Collection "Information Technology and Security" <p align="JUSTIFY"><strong>“</strong><strong><img src="/public/site/images/v_v_tsurkan/homepage5.png" alt="" align="left" hspace="10" vspace="6" />Information Technology and Security</strong><strong>”</strong> – scientific publication of the <span><a href="" target="_blank">Institute of special communication and information protection of National technical university of Ukraine «Igor Sikorsky Kyiv polytechnic institute»</a></span> for the publication of basic scientific results of dissertations and scientific papers by candidates scientific degrees and academic titles , also as higher education in the educational qualification of Master degree. After one year pause resumed in 2015.</p><p><strong>Register:</strong> certificate of state registration of the print media on 02.07.2018 HF 23486-13326PR.</p><p><strong>Foundation year:</strong> 2012.</p><p><strong>P-ISSN:</strong> 2411-1031.<br /><br /><strong>E-ISSN:</strong> <span lang="EN-US">2518-1033</span>. </p><p><strong>Publication type: </strong>collection of research papers<strong>.</strong></p><p><strong></strong><strong>Status:</strong> Ukrainian.</p><p><strong>Languages:</strong> Ukrainian, English (multi) languages.</p><p><strong>Frequency:</strong> semianual.</p><p><strong>Sphere of distribution:</strong> nation-wide and international .</p><p><strong>Branch of science:</strong> engineering.</p><p align="justify"><strong>Publication category:</strong> B.</p><p align="JUSTIFY"><strong>Categories of readers:</strong> scientific, pedagogical and engineering and technical staff , graduate students, doctoral students , students and kadets.</p><p align="JUSTIFY"><strong>Thematic focus:</strong> publication of original and review papers on the major problems of modern information technology, information security, information warfare, countering the use of social engineering, cyber security, the security of critical infrastructure, mathematical and computer modeling, the protection of information in telecommunication systems and networks (including on the protection of personal data), information security management and security risk information.</p><p align="JUSTIFY"><strong><strong>Editor in Chief</strong>:</strong> <a>Dmytro Lande</a>, doctor of technical sciences, professor; <span>Institute for information recording of National academy of science of Ukraine</span>, Kyiv , Ukraine.</p><p align="JUSTIFY"><strong><strong>Executive Secretary</strong>:</strong> Vasyl Tsurkan, candidate of technical sciences, associate professor; <span>Institute of special communication and information protection of National technical university of Ukraine «<span>Igor Sikorsky Kyiv polytechnic institute</span>»</span>, Kyiv , Ukraine.</p><p align="JUSTIFY"><strong><strong>Technical Secretary</strong>: </strong>Valeriia Pokrovska; <span>Institute of special communication and information protection of National technical university of Ukraine «<span>Igor Sikorsky Kyiv polytechnic institute</span>»</span>, Kyiv, Ukraine.</p><p align="JUSTIFY"><strong>Responsible Department: </strong>Cybersecurity and application of information systems and technologies.</p><p align="JUSTIFY"><strong><strong>Editorial address</strong>: </strong>Str. Verkhnokliuchova, 4, Kyiv, 03056, Ukraine.</p> ISCIP Igor Sikorsky Kyiv Polytechnic Institute en-US Collection "Information Technology and Security" 2411-1031 <p>The authors that are published in this collection, agree to the following terms:</p><ol><li>The authors reserve the right to authorship of their work and pass the collection right of first publication this work is licensed under the <a href="" target="_new">Creative Commons Attribution License</a>, which allows others to freely distribute the published work with the obligatory reference to the authors of the original work and the first publication of the work in this collection.<br /> </li><li>The authors have the right to conclude an agreement on exclusive distribution of the work in the form in which it was published this anthology (for example, to place the work in a digital repository institution or to publish in the structure of the monograph), provided that references to the first publication of the work in this collection.<br /> </li><li>Policy of the journal allows and encourages the placement of authors on the Internet (for example, in storage facilities or on personal web sites) the manuscript of the work, prior to the submission of the manuscript to the editor, and during its editorial processing, as it contributes to productive scientific discussion and positive effect on the efficiency and dynamics of citations of published work (see <a href="" target="_new">The Effect of Open Access</a>).