Collection "Information Technology and Security"

Analysis of threats and risks in the Web3 ecosystem in the security context

2023-12-20T14:43:36+02:00

This research article discusses current and promising issues in the field of cybersecurity, in particular, the analysis of potential threats and risks of Web3 development. Web3 is a new generation of the Internet based on blockchain technology, decentralization, cryptography, and smart contracts. This approach aims to improve security, privacy, and user rights in the virtual environment, but without proper understanding, it can carry the opposite risk. The article begins with an analysis of recent research and issues. The authors discuss potential threats and risks, including possible attacks on decentralization protocols, censorship manipulation, attacks on blockchain protocols, attempts to break the consensus system, and unfair smart contract transactions. The article discusses a number of vulnerabilities and attacks that can harm the new Web 3.0 technology. The article describes new threats to the privacy of users and their digital assets, including the use of anonymization technologies and countermeasures by criminal organizations or government agencies. The article also emphasizes the importance of discussing the legal aspects of Web3 integration, finding an optimal balance between the regulation of the digital space and users' rights to privacy and autonomy. Global challenges require international cooperation and standardization of regulatory rules in this area. The results of the study demonstrate that a conscious approach to analyzing Web3 threats is the key to building a secure future for the Internet. This article contributes to the dissemination of information and knowledge about possible risks, opens up new horizons for scientific research, practical implementation of cybersecurity measures, and political dialogue in the Web3 era.

Analysis of ChatGPT's capabilities for solving problems of reverse-engineering of software

2023-12-20T11:33:43+02:00

The article presents the results of the analysis and evaluation of the capabilities of the open version of the chatbot with artificial intelligence ChatGPT 3.5 for solving typical problems of software reverse engineering. Three classes of reverse engineering tasks were selected for analysis: source code analysis, binary code analysis, and data models analysis. In each class of tasks, the most typical tasks were selected taking into account the limitations of ChatGPT regarding the processing of graphical models and the amount of input and output data, and sets of test tasks were developed for each task. As an approach to assessment, an approach similar to the assessment of competencies of higher education applicants after studying the relevant discipline was chosen. The following were considered as criteria for evaluating answers to test tasks: correctness (rightness, coincidence with expectations); completeness (obtaining the final result); accuracy (solving the task without additional questions); reasonableness (availability of explanations and answers to questions). The following scale was used and described for evaluations: excellent, very good, good, satisfactory, sufficient, unsatisfactory. During the testing for each test task, tasks statement and all necessary data were entered through the ChatGPT interface. As a result of the analysis, it was determined that ChatGPT better solves the problems of source code analysis (excellent and very good grades were obtained for semantic and structural analysis, restoration of mathematical support, quality assessment, security audit and refactoring, as well as for conversion to another programming language), tasks of decompilation of IDA pseudocode into complete C source code, tasks of reverse engineering of relational databases, and tasks of generating YARA rules for recognizing file formats. Unsatisfactory grades were obtained for dynamic analysis of assembly code and determination of binary file structures of non-standard formats. ChatGPT solves the rest of the problems well and satisfactorily, but requires checking the results, clarifying queries and prompts, as well as manual error correction in some cases. ChatGPT errors were observed when analyzing binary data represented by hexadecimal symbols, as well as errors in generated scripts for programming in IDA. On the basis of the set grades, conclusions were made regarding the expediency, possibility, or impracticality of using ChatGPT to solve each type of software reverse engineering problems, and appropriate recommendations were also provided. Prospects for further research include testing new versions of ChatGPT and other similar artificial intelligence systems regarding the capabilities of analyzing and synthesizing graphical models of software.

Integration of information search technologies and artificial intelligence in the field of cybersecurity

2023-12-20T11:53:23+02:00

The paper explores the possibility of integrating traditional intelligence systems in open-source intelligence (OSINT) with advanced generative artificial intelligence (GAI) technologies, which are becoming a key factor in the development of analytical systems. The main focus of the research is on improving the functionality of the social media content monitoring system for cybersecurity issues, called CyberAggregator. The study identifies several analytical components where the application of GAI technology is most effective, including the creation of networks of key words and persons, identification of toponyms, and information summarization (building summaries, digests). The practical aspect of the research is dedicated to integrating the content monitoring system with the large language model Llama-2. The steps of this integration are provided, and the interaction process between the information search system and Llama-2 is described. The installation of dependencies and processing of queries transformed into prompts for the GAI system are detailed. This integration opens up broad possibilities for utilizing the large language model to address semantic tasks, thereby enhancing the analytical capabilities of intelligence systems. The paper identifies perspectives for using GAI to further develop and enhance information analysis systems in open sources, providing new opportunities to expand the understanding and effective use of artificial intelligence technologies in the context of tasks and ensuring cyber and information security.

