Reference:
Derendyaev D.A., Gatchin Y.A., Bezrukov V.A..
Determining the influence of the human factor on the main characteristics of security threats.
// Cybernetics and programming. – 2019. – ¹ 3.
– P. 38-42.
DOI: 10.25136/2644-5522.2019.3.19672.
DOI: 10.25136/2644-5522.2019.3.19672
Read the article
Abstract: The human factor is considered in the work from the point of view of threat of influence on information security problems. A review of the expert assessment of security threats over different years showed that the growing influence of the human factor is increasing all the time. The article outlines a number of security threats that are most affected by the human factor, which occupy leading positions in general statistics. The method of calculating the influence of the human factor on the main characteristics of information security threats is given: probability and criticality. The study was based on work with the probability of occurrence and criticality of unrelated threats to information security with the presence of the human factor. The paper reviews the expert assessment of information security threats, which consisted in identifying the most likely and critical threats to information security with the presence of a human factor. The above method of calculating the impact of the human factor on information security threats helps to understand how critical the impact of the human factor is, to clearly distinguish its influence and to trace the level of its impact, which is absent in most modern threat assessment methods due to the consideration of information security threats in general, without taking into account one or another factor .
Keywords: human factor, probability of threat, calculation method, criticality of the threat, impact coefficient, Information Security, expert review, security threats, protection of information, single factor effect
References:
Grishina N.V. Organizatsiya kompleksnoy sistemy zashchity informatsii. M.: Gelios ARV, 2007. 256 s., svobodnyy. Yaz. rus.
Price A. Human Factors in Information Security [Elektronnyy resurs] //A. Price, V.C. Young // International Journal of Computer and Information Technology. Vol. 04. – Issue05. - 2015. Rezhim dostupa http://ijcit.com/archives/volume4/issue5/Paper040515.pdf, svobodnyy. Yaz. angl.
Korobeynikov A.G., Grishentsev A.Yu., Kutuzov I.M., Pirozhnikova O.I., Sokolov K.O., Litvinov D.Yu. Razrabotka matematicheskoy i imitatsionnoy modeley dlya rascheta otsenki zashchishchennosti ob'ekta informatizatsii ot nesanktsionirovannogo fizicheskogo proniknoveniya // NB: Kibernetika i programmirovanie. 2014. ¹ 5. S. 14-25. DOI: 10.7256/2306-4196.2014.5.12889. URL: http://e-notabene.ru/kp/article_12889.html
Zenkin D. Ofisnye predateli opasnee khakerov [Elektronnyy resurs] / D. Zenkin // CNews.ru.2004. Rezhim dostupa: http://www.cnews.ru/articles/ofisnye_predateli_opasnee_hakerov, svobodnyy. Yaz. rus.
Human factors in Information Secu
Reference:
Lyapustin A., Kolesnikova S., Mel'nik D..
The model of protection of multilevel communications
// Cybernetics and programming. – 2018. – ¹ 3.
– P. 87-98.
DOI: 10.25136/2644-5522.2018.3.26566.
DOI: 10.25136/2644-5522.2018.3.26566
Read the article
Abstract: The work is devoted to the urgent problem of ensuring the security of heterogeneous information platforms, using the system of electronic support of on-line communications processes in a medical institution - e-health online communications. The authors pay special attention to such important aspects of the topic as: the security of heterogeneous information platforms, the model for the protection of heterogeneous information platforms, the classification of communications and the protection mechanisms of MMK. The tendencies for the development of new distributed safety models are considered. This article presents a model of multi-level communications. A classification of communications and protection mechanisms for each level with different security levels using cryptography protocols is proposed. Security flexibility can be provided to health organizations using a variety of key size combinations to protect data and channels. At each level, different levels of security can be provided depending on the sensitivity of the data. Thus, we came to the MMK model as a solution to the problem of communication in e-health and other large organizations with a distributed network of computer communications.
Keywords: protection mechanisms, heterogeneous information platforms, multilevel communications, intelligent protection system, threat detection, information security, analysis systems, detection algorithms, electronic communications, data protection
References:
Pfleeger C.P., Pfleeger S.L. Security in Computing. – Prentice Hall PTR, 2006.
Guliev Ya.I., Tsvetkov A.A. Obespechenie informatsionnoy bezopasnosti v meditsinskikh organizatsiyakh. // Vrach i informatsionnye tekhnologii. – 2016.-¹6.-S. 49-62.
Gorbunov P.A., Fokht I.A. Problemy informatsionnoy bezopasnosti v meditsinskikh informatsionnykh sistemakh-teoreticheskie resheniya i prakticheskie razrabotki. // Tr. mezhdunar. konf. “Programmnye sistemy: teoriya i prilozheniya”.-IPS RAN, Pereslavl'-Zalesskiy, 2006: V 2 t.-M.: Fizmatlit.-T. 1.-S. 107-112.
Zashchita informatsii v meditsinskikh uchrezhdeniyakh. – http://www.elephus.ru/portfolio/med-zi/, 2017.
Model' ugroz tipovoy meditsinskoy informatsionnoy sistemy (MIS) tipovogo lechebno profilakticheskogo uchrezhdeniya (LPU).-Minzdravsotsrazvitiya Rossii, 2009.
