Computer Attacks Research Articles

Cloud‐based authentication and key management protocol for advanced metering infrastructure in smart grid

AbstractIn smart grid networks, the advanced metering infrastructure (AMI) enables sensors and communication networks to measure electricity consumed or generated by users. However, among the challenges to be overcome related to security in the AMI system is resistance to computer attacks, such as impersonation, denial of service, man in the middle, and redirection, which can compromise privacy, confidentiality, and availability of electrical systems. An efficient and effective authentication system is necessary to guarantee the privacy and confidentiality of data without compromising system performance, thus characterizing a challenge (need for a tradeoff between security and performance), which involves limited computing power and bandwidth and a high number of meters to be installed in a certain geographic area. This article introduces a group authentication and key agreement protocol that ensures both confidentiality and privacy of communications and avoids several computer attacks. It showed better communication and computational cost‐based performance compared to other protocols. Automated validation of internet security protocols and applications formally validated it, while security protocol animator tool simulated an intrusion, with good results.

A Hybrid Encryption Scheme for Quantum Secure Video Conferencing Combined with Blockchain

Traditional video conference systems depend largely on computational complexity to ensure system security, but with the development of high-performance computers, the existing encryption system will be seriously threatened. To solve this problem, a hybrid encryption scheme for quantum secure video conferencing combined with blockchain is proposed in this study. In the system solution architecture, first, the quantum key distribution network is embedded in the classic network; then, the “classical + quantum” hybrid encryption scheme is designed according to the secret level required for the video conference content. Besides, the real-time monitoring module of the quantum key distribution network is designed to ensure that users can check the running state of the network at any time. Meeting minutes can be shared by combining with blockchain. In order to quickly query meeting minutes, a cache-efficient query method based on B+ tree is proposed. The experimental results show that compared with the traditional video conference system, the quantum secure video conference system sufficiently integrates the technical advantages of the quantum key distribution to resist the security threats such as channel eavesdropping and high-performance computational attacks while ensuring the stable operation of the classic system, thus providing a video conference system with a higher security level. Meanwhile, the query time cost of blockchain with different lengths is tested, and the query efficiency of the proposed method is 3.15-times higher than the original query efficiency of blockchain.

A method for protecting neural networks from computer backdoor attacks based on the trigger identification

Modern technologies for the development and operation of neural networks are vulnerable to computer attacks with the introduction of software backdoors. Program backdoors can remain hidden indefinitely until activated by input of modified data containing triggers. These backdoors pose a direct threat to the security of information for all components of the artificial intelligence system. Such influences of intruders lead to a deterioration in the quality or complete cessation of the functioning of artificial intelligence systems. This paper proposes an original method for protecting neural networks, the essence of which is to create a database of ranked synthesized backdoor’s triggers of the target class of backdoor attacks. The proposed method for protecting neural networks is implemented through a sequence of protective actions: detecting a backdoor, identifying a trigger, and neutralizing a backdoor. Based on the proposed method, software and algorithmic support for testing neural networks has been developed that allows you to identify and neutralize computer backdoor attacks. Experimental studies have been carried out on various dataset-trained convolutional neural network architectures for objects such as aerial photographs (DOTA), handwritten digits (MNIST), and photographs of human faces (LFW). The decrease in the effectiveness of backdoor attacks (no more than 3 %) and small losses in the quality of the functioning of neural networks (by 8–10 % of the quality of the functioning of a neural network without a backfill) showed the success of the developed method. The use of the developed method for protecting neural networks allows information security specialists to purposefully counteract computer backdoor attacks on artificial intelligence systems and develop automated information protection tools.

Evaluating the effectiveness of the information security system process based on the theory of stochastic indicators

Introduction: Under the conditions of imperfect methods and means of detection and response to computer attacks there is a constant growth of destructive impacts aimed at critical information systems. This generates a need to develop research methods for early warning systems to provide information security in case of malware attacks. One of the effective ways to solve this problem is to use the methods of the theory of stochastic indicators. Purpose: The development of a tool for evaluating the effectiveness of the information security system functioning. Results: We describe deterministic, random and indefinite components of the information security system functioning. Constant and functional indicators are constructed, their distinctive features are revealed. To solve the problem of evaluating the effectiveness of the process under consideration stochastic superindicators are constructed. We have also described the features of the construction of stochastic indicators of different ranks on the basis of the theory of the effectiveness of targeted processes and purposeful systems. Practical relevance: Through the developed stochastic time indicators, the probabilistic and temporal characteristics of the destructive impact are estimated, with the intervals and time points of its occurrence taken into account. This allows the system to be timely warned of a possible destructive impact scenario for the elements of critical information infrastructure.