</li></ol> Building of knowledge bases of decision support systems using the directed networks of terms during information operations research The study is dedicated to the relevant issue of information operation research, namely, to building of knowledge bases of decision support systems, using directed networks of terms. During processing of documents in a given subject domain (related to the information operation object) text bodies are formed. Based on such text bodies, we build networks of terms. These networks are used when building knowledge bases of decision support systems during information operations research. The paper suggests a new approach to building of knowledge bases of decision support systems during information operations research, using directed weighted networks of terms from a given subject domain. Application of the approach to knowledge base building allows us to save time and funds, thanks to reduction of expert information usage. It also provides an opportunity to detect blank spots in the respective knowledge bases. The paper also suggests an innovative approach to defining the directions and weights of relationships (edges) in a network of terms. Application of the approach is illustrated by construction of an ontological subject domain model, related to certain information operation targets. Dmytro Lande Oleh Andriichuk Oleh Dmytrenko Vitaliy Tsyganok Yaroslava Porplenko Copyright (c) 2020 Collection "Information Technology and Security" 2020-12-30 2020-12-30 8 2 153 163 10.20535/2411-1031.2020.8.2.222597 Volume increasing of secret message in a fixed graphical stego container based on intelligent image analysis The paper considers methods of edge pixel selection based on Roberts, Previtt, and Sobel operators, as well as technologies of cellular automata to increase the volume of the implemented secret message. Based on the methods used, templates with selected pixels were formed, into the codes of which secret message bits were embedded. The templates were formed using threshold additional processing, which allowed to select the optimal threshold for the selection of the corresponding pixels of the image of the container. Thresholds ranging from 100 to 300 were selected for the Roberts operator, and thresholds ranging from 1,000,000 to 15,000,000 were selected for the Previtt and Sobel operator. To select pixels based on cell technology, four-cell neighborhood shapes were used for binary and color imaging. Experimental studies were performed for all methods of pixel selection, which made it possible to determine the optimal numerical threshold, as well as the number of lower bits of each selected pixel to implement the bits of the secret message. It has been experimentally established that for all methods, except for the two lower bits of the code of each pixel, the bits of the secret message is also embedded in the four lower bits of each byte of code of the selected pixel, which significantly increases the volume of the embedded message. When using two lower bits of all pixels and four lower bits of selected pixels for many templates, no change in the visual images of the containers was observed. Using the fifth lower bit in each byte of the selected pixel code to enter the secret bit results in significant distortion of the visual picture. The experiments were performed for different brightness thresholds during binarization. In total, six additional secret bits were added to the code of each selected pixel. For the efficiency of the experiments, bit sequences containing only one zero, one unit, and randomly generated bit sequences were introduced into the containers. Stepan Bilan Viacheslav Riabtsev Andriy Daniltso Copyright (c) 2020 Collection "Information Technology and Security" 2020-12-30 2020-12-30 8 2 133 143 10.20535/2411-1031.2020.8.2.222589 Influence of destabilizing factors on the stability of user's handwritten signature indicators Consideration is given to the question of user`s handwritten signature parameters informativeness and stability during authentication. An identifier that uses biometric characteristics is inextricably linked to the user and it is almost impossible to use it without authorization. It is proposed to use dynamic biometric characteristics of users. Their advantage is that due to the presence of a dynamic component, the probability of their forgery by an attacker is very low. A handwritten signature is used as a biometric characteristic of the user. A handwritten signature is a socially and legally recognized biometric characteristic used for human authentication. It has a rather complex structure and high detail - all this makes solving the problem of user identification by mathematical methods quite complex and requires high computational costs. Another significant disadvantage is that handwritten authentication systems require the installation of additional specialized equipment, which makes the use of such systems as an ordinary means of authentication very expensive. Nowadays the presence of mobile devices in almost all users has made it possible to form the idea of using them in authentication systems. Thanks to that a scheme for implementing a computer security system against unauthorized access based on handwritten signatures using Android-based mobile devices as signature input devices were proposed. An algorithm based on Heming's distance was chosen to implement user tolerance. According to the selected algorithm, a method for forming a biometric vector has been developed. The optimal characteristics are investigated and the efficiency of using the proposed form biometric characteristics vector is estimated. The speed of movement at certain intervals and the inclination angle of the vector interval were chosen as indicators of the handwritten signature. It is offered to estimate stability in time and dependence of the chosen biometric signs on the following factors: emotional and physical condition of the user, and also time of day at the moment of authentication. Developed a software application for the Android operating system, which collects the time characteristics and values of the proposed factors for biometric vectors, as well as calculates mathematical statistics for further analysis and evaluation. Viktor