Liederman E.M., et al. Systemwide rollout of doctor-patient secure web messaging: The university of california, davis, virtual care experience. /In: Whitten, P., Cook, D. (eds.) Understanding health communication technologies, 1st edn., pp.
Reference:
Borodin A.V..
The linear congruent sequences of the maximum period in programs obfuscation
// Cybernetics and programming. – 2016. – ¹ 6.
– P. 1-19.
DOI: 10.7256/2306-4196.2016.6.18499.
DOI: 10.7256/2306-4196.2016.6.18499
Read the article
Abstract: The article is devoted to development of the system of practical methods of protection of software against refactoring for purpose of lowering probability of infringement copyright for used algorithms. As the basic method of protection offered approach, which feature is use of the linear congruent sequences as bases for morphism of an order of layout operators of programming language to the execution order of the program, required by functionality. The specific technology of an obfuscation programs written in scripting languages, in particular on Microsoft Visual Basic, is offered. Also the notation of formal understanding of a level resistance of the considered system of methods is discussed. For the formal description of concept of an obfuscation programs and a level resistance of an obfuscation used the set-theoretic formalism. Several results of the number theory is used in article for reasons for existence of the solution of the task obfuscation in the offered setting for any program. The main result of article is new practical approach to an obfuscation programs, written in scripting languages, which can be to a certain extent generalized on language systems of other nature. Also in article the paradoxical result is shown - the obfuscation code can correspond completely to a paradigm of structured programming when saving the declared level of resistance to refactoring.
Keywords: code refactoring, obfuscation, machine code, linear congruential generator, lexical analysis, source code, computational complexity, spaghetti code, structured programming, VBA
References:
Sidorkina I.G., Belousov S.A., Khukalenko K.S., Nekhoroshkova L.G. Algoritm poiska plagiata v iskhodnom kode programmnogo obespecheniya // Programmnye sistemy i vychislitel'nye metody. 2013. ¹ 3. C. 268 - 271. DOI: 10.7256/2305-6061.2013.3.9602.
Ceccato, M. A family of experiments to assess the effectiveness and efficiency of source code obfuscation techniques / M. Ceccato, M. Di Penta, P. Falcarin, F. Ricca, M. Torchiano, P. Tonella // Empirical Software Engineering. 2014. Vol. 19. Iss. 4. – P. 1040-1074. – DOI: 10.1007/s10664-013-9248-x.
Goldwasser, S. On best-possible obfuscation / S. Goldwasser, N. R. Guy // Fourth IACR Theory of Cryptography Conference, TCC 2007, February 21-24 2007. Amsterdam: KNAW Trippenhuis, 2007. P. 194-213.
Garg S. Candidate indistinguishability obfuscation and functional encryption for all circuits / S. Garg, C. Gentry, S. Halevi, M. Raykova, A. Sahai, B. Waters // 54th Annual Symposium on Foundations of Computer Science, FOCS 2013, October 2013. Berkeley: IEEE Computer Soci
Reference:
Kovaleva A., Zakirov V., Turbov A., Tretyakov A., Ponomarev D..
Modelling Threats to Security of M2M Connectivity in Wireless Networks
// Cybernetics and programming. – 2016. – ¹ 6.
– P. 38-46.
DOI: 10.7256/2306-4196.2016.6.21550.
DOI: 10.7256/2306-4196.2016.6.21550
Read the article
Abstract: The subject of the research is the security of information systems. This trend is one of the most important in the development of the modern society which is conditioned by the growing trust in technologies. The decreasing role of a human in modern processes has led to the creation of such technologies as M2M connectivity and IoT (Internet of things). Conversion of a great amount of data into electronic data and presence of autonomous elements, for example, in transport infrastructure have created the need to defend such systems from law breakers. This is due to the fact that there may be serious consequences in case of losing control over the system. The present article is devoted to deliberate influence of a law breaker in a general case. The authors of the article describe the main successive steps of attacking the information system that are typical for the majority of security threats. The authors underline the fact that certain preparatory measures and the need to suppress traces of crime are needed. The authors describe the mechanism of influence using the method of the mathematical tool 'Petri-Markov nets' as the most appropriate for this process. The net consists of positions and branches and the goal set by a law breaker is achieved when the entire network is passed through. In their article the authors describe two nets for modeling the influence of a law breaker, these are a simplified net and a more complex net allowing to take into account more details of a law breaker's behavior. The first Petri-Markov net allows to consider the main steps towards the attack and uses the system of integral-differential equations to describe it. Unlike the first one, the second model takes into account one's opportunity to return to the previous step when problems with the execution of a threat by a law breaker arise. The novelty of the research is caused by the fact that the authors use mathematical models to make a detailed description of the process of attacking the information system. They offer two models that will be needed to ensure information security. They allow to better understand a law breaker and give opportunity to define the most vulnerable points of the information system requiring elimination or additional control.
Keywords: integral-differential equations, transition matrix, mathematical model, Petri-Markov nets, offense, attacker, attack, security, protection, information system
References:
Ignat'ev V.M. Larkin E.V. Seti Petri-Markova: Tul'skiy gosudarstvennyy universitet, 1997. 163 s.