Seguridad a nivel de enlace de datos en el modelo de interconexión de sistemas abiertos (OSI)

Communications networks can provide an innumerableamount of services in an organization that will allow it to satisfy its most important needs, helping it to fulfill its organizational objectives more efficiently.in their computing devices can cause a great disadvantagefor these objectives. Layer two of the OSI model is considered one of the most important in the flow of information, since it is practically the starting point for communication with the rest of the layers of this model, so there is a need to study computer attacks on this layer and implement techniques to improve security in this layer.

ПОДХОД К ОЦЕНКЕ ЭФФЕКТИВНОСТИ СИСТЕМЫ ОБЕСПЕЧЕНИЯ ИНФОРМАЦИОННОЙ БЕЗОПАСНОСТИ РАСПРЕДЕЛЕННОЙ СИСТЕМЫ ПЕРЕДАЧИ ДАННЫХ

The purpose of the paper is to identify possible approaches to assessing the effectiveness of the information security system (EISS) for a distributed data transmission system (DDTS) related to a significant object of critical information infrastructure. When developing the EISS, it is necessary to identify possible external and internal sources of threats to information security already at the design stage of the DDTS architecture as well as to develop a model of the violator and a model of information security threats (IS). One of the main problems in the creation of EISS DDTS is the lack and/or insufficient training in the field of information security; a large financial burden on the creation and modernization of hardware and software, etc. The DDTS model (a block diagram of the DDTS and the layout of the components of the DDTS on special computing equipment) is proposed for the EISS DDTS under study. The paper proposes an approach to assessing the effectiveness of the EISS DDTS based on the use of the method of expert assessments for the selected model, which is necessary to achieve the required level of safety. The aspects of assessing the effectiveness of the EISS DDTS are considered using the example of the organization of technical measures to ensure the IB DDTS. This assessment of the effectiveness of the EISS DDTS allows you to identify weaknesses and help you quickly take measures to eliminate them, which in the event of computer attacks or incidents can significantly reduce the risks. The proposed approach can be integrated into existing practices for assessing the effectiveness of information security.

Категорирование взаимосвязанных объектов критической информационной инфраструктуры

The problem of building an information infrastructure resistant to computer attacks is relevant for organizing the work of any enterprise. Therefore, the ability to assess the existing or developing information infrastructure is very important. In this regard, the article deals with the problem of categorizing objects of critical information infrastructure in the context of the need to assess their relationship. The current legislative acts, which are the information base for determining the objects of critical information infrastructure and determining their purpose, structure and composition, are considered, as well as the criteria for the significance of objects are determined. The article also defines the links between critical information infrastructure objects, their resistance to computer attacks, as well as possible damage due to disruption of their functioning or the performance of a critical process. The article provides a description of the criteria that are subject to assessment and a methodology for assessing the stability of critical information infrastructure objects to computer attacks and assessing possible damage due to disruption of the functioning or performance of critical processes by objects of critical information infrastructure. An augmented solution is proposed for assessing the stability of the functioning of critical information infrastructure objects with various options for their connection. The possibility of assessing the cumulative damage due to disruption of the functioning of interconnected objects of critical information infrastructure is considered.

Метод Монте-Карло для оценки устойчивости функционирования объекта информатизации в условиях массированных компьютерных атак

Methods of mathematical statistics and probability theory are deeply studied and can be successfully used as a means of assessing the stability of the functioning of informatization objects (OI) in the normal conditions of its application. The standard conditions allow us to obtain representative descriptive statistics, evaluate the corresponding probabilistic characteristics and apply the methods of probability theory. Ensuring the reliability of the functioning 
 of OI in normal conditions is provided by effective operational cover. However, for massive computer attacks (MCA), the dynamics of OI behavior and the development of the situation are unpredictable, and the events themselves are rare, which does not allow the above methods to be correctly applied. The significance and novelty of the study lies in the positive assessment of the applicability of the Monte Carlo method for assessing the survivability of the restored OI, which is subject to MCA and has temporary redundancy (recoverability). Assessing OI survivability is considered from the point of view of the need to implement a methodology for ensuring the risks of information security associated with MCA. The statement of the problem, the modeling algorithm, and solution examples are given, on the basis 
 of which it is possible to recommend the Monte Carlo method for solving the set problem. The enlarged stages of the statistical modeling procedure are given, the solution of the actual problem of assessing OI stability for MCA conditions is described. The obtained partial conclusions may be of interest for planning further scientific research in the direction of improving the processes of decision making to ensure the sustainability of the functioning of OI in conditions of targeted aggressive influences. A case of statistical modeling is given, taking into account possible scenarios for applying MCA and interpreting the simulation results

