Методи розвідки кіберпростору

The article surveys the necessity of taking the measures to neutralize threats to national security in cyberspace, which are specified with the rapid growth of dependence of state and military authorities on the using of various automated control systems, which are the targets of the realization of cyber impact of enemy in case of a possible military-political conflict between countries.Every second, the dynamic processes take place in the cyberspace which are characterized some cybernetic activities – an action that provides access to various information resources or intelligence activities with the using of software and information networks for the purpose of collecting information about information systems and resources of enemy.Cyber influence is considered, which includes unauthorized access, which causes damage to critical information systems, to resources or general information and personal appointment by a breach of confidentiality, integrity and efficiency of information and information and telecommunication networks software, digital data, which provides a range of consumer services (telecommunication or information services).This article describes the importance of national security in the cyberspace. It is justified the urgency and the necessity of intelligence activities in cyberspace of the enemy in this article. It is defined the stages, components and the methods of cybernetic intelligence in cyberspace and critical data is identified which must be collected in the realization of intelligence activities for providing the headquarters with information gathered about the enemy. It is considered comparative characteristics of intelligence in cyberspace and it is determined the main criteria for their construction. The main advantages and disadvantages of active and passive method of intelligence gathering and integrated approach are proposed with the benefits of each method, which will allow increasing the efficiency of cybernetic intelligence in information and telecommunication networks.В статье рассматривается проблема нейтрализации угроз национальной безопасности в кибернетическом пространстве, которая обусловливается стремительным ростом зависимости государственных и военных органов управления от использования автоматизированных систем управления, которые являются целями осуществления кибернетического воздействия противника в случае вероятного военно-политического конфликта.Рассмотрены способы кибернетического воздействия на информационно-телекоммуникационные сети, включающие несанкционированный доступ, что наносит ущерб критически важным информационным системам, ресурсам или информации общего и личного характера путем нарушения конфиденциальности, целостности и работоспособности информационно-телекоммуникационных сетей, программного обеспечения и цифровых данных.Статья описывает важность обеспечения национальной безопасности государства в кибернетическом пространстве. Обоснована актуальность и необходимость проведения разведывательных мероприятий в кибернетическом пространстве противника. Определены этапы, составляющие и методы кибернетической разведки в кибернетическом пространстве, а также критические данные, которые необходимо добыть в ходе проведения разведывательных мероприятий для обеспечения командования информацией о противнике. Рассмотрены сравнительные характеристики средств разведки кибернетического пространства и определены критерии для их построения. Определены основные преимущества и недостатки активного и пассивного метода добычи разведданных и предложен комплексный подход использования преимуществ каждого метода, что позволит повысить эффективность проведения кибернетической разведки в информационно-телекоммуникационных сетях.В статті розглядається проблема нейтралізації загроз національній безпеці у кібернетичному просторі, що обумовлюється стрімким зростанням залежності державних та військових органів управління від використання автоматизованих систем управління, які є цілями здійснення кібернетичного впливу противника у разі ймовірного військово-політичного конфлікту.Розглянуто способи кібернетичного впливу на інформаційно-телекомунікаційні мережі, які включають несанкціонований доступ, що завдає збитків критично важливим інформаційним системам, ресурсам або інформації загального та приватного характеру шляхом порушення конфіденційності, цілісності та працездатності інформаційно-телекомунікаційних мереж, програмного забезпечення та цифрових даних.Стаття описує важливість забезпечення національної безпеки держави у кібернетичному просторі. Обґрунтовано актуальність та необхідність проведення розвідувальних заходів у кібернетичному просторі противника. Визначено етапи, складові та методи кібернетичної розвідки у кібернетичному просторі, а також критичні дані, які необхідно добути у ході проведення розвідувальних заходів для забезпечення командування інформацією про противника. Розглянуто порівняльні характеристики засобів розвідки кібернетичного простору та визначено критерії щодо їх побудови. Визначено основні переваги та недоліки активного та пасивного методу добування розвідувальних даних та запропоновано комплексний підхід використання переваг кожного методу, що дасть можливість підвищити ефективність проведення кібернетичної розвідки у інформаційно-телекомунікаційних мережах

Identification of energy-hidden chirp signals of telecommunication systems in conditions of parametric uncertainty

The ambiguity diagram of rectangular chirp RF pulse has been analyzed. The characteristic point of ambiguity diagram was identified. It was proposed to identify the signal on the basis of correlation level at the characteristic point of ellipsoidal ambiguity diagram built in a special coordinate system. The quasi-optimal autocorrelation algorithm with quadrature processing is proposed. This algorithm is resistant to a priori uncertainty of parameters of input energy-hidden signals with unknown waveform and unknown initial phase against the background of Gaussian stationary noise. The tuning parameters of identification scheme and the decision-making rule regarding the availability of chirp signal in the input mixture were determined. The simulation modeling of identification procedure was conducted using the software package Matlab R2016a. The simulation results confirmed the ability of the proposed algorithm to identify the chirp signal in the input mixture at small values of the signal-to-noise ratio

