Theoretical and Applied Cybersecurity

Framework for detecting outlier and database intrusions

2024-05-09T17:44:16+03:00

Abstract. This paper presents a methodology and framework for detecting anomalies in the actions of relational database users, with a focus on insider threats. The architecture of the framework is described, including the choice of parameters for logging user behavior and the justification of the anomaly detection algorithm. An overview of the existing anomaly-detection solutions is provided. The proposed methodology for the functioning of the framework is outlined with recommendations on the choice of algorithm parameters. The analysis of insider actions in databases provides an original approach to anomaly detection and contributes to the field of information security.

Fuzzy logic in risk assessment of multi-stage cyber attacks on critical infrastructure networks

2024-12-16T19:00:51+02:00

In the current environment, critical infrastructure has become the target of increasingly complex multi-stage cyber attacks characterized by sequential phases of infiltration, privilege escalation, and lateral movement within the target network. Traditional risk assessment methods often rely on assumptions of precise data availability and well-defined probabilities, which limit their applicability in real-world scenarios marked by uncertainty and imprecise information. This paper proposes an approach based on the use of fuzzy logic systems to assess the risks of multi-stage cyber attacks against networked critical infrastructure services. The proposed methodology takes into account the ambiguity and fuzziness of input data, expert judgments, and the dynamic progression of attacks. The result is a more flexible and adaptive risk assessment model that supports informed decision-making to enhance cybersecurity, prioritize countermeasures, and optimize the allocation of defensive resources.

Methodology of a Swarm of Virtual Experts for Evaluating the Weight of Connections in Networks

2024-12-31T15:09:46+02:00

This article proposes a new methodology — the Swarm of Virtual Experts (SVE) — for evaluating the weights of connections in complex networks, based on a holistic approach. Traditional methods relying on expert assessments often face issues of subjectivity and limited resources. This paper introduces the methodology of the Swarm of Virtual Experts. The focus is on integrating large language models (LLMs) into the decision-making process, where each model acts as a virtual expert with specific tasks and functions. The core idea is to combine diverse assessments from different LLMs using mathematical tools, including incidence matrices, weighted averages, and aggregation methods. The methodology addresses the issue of fragmented results caused by the probabilistic nature of LLMs and enhances analytical efficiency through role assignment to agents, aggregation mechanisms, and quality evaluation of outcomes. The application of this technique is illustrated with examples, particularly in the field of cybersecurity. Special attention is given to holistic analysis, which provides a comprehensive approach to evaluating the weights of connections between nodes in networks.

Comparison analysis between strict ontologies and fuzzy ontologies

2024-12-10T10:35:32+02:00

Ontological modeling has been important in the field of cybersecurity, but with the growing use of artificial intelligence in various processes related to cybersecurity, it has become an increasingly relevant area for research every new year. Ontologies can serve as a primary source of knowledge for artificial intelligence models and as a "sequence of actions" in different processes. Typically, strict ontologies were used due to their formalized structure, but they did not fully capture processes that involve fuzzy contexts of actions or results. The aim of this article is to present and analyze different ontologies, both strict and fuzzy, that are used or could be used in the field of cybersecurity and related processes, demonstrating their similarities, differences, and areas of application.

Differential-Rotational Probabilities of Modular Addition and Its Approximations

2024-12-22T22:45:08+02:00

In this paper, we consider differential-rotational cryptanalysis, or RX-analysis, and its application to certain classes of ARX-cryptosystems. We provide exact analytical expressions for the RX-differential probabilities with arbitrary rotation values for modular addition. These expressions are described in terms of differential probabilities, which allows comparison of ordinary and RX-differential behaviour. Furthermore, we consider two operations that approximate modular addition, one of which comes from the NORX cipher. For these operations, we also provide exact analytical expressions for the RX-differential probabilities.

Application of Ternary Pattern-based Truncated Differential Cryptanalysis to Specific Block Ciphers

2024-12-13T01:57:55+02:00

Enhancing Row-Sampling-Based Rowhammer defense methods with Machine Learning approach

2024-12-25T17:51:31+02:00

This paper investigates the integration of machine learning into the Row-Sampling technique to enhance its effectiveness in mitigating Rowhammer attacks in DRAM systems. A multidimensional multilabel predictor model is employed to dynamically predict and adjust probability thresholds based on real-time memory access patterns, improving the precision of row selection for targeted refresh. The approach demonstrates significant improvements in security, reducing Rowhammer-induced bit flips, while also maintaining energy efficiency and minimizing performance overhead. By leveraging machine learning, this work refines the Row-Sampling method, offering a scalable and adaptive solution to memory vulnerabilities in modern DRAM architectures.

Forecasting Information Operations with Hybrid Transformer Architecture

2025-01-02T17:08:09+02:00

Proactive decision-making in all processes is difficult to imagine without forecasting methods, especially in the field of cybersecurity where the speed and quality of response are often critical. For this reason, we proposed a unique methodology based on a new hybrid architecture Transformer that perfectly captures long-term dependencies and an adaptive algorithm ACWA that quantifies historical patterns. Thus, the described approach considers short-term fluctuations, long-term trends, and seasonal patterns more effectively than traditional forecasting models, as demonstrated by the application of Information Operations and Disinformation occurrences time series forecasting.

Simulation of UAV networks on the battlefield, taking into account cyber- physical influences that affect availability

2024-12-17T19:24:03+02:00

The paper considers the types of countering means for unmanned aerial vehicles and the enemy's electronic warfare equipment used during the war in Ukraine. The types of cyber-physical influences that can be used to disrupt the availability of the network of unmanned aerial vehicles are addressed. The problem is also considered from the point of view of cybersecurity, taking into account possible harmful effects on the network of smart devices. Models based on complex networks, cellular automata and Petri nets are proposed, which allow solving the problem of optimizing the location of devices taking into account the set goal and countering cyber-physical attacks on availability and integrity. The proposed models differ from existing ones taking into account the conditions on the battlefield. A computational experiment has been performed that allows us to visualize the disposition of aircraft depending on the surrounding conditions on the battlefield. The results of the work can be used to develop a strategy for implementing operations of various types on the battlefield using UAVs.