The process of ensuring information security is inextricably linked with the assessment of compliance with the requirements. In the field of information protection, this process is called an information security audit. Currently, there are many international and domestic audit standards that describe various processes and methods for assessing compliance with requirements. One of the key drawbacks of these standards is the use of exclusively qualitative assessment without numerical calculations, which in turn does not allow making the procedure the most objective. The use of fuzzy logic allows providing the audit process with an appropriate quantitative assessment, while operating with understandable linguistic variables. The article analyzes existing standards and presents a conceptual model for applying the fuzzy set method in the process of information security audit.

Keywords: information security, information infrastructure, security audit, risk analysis, fuzzy sets, fuzzy logic

This article presents an analysis of corporate network traffic over the SMTP protocol to identify malicious traffic. The relevance of the study is driven by the increasing number of email-based attacks, such as the distribution of viruses, spam, and phishing messages. The objective of the work is to develop an algorithm for detecting malicious traffic that combines traditional analysis methods with modern machine learning approaches. The article describes the research stages: data collection, preprocessing, model training, algorithm testing, and effectiveness analysis. The data used were collected with the Wireshark tool and include SMTP logs, message headers, and attachments. The experimental results demonstrated high accuracy in detecting malicious traffic, confirming the potential of the proposed approach.

Keywords: SMTP, malicious traffic, network traffic analysis, email, machine learning, Wireshark, spam, phishing, classification algorithms

The widespread use of social media platforms has led to the accumulation of vast amounts of stored data, enabling the prediction of rare events based on user interaction analysis. This study presents a method for predicting rare events using graph theory, particularly graphlets. The social network VKontakte, with over 90 million users, serves as the data source. The ORCA algorithm is utilized to identify characteristic graph structures within the data. Throughout the study, user interactions were analyzed to identify precursors of rare events and assess prediction accuracy. The results demonstrate the effectiveness of the proposed method, its potential for threat monitoring, and the possibilities for further refinement of graphlet-based prediction models.

Keywords: social media, security event, event prediction, graph theory, graphlet, interaction analysis, time series analysis, correlation analysis, data processing, anomalous activity

In modern conditions of digital transformation, companies are actively implementing customer Relationship Management systems (CRM systems) to manage customer relationships. However, the issues of data protection, confidentiality and transparency of interaction remain critically important. This article explores the possibilities of using blockchain technology to enhance the security of CRM systems and improve trust between businesses and customers. The purpose of the work is to analyze the potential of using blockchain in data protection of CRM systems, as well as to assess its impact on the transparency of customer transactions. The paper examines the main threats to data security in CRM, the principles of blockchain technology and its key advantages in this context, including decentralization, immutability of records and protection from unauthorized access. Based on the analysis, promising areas of blockchain integration into CRM systems have been identified, practical recommendations for its application have been proposed, and the potential effectiveness of this technology has been assessed. The results of the study may be useful to companies interested in strengthening the protection of customer data and increasing the transparency of user interaction processes.

Keywords: blockchain, CRM-system, security, data protection, transparency, customer interaction

Zero-day attacks are one of the most dangerous threats to the security of modern systems, applications and infrastructure because they are unpredictable. Due to the unknown signatures of zero-day attacks, traditional signature-based defences are unable to detect them. Countering such attacks in IoT networks requires both in-depth research and the implementation of practical measures. The present review of state-of-the-art zero-day attack detection research has shown that deep learning approaches are best at detecting zero-day attacks and botnets in IoT networks. These approaches can analyse anomalies in network traffic and identify new threats and zero-day attacks while minimising the number of false positives.

Keywords: Zero-Day Attack, vulnerability, Internet of Things, machine learning, anomaly, signature-based defence method, autoencoder, network traffic

The number of information security incidents and the amount of damage caused by them are increasing every year. The relevance of information security incident response remains high. The primary response action is an information security incident localization. The purpose of this study is to reduce the time taken to localize detected information security incidents by information security incident response teams. The purpose is achieved by issuing and using a mandate for information security incident localization by orchestration tools and/or artificial intelligence systems in an automated mode. Analysis and synthesis of available publicly materials were applied as research methods. The results of the analysis and evaluation of different criteria applicability for granting a mandate to localize an information security incident in an incident response are presented in the article. A mandate is granted to orchestration tools and/or artificial intelligence systems to perform localization of an information security incident in an automatic mode, i.e., without the involvement of information security incident response team forces. In evaluation the applicability of various criteria for granting a mandate, unlike the known ones, the level of difficulty in determining values for the criteria in question by information security incident response team forces alone was assessed. Criteria and their values are defined, which, unlike the known ones, highlight the area for information security incidents localization in automatic mode.

