Cybersecurity: Education, Science, Technique

Journal Information
EISSN : 2663-4023
Total articles ≅ 149
Current Coverage

Latest articles in this journal

Artem Platonenko, , , Heorhii Oleksiienko
Cybersecurity: Education, Science, Technique, Volume 12, pp 143-150;

This article is devoted to highlighting the real practical capabilities of UAV thermal imaging cameras, which allow you to effectively and safely identify potentially dangerous objects that may threaten the object of information activities, or the safety of citizens or critical infrastructure of Ukraine. Based on many years of flight experience and training of specialists for private and public institutions, it was decided to compare the quality characteristics and capabilities of detection, recognition and identification of objects using modern unmanned vehicles. To ensure public safety and control of the territory, there are models with multiple optical zoom, which from a distance of 500 m allow to recognize the license plate of the car, or versions with thermal imager, which in night can help see the car, the temperature difference against other cars, and the fact that a person comes out of it. Test flights were performed at altitudes from 15 to 100 m, in the open, without the presence of bushes, trees or obstacles. Depending on the camera model and weather conditions, the figures obtained may differ significantly. The main advantages and differences in the quality of thermal imaging cameras for UAVs are described. The quality of the obtained image is demonstrated on real examples and under the same conditions. A number of requirements have been developed for shooting a quadcopter with thermal imagers of objects such as a car and a person from different heights, according to Johnson's criteria, and a work plan has been developed for further research to prepare and provide effective recommendations for pilots using this technique territories of objects of information activity and during performance of service in air reconnaissance units of law enforcement agencies of Ukraine.
Yevhen Ivanichenko, , Kateryna Kravchuk
Cybersecurity: Education, Science, Technique, Volume 12, pp 132-142;

The urgency of the topic is the integration of machine learning technologies into cybersecurity systems. After getting acquainted with the technical literature, the main technologies of machine learning that are implemented in the organization of cybersecurity were formulated. Acquainted with the main type of artificial neural network used in the prevention and detection of cyber threats and found that the main to consider the general application of machine learning technologies are artificial neural networks based on a multilayer perceptron with inverse error propagation. It is proposed to use indicators of compromise cyberattacks as initial information for automatic machine learning systems. Emphasis is placed on the main types of data that can be used by surveillance subsystems for information security and cybersecurity to perform tasks and prevent, classify and predict cybersecurity events. According to the results of the analysis, the main problem areas for their implementation in information security systems are identified. The problem of using machine learning (ML) in cybersecurity is difficult to solve, because advances in this area open up many opportunities, from which it is difficult to choose effective means of implementation and decision-making. In addition, this technology can also be used by hackers to create a cyber attack. The purpose of the study is to implement machine learning in information security and cybersecurity technology, and to depict a model based on self-learning
, , Volodymyr Hrytsyk, , Bohdana Havrysh
Cybersecurity: Education, Science, Technique, Volume 12, pp 85-95;

The method of biometric identification, designed to ensure the protection of confidential information, is considered. The method of classification of biometric prints by means of machine learning is offered. One of the variants of the solution of the problem of identification of biometric images on the basis of the k-means algorithm is given. Marked data samples were created for learning and testing processes. Biometric fingerprint data were used to establish identity. A new fingerprint scan that belongs to a particular person is compared to the data stored for that person. If the measurements match, the statement that the person has been identified is true. Experimental results indicate that the k-means method is a promising approach to the classification of fingerprints. The development of biometrics leads to the creation of security systems with a better degree of recognition and with fewer errors than the security system on traditional media. Machine learning was performed using a number of samples from a known biometric database, and verification / testing was performed with samples from the same database that were not included in the training data set. Biometric fingerprint data based on the freely available NIST Special Database 302 were used to establish identity, and the learning outcomes were shown. A new fingerprint scan that belongs to a particular person is compared to the data stored for that person. If the measurements match, the statement that the person has been identified is true. The machine learning system is built on a modular basis, by forming combinations of individual modules scikit-learn library in a python environment.
Volodymyr Astapenia, Maksym Martseniuk, , , Yevhen Martseniuk
Cybersecurity: Education, Science, Technique, Volume 12, pp 117-131;

