+7 (495) 987 43 74 ext. 3304
Join us -              
Рус   |   Eng

Authors

Tumbinskaya Marina V.

Degree
Cand. Sci. (Tech.), Assоciate Prоfessоr, Department оf Infоrmatiоn Prоtectiоn Systems, Kazan Natiоnal Research Technical University named after A. N. Tupоlev
E-mail
tumbinskaya@inbox.ru
Location
Kazan
Articles

Secure information system model of Internet banking

In the paper we propose a generalized block diagram of an information system of Internet banking, which reflects the modular architecture of the system, the relationship of users and the control loop. We propose a system model of information system of Internet banking, the use of which will help minimize the number of cybercriminals, optimize and improve the comprehensive system of information security organizations of economic and social development, improve the efficiency of secure information systems Internet banking, choose the right strategy for the development of Internet banking services. Model of information system of Internet banking will assess the level of security of the system, which is determined by solving the problem of decision support in poorly structured domain, characterized by heterogeneous characteristics. Proposed a set-theoretic model of decision support in Information Security Management Information Systems Internet banking, allowing accumulate analytical information about ongoing threats cybercriminals provide automated support for decisions on matters of neutralization cybercriminals, measures to ensure the protection of confidential information, facilitate the development of operating influences. The article presents a formalization of the model cybercriminals, characterized by personal parameters offender and scenarios for the theft of confidential information in the information system of Internet banking. The basis of the model laid down by cybercriminals typical images of cybercriminals, who will determine the potential intruder in the information system of Internet banking. The proposed solutions will increase the power of information security information system of Internet banking, to increase the efficiency and quality of management decision-making for the protection of confidential information.
Read more...

Protection of information in social networks from the social engineer attacks of the attacker

Nowadays, users of social networks (Social Network) are increasingly using them to promote businesses, distribute advertisements for goods and services, leisure, hobbies, personal communication and information exchange, thus being an open source of information for intruders. Attackers use various ways to implement attacks, one of which is the dissemination of targeted information. Successful distribution of targeted (unwanted) information entails the implementation of the attack scenario and the achievement of the target of the attacker. In this regard, the attackers have an interest in involving the so-called social networking community leaders (users who have a high level of trust, influence among a large number of community users) who are able to successfully implement a part of the attack scenario of the attacker. The article attempts to formalize a generalized algorithm for the distribution of targeted information in social networks: a set of initial data and the results of the algorithm work are presented — parameters for implementing attack scenarios, the variation of which will allow it to be detailed. The technique of protection from the targeted information distributed in social networks is offered, which will allow to increase the level of protection of personal data and personal information of users of social networks, reliability of information. The results of the research will help to prevent threats to information security, to counteract attacks by intruders who often use competitive intelligence and social engineering methods by applying countermeasures, develop a model of protection against targeted information and, on its basis, implement special software for integration into virtual social networks.
Read more...

Correlation analysis and forecasting of SYN-flood attacks

DDoS-attacks are included in the top-10 network attacks and lead to serious failures in the work of web-resources. In the paper DDoS-attacks, their classification and methods of protection are considered. Particular attention is paid to the most common type of DDoS-attacks ‒ SYN-flood attacks, correlation analysis of their time series and forecasting. In the paper, the correlation analysis of the time series of SYNflood attacks is implemented, the coefficient of data autocorrelation and seasonal indices are determined. The forecasting of SYN-flood attacks for the coming quarters of 2018 and 2019 was carried out using simple exponential smoothing. During the investigation, it was revealed that protection against DDoSattacks should be implemented taking into account the mechanism of DDoS-attack. Depending on it, you should use hardware, software or mixed protection. Investigation of SYN-flood attacks showed that this type of attacks is the most dangerous: acting at the network level and clogging the network channel with parasitic traffic, SYN-flood attack destroys the end equipment. The correlation analysis of the time series of SYN-flood attacks showed that they are seasonally characterized: the greatest number of attacks is expected in the first and third quarters of 2018 and 2019. For DDoS-attacks lasting up to 4 hours, seasonality in the first quarter of the calendar year was also revealed, which means that in the first quarter of 2019 the greatest number of attacks of a given duration should be expected. The relation between SYN-flood attacks and attacks of up to 4 hours is moderately strong, not critical, can be traced when the delay is 3 lag time (in our case, 3 quarters). According to the forecast made using the simple exponential smoothing method, 57.1% of DDoS attacks of the SYN type are expected in the second quarter of 2018, in the III and IV quarters of 2018 their number will be respectively 55.35% and 57.12%. In the first quarter of 2019, 58.73% of SYN-flood attacks are expected, in the II quarter of 2019 ‒ 57.08%.
Read more...