Rad'ko N. M., Skobelev I. O. Risk-modeli informatsionno-telekommunikatsionnykh sistem pri realizatsii ugroz udalennogo i neposredstvennogo dostupa. M.: RadioSoft, 2010. 232 s.
Vishchuk S.V. Aspekt, interesuyushchiy vse segmenty mirovogo rynka – bezopasnost' [Elektronnyy resurs]. – Rezhim dostupa: http://apps4all.ru/post/05-10-16-sergej-vischuk-gemalto-m2m-aspekt-interesuyuschij-vse-segmenty-mirovogo-rynka-bezopasnost (data obrashcheniya 23.11.16).
Hacker claims he can remotely hijack airplanes using an Android app [Elektronnyy resurs]. – Rezhim dostupa: https://www.engadget.com/2013/04/11/planesploit-aircraft-hijacking-app/ (data obrashcheniya 23.11.16).
Shan'gin V.F. Informatsionnaya bezopasnost' komp'yuternykh sistem i setey. M.: ID «FORUM»: INFRA-M, 2011. 416 s.
Hackers Remotely Kill a Jeep on the Highway-With Me in It [Elektronnyy resurs]. – Rezhim dostupa: https://www.wired.com/2015/07/hackers-remotely-kill-jeep-highway/
Reference:
Korobeinikov A.G., Kutuzov I.M..
Obfuscation of concealment calls using InvokeDynamic instructions
// Cybernetics and programming. – 2016. – ¹ 5.
– P. 33-37.
DOI: 10.7256/2306-4196.2016.5.18686.
DOI: 10.7256/2306-4196.2016.5.18686
Read the article
Abstract: The object of the study is technology of hiding method calls. Hidden calls are need to hide: entity dependencies; data processing logic; algorithms. The methods used to complete the task are limited by language technologies and its performance. Method can be called directly and indirectly: via the bootstrap method; from native code (JNI); using Reflection; using JRE 1.7, InvokeDynamic. The examples with source code are given. The authors conclude that the most promising methods among considered is invokedynamic technology. The study present analysis of such methods as the bootstrap method, calling method from through native code, obfuscation calls via Reflection and InvokeDynamic. The article discusses various ways to conceal the method invocation. The characteristic features of obfuscation for most popular ones are reviewed. The most promising among the discussed methods is invokedynamic technology. It allows completely removing method signature from the source code, leaving only the service information for the bootstrap method. With proper implementation of the bootstrap method it is possible to create bytecode, which will be impossible to decompile into valid Java code, Groovy's or Scala.
Keywords: InvokeDynamic, Reflection mechanism, native code, bootstrap, obfuscate, Data protection, Java, source code, method call, listing
References:
Ortin F., Conde P., Fernandez-Lanvin D. , Izquierdo R.: The Runtime Performance of invokedynamic: An evaluation with a java library, IEEE Software, 2014, Vol. 31, Art. 6493308. P. 82-90.
Ortin F., Redondo J.M., Baltasar García Perez-Schofield, J.: Efficient virtual machine support of runtime structural reflection. Science of Computer Programming, 2009, 74 (10), p. 836-860.
Korobeynikov A.G., Akhapkina I.B, Bezruk N.V., Demina E.A., Yamshchikova N.V., Kutuzov I.M. Modifikatsiya i analiz algoritma obfuskatsii // V knige “Trudy kongressa po intellektual'nym sistemam i informatsionnym tekhnologiyam AIS-IT’13. Nauchnoe izdanie v 4-kh tomakh. M.: Fizmatlit, 2013. T. 2. S. 163-166. – ISBN 978-5-9221-1479-0.
Korobeynikov A.G., Kutuzov I.M., Kolesnikov P.Yu. Analiz metodov obfuskatsii // Kibernetika i programmirovanie. 2012. ¹ 1. C. 31 - 37. URL: http://www.e-notabene.ru/kp/article_13858.html
Korobeynikov A.G., Kutuzov I.M., Kolesnikov P.Yu. Primenenie metodov obfuskatsii // Informatsionnye tekhnologii v professional'noy
Reference:
Derendyaev D.A., Gatchin Y.A., Bezrukov V.A..
Mathematical model for evaluating the impact coefficient of a single factor on information security threats
// Cybernetics and programming. – 2016. – ¹ 5.
– P. 222-227.
DOI: 10.7256/2306-4196.2016.5.19608.
DOI: 10.7256/2306-4196.2016.5.19608
Read the article
Abstract: Currently, more attention is paid to the protection of information resources against various threats. There are numerous methods of risk assessment and management, which are aimed at minimizing the threats to information security. However, the risk assessment generally considered a threat, that is, under the action of all potential factors. Wherein the one or other factor may have more influence on the particular threat than others. The paper presents a mathematical model for evaluating the impact coefficient of a single factor on information security threats. The study was based on the evaluation of probability of occurrence and criticality of unrelated threats to information security. The study was based on the probability of occurrence and criticality of unrelated threats to information security. The mathematical model presented in the paper makes it possible to assess the characteristics of threats under the influence of a specific factor. This in turn helps to understand how much a single factor strongly influences information security. The data obtained makes it possible to optimize the protection system counteracting the most critical factors.