Keywords: response team, response area, response, automatic localization, orchestration, artificial intelligence

With the rapid development of mobile technologies and increasing risks of data leakage, providing reliable user authentication becomes one of the key tasks of information security. This paper is devoted to the study of application of neural network technologies for biometric authentication in modern mobile systems. The paper provides a comprehensive analysis of existing biometric authentication methods such as face recognition, voice and fingerprint analysis. Special attention is paid to the peculiarities of the methods' operation, accuracy and resistance to attacks. The main advantages and disadvantages of each of the considered authentication methods are given. At the end of the article is presented the practical application of the developed algorithm of neural network authentication based on fingerprint analysis, integrated into the SIM-card. This innovative approach not only increases the security level of mobile devices, but also provides convenience to the user. The implementation of this case study will form the basis for further research presented in this thesis work, which emphasizes the importance of integrating neural network technologies into authentication processes. The results of the research will be useful for both scientists and developers in the field of information security, opening new horizons for the improvement of biometric systems in the mobile environment.

Keywords: authentication, neural networks, biometrics, mobile systems, information security, deepfake, GDPR, hybrid technologies, sim card

This article is devoted to a comparative analysis of the resilience of ResNet18 and ResNet50 neural networks to adversarial attacks on training sets. The issue of the importance of ensuring the safety of learning sets is considered, taking into account the growing scope of artificial intelligence applications. The process of conducting an adversarial attack is described using the example of an animal recognition task. The results of two experiments are analyzed. The purpose of the first experiment was to identify the dependence of the number of epochs required for the successful execution of an adversarial attack on the training set on the neural network version of the ResNet architecture using the example of ResNet18 and ResNet50. The purpose of the second experiment was to get an answer to the question: how successful are attacks on one neural network using modified images of the second neural network. An analysis of the experimental results showed that ResNet50 is more resistant to competitive attacks, but further improvement is still necessary.

Keywords: artificial intelligence, computer vision, Reset, ResNet18, ResNet50, adversarial attacks, learning set, learning set security, neural networks, comparative analysis

Any Internet aggression attack, the purpose of which is to manipulate a victim's files and sensitive information, begins with reconnaissance and obtaining unauthorized account access. Usually, this is done using targeted phishing. The article will describe in detail the process of preparing and conducting an act of gaining access to the target's account. A social network with a form on a main page was chosen as a platform on which the sequence of manipulations will be explained. Method danger is characterized by high availability of technical measures and a relatively low entry threshold. This scientific article’s main goal is to inform members of information security and IT community about a multi-stage computer attack that exists both independently and serves as an initial set of measures in other, larger-scale attacks and their combinations. Problem decomposition of the methodology used by an attacker in the first stages of targeted digital stalking is solved.

Keywords: Internet aggression, phishing, cyberattack, unauthorized access, web form, markup language, user intrface, hosting, malware, content filtering

The article presents an analysis of the network stability of modern banking systems from the point of view of graph theory. The use of graph models makes it possible to effectively describe complex network structures, identify bottlenecks, and predict system behavior during failures or attacks. Algorithms based on graph theory, such as Dijkstra's Algorithm, have been proposed to ensure minimal transaction processing time and improve system reliability. A comparative analysis of various optimization methods through modeling on abstract graphs and real banking network data was carried out. As a result of the study, solutions were proposed to protect the banking system, as well as improve its connectivity and fault tolerance.

