Pub Date : 2023-11-13DOI: 10.34185/1562-9945-4-147-2023-13
Guda Anton, Klishch Sergey
Phishing as a term that means the technique of sending phishing messages will be re-searched based on findings in public access and using the listed links. The process of a phish-ing attack will be analyzed, and then we will pay attention to the technical vectors of how us-ers become victims of the attack. Finally, existing research on phishing attacks and related prevention approaches will be reviewed. Mitigating phishing attacks is an important research topic worth exploring. Although a lot of research has been done, this threat still exists in the real world, and its prevalence is constantly increasing. According to research results, detecting phishing attacks is a difficult problem. There are two main strategies used to mitigate phishing attacks; or improving the performance of phishing detection technology or improving people's awareness of these at-tacks. Developing human expertise is a key way to defeat phishing attacks, as phishing attacks exploit human weaknesses rather than network weaknesses. Also, humans are always the weakest link in social engineering attacks. Compared to phishing website detection, phishing email detection may require user in-volvement to achieve better detection results. Because the success of a phishing email de-pends on its context. Specifically, when the premise of the phishing email is consistent with the user's work context (or current situation). Most anti-phishing solutions are implemented to mitigate general phishing attacks, but they ignore some specific situations, such as advanced phishing attacks. To prevent advanced phishing attacks, phishing websites are difficult to detect if a victim is attacked using stolen DNS data because the URL content and website content are the same as legitimate websites. Most content-based approaches may not work because the content of the accessed URL is an important factor in the decision. To prevent subdomain hijacking attacks, it is difficult to detect a phishing website if the phishers have hosted the website on a subdomain taken from a legitimate website. Regardless of the web content, URL, and SSL certificate information, they will all be the same as the le-gitimate website. Moreover, the approach to enumeration of subdomains needs improvement, as most current tools are based on rough enumeration, existing dictionaries may not cover all instances of subdomains, as some subdomains may be meaningless.
{"title":"Phishing like the first step to gaining access","authors":"Guda Anton, Klishch Sergey","doi":"10.34185/1562-9945-4-147-2023-13","DOIUrl":"https://doi.org/10.34185/1562-9945-4-147-2023-13","url":null,"abstract":"Phishing as a term that means the technique of sending phishing messages will be re-searched based on findings in public access and using the listed links. The process of a phish-ing attack will be analyzed, and then we will pay attention to the technical vectors of how us-ers become victims of the attack. Finally, existing research on phishing attacks and related prevention approaches will be reviewed. Mitigating phishing attacks is an important research topic worth exploring. Although a lot of research has been done, this threat still exists in the real world, and its prevalence is constantly increasing. According to research results, detecting phishing attacks is a difficult problem. There are two main strategies used to mitigate phishing attacks; or improving the performance of phishing detection technology or improving people's awareness of these at-tacks. Developing human expertise is a key way to defeat phishing attacks, as phishing attacks exploit human weaknesses rather than network weaknesses. Also, humans are always the weakest link in social engineering attacks. Compared to phishing website detection, phishing email detection may require user in-volvement to achieve better detection results. Because the success of a phishing email de-pends on its context. Specifically, when the premise of the phishing email is consistent with the user's work context (or current situation). Most anti-phishing solutions are implemented to mitigate general phishing attacks, but they ignore some specific situations, such as advanced phishing attacks. To prevent advanced phishing attacks, phishing websites are difficult to detect if a victim is attacked using stolen DNS data because the URL content and website content are the same as legitimate websites. Most content-based approaches may not work because the content of the accessed URL is an important factor in the decision. To prevent subdomain hijacking attacks, it is difficult to detect a phishing website if the phishers have hosted the website on a subdomain taken from a legitimate website. Regardless of the web content, URL, and SSL certificate information, they will all be the same as the le-gitimate website. Moreover, the approach to enumeration of subdomains needs improvement, as most current tools are based on rough enumeration, existing dictionaries may not cover all instances of subdomains, as some subdomains may be meaningless.","PeriodicalId":493145,"journal":{"name":"Sistemnì tehnologìï","volume":"123 14","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2023-11-13","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"136352151","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2023-11-13DOI: 10.34185/1562-9945-4-147-2023-06
Atamaniuk Oleksii, Legeza Viktor
Various approaches to building digital twins are considered. The data-based approach has a big disadvantage due to need of the huge amount of information. The system-based ap-proach can not be used in some cases due to the lack of a mathematically justified method. One of such cases is a ball vibration absorber but they can be really useful for the vibration protection of high-rise flexible objects. The purpose of the research is to develop an algorithmic method of creating digital twins of the vibration protection process, which will provide the possibility of determining the optimal control parameters of the ball vibration absorber. The paper examines small steady oscillations of the dynamic system "supporting body - ball vibration absorber". Under the condition of small forced oscillations, the equation of the amplitude-frequency characteristic of the linear anti-vibration system was obtained. In view of the use in construction, the input and output parameters of the method of building a digital twin of a flexible structure were described and analyzed, as well as the methods of obtaining them. As a result of the evaluation of the speed of the method, a modification of the search way for the optimal parameters of the digital twin was proposed. The comparative analysis showed the high efficiency of the proposed anti-vibration sys-tem with optimally adjusted parameters of the digital twin. The proposed method allows to reduce the maximum value of the amplitude by approximately four times. Modifications of the method made it possible to speed it up by an average of three times, reduce the load on the processor and handle cases when finding the optimal parameters of a digital twin is a rather difficult analytical problem. The input and output parameters of the method and ways of obtaining them were de-scribed and analyzed. A comparative numerical analysis showed the high efficiency of the functioning of such a vibration protection system with optimally adjusted parameters of the ball vibration absorber.