Analysis of methods of classification of electronic messages based on neural network models

2023-12-20T12:13:58+02:00

In the article, the creation of a mechanism for detecting and classifying messages is considered, with an assessment of how effectively different neural networks work and can recognize and classify different types of electronic messages, including phishing attacks, spam, and legitimate messages. A preliminary analysis of incoming messages has been performed, encompassing their headers, text, and other relevant attributes. For instance, in the case of emails, these attributes could be the 'subject' and 'sender' of the message. Methods for data preparation and processing have been reviewed, including text vectorization, noise removal, and normalization, to be utilized in training neural networks. Message tokenization has been performed by transforming them into a numerical format while considering the selection of features. For text messages, it is crucial to execute both tokenization and text vectorization. The model training was performed on the test data with prior splitting into two parts: 80% for training and 20% for testing. The training set is utilized for training the model, while the test set is used to evaluate its effectiveness. The peculiarity of the class structure of the data, namely the uniformity of the distribution of classes, is considered. In this case, spam occurs less frequently than legitimate messages, so class balancing techniques such as random deletion of redundant examples, upsampling, and subsampling were applied to ensure adequate model training. Optimization of network parameters was performed, by researching the optimal parameters of neural networks, such as the number and size of layers, activation functions, and optimization of hyperparameters to achieve the best performance. Hyperparameter optimization includes determining optimal settings for neural networks, such as layer size, activation functions, learning rate, and other parameters. The effectiveness was assessed by comparing the results and performance of various classification methods based on neural networks using metrics such as precision and F1-score. It was determined how well the methods can avoid misclassifications where legitimate messages are mistakenly identified as spam, and vice versa. A comparison of the methods' effectiveness in processing a large volume of messages in real time was conducted. An analysis of different architectures of neural network models was performed. Based on the analysis, it was revealed how effectively different neural network models can recognize and classify messages as spam.

Filter generators with increased resistance against algebraic attacks

2023-12-20T09:34:20+02:00

Filter generators form one of the best known and most studied classes of key stream generators used in synchronous stream ciphers. Each such generator consists of a binary linear shift register with a primitive feedback polynomial and a nonlinear Boolean function, which has a number of requirements related to the condition of generator security against known attacks. One such requirement is the high algebraic immunity of the generator's filter function; this parameter characterises security filter generator against modern algebraic attacks. In certain cases, this requirement is too restrictive in sense of practicality, as it increases the computational or circuit complexity of the key stream generation algorithm. This makes the actuality of increasing the resistance of filter generators with fixed filter functions, that have limited (low) algebraic immunity. The paper proposes to solve this problem by modifying the feedback function of the linear shift register. the security of the proposed generators against algebraic attacks is investigated and is shown that (under certain natural conditions) such generators are more secure at the same initial state length as compared to traditional filter generators. The proposed solution seems to be useful for practical application in advanced hardware-oriented stream ciphers design.

Expanding the functionality of IoT devices in conditions of emergency situations

2023-12-18T15:09:29+02:00

The article is devoted to the expansion of functional devices of the Internet of Things (IoT) in order to increase the safety of the population in emergency situations, in particular in the context of natural disasters and military threats. After analyzing the latest research and publications, a conclusion was made about the relevance of the development of IoT technologies in the context of modern challenges for the safety of citizens. Special emphasis is placed on the use of innovative approaches to solving public safety problems, particularly for persons with disabilities, such as the hearing impaired or the elderly. The article describes the implementation of software in the Python programming language to visually display the status of a missile threat or artillery fire using Yeelight smart lamps, which use colored light to convey information about the presence or absence of danger messages. The proposed solutions include synchronous operation of devices in real time, connection to reliable sources of messages and provision of stable communication between devices and the server. The project demonstrated an innovative approach to solving security problems in crisis situations, in particular martial law, promoting a quick and accurate response to valuable threats and protecting the population.