Keywords: banking system, graph theory, Dijkstra's algorithm, blockchain, transactions, cyber attack, network stability analysis, banking infrastructure, cyber security, DDoS attack

The purpose of this article is to create a convolutional neural network model for identifying and predicting audio deepfakes by classifying voice content using deep machine learning algorithms and python programming language libraries. The audio content datasets are basic for the neural network learning process and are represented by mel spectrograms. The processing of graphic images of the audio signal in the heatmap format forms the knowledge base of the convolutional neural network. The results of the visualization of mel spectrograms in the ratio of the measurement of the frequency of sound and chalk determine the key characteristics of the audio signal and provide a comparison procedure between a real voice and artificial speech. Modern speech synthesizers use a complex selection and generate synthetic speech based on the recording of a person's voice and a language model. We note the importance of mel spectrograms, including for speech synthesis models, where this type of spectrograms is used to record the timbre of a voice and encode the speaker's original speech. Convolutional neural networks allow you to automate the processing of mel spectrograms and classify voice content: original or fake. The experiments conducted on test voice sets proved the success of learning and using convolutional neural networks using images of MFCC spectral coefficients to classify and study audio content, and the use of this type of neural networks in the field of information security to identify audio deepfakes.

Keywords: neural networks, detection of voice deepfakes, information security, speech synthesis models, deep machine learning, categorical cross-entropy, loss function, algorithms for detecting voice deepfakes, convolutional neural networks, mel-spectrograms

The article examines the key aspects and recommendations for implementing data protection in distributed data storage systems (DDSS) for small businesses. It explores methods of ensuring information security, including incident monitoring, two-factor authentication, and file encryption. The study includes tests of the fault tolerance of DDSS and the robustness of authentication mechanisms under simulated DOS and brute force attacks using fuzzing techniques. Proposed methods include the integration of platforms for incident monitoring (MISP, Wazuh) and the use of TOTP for two-factor authentication. Additionally, it discusses data encryption mechanisms and access management using JWT.

Keywords: information security, fuzzing, monitoring, WAF, data storage system, data encryption, two-factor authentication, small business, fault tolerance

This article examines the practical aspects of using the Kerberos authentication protocol. It provides a brief historical background and describes the main operational principles and characteristics of the protocol that may lead to vulnerabilities. Exploitation of these vulnerabilities can allow an attacker to maintain a persistent presence in a domain environment. In the course of the study, the potential for an attacker to establish domain persistence is investigated through attacks such as Kerberoasting, brute-forcing hashes, and creating Golden Tickets. These activities are carried out using tools designed for penetration testing. Special attention is devoted to assessing the subsequent negative consequences of unauthorized access to domain resources. The study analyzes methods for detecting attacks, including the development of rules to monitor suspicious activity. The article underscores the importance of promptly identifying real-world threat vectors and reinforcing security measures within domain infrastructures. Discussion of the proposed set of attack vectors helps create a more effective penetration testing plan and strengthen monitoring. In particular, the paper examines the process of obtaining Ticket-Granting Tickets, as well as ways to compromise and further exploit static credentials. It is highlighted that the Key Distribution Center (KDC) is a critical component requiring additional oversight and protection. Practical recommendations are provided on monitoring event logs and configuring Intrusion Detection Systems (IDS) for timely detection of anomalous activities. Thus, the central idea of this work is to demonstrate the relevance and significance of Kerberos in corporate networks, while highlighting both its strong points and possible risks. The results emphasize the importance of combining an in-depth understanding of Kerberos functionality with practical security measures to preserve system integrity and reduce risks.

Keywords: pinning, authentication protocol, access level, Kerberos, attack detection, attacker, Golden Ticket, Kerberoasting, attack detection, monitoring

In this work, we present the development and analysis of a feature model for dynamic handwritten signature recognition to improve its effectiveness. The feature model is based on the extraction of both global features (signature length, average angle between signature vectors, range of dynamic characteristics, proportionality coefficient, average input speed) and local features (pen coordinates, pressure, azimuth, and tilt angle). We utilized the method of potentials to generate a signature template that accounts for variations in writing style. Experimental evaluation was conducted using the MCYT_Signature_100 signature database, which contains 2500 genuine and 2500 forged samples. We determined optimal compactness values for each feature, enabling us to accommodate signature writing variability and enhance recognition accuracy. The obtained results confirm the effectiveness of the proposed feature model and its potential for biometric authentication systems, presenting practical interest for information security specialists.