Keywords: expert opinion , optimization of protection, threat risk, information security, human factor, impact factor, critical threats, likelihood of the threat, influence factor, mathematical model
References:
Gatchin Yu.A. Matematicheskie modeli otsenki infrastruktury sistemy zashchity informatsii na predpriyatii / Yu.A. Gatchin, I.O. Zharinov, A.G. Korobeynikov// Nauchno-tekhnicheskiy vestnik informatsionnykh tekhnologiy, mekhaniki i optiki. – 2012. – ¹ 2 (78). – S.92-95.
Gafner V.V. Informatsionnaya bezopasnost': ucheb. posobie. – Rostov na Donu: Feniks, 2010.-324 s.
Grishina N.V. Organizatsiya kompleksnoy sistemy zashchity informatsii. — M.: Gelios ARV, 2007. — 256 s.
Insayderskie ugrozy v Rossii [Elektronnyy resurs] // Perimetrix.ru.-2009.Rezhimdostupa:http://www.perimetrix.ru/downloads/rp/PTX_Insider_Security_Threats_in_Russia_2009.pdf , (data obrashcheniya: 29.05.2016).
Ugrozy bezopasnosti informatsii [Elektronnyy resurs] //DeHack :informatsionnyy portal.-Rezhim dostupa: http://dehack.ru/ugrozi/?all, (data obrashcheniya: 27.05.2016).
Zenkin D. Ofisnye predateli opasnee khakerov [Elektronnyy resurs] /D. Zenkin//CNews.ru.2004.Rezhimdostupa:http://www.cnews.ru/articles/ofisnye_predateli_opasnee_hakerov, (data obrashcheniya: 29.05.2016).<
Reference:
Pavlov A.V..
The Method of Defining the SDN Network Configuration Change
// Cybernetics and programming. – 2016. – ¹ 4.
– P. 73-80.
DOI: 10.7256/2306-4196.2016.4.19516.
DOI: 10.7256/2306-4196.2016.4.19516
Read the article
Abstract: The subject of the research is the analysis of SDN network safety methods. One of such safety methods is the analysis of the current network configuration for a fast determination of changes and upkeep of the authorized status. Today SDN networks are gaining popularity therefore development of protection algorithms for such networks is a necessary step. SDN network approach to data transfer differs from that of traditional networks. Based on that fact, an important research goalo is either to define drawbacks of exisiting algorithms applicable to such networks or to develop new ones. Research goals include analysis of existing algorithms, search for solutions and adaptation of these solutions to initial tasks or development of a new solution. As a result of the research, the author describes a device that would ensure security of SDN network at the level of data transfer disregarding external factors. This would alllow to provide an independent evaluation of network security. When the network is being re-configured, all changes will be automatic or semi-automatic, thus they will not distort the authorized status of the network.
Keywords: network modeling, Unified Threat Management, network security, network analysys, network topology, security, SDN security device, network, SDN, network configuration
References:
Pandey S. et al. Ip network topology discovery using snmp //Information Networking, 2009. ICOIN 2009. International Conference on. – IEEE, 2009. – S. 1-5.
Nazir F. et al. Constella: a complete IP network topology discovery solution //Managing Next Generation Networks and Services. – Springer Berlin Heidelberg, 2007. – S. 425-436.
Harrington D., Wijnen B., Presuhn R. An architecture for describing simple network management protocol (SNMP) management frameworks. – 2002.
Li C. S., Liao W. Software defined networks //IEEE Communications Magazine. – 2013. – T. 51. – ¹. 2. – S. 113-113.
Sezer S. et al. Are we ready for SDN? Implementation challenges for software-defined networks //Communications Magazine, IEEE. – 2013. – T. 51. – ¹. 7. – S. 36-43.
Kreutz D., Ramos F., Verissimo P. Towards secure and dependable software-defined networks //Proceedings of the second ACM SIGCOMM workshop on Hot topics in software defined networking. – ACM, 2013. – S. 55-60.
Shin S. et al. FRESCO: Modular Composable Se
Reference:
Derendyaev D.A., Gatchin Y.A., Bezrukov V.A..
Algorithm for Representation of Residual Risk Mathematical Model
// Cybernetics and programming. – 2016. – ¹ 4.
– P. 81-85.
DOI: 10.7256/2306-4196.2016.4.19655.
DOI: 10.7256/2306-4196.2016.4.19655
Read the article
Abstract: The majority of modern risk evaluation and management methods imply the concept of residual risk as a figure describing the risk of a threat after all countermeasures have been implemented, however, researchers do not pay enough attention thereto. In this research the authors offer their algorithm allowing to represent the residual risk of information security threats in a form of a mathematical model which in its turn creates opportunities for a more detailed analysis of a parameter under review and the model itself. Coefficients of this model demonstrate the impact of input parameters on the final result. The algorithm of the residual risk mathematical model is based on a complete factorial experiment taking into account peculiarities of a parameter under review. This approach allows to analyze the role of residual risk not only as a figure but also mathematical model which can help to better imply residual risk when implementing risk evaluation and management methods in order to improve an information protection system at an enterprise.
Keywords: risk evaluation methods, durability of protection mechanisms, risk of a threat, model coefficient, complete factorial experiment, algorithm, information security threats, information protection system, mathematical model, residual risk
References:
Korobeynikov A.G., Grishentsev A.Yu., Kutuzov I.M., Pirozhnikova O.I., Sokolov K.O., Litvinov D.Yu. Razrabotka matematicheskoy i imitatsionnoy modeley dlya rascheta otsenki zashchishchennosti ob'ekta informatizatsii ot nesanktsionirovannogo fizicheskogo proniknoveniya // Kibernetika i programmirovanie. - 2014. - 5. - C. 14 - 25. DOI: 10.7256/2306-4196.2014.5.12889. URL: http://www.e-notabene.ru/kp/article_12889.html
Kozlova E. A. Otsenka riskov informatsionnoy bezopasnosti s pomoshch'yu metoda nechetkoy klasterizatsii i vychisleniya vzaimnoy informatsii / E.A. Kozlova // Molodoy uchenyy. — 2013. — ¹5. — S. 154-161.
Goel S. Information security risk analysis – a matrix-based approach [Elektronnyy resurs] / S. Goel, V. Chen // SUNY. – University at Albany. – 2005. URL: http://www.albany.edu/~goel/publications/goelchen2005.pdf (data obrashcheniya: 16.06.2016 )
Lee M.C. Information Security Risk Analysis Methods and Research Trends: AHP and Fuzzy Comprehensive Method [Elektronnyy resurs] / M.C.Lee // IJCSIT. – Vol 6. – No1. – 201
Reference:
Korobeinikov A.G., Grishentsev A.Y., Kutuzov I.M., Pirozhnikova O.I., Sokolov K.O., Litvinov D.Y..
Developing of the mathematical and simulation models for calculation of an estimate of informatization object protection from unauthorized physical access
// Cybernetics and programming. – 2014. – ¹ 5.
– P. 14-25.
DOI: 10.7256/2306-4196.2014.5.12889.
DOI: 10.7256/2306-4196.2014.5.12889
Read the article
Abstract: Methods and techniques allowing to calculate quantitative estimates of level of protection from unauthorized physical intrusion for different informatization objects using various means and protection systems are currently being intensively developed. Generally the quantitative evaluation of protection is represented by a set of probability characteristics, the predominant of which is some integral indicator. Therefore, developing mathematical and simulation models for calculating an estimate of informatization object protection from unauthorized physical access is an urgent task. This model then is used as a part of a complex system of information security. To solve this problem the article presented uses methods of information protection, graph theory and probability theory. The results shown in the article were calculated using Maple system of computer algebra. Scientific novelty of the work is: – in creating a mathematical model for calculation the probability of detecting of unauthorized physical access to information by an alarm system;
– in bulding of a simulation model for evaluation of level of protection of informatization object from unauthorized physical access;
– in developing of a technique of evaluation of full protection from unauthorized physical access for object of informatization
Keywords: mathematical model, simulation model, neograph, acyclic graph , orgraph, adjacency matrix, weight matrix, Dijkstra algorithm, unauthorized physical access, protection of objects of informatization
References:
Grishentsev A.Yu., Korobeynikov A.G. Postanovka zadachi optimizatsii raspredelennykh vychislitel'nykh sistem // Programmnye sistemy i vychislitel'nye metody.-2013.-4.-C. 370-375. DOI: 10.7256/2305-6061.2013.4.10548.
Bogatyrev V.A., Bogatyrev S.V., Bogatyrev A.V. Optimizatsiya drevovidnoy seti s rezervirovaniem kommutatsionnykh uzlov i svyazey. //Telekommunikatsii. 2013. ¹ 2. – S. 42-48.
Korobeynikov A.G., Grishentsev A.Yu. Razrabotka i issledovanie mnogomernykh matematicheskikh modeley s ispol'zovaniem sistem komp'yuternoy algebry // SPbNIU ITMO.-Sankt-Peterburg: SPbNIU ITMO, 2013.-100 s.
Korobeynikov A.G., Pirozhnikova O.I. Matematicheskaya model' rascheta veroyatnosti nesanktsionirovannogo fizicheskogo proniknoveniya na ob'ekt informatizatsii // Programmnye sistemy i vychislitel'nye metody.-2014.-2.-C. 160-165. DOI: 10.7256/2305-6061.2014.2.12504.
Reference:
Zavodtsev I.V., Zakharchenko R.I., Zakutaev A.A..
Analysis of developing tools for neural network modules of management system for information security incidents
// Cybernetics and programming. – 2014. – ¹ 5.
– P. 26-33.
DOI: 10.7256/2306-4196.2014.5.13308.
DOI: 10.7256/2306-4196.2014.5.13308
Read the article
Abstract: The article shows the analysis of tools for developing neural network modules of management system for information security incidents, reviews its main features in simulation and testing. Specific attention is given to a comparative analysis in terms of usability and neural network modeling features. Development of domestic control systems for information security incidents still is in the state of research and development projects. This, on the one hand, complicates immediate transfer complex solutions for data protection entirely on the domestic base, but, on the other hand, allows taking into account all the latest scientific achievements in the implementation methodological basis for constructing own management system for information security incidents. This fact determines the need for further consideration of methods and techniques for the construction of management systems for information security incidents. Reviewing features of neuropackages and their comparison in terms of ease of use and range of services for modeling neural network systems allowed to determine that in components and the ability to solve the special case of constructing modules such tools as MATLAB and NeuroSolutions are the most suitable applications, offering a greater set of features and having better technical support.
Keywords: information security , incident management , neural network module , neural network architecture , neural networks , tools , management system for information security inciden, simulation , testing , comparative analysis
References:
GOST R 18044-2007. Informatsionnaya tekhnologiya. Metody i sredstva obespecheniya bezopasnosti. Menedzhment intsidentov informatsionnoy bezopas-nosti.
GOST R ISO/MEK 27001-2006. Informatsionnaya tekhnologiya. Metody i sredstva obespecheniya bezopasnosti. Sistemy menedzhmenta IB. Trebovaniya.
Vorontsov, K.V. Algoritmy klasterizatsii i mnogomernogo shkalirovaniya. Kurs lektsiy. / K.V. Vorontsov – MGU, 2007.
Zavodtsev, I.V. Primenenie neyrosetevykh metodov dlya upravleniya intsi-dentami bezopasnosti informatsionnogo i programmnogo obespecheniya / Zavodtsev I.V., Gaynov A.E. // Trudy kongressa po intellektual'nym sistemam i in-formatsi-onnym tekhnologiyam AIS-IT’12 : Nauchnoe izdanie v 4-kh tomakh. – Moskva: Izd-vo Fizmatlit. – Ch.1. – 2012. – S. 426-428.
Kotenko, I. V. Instrumental'nye sredstva sozdaniya neyrosetevykh kom-ponent intellektual'nykh sistem zashchity informatsii / Kotenko I.V., Nesteruk F.G. // Trudy SPIIRAN. 2013. – Moskva. Vyp. 3(26).
Reference:
Bogatyrev S..
Main trends in modern software systems for stock valuation
// Cybernetics and programming. – 2014. – ¹ 3.
– P. 36-54.
DOI: 10.7256/2306-4196.2014.3.12009.
DOI: 10.7256/2306-4196.2014.3.12009
Read the article
Abstract: The subject of the article is the best achievements of foreign information systems, which shall be implemented while improving Russian information analogs. The article describes most advantageous and useful features of the American information system BLOOMBERG to identify them for improvement of national information systems by filling them with similar functionality. One of the main threats for the Russian national economy is related to the ongoing and expanding possibility of sanctions from western countries to our state. The sanctions get as more harmful as more our economy is integrated in foreign financial and stock markets and as financial institutes proved to be more dependent from services provided by the global infrastructure, including information systems. The author shows a convenient and efficient interface for the information system. The article brings a record of all opportunities of the leading information system for the analytical work in the evaluation of stocks, indicates the directions of their implementation in the development of the domestic infrastructure to diversify the domestic stock market. The author discloses the news feature of the system, presents enhanced by integrating the information blocks from different segments and areas of the stock market, describes the tools for technical and fundamental analysis, shows the possibilities for requesting the originals, based on which the indicators were formed.
Implementation of the described above features of the leading foreign information system in development of the domestic analogs allows avoiding the painful consequences impending the domestic financial institutions, operating in the financial and stock markets. Active expansion of foreign information systems replaced and undermined the Russian systems on the market. Improving the domestic software using the described above features, taking into account the functions for analytical work with the system of stock valuation and their implementation in domestic software will allow to diversify the infrastructure of the Russian stock market and make the work of the Russian financial companies and banks more stable and successful.
Keywords: database, stock valuation, information systems, technical analysis, fundamental analysis, financial analysis, companies reports, stock price, stock price chart, figures of technical analysis
References:
Bogatyrev S.Yu., Dobrynin S.S. Informatsionnaya baza stoimostnogo analiza bankov. // NB: Kibernetika i programmirovanie. — 2013.-¹3.-S.21-42. DOI: 10.7256/2306-4196.2013.3.9166. URL: http://e-notabene.ru/kp/article_9166.html
Bogatyrev S.Yu. Primenenie noveyshikh informatsionnykh sistem v rabote stoimostnogo analitika // NB: Kibernetika i programmirovanie. — 2014.-¹ 2.-S.88-126. DOI: 10.7256/2306-4196.2014.2.11736. URL: http://e-notabene.ru/kp/article_11736.html
Bogatyrev S.Yu. Issledovanie rossiyskogo fondovogo rynka na osnove povedencheskikh finansov // NB: Ekonomika, trendy i upravlenie. — 2014.-¹ 3.-S.97-141. DOI: 10.7256/2306-4595.2014.3.11665. URL: http://e-notabene.ru/etc/article_11665.html
Karlina T.N. Restrukturizatsiya kompaniy v usloviyakh krizisa // Problemy teorii i praktiki upravleniya.-2010. ¹ 04. S. 106-114.