Yevetskyi Ivan Horniichuk Hanna Nakonechna Copyright (c) 2020 Collection "Information Technology and Security" 2020-12-30 2020-12-30 8 2 144 152 10.20535/2411-1031.2020.8.2.222592 Information, signs, knowledge and intelligence Understanding the special role of information in scientific knowledge formation is simultaneously accompanied by a high level of uncertainty regarding the nature of both information and knowledge. There are many approaches to information that can be constructively applied in some special areas of activity but remain completely useless in others. Against the background of such “informational diversity”, many researchers more often had the idea of the need for a universal explanation of the information phenomenon. The need to solve this problem is intuitively substantiated by the fact that the formation of information and its application create the foundation for many processes of self-organization and control in systems of various nature: chemical, biological, social, technical, and others. From the same point of view, the concept of information is often referred to as the primary one when explaining other also little understood phenomena: signs, semantics, knowledge, psyche, intelligence, mind, consciousness, self-awareness, mathematics, probability, and others. The universal concept of information and concepts derived from it can become a set of tools for formalized analysis from common conceptual positions of information processes in various scientific fields. The article presents the results of research, within the framework of which a universal information concept was obtained using a set of basic statements (axiomatic approach) and means of terminological, graphic, mathematical formalization (means of overcoming uncertainties). The information phenomenon is presented as a special result of the interaction of physical objects: the property of an object acquired during interaction contains the characteristics of another object. This approach to explaining the nature of information (attributive-transfer nature of information, ATNI), made it possible to determine the components of the process of its formation: informational impact, information carrier, essence, and semantics of information. With their help, derived concepts are defined: information environment and its characteristics; cybernetic system, the formalized model of its controlled behavior and security criteria; signs and their relationship with information; knowledge and intelligence of the cybernetic system. The applicability of the proposed approach to the analysis of processes in information environments of various natures: protein, neural, computer, has been tested. Ihor Yakoviv Copyright (c) 2020 Collection "Information Technology and Security" 2020-12-30 2020-12-30 8 2 191 215 10.20535/2411-1031.2020.8.2.222605 BKW-attack on NTRUCIPHER and NTRUCIPHER+ enctyption schemes Due to the appearance of quantum computers, which will significantly reduce the time of solving certain problems, the security of many standardized cryptosystems is under threat. This prompted NIST to launch an open competition to create new post-quantum standards in 2016. In the summer of 2020, the NTRU algorithm, one of the fastest post-quantum algorithms based on lattices in Euclidean space (1996), was entered the seven finalists of this competition. However, only in 2017 was proposed an analogue of this encryption scheme – a symmetric encryption scheme NTRUCipher. Preliminary researches of this encryption scheme have been conducted but it’s security to chosen-plaintext attack, which consists of compiling a system of linear equations corrupted by noise (over a finite field of simple order) and solving it using a generalized BKW algorithm, have not been analyzed. For the first time the NTRUCipher + cipher scheme is proposed in this article. Its main difference is the usage an additional random polynomial when encrypting. The security of NTRUCipher cipher scheme and its modification NTRUCipher+ against BKW-attack is researched. Such an attack is possible for symmetric NTRU-like cipher schemes but it has not been considered before. Analytical (upper and lower) bounds of the BKW attack’s complexity on NTRUCipher and NTRUCipher + are obtained. The comparison of these cipher schemes on the encrypted messages’ length against BKW-attack at certain identical fixed parameters is carried out. It is shown that the security increase of the NTRUCipher cipher scheme against BKW-attack due to the usage an additional additive in encryption is almost completely leveled by increasing the upper bound of the decryption failure probability. Research allows to compare these cipher schemes in terms of security and practicality, and to conclude that it is inexpedient to use NTRUCipher+ to increase the security of the NTRUCipher cipher scheme to BKW attack. In the future it is planned to develop methods for constructing symmetric analogues of the NTRU cryptosystem based on other general lattice-based structures. Alexandra Matiyko Copyright (c) 2020 Collection "Information Technology and Security" 2020-12-30 2020-12-30 8 2 164 176 10.20535/2411-1031.2020.8.2.222599 Ontological approach to big data analytics in cybersecurity domain Information security is a dynamic field in which methods and means of protection against threats and their destructive component are rapidly changing and improving, which is a challenge for organizations and society as a whole. Therefore, information systems