Development of A Concept for Building A Critical Infrastructure Facilities Security System

To effectively protect critical infrastructure facilities (CIF), it is important to understand the focus of cybersecurity efforts. The concept of building security systems based on a variety of models describing various CIF functioning aspects is presented. The development of the concept is presented as a sequence of solving the following tasks. The basic concepts related to cyberattacks on CIF were determined, which make it possible to outline the boundaries of the problem and determine the level of formalization of the modeling processes. The proposed threat model takes into account possible synergistic/emergent features of the integration of modern target threats and their hybridity. A unified threat base that does not depend on CIF was formed. The concept of modeling the CIF security system was developed based on models of various classes and levels. A method to determine attacker's capabilities was developed. A concept for assessing the CIF security was developed, which allows forming a unified threat base, assessing the signs of their synergy and hybridity, identifying critical CIF points, determining compliance with regulatory requirements and the state of the security system. The mathematical tool and a variety of basic models of the concept can be used for all CIFs, which makes it possible to unify preventive measures and increase the security level. It is proposed to use post-quantum cryptography algorithms on crypto-code structures to provide security services. The proposed mechanisms provide the required stability (230–235 group operations), the rate of cryptographic transformation is comparable to block-symmetric ciphers (BSC) and reliability (Perr 10–9–10–12

Development and Analysis of Game-theoretical Models of Security Systems Agents Interaction

A game-theoretic approach is presented, which claims to be a universal method for solving most problems in the field of cybersecurity. As arguments to confirm the superiority of game theory, mathematical validity and provability of the optimality of decisions made, unlike the widely used heuristics, the possibility of developing reliable protection based on analytical results, ensuring a timely response to cyberattacks in conditions of limited resources, as well as distributed nature of decision making are highlighted.The definitions of the basic concepts used in security tasks based on game-theoretic models are introduced.The features of the application of game theory methods in the field of cybersecurity are listed and the limitations of research in this area are formulated, namely: a restriction on game strategies, simultaneous moves of players in the behavior patterns of security system agents, uncertainty in the time the players take the move, uncertainty in the final goal of the enemy, unpredictability of further player moves, lack of players' assessment of enemy resources. as well as its ultimate goals, the inability to timely assess the current state of the game.The game-theoretic models are aligned with the listed security problems, and the main solutions obtained as a result of using the corresponding models are also determined.Many methods of game theory have been formed, for each of which a relationship is determined between the game model, its scope, simulation result and security services that the method under consideration supports.The limitations of the classical representation of game theory models are determined, the need to overcome which follows from the requirements for providing basic security services. Such limitations include: the ability of the defender to detect attacks, the certainty of the probabilities of a change of state before the start of the game, the synchronism of the players' moves, the inability to scale the model due to the size and complexity of the system under consideration.Models of the main tasks of the interaction of antagonistic agents of security systems have been developed. The resulting models made it possible to obtain solutions to two of the most common tasks in the field of cybersecurity, namely, the interaction of the system administrator and the attacker in organizing the protection of information resources. The tasks are solved for various conditions – the game matrix contains cost estimates of resources and the matrix reflects the probability of threat realization. Pure and mixed strategies are defined for various initial conditions, which allows to exclude from the consideration strategies that are not included in the solution.A synergistic approach to the use of game-theoretic modeling was formed taking into account the behavior of agents of security systems, based on an analysis of the diversity and characteristics of game-theoretic models, their inherent limitations and scop

Development of Methodology for Modeling the Interaction of Antagonistic Agents in Cybersecurity Systems

The basic concepts that form the basis of integrated modeling of the behavior of antagonistic agents in cybersecurity systems are identified. It is shown that the emphasis is largely on modeling the behavior of one of the cyber conflict parties only. In the case when the interaction of all parties to the conflict is considered, the approaches used are focused on solving particular problems, or they model a simplified situation.A methodology for modeling the interaction of antagonistic agents in cybersecurity systems, focused on the use of a multi-model complex with elements of cognitive modeling, is proposed. For this objective, the main components of cyber conflict are highlighted, the models of which must be developed. Modeling the interaction of antagonistic agents is proposed to be implemented as a simulation of situations. The concept of a situation is formulated and its components are presented.In the proposed methodology, traditional methods and modeling tools are not opposed, but are considered together, thus forming a unified methodological basis for modeling the antagonistic agents' behavior.In the proposed multi-model complexes, the individual elements and functions of the entities under study are described using various classes of models at a certain level of detail. Coordinated use of various models allows improving the quality of modeling by compensating for the shortcomings of some models by the advantages of others, in particular, reflecting the dynamics of interaction in system-dynamic and agent-based models, which is difficult in classical models of game theory.Multi-model complexes allow stating the concept of «virtual modeling». This concept allows simulation using models of various classes. The choice of a class of models should correspond to the goals and objectives of modeling, the nature and structure of the source data.As a result of research, a methodology is proposed for modeling the interaction of antagonistic agents in cybersecurity systems using methods based on the proposed models of the reflective behavior of antagonistic agents under modern hybrid threats condition