Search

Your search keyword '"Sergey V. Porshnev"' showing total 9 results
Start Over Author "Sergey V. Porshnev"
9 results on '"Sergey V. Porshnev"'

1. Analysis of current regulations in the field of cybersecurity of critical information infrastructure of the Russian Federation

Author

Andrey V. Bondarenko, Konstantin V. Mushovets, Sergey V. Porshnev, and Olga K. Rogova

Subjects
regulations, critical information infrastructure, cii facilities, cii entities, categorization of objects of cii., Information technology, T58.5-58.64, Information theory, Q350-390
Abstract

The paper is devoted to a complex analysis of the current system of regulations in the field of security of critical information infrastructure (CII) facilities of the Russian Federation from the point of view of the logic of formation of the legal basis and the chronology of their creation, the results of which have provided a systematic regulatory framework for the security of CII facilities. The main directions of legislative activity in the field of security CII of the Russian Federation have been highlighted and a classification of the current legal acts in terms of it’s requirements has been proposed..The evolution of the content of the regulatory system to ensure the security of significant CII facilities has been described. The results of the analysis led to the conclusion that the state and regulators in the field of IS has developed a sufficient regulatory framework that defines the basic rules, procedures and requirements for the process of categorization, monitoring of its results, as well as providing information security of significant CII facilities. At the same time, on the basis of the experience of categorization of significant objects of the gas industry by the heat and power complex of the Russian Federation, a hypothesis has been made that the establishment of the information security system at specific significant CII sites (e.g., a variety of types of CII objects and areas of activity of CII entities) will require not only the application of existing legal instruments, but also the development of existing sectoral methodical documents in the field of categorization of objects of CII and in the field of construction of the information security system, taking into account their sectoral characteristics.

Published
2023
Full Text
View/download PDF

2. Determination of parameters affecting the possibility of computer attack implemented by an intruder

Author

Olga S. Makarova and Sergey V. Porshnev

Subjects
prediction, computer attacks, intruder, weighting factor of the transition, theory of cellular automata., Information technology, T58.5-58.64, Information theory, Q350-390
Abstract

One of the urgent tasks of information security (IS) is to predict the probabilities of IS threats to an organization that are implemented due to a computer attack (CA). Existing methodologies for assessing CA are Cyber Kill Chain, Mitre Att&ck, NIST 800-115, Certified Ethical Hacker (CEH), FSTEC of Russia and ISO 27001/ They offer approaches to the analysis of CA from the organization point of view. The article offers a completely new approach to CA predicting from the intruder point of view. The analysis of the CA from the intruder point of view is carried out. The methods of CA discussed by intruder s in the DarkNet and their structuring are highlighted. The stages of the implementation of the SC from the intruder point of view are justified: theoretical training, practical training, achieving the goal of the CA. The conclusion about the possibility of using the mathematical apparatus of cellular automata in the simulation of the CA is justified, since the dynamics of the CA is similar to the dynamics of a cellular automaton. The parameters that affect the possibility of implementing the CA by the intruder are determined, in particular, the popularity of the CA method, the availability/sufficiency of means of protection against this CA, and others. The quantitative characteristics of the CA that determine the weighting factor of the transition (WCP) are justified. The sufficiency of the list of selected quantitative characteristics of the CA is confirmed by the results of the analysis of the CA, implemented with the help of the malicious software Petya, on the nodes of the information infrastructure of organizations located on the territory of Ukraine.

Published
2021
Full Text
View/download PDF

3. Assessment of probabilities of computer attacks based on function

Author

Olga S. Makarova and Sergey V. Porshnev

Subjects
information system, information security, computer attack, intruder, probability of threats, expected utility, computer attack, expected utility function, key attack criteria of computer attack, criminology theory., Information technology, T58.5-58.64, Information theory, Q350-390
Abstract