{"title":"Method of creation a digital twin of a vibration protection process","authors":"Atamaniuk Oleksii, Legeza Viktor","doi":"10.34185/1562-9945-4-147-2023-06","DOIUrl":"https://doi.org/10.34185/1562-9945-4-147-2023-06","url":null,"abstract":"Various approaches to building digital twins are considered. The data-based approach has a big disadvantage due to need of the huge amount of information. The system-based ap-proach can not be used in some cases due to the lack of a mathematically justified method. One of such cases is a ball vibration absorber but they can be really useful for the vibration protection of high-rise flexible objects. The purpose of the research is to develop an algorithmic method of creating digital twins of the vibration protection process, which will provide the possibility of determining the optimal control parameters of the ball vibration absorber. The paper examines small steady oscillations of the dynamic system \"supporting body - ball vibration absorber\". Under the condition of small forced oscillations, the equation of the amplitude-frequency characteristic of the linear anti-vibration system was obtained. In view of the use in construction, the input and output parameters of the method of building a digital twin of a flexible structure were described and analyzed, as well as the methods of obtaining them. As a result of the evaluation of the speed of the method, a modification of the search way for the optimal parameters of the digital twin was proposed. The comparative analysis showed the high efficiency of the proposed anti-vibration sys-tem with optimally adjusted parameters of the digital twin. The proposed method allows to reduce the maximum value of the amplitude by approximately four times. Modifications of the method made it possible to speed it up by an average of three times, reduce the load on the processor and handle cases when finding the optimal parameters of a digital twin is a rather difficult analytical problem. The input and output parameters of the method and ways of obtaining them were de-scribed and analyzed. A comparative numerical analysis showed the high efficiency of the functioning of such a vibration protection system with optimally adjusted parameters of the ball vibration absorber.","PeriodicalId":493145,"journal":{"name":"Sistemnì tehnologìï","volume":"130 34","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2023-11-13","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"136352234","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2023-11-13DOI: 10.34185/1562-9945-6-143-2022-10
Selivyorstova Tatjana, Andriukhina Marharyta
Analysis of recent research and publications. The primary source of information about using Ruby on Rails is the official RoR documentation website. After researching scientific papers and textbooks on architecture, theoretical aspects that should be taken into account when developing web services were collected. Research objective. The aim of this work is to investigate existing architectural solutions for automating the work of the examination committee and to develop an architectural solution for creating a software product based on it to increase efficiency and improve the quality of the defense process. Presentation of the main research material. The main stakeholders were identified - the secretary of the commission, commission members, commission chair, academic supervisor, student undergoing defense procedures. The client-customer is considered the department. A questionnaire was proposed for teachers to determine non-functional requirements. This allowed us to better consider their needs and requirements in project development. Analysis of functional requirements (architecturally significant requirements) has been conducted. The requirements define factors that significantly influence the choice of architectural style and tools. The constraints include financial and resource aspects, as well as technical and organizational constraints, which can impact the volume, speed, and possibility of future project development. For the DDP system, the following technology stack was chosen: Ruby on Rails for backend and frontend; Postgres for the database. Additionally, a domain was purchased on the HOSTIA service - lildoc.hhos.net (domain traffic is unlimited, currently valid until 08/22/2025), andplans are in place to purchase database hosting. Github was chosen for version control. The design, class, sequence, activity, entity-relationship diagrams for theDDP system were formed and presented. The defined architecture of the DDP project: - Follows Model-View-Controller (MVC) pattern. - Components: Models, Views, Controllers, Routing, Database (PostgreSQL), User Interface, Authentication and Authorization System, Testing. Conclusions from this study and prospects for further developments in this direction. The article examines existing solutions for automating the secretary of the commission's workplace, presents the results of developing the general architecture of the DDP project based on Ruby on Rails principles and the MVC pattern. A new architectural solution for a web service to automate the work of the examination commission members is presented.
