machine learning algorithms’ effectiveness and performance for detecting malware.Документ Відкритий доступ Counteracting destructive information influences based on the game approach(Igor Sikorsky Kyiv Polytechnic Institute, 2021) Tereshchenk, Ivan; Myronets, AlinaThe problem of counteracting destructive influences on the example of ensuring information security of society during the rapid structural changes in the television industry is considered. To solve this problem we propose a nonlinear model that is based on multiple-choice in the context of information counteraction. Based on the study of the election campaign, the simulation of processes affecting security was conducted. A case in which, due to certain circumstances, some TV channels that political parties engage in for the purpose of agitation stop broadcasting has been investigated. The model considered the following objects: the first group of TV channels with common interests, the second group of TV channels - antagonists of the first, the third group - TV channels whose activities are insignificant in terms of impact on the first group, but in the simulation, they are considered to belong to the second group. The dependence of the efficiency of information influence on certain parameters of the model is shown. The conditions that ensure the preservation of the coalition in the conditions of information counteraction have been identified with the help of the game approach.Документ Відкритий доступ Fast algorithm for computation the parameters of s-boxes that determine the security of SNOW 2.0-like stream ciphers against correlation attacks over extension fields(Igor Sikorsky Kyiv Polytechnic Institute, 2021) Poremskyi, MykhailoThe security of SNOW 2.0-like stream ciphers against a wide class of correlation attacks can be evaluated by values of some numerical parameters of s-boxes used in these ciphers. We propose a fast algorithm that computes the values of these parameters. The proposed algorithm is based on the fast Hadamard transform and has significantly lower time complexity compared to the previously known ones. We also show experimentally, using the Monte Carlo method, that for most random 8 x 8 s-boxes the values of the considered parameters ensure an appropriate security level of SNOW 2.0-like stream ciphers against known correlation attacks.Документ Відкритий доступ Methods of counteraction of bypassing two-factor authentication using reverse proxy(Igor Sikorsky Kyiv Polytechnic Institute, 2021) Vlasenko, Andrii; Stopochkina, Iryna; Ilin, MykolaThe existing solutions for counteracting and preventing the interception of data and tokens of two-factor authentication are considered. Features that may indicate the presence of a silent reverse proxy server are chosen. It is proposed to analyze the information about additional time anomalies, which are usually created by the proxy server. The advantage of this approach is that the time characteristics information is generated on the client-side, and the malicious proxy server cannot modify it. Machine learning methods were used to detect implicit signs of the presence of a proxy server. A new method of detecting a silent reverse proxy server that satisfies the following conditions is proposed: 1) the human factor is minimized, 2) use by an individual user is possible, 3) the method has an acceptable impact on performance and can be used in real-time.Документ Відкритий доступ On the Generator of Stable Cubical Multivariate Encryption Maps Over Boolean Rings for Protection of Large Information System(Igor Sikorsky Kyiv Polytechnic Institute, 2021) Ustimenko, Vasyl; Klisowski, MichalEncryption based on Walks in Algebraic GRAphs (EWAGRA) is used for protection of authors' rights, access to electronic books or documents located at a certain knowledge base (Information Quality Assurance Support Systems of a university, digital library supporting distance education, various digital archives and etc). The method allows generating nonlinear stream ciphers, which have some similarities with a one-time pad: different keys produce distinct ciphertexts from the same plaintext. In contrast to the case of a one-time pad, the length of the key is flexible and the encryption map is a nonlinear poly- nomial map, which order is growing with the growth of the dimension n of the plaintext space. The encryption has good resistance to attacks of the adversary when he has no access to plaintext space or has a rather small number of intercepted plaintext- ciphertext pairs. It is known that encryption and decryption maps are cubical maps. So, interception of n3 + O(n) plaintext-ciphertext pairs allows conducting a plain linearization attack for finding the inverse map. We consider the idea of the modification of this encryption algorithm after sending each message without using key exchange protocols. So the new algorithm is resistant to plain linearization attacks.Документ Відкритий доступ Quantities of points on some Edwards curves(Igor Sikorsky Kyiv Polytechnic Institute, 2021) Rybak, OleksandrThe Edwards curves of the form x2 + y2 = 1 + dx2y2 are investigated in this article. An exact formula for the quantity of points on x2 + y2 = 1 + dx2y2 over a field Fp is obtained for odd prime numbers p. The special attention is paid to the curves with exactly p+1 points over the field Fp. These curves are called supersingular. They are not recommended for usage in cryptography, because their structure is relatively simple. The supersingularity of the curve is proved for any prime p = 4m+3. Also, some other values of d, for which x2 + y2 is equivalent to 1 + dx2y2 (mod p) is supersingular, are found.Документ Відкритий доступ Reference functions of cyber incidents displaying in the media space(Igor Sikorsky Kyiv Polytechnic Institute, 2021) Lande, Dmytro; Novikov, Oleksii; Stopochkina, IrynaThe principles of cyber attacks detection that based on media content are described. Proposed methods are suitable for description of the general trends in the dynamics of information flows concerning cyber incidents. A generalized diagram of cyber attacks stages displaying in the media space is proposed. On the basis of the diagram the basic wavelet functions are selected, which can be considered as a reference for detecting cyber incidents. The proposed wavelets are low-order derivatives of Gaussian function (Wave, «Mexican Hat» and Morlaix wavelets). Retrospective analysis of already implemented information operations is a reliable way to verify them. The problem of forecasting is partly solved by probabilistic estimates in accordance with the type of reference functions.