Keywords: dynamic handwritten signature, signature recognition, biometric authentication, feature model, potential method, MCYT_Signature_100, FRR, FAR

Information security management at the enterprise is an important task, as the number of threats is growing and constant improvement of protection mechanisms is necessary. The server infrastructure of the enterprise is used to publish corporate services and the requirements for it are high in terms of performance, reliability and security. This article discusses the developed method of integral assessment of the level of security of the server infrastructure of the enterprise from attacks of various types.

Keywords: data protection, information technology, comprehensive assessment, systems analysis, information systems, information security

The most important problem in using an electronic signature is updating the lists of revoked certificates. Currently, there is no single solution to automate this process. This paper presents one of the solutions to this problem using the example of integrated use of the capabilities of the operating system, cryptography tools and standard certificate management libraries.

Keywords: information security, software, lists of revoked certificates

The article presents a method for protecting transmitted images in instant messengers using time-based one-time passwords (TOTP). An additional level of protection is offered based on a combination of image masking using orthogonal matrices and two-factor authentication based on TOTP. A prototype Python application has been developed and tested using the gRPC remote procedure protocol to ensure secure data exchange between the client and the server. The results of the implementation of the proposed method in preventing unauthorized access to confidential images are presented.

Keywords: information security, messenger, messaging, communications, instant messaging systems, one-time password

The article examines the transition of universities from data warehouses to data lakes, revealing their potential in processing big data. The introduction highlights the main differences between storage and lakes, focusing on the difference in the philosophy of data management. Data warehouses are often used for structured data with relational architecture, while data lakes store data in its raw form, supporting flexibility and scalability. The section ""Data Sources used by the University"" describes how universities manage data collected from various departments, including ERP systems and cloud databases. The discussion of data lakes and data warehouses highlights their key differences in data processing and management methods, advantages and disadvantages. The article examines in detail the problems and challenges of the transition to data lakes, including security, scale and implementation costs. Architectural models of data lakes such as ""Raw Data Lake"" and ""Data Lakehouse"" are presented, describing various approaches to managing the data lifecycle and business goals. Big data processing methods in lakes cover the use of the Apache Hadoop platform and current storage formats. Processing technologies are described, including the use of Apache Spark and machine learning tools. Practical examples of data processing and the application of machine learning with the coordination of work through Spark are proposed. In conclusion, the relevance of the transition to data lakes for universities is emphasized, security and management challenges are emphasized, and the use of cloud technologies is recommended to reduce costs and increase productivity in data management. The article examines the transition of universities from data warehouses to data lakes, revealing their potential in processing big data. The introduction highlights the main differences between storage and lakes, focusing on the difference in the philosophy of data management. Data warehouses are often used for structured data with relational architecture, while data lakes store data in its raw form, supporting flexibility and scalability. The section ""Data Sources used by the University"" describes how universities manage data collected from various departments, including ERP systems and cloud databases. The discussion of data lakes and data warehouses highlights their key differences in data processing and management methods, advantages and disadvantages. The article examines in detail the problems and challenges of the transition to data lakes, including security, scale and implementation costs. Architectural models of data lakes such as ""Raw Data Lake"" and ""Data Lakehouse"" are presented, describing various approaches to managing the data lifecycle and business goals. Big data processing methods in lakes cover the use of the Apache Hadoop platform and current storage formats. Processing technologies are described, including the use of Apache Spark and machine learning tools. Practical examples of data processing and the application of machine learning with the coordination of work through Spark are proposed. In conclusion, the relevance of the transition to data lakes for universities is emphasized, security and management challenges are emphasized, and the use of cloud technologies is recommended to reduce costs and increase productivity in data management.

Keywords: data warehouse, data lake, big data, cloud storage, unstructured data, semi-structured data

The development and application of methods of preliminary processing of tabular data for solving problems of multivalued classification of computer attacks is considered. The object of the study is a data set containing multivalued records collected using a hardware and software complex developed by the authors. The analysis of the attributes of the dataset was carried out, during which 28 attributes were identified that are of the greatest informational importance when used for classification by machine learning algorithms. The expediency of using autoencoders in the field of information security, in tasks related to datasets with the property of ambiguity of target attributes is substantiated. Practical significance: data preprocessing can be used to improve the accuracy of detecting and classifying multi-valued computer attacks.

