Theoretical and Applied Cybersecurity: scientific journal, Vol. 5, No. 1
Постійне посилання зібрання
Переглянути
Нові надходження
Документ Відкритий доступ Analysis of the core research for vendor email compromise filtering model using machine learning(Igor Sikorsky Kyiv Polytechnic Institute, 2023) Zibarov, Dmytro; Kozlenko, OlehVendor email compromise became one of most sophisticated types of social engineering attacks. Strengths of this malicious activity rely on basis of impersonating vendor that company working with. Thus, it is easy for attacker to exploit this trust for doing different type of data exfiltration or ransom. To mitigate risks, that come with these challenges, information security specialist should consider using different types of approaches, including machine learning, to identify anomalies in email, so further damages can be prevented. The purpose of this work lies in the identification of optimal approach for VEC-style attacks detection and optimizing these approaches with least amount of falsepositive (FP) parameters. The object of this research is different methods of text processing algorithms, including machine learning methods for detecting VEC emails. The subject of research in this paper mainly considers impact of mentioned text processing algorithms and its relation with efficiency of VEC email classification, identifying most effective approach and, also, how to improve results of such detections. Results of this paper consists of details for VEC-email attacks detection, challenges that comes with different approaches and proposed solution, that lies in using text processing techniques and agentrelated approach with main sphere of implication – machine-learning systems, that are used for identifying social-engineering attacks through email.Документ Відкритий доступ Frequency Analysis of Russian Propaganda Telegram Channels(Igor Sikorsky Kyiv Polytechnic Institute, 2023) Kiforchuk, KyryloOn 24 February 2022 Russia launched a full-scale invasion of Ukraine. In addition to large-scale military operations against Ukraine, many information attacks were organized. These attacks began before the invasion: for several months, Russia has been actively paving the way for the war by launching different types of information operations in cyberspace. As an example, Russian propaganda media were promoting the idea of “Russian world”, which calls into a question the existence of Ukraine as an independent state and justifies Russian military aggression. In this work, Russian propaganda Telegram channels were analyzed using term frequency analysis with bag-of-words technique. For this analysis, text data from Telegram propaganda channels was collected and processed. The obtained results revealed different patterns in Russian propaganda against Ukraine via Telegram channels.Документ Відкритий доступ Machine Learning Models Stacking in the Malicious Links Detecting(Igor Sikorsky Kyiv Polytechnic Institute, 2023) Khukalenko, Yevhenii; Stopochkina, Iryna; Ilin, MykolaAn analysis of the performance of various classifiers on address and network groups of features was performed. A new classification model is proposed, which is a stacking of 3 models: kNN, XGBoost and Transformer. The best model for stacking was experimentally determined: Logistic Regression, which made it possible to improve the result of the best available model by 3%. The hypothesis that stacking a larger number of worse models has an advantage over stacking a smaller number of more productive models on the used data set was confirmed: regardless of the choice of stacking metaalgorithm, stacking of three models showed better results than stacking two.Документ Відкритий доступ Cyber Security Logical and Probabilistic Model of a Critical Infrastructure Facility in the Electric Energy Industry(Igor Sikorsky Kyiv Polytechnic Institute, 2023) Alekseichuk, Lesia; Novikov, Oleksii; Rodionov, Andrii; Yakobchuk, DmytroIn the work, a cyber security logical and probabilistic model of a critical infrastructure facility in the energy sector was developed and investigated. The cyber security logical and probabilistic model describes the development of adverse events that arise in the Industrial Control System of the electrical network from the realization of possible threats from cyberspace, such as attacks on the protection system through the corporate network, connection through a modem and wireless connection. The resulting model is based on sequentially developed structural, logical and probabilistic models. The field of use of the developed model is automation systems for designing information protection systems or designing trajectories of attacks on these systems. The model was also applied to study the sensitivity of the probability of the development of adverse events to variations in the probability of realization of possible threats to the system.Документ Відкритий доступ Defining of Goals in the Development of Cyber Resilient Systems According to NIST(Igor Sikorsky Kyiv Polytechnic Institute, 2023) Bakalynskyi, Oleksandr; Korobeynikov, FedirThis paper introduces an approach to defining goals in the development of cyber-resilient systems, following the guidelines established in the standards of the National Institute of Standards and Technology (NIST) in the United States. This work aims to provide a roadmap for researchers and practitioners of cyber resilience in creating information systems capable of withstanding and adapting to adverse conditions, malfunctions, and attacks while ensuring the guaranteed execution of all primary cyber-system functions.Документ Відкритий доступ System construction of cybersecurity vulnerabilities with Q-analysis(Igor Sikorsky Kyiv Polytechnic Institute, 2023) Polutsyganova, V. I.Today, in order to assess potential cyber threats, it is necessary to conduct a comprehensive assessment of the vulnerabilities of the investigated system. To do this, it is necessary to describe the identified vulnerabilities and consider potential vulnerabilities. In addition, the relationship between system vulnerabilities must be properly assessed. The most common assumption is that all vulnerabilities are independent and are implemented either by random events or by malicious intent. The paper proposes a method that allows modeling the vulnerabilities of complex systems as a whole, taking into account their hidden connections. Q-analysis [2] was used to study the structure of the system of interconnected vulnerabilities that arise in the process of project implementation. An example of the application of Q-analysis methods is presented and an explanation of the nature and impact of some potential threats and their combinations is offered.