Fast asymmetric encryption and decryption of SimpleMatrix scheme for Internet of Things

Asymmetric cryptography plays an essential role in many areas, including cloud computing, big data, blockchain, and the Internet of Things (IoT). However, most of them are based on the difficulty of factorizing large numbers or discrete logarithm problems, which are not secure to quantum computer attacks. SimpleMatrix is a new multivariate encryption scheme based on simple matrix multiplications, which can resist quantum computer attacks. Because of the low speed and demands of large finite fields, SimpleMatrix is limited in applications that use small finite fields. As a result, it is critical to improve the efficiency of SimpleMatrix to make its applications broader. In this paper, we speed up the encryption and decryption of SimpleMatrix by building efficient small finite field arithmetics based on Field-Programmable Gate Arrays (FPGAs) technology. We propose a fast architecture for encryption and decryption of SimpleMatrix based on table look-up based composite field multiplications and inversions and fast Gauss–Jordan elimination for solving systems of linear equations in a composite field. We test and verify the hardware architecture of SimpleMatrix on an FPGA, and the experimental results confirm our estimates and comparisons show that our design is much faster than other implementations. Thus, the hardware architecture can be used in FPGA-based systems of cloud computing, IoT, etc., for accelerating encryption and decryption.

EXPERT SYSTEM FOR SUPPORT AND DECISION-MAKING ON THE MANAGEMENT OF INFORMATION SECURITY OF OBJECTS OF CRITICAL INFORMATION INFRASTRUCTURE

The article discusses the possibilities of forming a knowledge base as a multi-agent expert system for support and decision-making by officials of critical information infrastructure (CII) facilities and situational departmental centers of the State SOPKA, determines the tasks it solves, and on the basis of knowledge engineering, the choice of the strategy for obtaining knowledge «knowledge formation» is made. To implement the chosen strategy, the APNI JSM method (inductive D.S. Mill method [8], developed with the support of the Agency for Advanced Research) [3] is proposed, which is suitable for the conditions of applicability. In the development of the method, it is proposed to complete the whole process of resolving uncertainty, the epistemological chain «Problem — Hypothesis» [9] to be completed with the link «Law» with the establishment of a pattern for determining the identifier of a computer attack in the block of a false network information object (LSIO) of the information security system (ISI) of the CII object [3].

THE METHODS OF ENSURING FAULT TOLERANCE, SURVIVABILITY AND PROTECTION OF INFORMATION OF SPECIALIZED INFORMATION TECHNOLOGIES UNDER THE INFLUENCE OF MALICIOUS SOFTWARE

The paper examines the provision of fault tolerance, survivability and protection of IT information on the impact of malicious software and computer attacks. Each method is presented separately by its steps. The states of hardware and software on which the implemented methods are impelled in the corresponding systems are investigated. The common states are singled out and on the basis of them and together with the steps of the methods the synthesis of the method of ensuring fault tolerance, survivability and protection of IT information is carried out. It combines three developed methods. This method is represented by four generalized steps. All representations of the models are made by graphs with weight vertices, which specify either the states or steps of the methods. This representation made it possible to connect common vertices.Some methods of ensuring resilience, survivability and protection of IT information under the influence of malicious software were compared with one integrated method. Experimental studies confirm the effectiveness of both the proposed solution to ensure fault tolerance, survivability and protection of IT information and the effectiveness of the method, which combines the provision of fault tolerance, survivability and protection of IT information.

METHOD OF FORMING DECISION-MAKING BASED ON MULTI-CRITERIA ASSESSMENT WHEN REPELLING COMPUTER ATTACKS AND ELIMINATING THEIR CONSEQUENCES

Within the concept of the State system of detection and prevention of computer attacks (KA) in the formation of the knowledge base KA, as a multi-agent expert systems and support decision-making by officials of objects of critical information infrastructure (CII) and situational departmental centers, the proposed methods of formation of scenarios of management decisions in a situation of information security (is), complement of intellectual tools: • the mining technique of rapidly changing situations; • methodology for forming decision-making based on multi-criteria assessment. This will allow us to move on to solving the problems of synthesizing information security management as an effective operational and technical state intellectual system, taking into account the tasks solved by state regulators.

