DETERMINING THE PRIORITY OF CYBER SECURITY MEASURES FOR INCOMPLETE EXPERT RANKING

High-quality functioning of the information security system and solving problems that arise in the information protection, is currently a topical trend in various areas of human life. Successful cyber protection consist in creating and implementing a multi-level system of measures that cover various aspects with complex interact and complement each other. These measures have a different nature, and their priorities may differ significantly in terms of different services of the organization, so it is logical to formalize the sequence of cybersecurity implementation in a class of group choice tasks. The paper proposes a flexible mathematical apparatus for modeling information security problems and adequate application of the opinion analysis of experts’ team in practice. The approach to finding the resultant ranking of measures priority is described as a solution to the problem of multicriteria optimization, where the sequence of measures implementation may involve the interaction of performers and require regulation of the actions sequence of all elements and subsystems of the organizational system. This approach allows to combine different information security measures proposed by the experts of various departments; to find a compromise solution for a diverse group of experts; not to violate any expert's preferences under calculating the compromise ranking of cyber security measures. The proposed approach can be useful in developing appropriate cybersecurity measures and favorable in developing and implementing of rapid response procedures to threats, as well as it can be indispensable in the overall building or improving organization security system and it can contain elements of training, coordination, and complexity of expert team members, who are the heads of units of a single organizational system.

INNOVATIVE SOLUTION FOR LEO-SYSTEM WITH DISTRIBUTED SATELLITE ARCHITECTURE

An innovative solution for practical implementation in a LEO system with a "distributed satellite" architecture that can be used to provide low-orbital spacecraft communications with ground stations and users of 5G / IoT satellite services is proposed. The essence of the proposed development in the system of low-orbital satellite communication with FC-architecture is that to reduce the delay in signaling to consumers and the probability of overloading the network into a prospective system of low-orbital satellite communication, which contains artificial Earth satellites, each of which functions in Earth orbit and equipped with onboard repeaters, inter-satellite communications, a network of ground-based communication and control systems for artificial satellites of the Earth, a grouping of low-orbiting space their devices (LEO-system), which includes the grouping of root (leading) satellites and satellites-repeaters (slave), around each root satellite is formed micro-grouping of satellites-repeaters, and functions of the root satellite in the selected orbital phase of the orbital -or micro-satellites that are connected to the annular network by communication lines between satellites, and - functions of satellites-repeaters - kubsat, new is the introduction of a multilevel boundary cloud system, which is a heterogeneity distributed computing cloud structure. At the same time, the boundary clouds of the multilevel system are connected by ultra-high-speed wireless terahertz radio lines and wireless optical communication systems. The technique of estimation of access time in the proposed structure of "fog computing" on the basis of the model of access in "fog computing" with the resolution of collisions of data sources implementing the survey mode is presented.

REQUIREMENTS FOR AXIS PROTECTION MECHANISMS WITHIN THE CLASS OF USE

One of the components of modern information systems is general-purpose computer equipment on which specialized software is installed or on which specialized software is working. This computer equipment requires a general-purpose operating system. To protect the information system it is necessary to protect all its links, including the operating system. In particular, in case of client-server technologies it is necessary to pay attention both to protection of server component and to protection of a client component. Protection of an operating system demands understanding, within what limits of what information system the OS will work, what working conditions and restrictions are imposed on the protected environment, what threats to the protected environment is required, what mechanisms is it possible to provide with protection of the environment necessary to us and what "price" of their application or nonapplication and other will be. Therefore, software safety should rely on a policy of safety of an operating system, expanding and specifying it and as much as possible. It is necessary to rely on safety mechanisms which are provided by an operating system or information system at software working out. This is necessary for unification and simplification of system of safety, simplification of its service, at the expense of reduction of quantity of the mechanisms created for the decision of the same problem. It is also necessary to apply typical and well-known components and standards, to avoid components with the closed source code as much as possible, or components which do not support, or incorrectly support typical standards.