Keywords: information security, computer attacks, multi-label, multi-label classification, multivalued classification, dataset analysis, experimental data collection, multivalued data, network attacks, information security

Based on the analysis of behavioral characteristics, the main indicators that provide the greatest accuracy in identifying users of mobile devices are identified. As part of the research, software has been written to collect touchscreen data when performing typical user actions. Identification algorithms are implemented based on machine learning algorithms and accuracy is shown. The results obtained in the study can be used to build continuous identification systems.

Keywords: user behavior, touch screen, continuous identification, biometrics, dataset, classification, deep learning, recurrent neural network, mobile device

A class of mathematical methods for code channel division has been developed based on the use of pairs of orthogonal encoding and decoding matrices, the components of which are polynomials and integers. The principles of constructing schemes for implementing code channel combining on the transmitting side and arithmetic code channel division on the receiving side of the communication system and examples of such schemes are presented. The proposed approach will significantly simplify the design of encoding and decoding devices used in space and satellite communication systems.

Keywords: telecommunications systems, telecommunications devices, multiplexing, code division of channels, matrix analysis, encoding matrices, synthesis method, orthogonal matrices, integers

Currently, key aspects of software development include the security and efficiency of the applications being created. Special attention is given to data security and operations involving databases. This article discusses methods and techniques for developing secure applications through the integration of the Rust programming language and the PostgreSQL database management system (DBMS). Rust is a general-purpose programming language that prioritizes safety as its primary objective. The article examines key concepts of Rust, such as strict typing, the RAII (Resource Acquisition Is Initialization) programming idiom, macro definitions, and immutability, and how these features contribute to the development of reliable and high-performance applications when interfacing with databases. The integration with PostgreSQL, which has been demonstrated to be both straightforward and robust, is analyzed, highlighting its capacity for efficient data management while maintaining a high level of security, thereby mitigating common errors and vulnerabilities. Rust is currently used less than popular languages like JavaScript, Python, and Java, despite its steep learning curve. However, major companies see its potential. Rust modules are being integrated into operating system kernels (Linux, Windows, Android), Mozilla is developing features for Firefox's Gecko engine and StackOverflow surveys show a rising usage of Rust. A practical example involving the dispatch of information related to class schedules and video content illustrates the advantages of utilizing Rust in conjunction with PostgreSQL to create a scheduling management system, ensuring data integrity and security.

Keywords: Rust programming language, memory safety, RAII, metaprogramming, DBMS, PostgreSQL

A method is proposed for cascading connection of encoding and decoding devices to implement code division of channels. It is shown that by increasing the number of cascading levels, their implementation is significantly simplified and the number of operations performed is reduced. In this case, as many pairs of subscribers can simultaneously exchange information, what is the minimum order of the encoding and decoding devices in the system. The proposed approach will significantly simplify the design of encoding and decoding devices used in space and satellite communication systems.

Keywords: telecommunications systems, telecommunications devices, multiplexing, code division of channels, orthogonal matrices, integers, cascaded connection

The article presents the method of multiple initial connections aimed at enhancing the information security of peer-to-peer virtual private networks. This method ensures the simultaneous establishment of several initial connections through intermediate nodes, which complicates data interception and minimizes the risks of connection compromise. The paper describes the algorithmic foundation of the method and demonstrates its application using a network of four nodes. An analysis of packet routing is conducted, including the stages of packet formation, modification, and transmission. To calculate the number of unique routes and assess data interception risks, a software package registered with the Federal Service for Intellectual Property was developed. The software utilizes matrix and combinatorial methods, providing high calculation accuracy and analysis efficiency. The proposed method has broad application prospects in peer-to-peer networks, Internet of Things systems, and distributed control systems.

Keywords: multiple initial connections, peer-to-peer network, virtual private network, information security, data transmission routes, intermediate nodes, unique routes

The article presents an algorithm for establishing a secure connection for peer-to-peer virtual private networks aimed at enhancing information security. The algorithm employs modern cryptographic protocols such as IKEv2, RSA, and DH, providing multi-level data protection. The developed algorithm structure includes dynamic generation and destruction of temporary keys, reducing the risk of compromise. The proposed solution is designed for use in corporate network security systems, Internet of Things system, and distributed systems.

Keywords: virtual Private Network, peer-to-peer network, cryptographic protocols, RSA, Diffie-Hellman, IKEv2, secure connection, multi-layer protection, information security, distributed systems