Research on Secure Communication on In-Vehicle Ethernet Based on Post-Quantum Algorithm NTRUEncrypt

In the context of the evolution of in-vehicle electronic and electrical architecture as well as the rapid development of quantum computers, post-quantum algorithms, such as NTRUEncrypt, are of great significance for in-vehicle secure communications. In this paper, we propose and evaluate, for the first time, a NTRUEncrypt enhanced session key negotiation for the in-vehicle Ethernet context. Specifically, the time consumption and memory occupation of the NTRUEncrypt Elliptic Curve Diffie–Hellman (ECDH), and Rivest–Shamir–Adleman (RSA) algorithms, which are used for session key negotiation, are measured and compared. The result shows that, besides the NTRUEncrypt’s particular attribute of resisting quantum computer attacks, the execution speed of session key negotiation using NTRUEncrypt is 66.06 times faster than ECDH, and 1530.98 times faster than RSA at the 128-bit security level. The memory occupation of the algorithms is at the same order of magnitude. As the transport layer security (TLS) protocol can fulfill most performance requirements of the automotive industry, post-quantum enhanced session key negotiation will probably be widely used for in-vehicle Ethernet communication.

Distance Enhancement of Quantum Cryptography through MANET

In the modern technology world, the cryptographic techniques are plays a major role. There are so many modern cryptographic algorithms are used to secure information through message transformation. Quantum cryptography evolved from the merging of physics and cryptography to reduce the threat that encryption encounters. It is one of the emerging fields in the computer technology. The primary objective of quantum cryptography research is to develop cryptographic algorithms and protocols that are resistant to quantum computer attacks and increase the communication distance. The various quantum cryptography protocols are demonstrated, as well as how this technology has led to the establishment of secure communication between sender and the receiver through using of MANET. We will look at the properties of quantum cryptography and the benefits of MANET it can provide in the future internet. One of the best ways for increasing the distance of message transmission over the internet is to use MANET in the field of quantum cryptography. An Ad hoc on demand distance vector (AODV) is a routing protocol for Mobile Ad hoc networks

Prevention of Phishing Attacks Using AI-Based Cybersecurity Awareness Training

Machine learning has been described as an effective measure in avoiding most cyberattacks. The development of AI has therefore promoted increased security for most computer attacks. Phishing attacks are risky and can be prevented through AI-based solutions. This factor suggests the need for increased awareness of cybersecurity through AI. Developing awareness for most people will prevent these types of attacks. The research paper describes how the awareness of AI-based cybersecurity could ensure a reduction of phishing attacks. The paper, therefore, showcases the effectiveness of AI-based cybersecurity awareness training and how it may influence cyber-attacks.

ЦЕНТРЫ УПРАВЛЕНИЯ СЕТЕВОЙ БЕЗОПАСНОСТЬЮ КАК СИЛЫ ГОССОПКА

The paper addresses the need to create a Network Security Center (NSC), and the functions of the NSC and infrastructure requirements on the basis of security requirements imposed by the subjects of the critical information infrastructure (CII) of the Russian Federation (RF) to ensure the safety of CII objects of the RF. The current work describes the NSC as the forces of the State System for Detecting, Preventing and Eliminating the Consequences of Computer Attacks Aimed at the Information Resources of the RF (GosSOPKA). As part of the work, the following tasks are solved: a list of regulatory bodies regulating the processes and security measures presented to the subjects of the CII of the RF to ensure security of objects of the CII of the Russian Federation as well as these processes and measures themselves are determined; Security Operations Centers (SOCs) and NSCs as the GosSOPKA forces are described. It is possible to use the results obtained in the framework of the processes of organizing cooperation with GosSOPKA, and the creation of a NSC dealing with computer attacks, detecting and responding to incidents around the clock; and a training course dedicated to the CII security.

ABSTRACT MODEL OF INFLUENCE OF MALICIOUS OF SOFTWARE AND METHOD OF ENSURING THE FAILURE RESISTANCE OF SPECIALIZED INFORMATION TECHNOLOGIES

The proposed abstract model of the effects of malicious software (SDR) allows us to consider the objects of the computer system that may be affected by SDR and computer attacks. Therefore, it was used as a basis for a new method of ensuring the resilience of specialized IT in the face of SDR and computer attacks. As a result, the application of the developed method is carried out in a system that has mechanisms for restructuring and uses redundancies. A feature of the main steps of the developed method according to the parametric control of program file integrity is the possibility of its application to a group of program files that do not have a fixed checksum and thus it expands the possibilities of the known method of detecting. Compared with the known application of this method, in previous work, this method could not be used to control the integrity of a certain group of executable files that have a heterogeneous internal structure. This group includes files of type mde, which are obtained when compiling programs written in MS Access. Their feature is the fact that they have a complex internal structure, which includes, in addition to program code, structures that are elements of the database, such as tables, indexes, relational database schema and others. This step of the method is designed for application in IP with increased fault tolerance and enhanced protection against RAM and computer attacks, namely in the second, local security loop integrated into specialized IT software. This is dictated by the fact that its implementation requires specific information about the parameters of the program file, which is unknown at the system level, but known locally, as it is information obtained in the design and implementation of this part of specialized IT as a whole. Therefore, the scope of the SCR detection method based on checksum calculation for files with volatile checksums as a step of the IT fault tolerance method has been expanded. As a result, the application of the developed method is carried out in a system that has mechanisms for rebuilding and uses redundancies. To study the developed method, a method of evaluating its effectiveness in terms of redundancy and redundancy has been developed. Experimental studies and evaluation calculations confirm the effectiveness of the developed method of ensuring the resilience of IT in the face of SDR and computer attacks.