An objective assessment of the level of protection of an organization’s information system provided by an appropriate information security system (ISS), both at the stage of its design and at the operation stage, is possible based on the use of estimates of current and predicted probabilities of computer attacks of intruder of this IS using vulnerabilities ISS. To assess the probability of a computer attack by an intruder, this study proposes to use the expected utility function that takes into account key attack criteria of the possibility of a computer attack (criteria for choosing an object of a computer attack by an intruder, stages and methods of implementing an attack, methods of obtaining information about an object, skills of an intruder) and the expected usefulness of the attack (motives the offender, the state of the offender before a computer attack, in particular, his income, the principles for deciding on the conduct / continuation / termination of a computer attack intruder), modernized taking into account the characteristics of this type and crimes in the computer sphere. The proposed solution is based on the theory of provisions in criminology, which states that an attack is implemented by an intruder in cases where it is possible to implement an attack and, at the same time, the expected utility of the attack from the point of view of the offender is sufficient. It is demonstrated that the selected utility function adequately describes the relationship between the probability of a computer attack and the key attack criteria of a computer attack. The analysis of the modernized utility function, the results of which showed that: 1) the value of the expected utility, ceteris paribus, for the offender prone to risk, is determined by the probability of exposing it (which is equivalent to the likelihood of an inconspicuous computer attack), for the offender not prone to risk, - the severity of the punishment, therefore it is necessary to build a differentiated protection system depending on the type of intruder; 2) there is the possibility of a significant reduction in the number of potential violators by increasing revenues from the legal activities of security experts; 3) there is a dependence of the number of computer attacks for a certain period of time on the probability of an inconspicuous computer attack, the severity of the punishment, the presence and magnitude of alternative income (benefits).

Published
2020
Full Text
View/download PDF

4. Assessment of probabilities of computer attacks based on the method of analysis of hierarchies with dynamic priorities and preferences

Author

Olga S. Makarova and Sergey V. Porshnev

Subjects
forecasting, information security, cyber security, hacker, threats probability, functional decision making method, key attack criteria., Information technology, T58.5-58.64, Information theory, Q350-390
Abstract

The task of obtaining adequate assess of the threat`s probability and risks of information security as well as forecasting the vectors of likely attacks of hackers using new methods has become rather relevant with active penetration of information technologies (IS) in organizations. This study substantiates a new method for predicting the probability of computer attacks considered from the perspective of the offender's priorities. This method is based on analyzing hierarchies with dynamic priorities and preferences. For practical use the choice of key attack factors was justified and a comparative analysis of the proposed and already known methods for predicting the probability of attacks is carried out. This has helped us to identify its advantages and limitations. Estimates of the probability of computer attacks in 2019 were obtained.

Published
2020
Full Text
View/download PDF

5. About Influence of Weight Initialization Algorithms on Accuracy of the Forecast with LSTM-net for Harmonic Signals

Author

Nikolai Safiullin, Sergey V. Porshnev, and Yulia Timoshenkova

Subjects
Harmonic analysis, Series (mathematics), Artificial neural network, Computer science, Harmonic, Initialization, Time series, Algorithm, Measure (mathematics), Physics::Atmospheric and Oceanic Physics, Time–frequency analysis
Abstract

The paper presents the results of study about the influence of the initial weights choice on the long-term forecast accuracy in the problem of multi-step forecast with a neural network based on long short-term memory (LSTM-net) for time series, composed of time-ordered samples of a harmonic, an amplitude-modulated signal and a frequency-modulated signal. The recursive forecast has been estimated on model time series data providing the means to measure the actual accuracy of the forecast while controlling influence of different characteristics. The analysis of the results show that a necessary condition for obtaining a high-quality long-term forecast is the correct choice of the LSTM-net parameters, especially the initialization of weights for neural network layers. At the same time the use of LSTM-net parameters, which provide high accuracy of short-term forecast, does not guarantee the accuracy of the long-term forecast, and vice-versa. In this regard it is concluded that the usage of other forecast methods and /or algorithms for correcting predicted values for mentioned types of time series is preferable.

Published
2021
Full Text
View/download PDF

6. The Concept of Allocating Access Rights to Virtual Memory Area in Linux-based Operating Systems

Author

Liliya Galimzyanova, Sergey V. Porshnev, and Roman Gilmiyarov

Subjects
business.industry, Computer science, Process (computing), Access control, Permission, computer.software_genre, Object (computer science), Security controls, Mandatory access control, Memory management, Virtual memory, Operating system, business, computer
Abstract

The paper presents the concept of a model for managing access to virtual memory in a Linux-based operating system (OS). The concept is developed based on the analysis of approaches to memory management in the Linux-based OS. The model of process access control to virtual memory areas is justified and is based on the consideration of the process as the subject of access, and the area of virtual memory used by this process as the object of access (accordingly, the virtual memory of the process is a set of virtual memory areas). To implement this model in practice, it is proposed to use the permission flags of virtual memory areas. The proposed model can be an addition to the mandatory entity-role model of access and information flows security control in Linux-based OS or other standard models, where the subject is a user or process, and the object is a file.

Published
2021
Full Text
View/download PDF

Catalog

Books, media, physical & digital resources
See catalog results