Computer Attacks Research Articles

Computer Attacks and Their Impact on the Security of Servers with Linux Operating System of Local Government Entities

This research aims to determine the incidence of computer attacks on servers with the Linux operating system of local government entities. The study is limited to the decentralized autonomous government (GAD) of the Ecuadorian Amazon. Initially, the most common computer attacks that have affected organizations in recent years were determined using statistical reports from important computer security companies positioned as leaders in Gartner’s magic quadrant. Phishing and distributed denial of service (DDoS) attacks are established as computer attacks under study. Computer attacks are carried out before and after mitigation measures are established. With the help of the information systems risk analysis and management methodology (MAGERIT), the vulnerability, level of impact, and risk computer attacks cause on servers with the Linux operating system are determined. This research aims to serve as a guide to the information technology departments of local governments in implementing mechanisms that safeguard the most important asset of an organization, such as information. Keywords: computer attack, phishing, DDoS, MAGERIT, Linux. Resumen La presente investigación tiene como finalidad determinar la incidencia de los ataques informáticos en los servidores con sistema operativo Linux de entidades de gobierno local. El estudio está delimitado a un gobierno autónomo descentralizado (GAD) de la Amazonía ecuatoriana. Inicialmente se determina los ataques informáticos más comunes que han afectado a las organizaciones en los últimos años haciendo uso de reportes estadísticos de importantes empresas de seguridad informática posicionadas como líderes en el cuadrante mágico de Gartner. Se establece como ataques informáticos objeto de estudio los ataques de phishing y de denegación de servicio distribuido (DDoS). Se realizan ataques informáticos antes y después de establecer las medidas de mitigación y con la ayuda de la metodología de análisis y gestión de riesgos de los sistemas de información (MAGERIT) se determina la vulnerabilidad, el nivel de impacto y el riesgo que los ataques informáticos provocaban en los servidores con sistema operativo Linux. El presente trabajo de investigación pretende ser de gran utilidad y servir de guía a los departamentos de tecnologías de la información de gobiernos locales en la implementación de mecanismos que salvaguarden el activo más importante de una organización como lo es la información. Palabras Clave: ataque informático, phishing, ddos, magerit, linux.

Exploration of PQC-Based Digital Signature Schemes in TLS Certificates

The rapid development in quantum computers brings huge risks to traditional cryptographic systems. This paper talks about the integration of PQC-based digital signature schemes to solve challenges posed on Transport Layer Security certificates. In this paper, we give an analysis of the efficacy, security, and performance implications of various schemes in PQC—particularly lattice-based, hash-based, and multivariate polynomial-based algorithms. We detail more closely the challenges of the real deployment, directly connected with these digital signatures, considering communication overhead and computational costs. Our findings indicate that hybrid certificate chains, which integrate multiple PQC schemes, offer a feasible solution for a seamless transition to quantum-resistant standards with manageable performance trade-offs. Moreover, our study extends to the quantification of security benefits these PQC schemes provide against both quantum and classical computational attacks, underscoring their potential in enhancing the resilience of digital communication systems. This paper aims to contribute valuable insights to ongoing standardization discussions and support the broader adoption of PQC, thereby ensuring robust and future-proof security in digital communications amidst the advancing quantum computing era.

IoT-based trusted wireless communication framework by machine learning approach

The traditional Radio-Frequency Systems (RFS) authentication methods, designed to ensure secure data transmission on the web, may not always effectively prevent adversaries from gaining access to concealed IDs or asymmetric cryptography through infiltrative, side-channel, training, and computer attacks. In contrast, Unaccounted Information (UAI) has the potential to exploit irregularities in production systems to automatically identify microchips, offering a highly robust and cost-effective security solution. This approach introduces RFS-UAI, a deep neural network-based system that efficiently manages wireless node identification by leveraging synthetic RFS characteristics of remote controls (Tx) learned through supervised methods in Wireless Sensor Networks (WSN). Unlike traditional methods that require the development of specialized transistors for UAI or semantic segmentation, this approach utilizes the existing asymmetrical RFS communication networks. Similar to the way the human brain processes information, Rx handles the entire device identification process at the gateway. According to test results, which include assessing process capability at a specified 65 nm threshold voltage and characteristics such as Local Oscillator (LO) misalignment and I-Q disparity using a probabilistic model with 52 hidden units, the system can distinguish up to 4800 transmitters with a remarkable 99.9 % accuracy under various channel conditions, all without the need for regular preambles. This recommended method can serve as a standalone security measure or be integrated into a biometric identification system.

КОМПЛЕКСНАЯ ИНФОЛОГИЧЕСКАЯ МОДЕЛЬ ОБЪЕКТОВ ЗАЩИТЫ КОНФИДЕНЦИАЛЬНОЙ ИНФОРМАЦИИ

The problem of harmonization of approaches to the definition of information security objects is becoming increasingly relevant due to the growth of information arrays, the complexity of information technologies, technical and cryptographic means of information protection, and the increasing number of computer attacks, including on critical information infrastructure. Historically, the concept of objects of protection in Russia is associated with the requirements of state regulators, so it has different interpretations. The purpose of the study is to develop an infological model of information security objects. The goal of infological modeling may be to provide the most natural ways for a person to collect and present information about objects of protection for its consideration when creating protection systems and storing in a database. The author based on the analysis of the requirements of the main regulators of the Federal service according to the technical and export control of Russia and the Federal security service of Russia and the modeling method, an infological model of information security objects has been developed. This model is most consistent with the concept of object-oriented design, which is the basis for the development of complex software systems, the development of technology for designing databases of information security objects based on the ER-model. The entity-relationship model (ER-model) has several basic concepts, from which more complex objects are built according to predefined rules.

Estimation of the Multifractal Spectrum Characteristics of Fractal Dimension of Network Traffic and Computer Attacks in IoT

Estimation of the Multifractal Spectrum Characteristics of Fractal Dimension of Network Traffic and Computer Attacks in IoT

The method of assessing the effectiveness of the security of confidential data of the distributed information system

The paper proposes a method of assessing the effectiveness of the security of confidential data of a distributed information system, based on a model for determining the current threats to the security of confidential data in the information system, on algorithms of fuzzy inference and the theory of fuzzy neural systems, unlike known ones, it uses sufficient and necessary indicators, excludes expert errors , increases the detection of actual threats to the security of confidential information system data by 5%, reduces the cost of purchasing information protection tools from 15 to 30%. It takes into account the following factors: the IT infrastructure of the distributed information system, the capabilities of attackers and their level of motivation in the information system. The proposed approach differs from existing ones by an automated process, the need to involve highly qualified specialists in the field of information security, and low computational complexity; absence of deficiencies in expert assessments; allows you to determine the list of current information security threats in information systems of various classes and types. The task of ensuring the security of confidential data is urgent, which is due to the growth of computer attacks and leaks of information, which are reflected in the statistical data on the commission of crimes in the field of high technologies, the growth of criminal activity using modern communication devices and the Internet. The existing methods of identifying current threats to information security and assessing the effectiveness of the security of confidential data cannot be used at all stages of the life cycle of distributed information systems, they do not take into account the following indicators in the complex: IT infrastructure of distributed systems, current threats to information security, security requirements of confidential data, their cost as important indicators when solving these problems. One of the most important tasks of ensuring the security of confidential data is the evaluation of the effectiveness of the protection system. In this regard, the goal of the research is to improve the quality of the assessment of the effectiveness of the security of confidential data of a distributed information system by determining sufficient and necessary indicators using modern information technologies, which allow the most effective solution of the following tasks: determining the parameters of the adaptive production fuzzy neural systems, which most suitable for solving the tasks, the application of Data Science technologies in data processing, algorithms of fuzzy output.

Risk analysis and prevention in computer security in institutional servers, a systematic review of the literature

In recent years, computer attacks on the server infrastructure in organizations have been increasing, and the pandemic of covid-19 and remote work have been the main causes for this massive wave of large-scale attacks, small businesses are especially vulnerable because to optimizing resources they leave aside the cyber security in their network infrastructure. The present research is a systematic review that compiles 58 articles where policies, techniques, and infrastructure for the prevention of threats in enterprise servers have been implemented and raised, these articles have been collected from major databases such as IEEE Xplore, SAGE, Science Direct, Scopus, and IOP Publishing. The results show that one of the most effective methods in preventing communications between institutional servers is public key infrastructure/SSL-TLS encryption. Most research claims that it is the most effective method as it provides a central certifier and manages the certificates for the servers allowing each of the modules or attachments within the infrastructure to identify and validate other members and to proceed with the encryption of network traffic, Finally, a security implementation model is proposed.