related to cybersecurity require a constant flow of knowledge from internal and external sources, the volume of which is constantly growing. The introduction of big data sets in the field of cybersecurity provides opportunities for application for the analysis of data containing structured and unstructured data. The application of semantic technologies to search, selection of external big data, and description of knowledge about the cybersecurity domain require new approaches, methods, and algorithms of big data analysis. For selecting relevant data, we are offered a semantic analysis of metadata that accompanies big data and the construction of ontologies that formalize knowledge about metadata, cybersecurity, and the problem that needs to be solved. We are proposed to create a thesaurus of problems based on the domain ontology, which should provide a terminological basis for the integration of ontologies of different levels. The cybersecurity domain has a hierarchical structure, so the presentation of formalized knowledge about it requires the development of the hierarchy of ontologies from top to bottom. For building a thesaurus of problem, it is proposed to use an algorithm that will combine information from information security standards, open natural information resources, dictionaries, and encyclopedias. It is suggested to use semantically marked Wiki-resources, external thesauri, and ontologies to supplement the semantic models of the cybersecurity domain. Anatoly Gladun Katerina Khala Ihor Subach Copyright (c) 2020 Collection "Information Technology and Security" 2020-12-30 2020-12-30 8 2 120 132 10.20535/2411-1031.2020.8.2.222559 Determination of components of route hijack risk by Internet connections topology analysis The possibility of dynamic routes change between nodes that are not physically connected is a key feature of the Internet routing. The exterior gateway protocol BGP‑4 has been developed to deliver this feature, along with policies and procedures of inter-domain routing. Developed for the network of hundreds nodes that rely on information from each other, after decades BGP-4 is still the same with tens thousands nodes and its crucial lack of routing data integrity. One of the most significant problems deriving from its weaknesses is route leaks and route hijacks. None of the proposed and partially implemented upgrades and add-ons like MANRS and RPKI can not deliver reliable defense against those types of attacks. In this paper, the approach of risk assessment via internetworking links analysis is developed. Although modern information security is based on risk management, in this paper it is proposed to mitigate route hijack risks by enhancing links topology. Estimating the risks of route hijack requires quantitative measurement of the impact of an attack on the routing distortion, and therefore, the loss of information security breach. For this assessment, this paper proposes to use knowledge of the features of the Internet topology at the layer of global routing, which is determined by the interaction of autonomous systems - groups of subnets under common control - according to the routing protocol BGP-4. Based on our formal representation of IP routing, the relationship between topology and the risk of route hijack is shown. A new approach to quantifying information risk using a new risk-oriented model of global routing, which will reflect the properties of Internet nodes in terms of the risk of routes hijack. Vitalii Zubok Copyright (c) 2020 Collection "Information Technology and Security" 2020-12-30 2020-12-30 8 2 232 239 10.20535/2411-1031.2020.8.2.222612 Approach of the information properties destruction risks assessing based on the color scale One of the urgent tasks of today is the protection of information, which is defined by the regulations of our state in the field of information security and cybersecurity [1], [2]. The protection of information is to ensure its properties such as confidentiality, integrity and accessibility [3]. In the process of assessing the security of information, the priorities of its protection are determined, taking into account the degree of restriction of access to it. Information security (IS) risk assessment is performed to select effective measures and means of protection. Existing assessment methods are analyzed, based on estimates of the possible damage from the IB incident and the probability of its occurrence, but the forms of formalizing the level of risk do not reflect which properties may be violated in the incident. That is, the general representation of the risk does not allow its prompt processing. With the use of modern computer technology, it has become possible to create dynamic images of the level of risk. The basis of computer graphics is an additive model of RGB color rendering [4]. A method has been developed in which by assigning color to each of the three properties of information, it has become possible to distinguish the level of risk for each property of information. With the advent of information about new vulnerabilities in information and telecommunications systems, the color may change thereby signaling a change in the level of risk for a particular property of information. The use of such an approach to IS risk management has made it possible to quickly make decisions on risk management and maintain the process of ensuring IS at the appropriate level. At the same time, this method made it possible to record the change in the