The Elastic Stack Ability Test To Monitor Slowloris Attack on Digital Ocean Server

Servers have a central role in computer network. The server is in charge of serving user requests with various types of services. Every server activity in handling these things will generate different types of logs. Information from this large amount of logs is often ignored and has not been widely used as material for analyzing the performance of the server itself. In this study, Elastic Stack is functioned as a system that handles upstream to downstream processes starting from collection, transformation, and storage as well as graphical visualization of the Nginx web server given an attack scenario in the form of massive incoming connection requests and server login access attempts. The Elastic Stack components used as log collectors are Filebeat and Metricbeat for system metric data. For testing attacks using the Slowloris tool which will consume web server resources. The results of the research that have been carried out are when there are 500 incoming connections, the web server can serve requests normally, at 1000 connections there are some packets that are not served, the server becomes unable to access when it reaches a total of 2000 incoming connections. Metric data in the form of CPU Usage and Memory Usage are affected, although not significantly. Identification of IP Address shows the source of the attack comes from Singapore, according to the domicile of the attacker's computer. All access data in the form of username, time, origin of region trying to enter the server are recorded by the system.

A secure blockchain system for Internet of Vehicles based on 6G-enabled Network in Box

Network in Box (NIB) is a self-organizing and portable device. The six-generation wireless communication technologies (6G) can empower NIB with better spectrum efficiency by integrating satellite broadcasting. 6G-enabled NIB is promising to promote the communication efficiency of Internet of Vehicles (IoV). IoV has emerged as the concrete practice of intelligent transportation. However, IoV is vulnerable to attacks from quantum computers because they use traditional RSA and elliptic cure cryptographic systems. Therefore, it is critical to improving the security of IoV against quantum computer attacks. This paper proposes the first secure scheme based on post-quantum techniques for 6G-enabled NIB to protect IoV against quantum attacks. On the one hand, a blockchain-based public key infrastructure is proposed to authenticate the IoV devices securely. On the other hand, we design a blockchain-based multi-party key agreement and communication system to support multi-party communication among IoV devices. The extensive theoretical analysis and experimental results indicate that the proposed blockchain system based on 6G-enabled NIB can achieve high security and efficiency for IoV.

Проблема выявления источника (атрибуции) кибератак – фактор международной безопасности

The work is devoted to the problem of attribution of cyberattacks as one of the top important issues on the global agenda of world politics. The subject of this research is targeted offensive computer attacks that perform state tasks. The authors have systematically analyzed the conceptual apparatus, classification features and general indicators, a set of problems related to identification of reliable sources of cyberattacks, as well as the features of targeted attacks and cybernetic groups supported by state actors. This allowed to conclude that the problem of attribution is emerging as a new scientific direction in the field of international information security. Based on the analysis of relevant studies of academic institutions and private companies, an attribution classification was proposed. It was utilized to review conceptual informal models of targeted computer attacks. The authors have analyzed issues of the applied methodological apparatus, which may affect the reliability of conclusions on imposing responsibility on the perpetrator of cyber-attack, while noting that there is a contradiction between the perception of the attribution results by various political blocs and unions. At the same moment, the USA and its allies are reported to pursue a policy of dominance in the field of attribution of targeted cyber-attacks. The paper proves the impact of modern breakthrough information technologies of the Fourth Industrial Revolution on the security of cyberspace as well as the impact of the attribution problem on the level of international security and strategic stability. This issue includes a complex set of political, regulatory, organizational and technical tasks with a high degree of uncertainty, where political aspects are playing a central role. The conclusions are confirmed by the statistics of public reports of IT companies and publications of leading research institutes. The main scientific result of the work is formulation of the problem of divergence in the attribution of computer attacks between political blocs and alliances, which negatively affects international security. The authors propose topical measures to solve the problem of attribution of cyberattacks.