分析最近的研究和出版物。关于使用Ruby on Rails的主要信息来源是官方RoR文档网站。在研究了有关体系结构的科学论文和教科书之后,收集了开发web服务时应该考虑的理论方面。研究目标。这项工作的目的是调查现有的体系结构解决方案,使审查委员会的工作自动化,并开发一个体系结构解决方案,以创建一个基于它的软件产品,以提高效率并改进防御过程的质量。主要研究资料的介绍。确定了主要利益相关者-委员会秘书,委员会成员,委员会主席,学术导师,正在进行辩护程序的学生。客户-客户被认为是部门。提出了一份问卷,以确定教师的非功能需求。这使我们能够在项目开发中更好地考虑他们的需要和要求。对功能需求(架构上重要的需求)进行了分析。需求定义了显著影响体系结构风格和工具选择的因素。这些限制包括财务和资源方面,以及技术和组织方面的限制,这些限制会影响未来项目开发的数量、速度和可能性。对于DDP系统,选择了以下技术栈:后端和前端使用Ruby on Rails;数据库为Postgres。此外,在HOSTIA服务上购买了一个域名- lildoc.hhos.net(域名流量是无限的,目前有效期到2025年8月22日),并计划购买数据库托管。选择Github进行版本控制。形成并给出了ddp系统的设计图、类图、序列图、活动图、实体关系图。DDP项目的定义体系结构:遵循模型-视图-控制器(MVC)模式。-组件:模型,视图,控制器,路由,数据库(PostgreSQL),用户界面,认证和授权系统,测试。本研究的结论及对该方向进一步发展的展望。本文研究了自动化委员会工作场所秘书的现有解决方案,展示了基于Ruby on Rails原则和MVC模式开发DDP项目的通用体系结构的结果。提出了一种新的web服务体系结构解决方案,使考试委员会成员的工作自动化。
{"title":"Architectural solution for the ddp (diploma defense project) web application to document the examination process","authors":"Selivyorstova Tatjana, Andriukhina Marharyta","doi":"10.34185/1562-9945-6-143-2022-10","DOIUrl":"https://doi.org/10.34185/1562-9945-6-143-2022-10","url":null,"abstract":"Analysis of recent research and publications. The primary source of information about using Ruby on Rails is the official RoR documentation website. After researching scientific papers and textbooks on architecture, theoretical aspects that should be taken into account when developing web services were collected. Research objective. The aim of this work is to investigate existing architectural solutions for automating the work of the examination committee and to develop an architectural solution for creating a software product based on it to increase efficiency and improve the quality of the defense process. Presentation of the main research material. The main stakeholders were identified - the secretary of the commission, commission members, commission chair, academic supervisor, student undergoing defense procedures. The client-customer is considered the department. A questionnaire was proposed for teachers to determine non-functional requirements. This allowed us to better consider their needs and requirements in project development. Analysis of functional requirements (architecturally significant requirements) has been conducted. The requirements define factors that significantly influence the choice of architectural style and tools. The constraints include financial and resource aspects, as well as technical and organizational constraints, which can impact the volume, speed, and possibility of future project development. For the DDP system, the following technology stack was chosen: Ruby on Rails for backend and frontend; Postgres for the database. Additionally, a domain was purchased on the HOSTIA service - lildoc.hhos.net (domain traffic is unlimited, currently valid until 08/22/2025), andplans are in place to purchase database hosting. Github was chosen for version control. The design, class, sequence, activity, entity-relationship diagrams for theDDP system were formed and presented. The defined architecture of the DDP project: - Follows Model-View-Controller (MVC) pattern. - Components: Models, Views, Controllers, Routing, Database (PostgreSQL), User Interface, Authentication and Authorization System, Testing. Conclusions from this study and prospects for further developments in this direction. The article examines existing solutions for automating the secretary of the commission's workplace, presents the results of developing the general architecture of the DDP project based on Ruby on Rails principles and the MVC pattern. A new architectural solution for a web service to automate the work of the examination commission members is presented.","PeriodicalId":493145,"journal":{"name":"Sistemnì tehnologìï","volume":"123 29","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2023-11-13","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"136352259","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
京公网安备 11010802042870号
京ICP备2023020795号-1
扫码关注我们
求助内容:
应助结果提醒方式: