This article presents a systematic review of methods for ensuring the trustworthiness and authenticity of devices in the Internet of Things (IoT) ecosystem. Key vulnerabilities, architectural features, and resource constraints of IoT systems that determine the choice of security mechanisms are analyzed. Cryptographic solutions, dynamic trust models, access control approaches, and authentication protocols for industrial and distributed environments are considered. A comparative analysis of methods identifies relevant research gaps and identifies promising areas for developing comprehensive, adaptive security systems for heterogeneous IoT infrastructures.

Keywords: Internet of Things system, security, reliability, authenticity, devices, methods

Decentralized parametric insurance represents a promising innovation in the decentralized finance industry, offering automated and transparent payments based on verifiable external data. However, this dependence on external data supplied by oracles creates a critical vulnerability. The complexity of smart contracts can lead to unforeseen consequences, as demonstrated by attacks using flash credit: an instant loan that must be repaid as part of the same blockchain transaction. These attacks have become one of the most destructive vectors of economic attacks, allowing attackers to manipulate price oracles and initiate fraudulent insurance payments. Existing defense mechanisms, such as time-weighted average price oracles, are passive and not always sufficient to prevent such attacks. This article presents an original model of preventive protection. The author formalizes an attack on oracles using flash credit as a game-theoretic model with three participants: an attacker, a Protocol, and an Arbitrageur, where the latter is an automatic trading program implemented in a smart contract. Using a mathematical framework based on the invariant of an automatic market maker, the author determines the exact "window of vulnerability" - the economic conditions under which an attack is beneficial for an attacker and unprofitable for market arbitrageurs. Based on this analysis, the architecture of "SC-Guard" is proposed — a system of smart contracts with preventive protection against attacks using flash credit. Such a system monitors transactions not yet included in the blocks in real time for threats and dynamically changes economic incentives, subsidizing the Arbitrageur to neutralize attacks before they are executed. Instead of passively resisting manipulation, a system architecture is proposed that actively makes flash credit attacks economically unprofitable, providing a higher level of security for decentralized parametric insurance protocols.

Keywords: decentralized finance, parametric insurance, flash loans, oracle attacks, game theory, smart contract security, maximum extractable value, preemptive defense.

This research paper addresses the growing challenge of sophisticated, multi-stage cyberattacks that bypass traditional security measures like firewalls and intrusion detection systems. The study proposes a novel formal approach to model attacker behavior and analyze attack vectors, with a specific focus on estimating the total time required to execute an attack scenario. The core of the methodology is an extension of Labelled Transition Systems (LTS) into a Time-Labelled Transition System (TLTS). This model introduces a time function that assigns a delay to each event, enabling the calculation of the execution time for different attack paths. A formal language, utilizing sequence and choice operators, is developed for the compact description of complex attack scenarios. The paper formulates precise rules for generating all possible paths from a given attack vector and provides a method for calculating their total number. The practical application of the formalism is demonstrated through two detailed case studies: an attack leveraging a malicious mobile application and the compromise of an IoT video surveillance system. For each, the attack vector is presented both graphically and in the proposed notation, and all possible execution paths are explicitly derived. The concluded approach provides a valuable foundation for proactive security assessment, allowing for the formalization of attack surfaces and the estimation of implementation timeframes, which can be instrumental in developing enhanced defense mechanisms. Future work will involve modeling more complex scenarios incorporating active countermeasures.

Keywords: attack modeling, information security, transition system, time delay, formal language, attack scenario, attack trajectory, attack vector, cybersecurity, vulnerability analysis, information protection, attacker behavior

An analytical review of relevant scientific publications in the field of detecting abnormal user activity when working with information systems is conducted. Behavioral analysis in combination with machine and deep learning algorithms opens up new opportunities for early detection of insider threats.
Methods for improving the effectiveness of countering insiders in information systems are analyzed by building an adequate model of the abnormal behavioral profile of users of the customer relationship management system.
The article substantiates the feasibility of an approach to detecting insiders in a computer network based on the use of machine learning methods and big data processing, which allows for the consideration of a variety of parameters that are not directly related to each other, as well as the automation of this process.

Keywords: information systems, information security, insider, abnormal activity, behavioral profile, cluster neighborhood

The paper examines the key features of deepfakes and approaches to their recognition using computer vision and machine learning methods. In the course of the study, the signs of deepfake detection were identified and analyzed. Based on priorities, the features that ensure high recognition accuracy were identified and a conclusion was drawn about the significance of each feature.

Keywords: generative artificial intelligence, disinformation, deepfake, deepfake detector, cybersecurity, fraud, recognition features, analysis, recognition vectors, machine learning, model

The article discusses modern methods for protecting bank customers' personal information based on differential anonymization of data using trusted neural networks. It provides an overview of the regulatory framework, analyzes technological approaches and describes a developed multi-level anonymization model that combines cryptographic and machine learning techniques. Special attention is paid to balancing between preserving data utility and minimizing the risk of customer identity disclosure.

Keywords: differential anonymization, trusted neural network, personal data, banking technologies, information security, cybersecurity

The purpose of the research is to develop a solution that allows optimizing the number and functionality of information security specialists involved in ensuring the information security of an automated system in a secure execution of the organization. The methods used in the article include a description and analysis of various governing documents, professional standards and regulations of the Russian Federation, and a number of scientific author's works that disclose the requirements for the functionality and qualifications of information security specialists. As a result of the work carried out, significant shortcomings were identified in the current regulatory and methodological documents describing the labor actions of personnel ensuring the protection of the facility's information, and a tendency to reduce the number of positions and simultaneously expand the functionality of the remaining employees. The need to comply with the qualification requirements for the reliable functioning of an automated system in a secure design and the exclusion of the "human" factor in information security incidents is emphasized. A new, optimal organizational structure of the department responsible for monitoring the protection of information circulating in an automated system is proposed, and the job responsibilities and areas of responsibility of the automated system administrator and the information security administrator are specified in detail. The solution presented in this paper can be used for daily information security in any automated system for various organizations. It emphasizes the importance of improving the skills and unifying the competencies of information security workers to ensure their interchangeability and reduce the risks associated with lack of control if highly specialized employees are excluded, which will increase the stability and effectiveness of the information security system at the enterprise.

Keywords: information security, administrator, staffing, functionality of information security personnel, automated system in a secure design

The article discusses current threats and vulnerabilities of telephone subscribers in the context of mass digitalization, the development of artificial intelligence and machine learning technologies, and their use in fraudulent scenarios. The study analyzes the main vulnerability factors and provides statistical data on telephone fraud incidents in Russia and abroad. Special attention is given to the phenomena of trust in authority, insufficient digital literacy, and the use of voice synthesis and deepfake technologies for social engineering attacks.

Keywords: social engineering, fraud, vishing, deepfake, artificial intelligence, digital literacy, information security

Electrocardiogram (ECG)-based biometric authentication systems offer intrinsic resistance to spoofing due to their physiological uniqueness. However, their performance in dynamic real-world settings, such as wearable devices or stress-induced conditions, is often compromised by noise, electrode displacement, and intra-subject variability. This study proposes a novel hybrid framework that enhances robustness, ensuring high authentication accuracy and reliability in adverse conditions, through integrated wavelet-based signal processing for noise suppression and a deep-learning classifier for adaptive feature recognition. The system employs preprocessing, QRS complex detection, distance–deviation modeling, a statistical comparison method that quantifies morphological similarity between ECG templates by analyzing amplitude and shape deviations and an averaging-threshold mechanism, combined with a feedforward Multi-Layer Perceptron (MLP) neural network for classification. The MLP is trained on extracted ECG features to capture complex nonlinear relationships between waveform morphology and user identity, ensuring adaptability to variable signal conditions. Experimental validation on the ECG-ID dataset achieved 98.8% accuracy, 95% sensitivity, an Area Under the Curve (AUC) of 0.98, and a low false acceptance rate, outperforming typical wearable ECG authentication systems that report accuracies between 90% and 95%. With an average processing time of 8 seconds, the proposed method supports near real-time biometric verification suitable for healthcare information systems, telehealth platforms, and IoT-based access control. These findings establish a scalable, adaptive, and noise-resilient foundation for next-generation physiological biometric authentication in real-world environments

Keywords: electrocardiogram biometrics, wavelet decomposition, QRS complex detection, feedforward neural network, deep learning classification, noise-resilient authentication, biometric security

Information technologies have become increasingly used in various fields, be it document management or payment systems. One of the most popular and promising technologies is cryptocurrency. Since they require ensuring the security and reliability of data in the system, most of them use blockchain and complex cryptographic protocols, such as zero-knowledge proof protocols (ZKP). Therefore, an important aspect for achieving the security of these systems is verification, since it can be used to assess the system's resistance to various attacks, as well as its compliance with security requirements. This paper will consider both the concept of verification itself and the methods for its implementation. A comparison of methods for identifying a proof suitable for zero-knowledge protocols is also carried out. And as a result, a conclusion is made that an integrated approach to verification is needed, since choosing only one method cannot cover all potential vulnerabilities. In this regard, it is necessary to apply various verification methods at various stages of system design.

Keywords: cryptocurrency, blockchain, verification, formal method, static analysis, dynamic method, zero-knowledge proof protocol

The article provides a reasonable definition of an intelligent digital twin of an information security protection object and identifies the main stages of its development. The article also develops set-theoretic models of the protection object and the intelligent digital twin, which allow for the identification of their identical components and distinctive features that determine the mechanism for countering threats. Based on the provisions of the conflict theory, the relationship between the protected object and the threat was identified in the absence of an intelligent digital twin, as well as in the presence of an intelligent digital twin in the system of protecting the object from information security threats. The obtained macro-dynamic models of the considered situations allow us to justify the feasibility of implementing a mechanism for protecting the object from information security threats based on the use of its intelligent digital twin and to assess the overall effect of its application.