In the digital stage of world development, information is constantly expanding its facets. That is why the exchange of information is a leading component of constant change in life. Although humanity is gradually moving to the use of electronic technology, acoustic information still plays a key role in information circulation. This applies to official communication in public institutions up to the highest level, business contacts in commercial structures and private communication between people. The process of transmitting information in acoustic form has dangerous consequences. The use of appropriate devices, such as directional acoustic microphones or technical intelligence acoustic antennas, which may be outside the scope of the information activity, makes it possible to obtain unauthorized information that should not reach third parties. Therefore, the task of detecting and protecting information leakage channels, including acoustic ones, is gaining a new degree of importance every day. The protection of the premises or building, where acoustic information regularly circulates, provides a set of organizational and technical measures and means of protection of information circulation, taking into account the peculiarities of the location and arrangement of the object. This study involves the study of the dependence of the level of the acoustic signal on ways to prevent leakage of information through the acoustic channel, which includes vibration noise by means of technical protection and coverage of improvised materials (shielding) of enclosing structures of information activities (OID). The experiment determines the degree of influence of density, sound-absorbing properties of materials and their combinations on acoustic oscillations, the source of which is in the OID. The object of the study was a basic room, where the enclosing structures are walls with windows and doors, ceiling and floor. It is also worth noting that the acoustic signal measurements were not performed in complete silence, which directly affected the accuracy of the results. This step was taken in order to best reproduce the conditions in which criminals often work.
Maksym Opanasenko, Taras Dzuba
Cybersecurity: Education, Science, Technique, Volume 12, pp 61-68;

The article considers the problems of identifying threats to national security, in particular in the information sphere, as well as ways to solve them. The experience of leading countries in approaches to the establishment and operation of national risk and threat detection systems, namely the United States, the United Kingdom, the Kingdom of the Netherlands and New Zealand, is analyzed. The significant influence of the peculiarities of the information sphere in the formation of risks and threats of all security spheres is determined. Particular attention is paid to the direction and focus of the monitoring process on the search for certain marker events that will provide a clear idea of the beginning of the formation of risks and identify threats in the early stages. The expediency of development of the Passport of threats to national security of the state for its coordinated use in the system of detection and assessment of threats in all security spheres, in particular for the system of early detection of threats in the information sphere is substantiated. The analysis of theoretical bases of development of passports of threats is carried out. A unified structure of the Passport is proposed, which takes into account the vast majority of aspects of the process of risk formation with the threat to national security. The content of the main and informational aspects of the developed Passport is given. Given the multifunctionality of the Threat Passport, it is noted that the degree of its detail is important for the possibility of its use for the development of a system of early detection of threats in the information sphere of the state. It is determined that the development of the Passport is carried out indefinitely with further adjustment and introduction of new data in connection with the dynamics of the security environment. It is established that for early detection of threats it is necessary to consider the processes of formation and detection of risks with an emphasis on their initial latent stages. This approach combines the description (assessment) and the corresponding threat and its presentation in the information space.
Konstantin Nesterenko, Bohdan Zhurakovskyi
Cybersecurity: Education, Science, Technique, Volume 12, pp 69-84;

This article analyzes the existing applications that implement block texture compression algorithms. Based on it, the most optimal variant of technical implementation is introduced. A set of technologies for the implementation of the prototype is selected and substantiated and its architecture is developed on the basis of the principles that ensure the maximum extensibility and purity of the code. With the development of technology and the integration of computerized systems into all possible areas of human activity, more and more software with three-dimensional graphics is being used. Such programs have long since ceased to be used only in the entertainment field for tasks such as computer game development or special effects for cinema. Now with their help doctors can plan the most complex operations, architects check the developed plans of constructions and engineers to model prototypes without use of any materials. On the one hand, such a rapid increase can be explained by the increase in the power of components for personal computers. For example, modern graphics processors, which play a key role in the operation of graphics software, have become much faster in recent decades and have increased their memory hundreds of times. However, no matter how many resources the system has, the question of their efficient use still remains. It is to solve this problem that block texture compression algorithms have been created. In fact, they made it possible to create effective software when computer resources were still quite limited. And with increasing resources allowed to develop software with an incredible level of detail of the models, which led to its active implementation in such demanding areas as medicine, construction and more. The end result of this work is a developed application that takes into account the modern needs of the user. During the development, the most modern technologies were used for the highest speed and relevance of the application. The main advantages and disadvantages of existing solutions were also taken into account during the development. The capabilities of the system were tested using manual testing on a local machine.
, Yuliia Burmak, Rat Berdibayev, Marek Aleksander, Dinara Ospanova
Cybersecurity: Education, Science, Technique, Volume 12, pp 151-162;

Today, pseudo-random number generators are used in various systems and applications, including as key generators in stream ciphers. The implementation of the latest information and communication technologies (in particular, 5G networks) strengthens the requirements for ensuring the confidentiality of critical data and forces the development of new methods and means for cryptographic protection. Existing generators, like other cryptographic algorithms, do not meet the requirements for processing speed and security against known types of attacks. From this position, in the paper a method for constructing pseudo-random sequence generators was developed. It allows to build efficient generators for cryptographic applications. Based on this method, software generators of pseudo-random numbers have been developed and implemented. These will be useful for cryptographic applications in modern 5G networks. The developed pseudo-random number generators have passed complex statistical testing by the NIST STS technique (showed results not worse than the results of known pseudo-random sequence generators used in practice to solve similar problems). Besides, they are faster in comparison with analogues used today in 5G networks (for example, with algorithms SNOW and Trivium). In further works it is planned to investigate the security of the developed pseudo-random generators against different types of cryptanalytic attacks, as well as to simulate the work of the developed pseudo-random sequence generators using the base station equipment of modern 5G networks.
Danyil Zhuravchak
Cybersecurity: Education, Science, Technique, Volume 12, pp 108-116;

The data-driven period produces more and more security-related challenges that even experts can hardly deal with. One of the most complex threats is ransomware, which is very taxing and devastating to detect and mainly prevent. The success of correlation lies in the variety of data sources. During the study of the methods of action of ransomware viruses, it was found that the main purpose is to demand ransom for decryption of data that were on the file system and during the penetration of the system, the ransomware virus successfully encrypted. The first global attack of the ransowmare (NotPetya) on the territory of Ukraine was on June 27, 2017. According to the Administration of US President Donald Trump, the attack using the NotPetya virus in June 2017 became the largest hacker attack in history. In a joint statement, the Five Eyes claimed responsibility for the attack on Russian authorities. The governments of Denmark and Ukraine are also blaming Russia for the attack. Many analysts have called these actions not just political in nature, but military aggression. A honeypot trap method was found while researching methods for detecting and counteracting ransomware. It was planned to develop a honeypot system on its own based on the Linux file system. Our research methods showed significant results in identifying ransomware processes using the honeypot concept augmented with symbolic linking to reduce damage made to the file system. The CIA (confidentiality, integrity, availability) metrics have been adhered to. We propose to optimize the malware process termination procedure and introduce an artificial intelligence-human collaboration to enhance ransomware classification and detection.
Vitaliy Chubaievskyi, , Olena Kryvoruchko, , Alona Desiatko, Andrii Blozva
Cybersecurity: Education, Science, Technique, Volume 12, pp 96-107;

The article analyzes publications on the evaluation of investments in information security (IS) of objects of informatization (OBI). The possibility and necessity of obtaining the necessary data have been substantiated, contributing to a reliable assessment of the effectiveness of measures aimed at increasing the company’s IS. In the study process, the modelling methods have been used. A methodology is proposed for calculating indicators from investment activities in the context of increasing IS metrics of OBI. A specific example of such simulation is described. The proposed methodology provides an assessment of the damage prevention from a cyber-attack. The amount of the damage prevention from a cyber-attack is taken as a basic indicator for calculating the economic effect of investing in information security tools (IST). The performed simulation modelling allowed taking into account the relative uncertainty of the real situation with IS of OBI. The conducted study will help practitioners in the field of IS to obtain informed decisions to increase the efficiency of investment projects in the field of IS for OBI, using the approach outlined in the study. Unlike the existing ones, the proposed methodology takes into account both direct and indirect factors of investment projects in the field of IS of OBI
, Borys Husiev, Victor Smolii, Andrii Blozva, , Tetiana Osypova
Cybersecurity: Education, Science, Technique, Volume 12, pp 51-60;

Approaches to the application of methods of system analysis to solve problems related to information security of enterprises in transport, which have a complex IT structure with a large number of components. It is shown that the active expansion of the areas of informatization of the transport industry, especially in the segment of mobile, distributed and wireless technologies, is accompanied by the emergence of new threats to information security. It is shown that in order to build an effective information security system, the selection and implementation of adequate technical means of protection should be preceded by a stage of description, analysis and modeling of threats, vulnerabilities, followed by calculation of risks for IS and determining the optimal strategy for information security system. After evaluating the different NIB options according to several criteria, a decision is made: if the recommendations coincide, the optimal solution is chosen with greater confidence. If there is a contradiction of recommendations, the final decision is made taking into account its advantages and disadvantages, for example, the strategy of information security system development is chosen, which turned out to be optimal for at least two criteria. If different NIB development strategies are obtained for all three criteria, it is necessary to vary the values of pessimism-optimism in the Hurwitz criterion or change the data, for example, about possible threats to IP or automated enterprise management system. An algorithm for modeling the decision-making process for selecting the optimal strategy for managing investment design components of the information security system for the transport business entity is proposed
Back to Top Top