Shumskiy L.D. Semanticheskaya trassirovka informatsionnykh protsessov // Programmnye sistemy i vychislitel'nye metody. - 2014. - 1. - C. 80 - 92. DOI: 10.7256/2305-6061.2014.1.11362.
Reference:
Prokhozhev N.N., Korobeinikov A.G., Bondarenko I.B., Mikhailichenko O.V..
Stability of the digital watermark embedded in the region of the coefficients of discrete wavelet transform to the changes of the image-container
// Cybernetics and programming. – 2013. – ¹ 5.
– P. 18-28.
DOI: 10.7256/2306-4196.2013.5.9773.
DOI: 10.7256/2306-4196.2013.5.9773
Read the article
Abstract: The article deals with the stability of the digital watermark built-into the image-container through the use of steganography algorithms based on discrete wavelet transform (DWT), to external influences, such as JPEG lossy compression, filtering, noise and scaling. The author states that steganographic algorithms performing embedding can provide good secrecy of the digital watermarking, and tend to use the coefficients of correlation property between different planes of one subband having the same coordinates. It is noted that an important parameter when using steganographic algorithms based on the DWT is the choice of the level of wavelet decomposition. The authors describe the methodology which was used to assess the sustainability of the digital watermarking to to external influences on the image-container and experimental conditions. The authors also evaluated stability of DWT ti JPEF lossy compression, to Gaussian white noise, to scale the image to the image filtering. In conclusion the authors say that the results of DWT stability to external influences on the image-container confirm the theoretical advantage of using low-frequency plane wavelet decomposition in steganographic systems with high demands on DWT sustainability.
Keywords: stability, digital watermarks, image-container, steganographic algorithms, discrete wavelet transform, JPEG compression, filtering, nois, scaling, algorithm
References:
Konakhovich, G. F. Komp'yuternaya steganografiya. Teoriya i praktika / G. F. Konakhovich, A. Yu. Puzyrenko. – M: MK-Pres, 2006. – 288 c.
Jin C., Peng J. A robust wavelet-based blind digital watermarking algorithm. Information technoligy journal 5(2)k, ISSN1812-5638, 2006, pp. 358-363.
Huo F., Gao X. A wavelet baswed image watermarking scheme. International Conference on Image Processing (ICIP2006), Oct.8-11, 2006, pp. 2573-2576
Korobeynikov A.G., Kutuzov I.M. Algoritm obfuskatsii // NB: Kibernetika i programmirovanie. - 2013. - 3. - C. 1 - 8. URL: http://www.e-notabene.ru/kp/article_9356.html
Mezhenin A.V., Izvozchikova V.V. Metody postroeniya vektorov normaley v zadachakh identifikatsii ob'ektov // NB: Kibernetika i programmirovanie. - 2013. - 4. - C. 51 - 58. URL: http://www.e-notabene.ru/kp/article_9358.html
Borovskiy A.S. Modeli otsenki zashchishchennosti potentsial'no – opasnykh ob'ektov ot ugroz s ispol'zovaniem ekspertnoy informatsii v nechetkoy forme // NB: Kibernetika i programmirovanie. - 2013. - 4. - C. 14 -
Reference:
Negol's A.V., Piskova A.V..
Positioning systems
// Cybernetics and programming. – 2013. – ¹ 4.
– P. 46-50.
DOI: 10.7256/2306-4196.2013.4.9357.
DOI: 10.7256/2306-4196.2013.4.9357
Read the article
Abstract: This paper describes the principle of operation of GPS satellite navigation and reviews the positive and negative aspects of such systems. Authors note that GPS identification - identification of a navigator in space – is calculated by constructing a circle with a radius equal to the distance between the satellite and the receiving device. User location can be determined with an accuracy of up to one meter, with the help of auxiliary identification subsystem containing data about satellites ‘orbits. The paper gives the positive and negative aspects of navigation. All the results of researches held at the Massachusetts Institute of Technology show that in the XXI century the private life of every person has certain limitations. If it is necessary to have a reliable system of identification, everyone must be prepared for the fact that information about a location of a person can be accessed by someone without authorization. Hence the development of improved systems of data protection is requires as well as promoting their use among ordinary users.
Keywords: GPS, navigation, identification, privacy, location, security system, satellite, Google, smartphone, base station
References:
Khrustalev, D. GPS – vzglyad iznutri. Sputnikovaya navigatsiya i printsipy postroeniya priemnikov GPS i GLONASS / D. Khrustalev // Komponenty i Tekhnologii. 2001 ¹6. S. 7-10.
Samoylov, A. GPS na zemle, na vode, v nebe / A. Samoylov // Kapitan – Klub. 1999 ¹2. S. 15-17.
JuliaYu Angwin. Apple, Google Collect User Data. The World Street Journal, April, 2011.
Yves-Alexandre de Montjoye,César A. Hidalgo,Michel Verleysen, Vincent D. Blondel. Unique in the Crowd: The privacy bounds of human mobility. Scientific Reports, March, 2013.
Reference:
Bogatyrev S., Dobrynin S.S..
Information base of banks cost analysis
// Cybernetics and programming. – 2013. – ¹ 3.
– P. 21-42.
DOI: 10.7256/2306-4196.2013.3.9166.