numerical values of colors, from which you can get the rate of growth of the risk of IB. The average value of this value could be used to predict the resilience of the system to IS incidents. The speed of change in the level of information security risk has become another parameter for determining the index of system development and the basis for updating the planned costs of the organization to ensure IS. Volodymyr Mokhor Andrii Davydiuk Copyright (c) 2020 Collection "Information Technology and Security" 2020-12-30 2020-12-30 8 2 216 223 10.20535/2411-1031.2020.8.2.222608 Interpretation model of assessments boundary information security risks Amendments to the legislation of Ukraine allow to build, implement and conduct certifications of information protection systems owned by the state, or the requirements for the protection of which are established by law. It is recommended to use the requirements and/or guidelines of international practices that provide for the use of risk-oriented approach. Thus, the international standard ISO/IES 27001 implemented in Ukraine recommends choosing or developing a method for assessing information security risks. At the same time, the results of the analysis of open sources revealed the absence of models and methods for quantifying their limit values. By information we mean the risks associated with the possibility of losses as a result of violation of the properties of confidentiality, integrity, availability of information. Therefore, the purpose of this article is to develop an interpretive model that will provide the limit values of information security risks. Their quantitative values could be used as criteria at the stage of formation of requirements for a comprehensive information security system and / or information security management system. The basis for calculating the value of the risk limit value is the standard deviation of the uncollected profit for the period. If the profit exceeds the planned, then hypothetically during the analysis period there were no incidents that would affect resources. Information risks are a component of the organization's risks. According to the recommendations of ISO/IES 27005, where risk is the effect of uncertainty on the achievement of goals, and the effect is a positive or negative deviation from the expected, the hypothetically obtained standard deviation can be considered an assessment of the impact of information uncertainty of additive information resources on economic results. and assessing the acceptable threshold of information risk of the organization. Thus, an interpretive model for estimating the marginal risks of information security and allowable losses on individual components of threats to the properties of information as a formalization of the impact of information uncertainty on financial consequences, which allowed to quantify these estimates based on available actual economic / cost indicators of information activity in the organization. Vitalii Bezshtanko Yaroslav Zinchenko Copyright (c) 2020 Collection "Information Technology and Security" 2020-12-30 2020-12-30 8 2 224 231 10.20535/2411-1031.2020.8.2.222610 Requirements for web applications firewalls Domestic and foreign regulations related to the protection of web applications are analyzed. It is established that the requirements for its individual means of protection should be taken into account when developing a comprehensive information protection system. The most effective of the elements of the complex of means of protection for automated systems of class 2 and 3, on which web servers operate is the firewall of web applications, which is not required in open sources. Therefore, the development of such requirements is an urgent and urgent problem, the solution of which will simplify the development of a comprehensive information security system. Based on the relevance of the results of the work are the requirements for firewalls of web applications. One of the few open sources that allows you to implement such a component of a comprehensive information security system as the firewall of web applications is a list of rules from MITRE and the open project to ensure the security of web applications OWASP. However, these rules do not implement the developed requirements, so in addition, proposed and implemented rules for filtering the firewalls of web applications that meet them. The technique of their check on conformity to the established requirements is formed. Based on such utilities as Metasploit FW, nikto, dirb, wafninja, a software application has been developed that implements this technique. It has a direct link to the CVE database, which allows you to detect and check for current vulnerabilities. OWASP ModSecurity is used as a security component, the source code of which is located on official repositories and operates on the basis of the nginx web server. The capabilities of ModSecurity are enhanced by a developed dynamic connector that allows you to use the firewall of web applications as a separate means of protecting information. Certain filtering rules are implemented in the developed protection tool. This satisfies the requirements for a set of security features in a comprehensive information security system such as continuous protection of computer systems and a modular structure. Artem Zhylin Dmytro Parfeniuk Sergii Mitin Copyright (c) 2020 Collection "Information Technology and Security" 2020-12-30 2020-12-30 8 2 177 190 10.20535/2411-1031.2020.8.2.222603