Quantum Cryptography: Fundamentals and Advanced Techniques

Abstract: Quantum-cryptography represents a revolutionary advancement in the field of secure correspondence, leveraging the principles of quantum-mechanics to ensure unprecedented levels of security. This review paper provides a comprehensive exploration of both the foundational principles and advanced techniques underpinning quantum cryptographic systems. We begin by examining the theoretical foundations, including quantum key distribution (QKD) protocols such as BB84 and E91, and the critical role of entanglement and superposition in these processes. The paper then delves into the latest advancements and techniques in the field, including device-independent QKD, quantum cryptographic networks, and post-quantum cryptographic methods designed to be resilient against quantum computer attacks. Additionally, we discuss practical implementation challenges and the current state of experimental quantum cryptography. By synthesizing recent research findings and technological developments, this review aims to provide a thorough comprehension of the current environment and future directions of quantum cryptography, highlighting its potential to revolutionize secure communications in the quantum era.

Adversarial Captcha

CAPTCHAs, tests to separate humans from machines, serve as a method to verify whether an interaction is being performed by a human or a computer, were developed in reaction to the vulnerability of computer networks to intrusions by programmers using bots and computer attack programs. The most popular Captcha scheme is the Text Captcha because of how simple it is to create and use. However, the presumed security of Captchas has been undermined by hackers and programmers, making websites open to attack.Given that attack speeds are generally moderate, usually ranging from two to five seconds per image and that this is not a serious worry, text captchas are nevertheless extensively utilized. This study proposes a novel image-based Captcha called Style Area Captcha (SACaptcha), which is built on deep learning techniques, pixel-level segmentation, and semantic data understanding.The proposed SACaptcha emphasises using deep learning to create neural networks neural networks image-based Captchas. Acquiring methods to enhance security and captcha systems are all covered in this paper.It compares the proving that text-based Captchas are insecure. Key words: deep, text-based, security, and captcha Convolutional image-based learning

Loss Control-Based Key Distribution under Quantum Protection.

Quantum cryptography revolutionizes secure information transfer, providing defense against both quantum and classical computational attacks. The primary challenge in extending the reach of quantum communication comes from the exponential decay of signals over long distances. We meet this challenge by experimentally realizing the Quantum-Protected Control-Based Key Distribution (QCKD) protocol, utilizing physical control over signal losses. By ensuring significant non-orthogonality of the leaked quantum states, this control severely constrains eavesdroppers' capacities. We demonstrate the performance and scale of our protocol by experiments over a 1707 km long fiber line. The scalability of the QCKD opens the route for globally secure quantum-resistant communication.

Design and Evaluation of Device Authentication and Secure Communication System with PQC for AIoT Environments

With the rapid development of Internet of Things (IoT) technology, the number of IoT users is growing year after year. IoT will become a part of our daily lives, so it is likely that the security of these devices will be an important issue in the future. Quantum computing is maturing, and the security threat associated with quantum computing will be faced in the transmissions of IoT devices, which mainly use wireless communication technologies. Therefore, to ensure the protection of transmitted data, a cryptographic algorithm that is efficient in defeating quantum computer attacks needs to be developed. In this paper, we propose a device authentication and secure communication system with post-quantum cryptography (PQC) for AIoT environments using the NTRU and Falcon signature mechanism, which can resist quantum computer attacks and be used in AIoT environments to effectively protect the confidentiality, integrity, and non-repudiation of transmitted data. We also used Raspberry Pi to simulate AIoT devices for implementation.