DOI: 10.7256/2306-4196.2013.3.9166
Read the article
Abstract: The paper presents the results of the use of the world's leading information products, received after over 6 years in the analytical work. The authors consider quality software products used in the cost analysis of banks and show the possibilities of modern information systems and banking analyst. Experience in the use of modern analytical bank software is systematized by several criteria that are important to the user. Each software product was rated on the five-point system based on the views of the authors and their colleagues: university lecturers and professional financial analysts on eligibility. For the first time a rating table of modern analytical software products of leading world manufacturers of specialized information and the software operating on the Russian market was compiled. The authors analyzed availability of products at current rates at the moment and the possibility of remote access, evaluated user interface and the ease of handling produced data, frequency of software updates and relevance of information, openness to users and promotion in the Russian media market.
Keywords: software development, information systems, spreadsheets, software solutions, information agency, DBMS, cost analysis, coefficients of cost analysis, multipliers, producing data
References:
Fedotova M.A., Tazikhina T.V., Bogatyrev S.Yu. Global'naya set'-sreda rasprostraneniya obrazovatel'nykh uslug. – M.: Ezhemesyachnyy nauchnyy zhurnal "Alma mater" (Vestnik vysshey shkoly) ¹ 3, 2012 god.
Bogatyrev S.Yu. Internet-testirovanie. – M.: Sbornik nauchnykh statey. Razvitie testovykh tekhnologiy kak faktor povysheniya kachestva obrazovaniya. 2012 god.
Bogatyrev S.Yu. Professorsko-prepodavatel'skiy sostav i innovatsii v vuze. – M.: Ezhemesyachnyy nauchnyy zhurnal "Alma mater" (Vestnik vysshey shkoly) ¹ 6, 2012 god.
SPARK-Sistema professional'nogo analiza rynkov i kompaniy. [Ofitsial'nyy sayt]. URL: http://www.spark-interfax.ru (data obrashcheniya: 18.07.2013).
Programmnyy kompleks dlya organizatsii dostupa k birzhevym torgovym sistemam v rezhime onlayn Quik. [Ofitsial'nyy sayt]. URL: http://www.quik.ru/ (data obrashcheniya: 18.07.2013).
Factiva — camaya znachitel'naya baza novostey v mire. [Ofitsial'nyy sayt]. URL: http://www.dowjones.com/factiva/int/russian.asp (data obrashcheniya: 18.07.2013).
Thomson Research. [Ofitsial'nyy sayt]. U
Reference:
Smirnov V.I..
Evaluation of the security of voice data in a dedicated room using instrumental calculation method
// Cybernetics and programming. – 2012. – ¹ 2.
– P. 18-24.
DOI: 10.7256/2306-4196.2012.2.13869.
DOI: 10.7256/2306-4196.2012.2.13869
Read the article
Abstract: Preventing the interception of confidential negotiations of the selected premises technical reconnaissance is one of the main directions in the field of technical protection of information. The need for measures to prevent the interception of voice information through technical channels due to a number of reasons is high. First, the speech information has specific features (confidentiality, efficiency, documentation and virtual). Second, the means used pickup of speech information in the acoustic channel leakage is relatively simple and cheap. Third, there is a constant improvement of TCP. Methods to reduce the possibility of interception of voice information of the allocated space, traditionally divided into passive and active. To assess the speech intelligibility author used subjective and objective methods. The most convenient and reliable method is considered subjective articulation method discussed in this article. The paper describes an instrumental calculation method used at present for the evaluation and monitoring of voice data security.
Keywords: information security, defining speech, leakage of voice information, articulation index, articulating measurement, allocated space, interception of information, intelligibility, threat, protection of information
References:
Khalyapin D.B. Zashchita informatsii. Vas podslushivayut? Zashchishchaytes'! / D.B.Khalyapin. – M.: NOU ShO “Bayard”, 2004. – 432 s.
Dvoryankin S.V., Kozlachkov S.B., Kharchenko L.A. Otsenka zashchishchennosti rechevoy informatsii s uchetom sovremennykh tekhnologiy shumoochistki // Voprosy zashchity informatsii. – 2007, ¹ 2, s. 18-21.
Dvoryankin S.V., Makarov Yu.K., Khorev A.A. Obosnovanie kriteriev effektivnosti zashchity rechevoy informatsii ot utechki po tekhnicheskim kanalam // Zashchita informatsii. INSIDE. – 2007, ¹2, s. 18-25.
Pokrovskiy N.B. Raschet i izmerenie razborchivosti rechi. – M.: Gos. izd-vo literatury po voprosam svyazi i radio, 1962. – 392 s.
GOST R 50840-95. Gosudarstvennyy standart Rossiyskoy Federatsii. Peredacha rechi po traktam svyazi. Metody otsenki kachestva, razborchivosti i uznavaemosti. Izdanie ofitsial'noe. – M.: Gosstandart Rossii, 1997. – 198 s.
Didkovskiy V.S., Didkovskaya M.V., Prodeus A.N. Akusticheskaya ekspertiza kanalov rechevoy kommunikatsii. Monografiya – K.: Imeks-LTD, 2008. – 420 s.
Batsula A.P., Ivanov A.A., Reva I.L., Tr