AUTOMATIC CONTROL AND COMPUTER SCIENCES最新文献

This paper proposes machine-learning pipelines that allow automatically generating the relevant feature spaces for virus detectors, detect the presence of viral modifications in JS-files and scripts in real time, and interpret and visualize the automatically obtained machine solution. It is shown that the best quality metrics will be demonstrated by models of an abstract syntactic tree using binary classifiers based on ensembles of decision trees. An explanation of the solution automatically generated by the virus detector is demonstrated.

Approaches used for the self-regulation of networks with adaptive network topology based on graph theory are presented. These approaches are limited to networks whose nodes do not change their position in space: peer-to-peer and heterogeneous sensor networks, as well as industrial networks, such as Smart Grid. For each type of network, a generalized target function is described, conditions for self-regulation are formulated, and the process of self-regulation is formally described.

The problem of generalization of multimodal data in the detection of artificially synthesized audio files is studied. As a solution to the problem, a method is proposed that combines a one-time analysis of the characteristics of an audio file and its semantic component, presented in the form of text. The approach is based on graph neural networks and algorithmic approaches based on keyword and text sentiment analysis. The conducted experimental studies confirmed the validity and effectiveness of the proposed approach.

A formal formulation of the problem of modifying executable code during execution is presented based on morphing used in computer animation. During the research, the need for developing a morphing method for software (SW) is substantiated, the basic principles used in computer animation are adapted for the field of cybersecurity, and the vectors for further research in this direction are determined. The results obtained during adaptation should be used in the design and implementation of the method of morphing executable code.

This paper is a study of the problem of the use of steganographic algorithms by attackers to hide and exchange illegal data. The paper formulates the relevance of the problem by analyzing cases of using steganography in attacks on computer systems and based on the trend of developing a controlled Internet, supported by a regulatory framework. This article presents an analysis of methods for hiding data and their subsequent exchange on public internet resources through a review of the works of researchers in this area; and the main tools used by attackers are identified and described. As an analysis of counteraction methods, a comparative characteristic of the use of various artificial intelligence technologies in the field of steganalysis is presented; the most promising ones applicable for the tasks of the automatic analysis of content posted on public internet resources are highlighted. As a final provision of the work, the process of exchanging hidden data by intruders using EPC notation is modeled; the directions and tasks of steganalysis, whose solution will allow developing a unified system to protect public internet resources in the future, are highlighted; and the prospects for using new steganographic algorithms, such as hiding in the blockchain and the source code of resources, as well as posting content with the presence of physical information attachments, are presented.

The rapid development of technological computer networks (TCNs) and SCADA systems has inevitably accelerated the integration process between these networks and the global Internet. As a result, the solution of many problems of technological and production processes has been simplified, and opportunities have been created for remote management of enterprise personnel and operational personnel. However, this situation has created new, previously nonexistent threats to monitoring, diagnostics, and control systems. Various specialized groups, hackers, and sometimes government agencies carry out targeted attacks on specific industrial enterprises via the Internet. Organizers of cyberattacks on process control systems improve their methods and tools over time and increase their professional level. They carefully study the objects of their future attacks and identify vulnerabilities in the software of object control systems. The developed set of technical means is based on the use of STM32F4XX controllers and LPT ports of computers. Connection diagrams and installation methods for technical means are provided, which, as the created exchange protocols, can serve as a bridge between the global Internet and technological corporate computer networks. Simple algorithms and operating software fragments of the created protocols are presented. The program fragments are given in the C programming language and in the DELPHI programming system. The developed software acts as a filtering bridge between the global Internet and the technological corporate computer network. Information between the two networks is exchanged by using a nonstandard protocol using the STM32F4XX controller and LPT port.

This paper examines a methodological approach to the construction of models and algorithms for supporting decision-making in substantiating rational composition of the information security system of a corporate computer network. In this case, the problem under consideration is presented in the form of a discrete model of mathematical programming. A special feature of the model is the ability to take into account a wide variety of destructive impacts on a computer network and methods of protecting it. The generality of the model is also ensured by taking into account the possible nonlinear nature of the function reflecting the specific goals of creating an information security system. To solve the problem, a generalized algorithm is developed that takes into account the features of the model. The general nature of the requirements for the parameters of the model and algorithm allows, on their basis, to form a fairly wide range of methods for supporting decision-making in the substantiation of the rational composition of the information security system for specific variants of corporate computer networks and the conditions of their operation.

This article proposes a method for detecting malicious executable files by analyzing disassembled code. This method is based on a static analysis of assembler instructions of executable files using a special neural network model, whose architecture is also presented in this article. In addition, the effectiveness of the method is demonstrated using several different metrics, showing a significant reduction in Type-II errors compared to other state-of-the-art methods. The obtained results can be used as a basis for designing systems for thestatic analysis of malware.

The problem of ensuring information security in industrial Internet-of-Things (IIoT) systems is considered. In the study, it is found that, in most cases, security information and event management (SIEM) systems with configured rules for correlating events in the information infrastructure are used to protect comprehensively the information perimeter of an industrial enterprise from external and internal threats. In this case, there is a need to create a mathematical apparatus that allows for an accurate and objective estimate of the effectiveness of a SIEM system. As a result of the study, the problem of preventing information security incidents in IIoT systems is formalized based on the developed mathematical model of information security event management using a continuous-time Markov chain.

The peculiarities of network scanning of self-organizing networks are studied, and the methods for its detection are analyzed. A modification of the hybrid network scanning detection method is proposed, and the approaches to identify decoy scanning and create black lists of subnetworks for preventing further scanning are presented. The proposed protection methods are compared to the available analogs.