A quantum-secure certificateless aggregate signature protocol for vehicular ad hoc networks

Vehicular ad hoc networks (VANETs) have revolutionized communication between vehicles and infrastructure, notably enhancing traffic management and passenger safety. However, VANETs are vulnerable to security threats, especially regarding data authenticity. Aggregate signature is a powerful technique that reduces computational and communication burdens by aggregating multiple signatures from different signers into a single signature. Traditional aggregate signature schemes, based on large prime number decomposition and the discrete logarithm problem, cannot effectively resist quantum attacks. This paper introduces a novel quantum secure certificateless aggregate signature (QSCLAS) scheme designed to enhance data security and privacy in VANETs. Our proposed scheme employs the number theory research unit (NTRU) algorithm. As a lattice-based cryptographic algorithm, NTRU is renowned for its security against quantum computer attacks, making it an essential component of our quantum-secure solution. By eliminating the need for expensive bilinear pairing operations, our proposed scheme achieves high efficiency and practicality in resource-limited VANETs environments. The security analysis demonstrates our scheme's resilience against both Type-I and Type-II adversaries in the random oracle model under the small integer solution (SIS) problem on the NTRU lattice. Furthermore, compared with existing approaches, the results illustrate that our proposed scheme offers significant advantages in signature generation and verification cost, as well as lower transmission overhead than other lattice-based schemes, thereby making it highly suitable for VANETs environments.

Learning with Errors: A Lattice-Based Keystone of Post-Quantum Cryptography

The swift advancement of quantum computing devices holds the potential to create robust machines that can tackle an extensive array of issues beyond the scope of conventional computers. Consequently, quantum computing machines create new risks at a velocity and scale never seen before, especially with regard to encryption. Lattice-based cryptography is regarded as post-quantum cryptography’s future and a competitor to a quantum computer attack. Thus, there are several advantages to lattice-based cryptographic protocols, including security, effectiveness, reduced energy usage and speed. In this work, we study the learning with errors (LWE) problem and the cryptosystems that are based on the LWE problem and, in addition, we present a new efficient variant of LWE cryptographic scheme.

Compact Instruction Set Extensions for Dilithium

Post-quantum cryptography is considered to provide security against both traditional and quantum computer attacks. Dilithium is a digital signature algorithm that derives its security from the challenge of finding short vectors in lattices. It has been selected as one of the standardizations in the NIST post-quantum cryptography project. Hardware-software co-design is a commonly adopted implementation strategy to address various implementation challenges, including limited resources, high performance, and flexibility requirements. In this study, we investigate using compact instruction set extensions (ISEs) for Dilithium, aiming to improve software efficiency with low hardware overheads. To begin with, we propose tightly coupled accelerators that are deeply integrated into the RISC-V processor. These accelerators target the most computationally demanding components in resource-constrained processors, such as polynomial generation, Number Theoretic Transform (NTT), and modular arithmetic. Next, we design a set of custom instructions that seamlessly integrate with the RISC-V base instruction formats, completing the accelerators in a compact manner. Subsequently, we implement our ISEs in a chip design for the Hummingbird E203 core and conduct performance benchmarks for Dilithium utilizing these ISEs. Additionally, we evaluate the resource consumption of the ISEs on FPGA and ASIC technologies. Compared to the reference software implementation on the RISC-V core, our co-design demonstrates a remarkable speedup factor ranging from 6.95 to 9.96. This significant improvement in performance is achieved by incorporating additional hardware resources, specifically, a 35% increase in LUTs, a 14% increase in FFs, 7 additional DSPs, and no additional RAM. Furthermore, compared to the state-of-the-art approach, our work achieves faster speed performance with a reduced circuit cost. Specifically, the usage of additional LUTs, FFs, and RAMs is reduced by 47.53%, 50.43%, and 100%, respectively. On ASIC technology, our approach demonstrates 12, 412 cell counts. Our co-design provides a better tradeoff implementation on speed performance and circuit overheads.