Classification of DDoS-attacks based on the neural network model

This article describes a trend of DDoS-attacks development, gives classification of such attacks and specifies some of the most popular types of DDoS-attacks. Also, this work looks statistical methodologies of analysis of malicious traffic, which can be used in modern security provision systems. Methodology, which based on multiple simulations with neurolink models, was chosen as a main in this article. The major problem of this study is to develop an architecture of such models and choose the most perspective with an assessment of the adequacy of this model. The purpose of this article is to gaining results of use neurolink model in case of classification of DDoS-attacks. Thereby, based on the raw data that were obtained through multiple simulations of different types of traffic, we found the most perspective architecture of neurolink model that has both: the least complex learning sample and at the same time provides high quality of classifying traffic. On the basis of results, which were gained as a result of work with developed mathematic model and assessment of its adequacy, we can approve that considered methodology carrying out its purpose, classification of DDoS-attacks, completely, and could be used in security algorithms or that kind of software.
Read more...

Use of statistical methods for analysis and forecast of udp-flood attacks

Web resources are an integral part of the life of a modern person, who are now more and more often subjected to hacker attacks. The most popular types of attacks are the SQL-injections and cross-site scripting, but DDoS attacks continue to be in the top 10 of network attacks and lead to serious crashes and failures of web resources. The most common type of DDoS attack is UDP flood attack, based on the infinite sending of UDP packets to ports of various UDP services. The scientific novelty of the work lies in the fact that to increase the level of security of web resources a medium-term forecast of cyber attacks of the UDP-flood type, using the methods of correlation analysis, based on the additive time series model, is proposed taking into account seasonal factors and time duration, which will ensure the necessary level of web security -resources. The type of UDP-flood attacks was chosen as the object of study. Using the methods of correlation analysis and modeling, we calculated the seasonal index of UDP flood attacks, and the autocorrelation of the time series of this type of attack. Using the method of simple exponential smoothing, a forecast of UDP-flood attacks is constructed. The paper proposes a classification of DDoS attacks, describes protection methods. Based on the correlation analysis, the predicted values of the impact of UDP flood attacks on web resources are calculated, and the seasonal factor is revealed. The largest number of attacks is expected in the IV quarter of 2020. For DDoS attacks lasting up to 20 minutes, seasonality was also revealed in the 1st quarter of the calendar year, which means that in the 1st quarter of 2020 the largest number of attacks of this duration should be expected. Prospects for further research into the problem of protection against DDoS attacks are presented in the further development of the methodology for countering UDP flood attacks and information security algorithms for web resources, which will reduce the number of UDP flood attacks and increase the level of web resource security. Read more...