COMPARATIVE ANALYSIS OF SYSTEM LOGS AND STREAMING DATA ANOMALY DETECTION ALGORITHMS

This paper provides with the description, comparative analysis of multiple commonly used approaches of the analysis of system logs, and streaming data massively generated by company IT infrastructure with an unattended anomaly detection feature. An importance of the anomaly detection is dictated by the growing costs of system downtime due to the events that would have been predicted based on the log entries with the abnormal data reported. Anomaly detection systems are built using standard workflow of the data collection, parsing, information extraction and detection steps. Most of the document is related to the anomaly detection step and algorithms like regression, decision tree, SVM, clustering, principal components analysis, invariants mining and hierarchical temporal memory model. Model-based anomaly algorithms and hierarchical temporary memory algorithms were used to process HDFS, BGL and NAB datasets with ~16m log messages and 365k data points of the streaming data. The data was manually labeled to enable the training of the models and accuracy calculation. According to the results, supervised anomaly detection systems achieve high precision but require significant training effort, while HTM-based algorithm shows the highest detection precision with zero training. Detection of the abnormal system behavior plays an important role in large-scale incident management systems. Timely detection allows IT administrators to quickly identify issues and resolve them immediately. This approach reduces the system downtime dramatically.Most of the IT systems generate logs with the detailed information of the operations. Therefore, the logs become an ideal data source of the anomaly detection solutions. The volume of the logs makes it impossible to analyze them manually and requires automated approaches.

OPTIMIZATION OF FIRE MONITORING SYSTEM USING THE DEFORMED STARS METHOD

In this paper are being considered the aspects of two variables function optimization problem solving, which, in general, is poly-extremal and undifferentiated. The classic methods of continuous optimization are not applicable in this case. One of the most commonly used methods of solving this problem is evolutionary algorithms, which can be divided into two classes. The first class includes algorithms where a potential offspring-solution is generated by two parent-solutions solutions, in the second case, the offspring-solution is generated by one parent-solution. There is deformed star method proposed where the population of parental solutions is 3, 4, and 5 point groups. The application of proposed method is shown to solve the optimization problem of fire monitoring system for buildings, which minimizes the time of its operation. The buildings where fire load can be both permanent and variable are considered. Such buildings include concert halls, nightclubs, supermarkets, logistics facilities and more. Fires at such buildings result in human sacrifice and serious material loss. Timely activation of the fire alarm system have great importance. The objective function of the problem is determined by the distance from the horizontal projections of the detectors to the sources of fire and the probability of triggering the detectors. The solution is optimizing location of fire detectors, taking into account their number and the fire load of the room. The advantages of the developed method over genetic algorithms, evolutionary strategies and differential evolution as the most typical evolutionary algorithms are shown. Numerical experiments were carried out, which showed the increased accuracy of calculations and the increased speed of method convergence.

PROBLEMS OF PROTECTION OF CRITICALLY IMPORTANT INFRASTRUCTURE OBJECTS

The paper deals with topical issues related to the protection of critical infrastructure, which depend on the survival of the human community. It is shown that rapid progress in the field of information technology, on the one hand, allows the modern economies of many countries to become inextricably interconnected; interfering with the work of critical infrastructure. The analysis of what are the true causes of such close attention to such objects by cyber terrorists. Top 10 major threats to industrial control systems are presented. The following steps determine the criticality of the infrastructure objects. The following is a list of 11 critical sectors and 37 relevant sub-sectors identified by the European Union. The answer is given to the question with which target countries should develop national strategies for the protection of critical infrastructure objects. A strategy for quantifying the level of security of critical infrastructure against the risk of third-party cybernetic exposure is proposed. The necessity to unite different elements of protection of critical infrastructure objects by states is substantiated. It is important that cybersecurity policies should be central to the protection of critical infrastructure. It is noted that not all national cybersecurity strategies provide the same place and relevance for critical infrastructure. It is noted that when developing a national strategy for the protection of critical infrastructure, it is important to compile a comprehensive list of all relevant national policies. It is concluded that today it is an important tool for the protection of critical infrastructure

A NEW APPROACH TO BUILDING A POST-QUANTUM SCHEME OF ELECTRONIC DIGITAL SIGNATURE

Cryptographic information security techniques are essential in building a modern cybersecurity infrastructure. Recently, there have been new challenges and threats to cryptographic transformation. In particular, the emergence and rapid development of the latest quantum computing technologies necessitates the urgent need for the development and research of new methods of post-quantum cryptographic transformations, that is, those that will be sustainable even if quantum cryptanalysis is possible. This article is devoted to the analysis of possibilities of implementation of digital signature schemes based on using error-correcting codes. This approach allows cryptographers to build schemes that are resistant to both classic cryptanalysis and cryptanalysis which uses quantum computing. The article describes the principles of the classic digital signature scheme which is named CFS and built using a Niederreiter-like transform, and also we propose a new approach that enables an implementation of signature according to the McEliece transformations. This approach preserves the advantages of its predecessor and provides additional protection against special attacks. Also, a comparative analysis and characterization of the considered schemes according to the criteria of resistance to classic and quantum cryptanalysis, complexity of necessary transformations and length of generated signatures are made. The results show that reliable and secure cryptographic transformations can be built, in particular, electronic digital signature algorithms that are code-based and secure even in the case of quantum cryptanalysis. However, it should be noted that the drawback of code-based signature schemes is the large amount of key data required by the algorithm, as well as the difficulty in creating a signature due to the need for multiple decryption of the syndrome, which remains a topical topic and needs further research