WORM-VIRUS DETECTION METHOD ACCORDING TO MULTI-CLASS CLASSIFICATION

The work presents the results of research on worm viruses and methods of their detection. Malware distribution happens all the time. The analyzed modern tools and systems for prevention, detection and countermeasures against malicious software and computer attacks are quite effective, provide a high percentage of detection and function at an adequate level. But criminals constantly study the capabilities of such tools and systems, improve malicious software and computer attacks, and achieve certain results. Therefore, developers of tools and systems for prevention, detection and countermeasures against malicious software and computer attacks must constantly improve them. The protection of corporate networks is relevant. They can be effectively configured to increase computing resources when solving the tasks of warning, detecting and countering malicious software and computer attacks to protect corporate networks. Therefore, the article defines as an urgent scientific task - the development of methods to improve the efficiency of the functioning of distributed systems with partial centralization for detection of malicious software and computer attacks in computer networks and detection of malicious software with their use due to the synthesis of their architecture in such a way that the principles of functioning of such systems make it difficult for criminals to understand them. The work considers a set of worm viruses, which covers network features as much as possible. Therefore, to study the effectiveness of methods of creating distributed systems and the systems themselves based on them, worm viruses were considered. The purpose of the work is to develop a method for detecting worm viruses in corporate networks. The work developed a method of detecting worm viruses using their division into classes based on common features and defined criteria according to the classification of objects according to many classes and taking into account its implementation in the architecture of partially centralized distributed systems to obtain a complete sensor and make a decision regarding the classification of worms virus to a certain class. This improved the reliability of detection by 8-11% compared to using the method without directly involving the elements and components of the system. As a result of setting up experiments and conducting them, results were obtained that confirm the correct functioning of a partially centralized distributed system for the detection of worm viruses.

Model of current threats to security of confiden-tial data in divisional information systems

The paper proposes a model for determining actual threats to the information security of distributed information systems, based on algorithms of fuzzy inference and the theory of fuzzy neural systems, unlike known ones, uses sufficient and necessary indicators, excludes expert errors, increases the detection of the number of actual threats to information security of distributed systems by 5 %, reduces the cost of purchasing information protection equipment from 15 to 30%. It takes into account the following factors: the IT infrastructure of the distributed information system, the capabilities of attackers and their level of motivation in the distributed information system, the list of existing protection tools in the distributed information system.
 The proposed approach differs from existing ones in the following: lack of involvement of highly qualified specialists in the field of information security; the process is automated, has a low computational complexity; absence of deficiencies in expert assessments; allows you to determine the list of current information security threats in information systems of various classes and types.
 The task of ensuring the security of confidential information becomes the most urgent, which is due to the growth of computer attacks and leaks of information, which are reflected in the statistical data on the commission of crimes in the field of high technologies, the growth of criminal activity using modern communication devices and the Internet.
 Existing methods of modeling current threats to information security and assessing the effectiveness of the information protection system cannot be used at all stages of the life cycle of distributed information systems - they do not take into account the following indicators in the complex: IT infrastructure of distributed information systems, current threats to information security, security requirements for confidential information, a list of means of protecting confidential information and their value as important indicators when solving these problems.
 In order to achieve the goals of ensuring the security of confidential information, it is necessary to: organize the effective creation of an information protection system (information security system), effective modeling (identification of the list) of current threats to information security, identification of the current violator, and also provide the opportunity to conduct a qualitative assessment of the effectiveness of the information security (protection) system.
 One of the most important tasks of ensuring the security of confidential information is the assessment of the effectiveness of the protection (security) system. In this regard, the goal of the work (research) is to improve the quality of the evaluation of the effectiveness of the protection (security) systems of distributed information systems by determining sufficient and necessary evaluation indicators using modern (promising) information technologies that allow the most effective solution of the following tasks: determination operating parameters of adaptive production fuzzy neural systems, which are most suitable for solving the tasks, application of Data Science technologies in data processing, fuzzy output algorithms.

Multi-computer malware detection systems with metamorphic functionality

The need to develop new systems for detecting and counteracting malware remains relevant. In addition to malware detection methods, the need to develop new systems for detecting and counteracting malware has become increasingly important. The use of various detection systems and the formation of a variable architecture in them significantly improves the effectiveness of detection, since both for attackers in computer attacks and for malware, understanding the system is significantly complicated. In addition, such systems may contain baits, traps, and, accordingly, modifiable operating environments to deceptively execute programs for research. This paper develops a conceptual model of multicomputer systems, which is designed to ensure the functioning of antivirus bait and traps to detect malware and computer attacks in corporate networks. The proposed approach is intended to prevent and counteract metamorphic virus penetration. This paper presents the conceptual model of multicomputer systems and introduces a defining characteristic responsible for the control of decisions and other defining characteristics of the system. Methods for detecting metamorphic viruses with the possibility of their implementation in the architecture of multi-computer systems with bait and traps are developed so that the system directly joins the detection procedure through its components and decides on the presence of metamorphic code in the executable file. An implementation of a multi-computer malware detection system with metamorphic functionality was developed to prove the feasibility of the proposed conceptual architecture model and the developed methods for detecting metamorphic viruses. An experiment on the functioning of a multi-computer malware detection system was set up, and experimental studies were conducted. The conducted experiments included metamorphic virus detection. In addition, an experiment on the effectiveness of detecting the metamorphic code of viruses was conducted. The efficiency of detecting metamorphic virus code using the developed multi-computer system was also investigated, and the presence of improved detection was established. The directions of further work are to extend the results of this work to new types of malware.