An exploration of public key infrastructure applications across diverse domains: a comparative analysis

2023-12-18T15:34:38+02:00

This article delves into the vital role of Public Key Infrastructure (PKI) in securing and authenticating communications across a multitude of fields. PKI has evolved from a mere technical concept into a cornerstone of secure digital communications, playing a central role in various domains such as web security, healthcare, finance, the Internet of Things (IoT), and government services. PKI employs cryptographic techniques and digital certificates to establish trust, ensure data integrity, and enable secure communications, thus acting as the backbone of digital security. In the wake of the digital revolution, the demand for reliable and robust security solutions has skyrocketed. The diversity and scale of modern digital platforms necessitate adaptable security solutions, a challenge which PKI tackles through its flexible implementation. Despite sharing core principles, the implementation of PKI demonstrates divergences influenced by factors such as scale, complexity, resource constraints, regulatory environments, and trust models. This article offers an extensive comparison of PKI's utilization across various domains, highlighting the commonalities and divergences. It explores how PKI is tailored to meet the unique requirements and challenges of each sector and discusses the certificate lifecycle management in varying contexts. Moreover, it provides an analysis of the current state of PKI applications and challenges, offering insights into the evolving landscape of threats and technologies. Not only does the article address the current state of PKI, but it also presents a forward-looking perspective on its potential future developments. As the digital landscape continues to evolve and expand, it is crucial to anticipate the emerging challenges and devise strategies for proactive adaptation. This article thus serves as a comprehensive resource for understanding the role and impact of PKI in the contemporary digital infrastructure. Ultimately, the article seeks to underline the importance of PKI and highlight the need for continued research and development in this area. As our reliance on digital communications and transactions continues to grow, the role of PKI in safeguarding these interactions becomes increasingly significant. This comprehensive review serves as a valuable resource for researchers, practitioners, and policymakers in understanding the diverse applications of PKI and its critical role in securing the digital world.

Networks method of hybrid construction and support of data transmission routes in programmed tools of mobile radio communication based on neural networks

2023-12-20T14:01:31+02:00

The article proposes a method of hybrid construction and support of data transmission routes in programmable means of mobile radio communication based on neural networks. Taking into account the peculiarities of the operation of mobile radio communication networks and means of communication, the article proposes to intellectualize the processes of managing data flows by using knowledge processing technologies in the construction of a control system. The construction of the control system is based on the use of neural networks, the methodology proposes three main steps of its construction, namely the method of hybrid construction of data transmission routes, the method of maintaining data transmission routes and modeling the process of construction and maintenance of data transmission routes in the network using neural networks. Unlike similar methods, which: are used in stationary communication networks with a small number of end nodes, without the possibility of monitoring the functions of data transmission routes; which are characterized by the absence of a clear decision-making hierarchy and the presence of unpredictability when applied in data transmission systems of mobile radio communication networks; do not take into account the peculiarities of the functioning of mobile radio communications. The proposed technique is able to build data transmission routes, increases the time of network operation and reduces the loading of network channels based on the application of a hybrid structure of neural network construction, by minimizing service traffic in the information direction; selection of the type, number and method of control of data transmission routes; introduction of the hierarchy of the decision-making process for the construction of the data transmission route and the selection of data parameters, taking into account the characteristic features of the use of programmable mobile communication tools to ensure the given quality of network service under different conditions of operation of mobile radio communication tools, using neural networks.

A complete solution for anti-jaming radio data-link of an unmanned aerial vehicle

2023-12-20T23:14:20+02:00

The effectiveness of an unmanned aerial vehicle's flight mission over a given distance depends on many factors. However, one of the key factors in the successful completion of a flight mission is the availability of high-quality management and control of telemetry by an unmanned aerial vehicle, which in turn is determined by a reliable radio communication between the ground control station and the unmanned aerial vehicle. The current stage of use of unmanned aerial vehicles is characterised by the use of active jammers of various types and purposes, the purpose of which is to disable control channels, navigation channels, telemetry channels and data transmission channels of FPV unmanned aerial vehicles in order to prevent the successful completion of the flight mission of the vehicle. The article considers conceptual issues of implementing a guaranteed interference-free radio data transmission and control of an unmanned aerial vehicle in the conditions of active jamming interference when combining various technological solutions. These solutions include the selection and justification of a special frequency range, the use of structural circuit solutions for interference protection of the radio data transmission and control line; the use of a specific scheme for organising communication with an unmanned aerial vehicle; the use of a transceiver and portable and light antennas for the radio channel that meet reasonable technical requirements; the implementation of the possibility of real-time monitoring of the interference situation on board the unmanned aerial vehicle and detection of the type of interference; ensuring flight in the sector. The requirements were justified and options for selecting a transceiver and antenna were proposed. A structural diagram of the radio line is developed and options for its use as a data transmission and control radio line for an unmanned aerial vehicle are proposed. Examples of real-time tracking of the interference situation on board an unmanned vehicle and detection of the type of interference are given. A flight option in the sector without the use of antenna tracking is calculated and justified. The approximate values of the signal at the receiver input of the unmanned vehicle are calculated.