Документ Відкритий доступ Software security risk management in DEVOPS methodology(Igor Sikorsky Kyiv Polytechnic Institute, 2021) Kolisnichenko, Olga; Kolomytsev, Mykhailo; Nosok, SvitlanaIt’s impossible to talk about cloud technologies, modern applications and, in general, digital transformation, and not to mention security. The same applies to software development, in particular the DevOps methodology. DevOps is a software development methodology that focuses on communication, integration, and collaboration between IT professionals ensuring rapid product deployment. DevOps practice reflects the idea of continuous improvement and automation. Many practices are designed for one or more stages of the development cycle. Three hundred hours spent on software development can be wasted in just 30 seconds, if only one defect during operation is detected. This, subsequently, can ruin reputation of the whole product, and as a result there will be no choice but to simply remove it from the market. And this establishes the importance and necessity of quality control. To ensure quality of software products during development risk management should be used at every stage of the DevOps lifecycle. Implementing DevOps without paying attention to security will definitely increase risks of attacks. Risk is the occurrence of an uncertain event that positively or negatively affects measured criteria of project success. These can be events that have happened in the past or current events, or something that may happen in the future. These uncertain events can affect target, business, technical and qualitative objectives of the project.Документ Відкритий доступ Statistical stegdetectors performance by message re-embedding(Igor Sikorsky Kyiv Polytechnic Institute, 2021) Progonov, DmytroState-of-the-art stegdetectors for digital images are based on pre-processing (calibration) of analyzed image for increasing stego-to-cover ratio. In most cases, the calibration is realized by image processing with enormous set of high-pass filters to obtain good estimation of cover image from the stego one. Nevertheless, the efficiency of this approach significantly depends on careful selection of filters for reliably extraction of cover image alterations that are specific for each embedding method. The selection is non-trivial and laborious operation that is realized today by training of convolutional neural networks, such as Ye-Net, SR-Net to name but a few. The paper is devoted to performance analysis of alternative approach to image calibration, namely message re-embedding into analyzed image. The considered method is aimed to increasing stego-to-cover ratio by amplification of cover image alterations caused by message hiding. The analysis was performed on ALASKA and VISION datasets by usage of stegdetector based on SPAM model of covers. Messages were re-embedded according to state-of-the-art adaptive methods HUGO, S-UNIWARD, MG and MiPOD. Proposed approach allows significantly (up to 20%) decreasing detection error even in case of low payload of cover image (less than 10%) where modern stegdetectors are ineffective.Документ Відкритий доступ Stochastic Violator Model(Igor Sikorsky Kyiv Polytechnic Institute, 2021) Kaczynski, Anatoliy; Kireienko, Oleksandr; Kozlenko, OlehThis paper introduces a new type of violator model that is based on Markov chains. It can be used as a scenario model AS IS or as a mathematical model with quantitative estimates if additional information is presented. Our aim with this paper was to develop a model that will allow to restore missing data, using existing knowledge about violator. The results show that presented scenario for general cases cover the majority of attacks and can be applied to real-life scenarios too. Summing up the results, it can be concluded that additional improvement of the model should be focused on data gathering to ensure that existing data will be enough to recover the rest.Документ Відкритий доступ Technique of testing cyber vulnerabilities and quality of Cyberphysical software systems(Igor Sikorsky Kyiv Polytechnic Institute, 2021) Danyk, Yuriy; Vysochanska, VictoriyaCyber vulnerability testing and software quality cyberphysical systems (complexes) is an important task in ensuring its reliability and security. When working with several variations of products or their versions, testing all software for every variation is resource intensive and irrational. To implement effective technological and economical quality of testing and cyber vulnerabilities of cyberphysical systems software (complexes) in terms of its increasing complexity, both in time (when considering the version) and in space (when considering variation) and lack of access to program code should be developed as follows new methods. Those methods will allow to use the results of previous tests and focus on the most important, for their testing, not yet tested parts. This is possible using regression testing methods and the appropriate choice of test cases and their prioritization to identify and address software issues and cyber vulnerabilities. Of course, testing variations and versions without access to source code, is an extremely problematic and costly task. The article analyzes the stages of regression testing and proposes an improved method for selecting test cases for testing of cyber vulnerabilities of software of cyberphysical systems (complexes) without access to program code. During the study, an analysis of the achievements in this area was conducted, investigating leading experts works. This article also identifies and compares the effectiveness of prioritized and non-prioritized test cases using the average percent detection rate (APFD). As a result of the study, new metrics for measuring test coverage are presented.