DEVELOPMENT OF A STEGANOGRAPHIC METHOD RESISTANT TO ATTACKS AGAINST BUILT-IN MESSAGE

Features of modern network communications make it necessary to use in the organization of the hidden channel communication of steganographic algorithms that are resistant to loss compression, and leaving the tasks of developing new effective steganographic methods are relevant. The paper develops a new block steganographic method, which is resistant to attacks against the built-in message, including strong attacks. This method preserves the reliability of the perception of the formed quilting due to the mathematical basis used. It is based on a general approach to the analysis of the state and technology of information systems functioning, matrix analysis, perturbation theory. A digital image is treated as a container. The bandwidth of a hidden link that is built using the developed method is equal to n-2 bpp, n×n is the size of the blocks of the container that are obtained by the standard breakdown of its matrix. Such bandwidth is achieved with any algorithmic implementation of the method. Additional information is a binary sequence, it is the result of pre-coding of the information that is hidden. The embedding of additional information is done by using formal container matrix parameters that are insensitive to perturbation. These are singular values of its small blocks (n≤8). Increasing the maximum singular value of the block, which occurs when embedding additional information, leads to the stability of the method to the perturbing action and to ensure the reliability of the perception of the hip. The magnitude of the increase in the maximum singular value is determined using the values obtained by raising the singular values of the block to a natural degree k. Algorithmic implementation of the method requires additional studies to determine the parameter k.

ANALYSIS OF THE PRIMARY TRENDS IN CYBERSECURITY

Open and free cyberspace increases the freedom of people and social communications, in such conditions it becomes especially important to search for new possibilities of ensuring the state security in view of the formation of a new confrontation field - cyberspace. It is important to analyze the actual problems of information security, actions of the world governments and world organizations for identifying the current state of modern trends in the cybersecurity field. Cybersecurity incidents affect the lives of consumers of informational and many other services, and cyberattacks targeting various objects of electronic communications infrastructure or process management. This article covers in detail the factors that influence the state of cybersecurity in the country, its cyberspace and the protection of information objects. The rapid development of malicious software in the world and the lines of action by famous hacker groups are analyzed. The tendencies of active legislative updates in the cybersecurity field of the world’s leading countries, such as creating new structural groups, increasing the number of existing ones and increasing their funding, are identified. The reasons for attackers concentrating their efforts on the search for assets vulnerabilities and the development of a unique multifunctional malware and technologies for unauthorized assets are considered. Structured information about the status of modern trends in the field of cybersecurity and information protection is presented in this article. The situation that has evolved to date with cybercrime requires continuous improvement of cybercrime fighting methods, development of information systems and methods aimed at ensuring the country's cybersecurity. Therefore, the issue of cyberspace security, cybercrime fighting is relevant internationally as well as at the national level and therefore needs further consideration.

IMPROVED METHODOLOGY OF APPLYING THE OBJECT MODEL OF INTERACTION OF DSP-SSP SYSTEMS THROUGH AD EXCHANGE

Exchange. According to the results of the analysis, the purpose of scientific research is formed, which is that for automate process of the buying and selling of media content, to carry out simulations and to prove the feasibility of using the implemented platforms on the basis of the advanced method of application of the object model of interaction of DSP-SSP systems. The authors found that Ad Exchange is an intermediary between DSP and SSP platforms and implements the module one to many. Has been identified that this system enables the digital marketplace where publishers and advertisers come together to trade digital inventory. It is concluded that Ad Exchange is a standalone platform that facilitates and simplifies programmatic ads buying. The authors presented the model of the Ad Exchange system, presents advantages and disadvantages are indicated. It is concluded that the Validator block, which advertises only for a specific contingent of people, was first proposed by the authors as the most important component of this model. The Validator block is the main advantage of the system presented in the article over others. An advanced technique for using an object model of DSP-SSP systems interaction through Ad Exchange is offered. It is determined that an important component for the implementation of this methodology is Analytic, which was implemented on the DSP platform, where the client can keep track of important winnings, clicks and othere. By incorporating the Validator block, the well-known DSP and SSP algorithm is improved. Based on the proposed model, a simulation was performed where the Validator block was implemented. It is concluded that Ad Exchange is a tool for automating the process of buying and selling Internet content. This allows you to earn more money and save time on transactions. The recommendations developed by the authors track poor quality proposals and deal with risks.