Model of four cyber attack information environments

2023-12-20T10:58:49+02:00

The basis of the functioning of the modern cyber defense infrastructure of the corporate IT system is the procedure of comparing current events in the computer environment with the security event indicator. If the indicator matches the corresponding event, security information about this event is generated and transmitted to the SIEM for analysis. Based on the results of the analysis, a decision is made about the existence of a cyber security incident. At the next stage, a decision is made and implemented, which restores the state of cyber security. A mandatory condition for the effective cyber defense infrastructure is the availability of knowledge about possible cyber threats and relevant signs (indicators) of security events at the technical level of computer systems. Cyber threat intelligence (CTI) is responsible for forming signs of security events. In the conditions of large-scale application of common repetitive cyberattacks, the main function of CTI was to identify simple technical features called indicators of compromise (IOCs). Bit sequences (signatures) are used as such IOCs. In the conditions of large-scale application of complex cyberattacks, the task of developing such APT attack forecasting maps that allow the formation of security event attributes pattern (SEAP) for automated detection by computer means of cyber defense infrastructure becomes urgent. The article is devoted to the development of a model that, with the help of an attribute-transfer approach to the essence of information, allows to formalize the processes of cyber protection. The model visually details and combines the events that reveal the essence of the APT attack preparation and implementation, the processes of protection and the task of cyber threat intelligence to determine specific data for the means of an effective cyber defense infrastructure. The level of detail of the model allows the application of known mathematical constructions to describe security events and security information. This approach simplifies the forming algorithms for automating cyber protection processes.

A method of secure network traffic routing based on specified criterias

2023-12-20T10:03:14+02:00

Due to the implementation of new network services, the increase amount of data that need to be transmitted, and the use of networks in various sectors with diverse communication requirements, there is a need to develop new approaches to ensure the quality of such communications. Leading network equipment manufacturers and standardization organizations are developing new routing algorithms, resulting in the introduction of new routing protocols or improvements to existing ones. However, all these algorithms cover routing principles for general-purpose networks and do not consider the communication requirements of specialized networks. Therefore, the task arises to research optimization directions for network traffic routing, define optimization criteria, and further develop a method for secure network traffic routing based on the specified criteria. In this work, a routing method is proposed that takes into account the defined requirements when searching for the optimal route. In the case of dynamic routing, each router calculates the shortest routes to all other networks based on the shortest path search algorithm. This work defines a method for calculating metrics based on specified criteria and formally describes the algorithm for finding the shortest path. Quality of communication criteria is introduced, which will enable meeting communication requirements in specialized networks. Calculation methods for these criteria are demonstrated, and data collection methods for the calculation of specified criteria are determined. A formula for calculating metrics is proposed, which includes the possibility of selecting T-values and determining their numerical parameters to prioritize specific criteria. Default values for criteria are defined, and metric calculations are tested by default for different types of interfaces. After calculating metrics, the task reduces to finding the shortest paths in a weighted graph using an algorithm based on Dijkstra's algorithm. The proposed algorithm for finding the shortest path involves identifying the primary (shortest) and backup paths from a given source vertex to all other graph vertices. A formal description of the proposed algorithm is provided.

Using EBPF to identify ransomware that use DGA DNS queries

2023-12-20T10:25:18+02:00

In today's world, where the Internet has become an integral part of the functioning of government and corporate institutions, the integrity and availability of information is becoming a key issue for many organizations and individual users. The issue of protection against crypto viruses and attacks, in particular, using DGA (Domain Generation Algorithms), a method used by attackers to automatically generate domain names for client-server (Command & Control) communication in the DNS-based virus ecosystem, is particularly relevant, making it difficult to detect and block them due to the way DNS is used in modern computer networks. Given the growing number of attacks that use DGA, there is a need to develop new methods that are faster and can analyze large traffic flows in real time and provide functionality for detecting and blocking them. eBPF (Extended Berkeley Packet Filter) is a modern tool that allows you to create small programs to monitor and analyze various aspects of the system in real time, including network traffic. These programs are executed directly in the operating system kernel and/or at the network card level. In this study, we consider the possibility of using eBPF to detect DGA activity in DNS traffic. The goal is to determine the effectiveness of real-time ransomware detection. We developed a ransomware analysis lab environment where we developed eBPF-based modules, tested them, and simulated an attack. In addition, a cloud-based data analysis environment based on Splunk was set up and rules for detecting a DGA attack were developed based on this analysis. This article presents the results of developing an eBPF-based program for analyzing DNS traffic, conducting DGA attacks, and methods for detecting them. These results can be an important contribution to the development of strategies to protect against malicious attacks in the network.