Кибератаки: иммерсионная образовательная среда и ее формирование

The article discusses the features of the formation of an immersion educational environment using a controlled simulator of computer attacks. The use of a controlled simulator of computer attacks as a method of teaching students disciplines related to information security is considered. This tool allows you to simulate various types of attacks on an information system and conduct training to improve its protection skills. Immersion educational environment in the field of information security – allows you to implement the principle of interactive learning with a nonlinear learning scenario and involvement in the process of the teacher and the student using information technology. The use of controlled simulators makes it possible to check the stability of computer networks and other systems to advanced cyber attacks and develop effective methods to combat them. To organize such an immersive educational environment, it is advisable to involve software manufacturers on the principles of strategic partnership.

Experimental quantum e-commerce.

E-commerce, a type of trading that occurs at a high frequency on the internet, requires guaranteeing the integrity, authentication, and nonrepudiation of messages through long distance. As current e-commerce schemes are vulnerable to computational attacks, quantum cryptography, ensuring information-theoretic security against adversary's repudiation and forgery, provides a solution to this problem. However, quantum solutions generally have much lower performance compared to classical ones. Besides, when considering imperfect devices, the performance of quantum schemes exhibits a notable decline. Here, we demonstrate the whole e-commerce process of involving the signing of a contract and payment among three parties by proposing a quantum e-commerce scheme, which shows resistance of attacks from imperfect devices. Results show that with a maximum attenuation of 25 dB among participants, our scheme can achieve a signature rate of 0.82 times per second for an agreement size of approximately 0.428 megabit. This proposed scheme presents a promising solution for providing information-theoretic security for e-commerce.

Computer detection intelligent mining algorithm for software defined networks

The network security (NS) issues of software defined network (SDN) are becoming increasingly prominent. Traditional computer detection (for convenience, computer detection is abbreviated to CD) methods are usually based on rules and features, and cannot cope with new threats and unknown attacks. The purpose of this article is to analyze a CD intelligent mining algorithm (for convenience, intelligent mining algorithm is abbreviated to IMA) suitable for SDNs, and to optimize and improve the data acquisition difficulty, large data volume, dynamism, timeliness, and security issues of SDNs. On the basis of data preprocessing on the KDD (Data Mining and Knowledge Discovery) Cup 1999 dataset, this article constructed an architecture for CD IMAs. In the data intelligence layer, a combination of k-means algorithm and XGBoost (eXtreme Gradient Boosting) algorithm was used for computer network attack detection based on stream classification. Based on the preprocessed dataset, the k-means algorithm and its combination were trained and simulated. The effectiveness and performance optimization of the CD IMA analyzed in this article were verified by comparing it with traditional computer attack detection algorithms in terms of detection accuracy, CPU (Central Processing Unit) occupancy, detection time, and false detection rate. The experimental results showed that the accuracy of the CD IMAs analyzed in this article was over 80 %, and some even reached over 90 %. However, the accuracy of traditional computer attack detection algorithms has not reached 90 %. The detection time of traditional computer attack detection algorithms was all above 2 s, but some of the detection time of the algorithm in this article was within 2 s. The detection rate of the algorithms analyzed in this article was above 90 %, and the detection results were more accurate than traditional algorithms. This proved that the algorithm analyzed in this article can more effectively select optimized feature subsets, has good flow classification ability, and has high detection accuracy for different types of attacks. The CD IMA for SDNs has great potential and application prospects.