Документ Відкритий доступ Proposing of suggestive influence detection and classification method based on fuzzy logic and feature driven analysis(Igor Sikorsky Kyiv Polytechnic Institute, 2023) Nakonechna, YuliiaThis research proposes an approach to the identification and classification of tools used in informational operations aimed at the implementation of suggestive influence, based on existing research on the feature-based informational influence identification. The proposed method combines the theory of fuzzy sets and the methods of fuzzy inference with the approach of analysis based on text features thanks to the author's proposed list of suggestive influence techniques, certain combinations of which are characteristic of various information influence tools. Using this approach, research focuses on identifying and classifying tools such as propaganda, fakes, disinformation, manipulation and artificial narrative. This structure result allows to improve the quality of analysis of similar research cases and to develop optimal countermeasures strategies that will take into account the features of each of the considered information warfare tools in further studies.Документ Відкритий доступ OSINT Time Series Forecasting Methods Analysis(Igor Sikorsky Kyiv Polytechnic Institute, 2023) Feher, A.; Lande, D.Time series forecasting is an important niche in the modern decision-making and tactics selection process, and in the context of OSINT technology, this approach can help predict events and allow for an effective response to them. For this purpose, LSTM, ARIMA, LPPL (JLS), N-gram were selected as time series forecasting methods, and their simple forms were implemented based on the time series of quantitative mentions of nato, himars, starlink and cyber threats statings obtained and generated using OSINT technology. Based on this, their overall effectiveness and the possibility of using them in combination with OSINT technology to form a forecast of the future were investigated.Документ Відкритий доступ The Quantum Distinguishing Attacks on Generalized Feistel Schemes(Igor Sikorsky Kyiv Polytechnic Institute, 2023) Zvychaina, A.; Fesenko, A.It turned out that in addition to problems with classical asymmetric cryptography in the post-quantum period, there are certain doubts about the strength of symmetric cryptographic schemes. This paper demonstrates that on Type III Generalized Feistel Scheme (GFS), by selectively fixing specific parts of the plaintext at the input to the GFS, it is possible to reduce the problem of distinguishing between random text and encrypted output of the same GFS to the Simon problem through different approaches. Our method enables the cracking of the cipher up to d rounds in polynomial time, while a more sophisticated approach based on different formulas from other paths of the cipher can crack d + 1 rounds with the same time complexity in quantum adversary model. These distinct approaches yield varying results in terms of scheme security, indicating the potential to break more rounds in the GFS using the same methodology.Документ Відкритий доступ The Forgery Attack on the Post-Quantum AJPS-2 Cryptosystem and Modification of the AJPS-2 Cryptosystem by Changing the Class of Numbers Used as a Module(Igor Sikorsky Kyiv Polytechnic Institute, 2023) Yadukha, DariyaIn recent years, post-quantum (quantum-resistant) cryptography has been actively researched, in particular, due to the National Institute of Standards and Technology’s (NIST) Post-Quantum Cryptography Competition (PQC), which has been running since 2017. One of the participants in the first round of the competition is the Mersenne-756839 key encapsulation mechanism based on the AJPS-2 encryption scheme. The arithmetic modulo Mersenne number is used to construct the cryptoprimitives of the AJPS family. In this paper, we propose a forgery attack on the AJPS-2 cryptosystem using an active eavesdropper, and two modifications of the post-quantum AJPS-2 cryptosystem, namely, the modification of AJPS-2 using the arithmetic modulo generalized Mersenne number and Crandall number. Moreover, new algebraic problems are defined, on the complexity of which the security of the created modifications is based. The advantages of these modifications are the extension of the number class used as a module in the cryptosystem and the security against the forgery attack with the active eavesdropper, which was successful in the original AJPS-2.Документ Відкритий доступ Extremal graph theory and generation of quadratic multivariate transformations of Algebraic Post-Quantum Cryptography(Igor Sikorsky Kyiv Polytechnic Institute, 2023) Ustymenko, Vasyl; Wróblewska, Aneta; Pustovit, OleksandrWe introduce large groups of quadratic transformations of a vector space over the finite fields defined via symbolic computations with the usage of algebraic constructions of Extremal Graph Theory. They can serve as platforms for the protocols of Noncommutative Cryptography. The modifications of these symbolic computations in the case of large fields of characteristic two allow us to define quadratic bijective multivariate public keys such that the inverses of public maps has a large polynomial degree. We suggest the usage of constructed protocols for the private delivery of quadratic encryption maps instead of the public usage of these transformations.Документ Невідомий Power Analysis Template Attacks on AES-128 Hardware Implementations and Protection Against Them(Igor Sikorsky Kyiv Polytechnic Institute, 2023) Dehtyariov, Andrii; Graivoronskyi, MykolaThe purpose of this work is to research AES-128 power analysis template attack and propose a practical way to mitigate such kind of side-channel attacks. The research includes a review of power analysis side-channel attacks, an experiment with the collection of Atmega328PU chip power samples using Hantek 6022BE oscilloscope, processing collected data and modeling – building statistical template of the device and analyzing parameters of the side-channel attack. The work is focused on preparation and carrying out the experiment. The experimental bench layout and procedures of collecting and processing the data are considered in details. The result of this work is the confirmation of the effectiveness of power analysis template attacks on AES-128 for Arduino Uno hardware, and a mechanism for mitigating such kind of attacks on the particular hardware and software implementation. Research materials described in the current work could be used for developing another side-channel template attack mitigation mechanisms for other cryptographic implementations.