Investigation of the results of using a soft simulator for responding to the facts of the implementation of computer threats in an automated process control system

Ensuring information security of automated process control systems (IACS) is a difficult task and its solution requires an integrated approach. Various computer threats need to be considered, which may be external, internal, accidental or deliberate. With the global growth of cybercrimes and the constant improvement of cyberattacks, it is necessary to increase the level of security of IACS, web resources, information systems, etc. Achieving the goal of increasing the level of security is possible by solving the problem of training users to respond to the facts of the implementation of computer threats during the operation of the IACS, i. e. information security incidents. The article describes software, the main task of which is to provide users of an industrial automated system with practical skills for an adequate response to incidents, which will increase the level of users' knowledge in the field of information security. The paper presents an analysis of the information security of an automated process control system, which showed that, on average, in 89.5% of cases, attackers use malicious software to gain access to information unauthorizedly, and on average, in 83% of cases, they use social engineering methods. An industrial automated system of a large enterprise in the machine- building industry of the Republic of Tatarstan was selected for the study. The results of the study and experimental data showed that as a result of training and after it, users more correctly and adequately respond to emerging information security incidents due to the fact that most situations were considered and analyzed during the training period using software. On average, the number of attacks in the analyzed periods as a whole decreased by 28%: the number of attacks carried out using social engineering methods decreased by 51.75%, the number of attacks using malicious software by 40.25%, the number of DoS-type attacks – by 11.75%, the number of credential brute-force attacks – by 7.5%. Read more...

Software for detecting “hidden miners” in a browser environment

Currently, a new type of information security threat is spreading – hidden mining, which uses the computing resources of users through browsers. Malicious software based on WebAssembly files unauthorizedly uses the computing resources of users of computer systems. The existing methods for detecting “hidden miners” in the browser environment are based on: dynamic analysis algorithms, however, they have a number of limitations, for example, it is required that malicious software for hidden mining work for a certain period of time, they are characterized by a large number of false positives; algorithms of browser extensions that use blacklists to prevent unauthorized access to the user’s browser environment, however, attackers often change their domain names, etc. The relevance of using special protection tools against browser-based cryptominers is beyond doubt. The purpose of this study is to increase the level of security of the browser environment of users of computer systems. Achieving this goal is possible by solving the main task - the timely automated detection of “hidden miners” in the browser environment and the prevention of unauthorized mining. The article describes software that does not depend on the browser or operating system used, is resistant to attempts to circumvent protection by intruders, will allow users to reliably recognize “hidden miners”, and increase the level of information security of a computer system. The software is based on classification algorithms implemented on the basis of a convolutional neural network. The results of the study and experimental data showed that as a result of testing the software, the recognition accuracy of “hidden miners” in the browser environment is 91.37%. Read more...

Secure software delivery pipeline

The presence of vulnerabilities in software is a pressing problem. Vulnerabilities can serve as a basis for breach of confidentiality and information leakage. The purpose of this study is to increase the level of software security at all stages of the life cycle from development and implementation to operation. Achieving this goal is possible through automated analysis of program code and increasing the types of vulnerabilities detected. The work proposes a secure software delivery pipeline that allows for static and dynamic analysis of program code, analysis of the search for vulnerabilities in third-party components and Docker images. The article reviewed popular software tools, their distinctive features, and provided justification for the choice of software solutions that form the basis of the developed secure delivery pipeline. The novelty of the work is the ability of the pipeline to automatically detect vulnerabilities at all stages of the software life cycle, from planning and design to testing, deployment and monitoring in a production environment, which allows you to eliminate vulnerabilities at an early stage, thereby increasing the level of software security. Conducted testing and approbation of a secure software delivery pipeline. Based on the assessment results, the developed secure software delivery pipeline showed that on average 98% of vulnerabilities were identified using the Semgrep tool, 90% of vulnerabilities using the OWASP ZAP tool, 96% of vulnerabilities using the Dependency-Track tool, and 88% using the Trivy tool. The results of the study and experimental data showed that on average, as a result of testing, the accuracy of detecting vulnerabilities is 93%. The practical value of the work lies in the fact that the developed secure software delivery pipeline can be used as a tool for detecting program code vulnerabilities by software development specialists, as well as information security specialists of IT companies. The results obtained can be used in the field of secure software development, formalization and interpretation of vulnerabilities in program code, which will make it possible to create new rules for their identification and development of countermeasures to neutralize them. Read more...