Keywords: information security, object of protection, intelligent digital twin, threat, set-theoretic model, conflict theory, macrodynamic model

This paper proposes a novel model of computer network behavior that incorporates weighted multi-label dependencies to identify rare anomalous events. The model accounts for multi-label dependencies not previously encountered in the source data, enabling a "preemptive" assessment of their potential destructive impact on the network. An algorithm for calculating the potential damage from the realization of a multi-label dependency is presented. The proposed model is applicable for analyzing a broad spectrum of rare events in information security and for developing new methods and algorithms for information protection based on multi-label patterns. The approach allows for fine-tuning the parameters of multi-label dependency accounting within the model, depending on the specific goals and operating conditions of the computer network.

Keywords: multi-label classification, multi-label dependency, attribute space, computer attacks, information security, network traffic classification, attack detection, attribute informativeness, model, rare anomalous events, anomalous events

The article presents the results of a study of the security of the command transmission channel for unmanned aircraft (UAV) using the example of an FPV drone. The research was carried out in an anechoic shielded chamber of a specialized landfill with certified measuring equipment. The results of measurements of the spectral panorama and the possibility of passive interception of signals in the radio are presented. The relevance of ensuring safe operation of the UAV is shown, as well as the vulnerability of the ELRS protocol to control interception. Recommendations on the use of cryptographic algorithms to neutralize security threats are given.

Keywords: unmanned aircraft, UAV, FPV drone, ExpressLRS, FHSS, SDR receiver, safe operation, information protection, vulnerabilities, unauthorized access, control interception, identification phrase

The article discusses the development of a method for protecting confidential images in instant messengers based on masking with orthogonal matrices. The vulnerability of the system to brute-force attacks and account compromise is analyzed. The main focus is on the development of an architecture for analyzing abnormal activity and adaptive authentication. The article presents a system structure with independent security components that provide blocking based on brute-force attacks and flexible session management. The interaction of the modules within a unified security system is described, with the distribution of functions between server and client components.

Keywords: information security, messenger, messaging, communications, instant messaging systems, security audits, and brute-force attacks

The aim of this study is to analyze methods for protecting radio channels from intentional interference by managing wireless channel resources, with an emphasis on identifying key challenges and directions for further research in this area. The primary method applied is the ontological approach of knowledge engineering. The work collects and systematizes the main approaches to counteracting jamming of communication channels and analyzes studies aimed at formalizing radio network problems for the purpose of modeling and analysis. The results made it possible to determine relevant development directions, identify existing gaps, formulate requirements for the model under development, and justify the choice of methods to be used in subsequent research.

Keywords: FHSS, interference, radio channel, radio communication, telecommunications, jamming, network, modeling, communication, mitigation, security

The relevance of this article stems from the need to develop lightweight and scalable solutions for decentralized systems (blockchain, IoT), where traditional cryptographic methods are inefficient or excessive. A theoretical-practical method for protecting unmanned transportation systems against Sybil attacks has been developed, based on a server robot’s analysis of each client robot’s unique directional electromagnetic signal power map signature. Experimental solutions for Sybil attack protection are demonstrated using two aerial servers deployed on quadcopters. The proposed keyless Sybil attack defense method utilizes WiFi signal parameter analysis (e.g., power scattering and variable antenna radiation patterns) to detect spoofed client robots. Experiments confirm that monitoring unique radio channel characteristics effectively limits signature forgery. This physical-layer approach is also applicable to detecting packet injection in robot Wi-Fi networks. The key advantages of the developed method include the elimination of cryptography, reducing computational overhead; the use of physical signal parameters as a "fingerprint" for legitimate devices; and the method's scalability to counter other threats, such as traffic injection.

Keywords: protection against Sybil attacks, unmanned vehicle systems, electromagnetic signal power map, WiFi signal, signature falsification, spoofing, and synthetic aperture radar

Methods of increasing the efficiency of data analysis based on topology and analytical geometry are becoming increasingly popular in modern information systems. However, due to the high degree of complexity of topological structures, the solution of the main tasks of processing and storing information is provided by spatial geometry in combination with modular arithmetic and analytical assignment of geometric structures, the description of which is involved in the development of new methods for solving optimization problems. The practical application of elliptic cryptography, including in network protocols, is based on the use of interpolation methods for approximating graphs of functions, since a loss of accuracy may occur when performing many sequential mathematical operations. This problem is related to the features of the computing architecture of modern devices. It is known that an error can have a cumulative effect, so data approximation methods must be used sequentially as calculations are performed.

Keywords: elliptic curve, information system, data analysis, discrete logarithm, point order, scalar, subexponential algorithm

This paper is devoted to the theoretical analysis and comparative characteristics of methods and algorithms for automatic identity verification based on the dynamic characteristics of a handwritten signature. The processes of collecting and preprocessing dynamic characteristics are considered. An analysis of classical methods, including hidden Markov models, support vector machines, and modern neural network architectures, including recurrent, convolutional, and Siamese neural networks, is conducted. The advantages of using Siamese neural networks in verification tasks under the condition of a small volume of training data are highlighted. Key metrics for assessing the quality of biometric systems are defined. The advantages and disadvantages of the considered methods are summarized, and promising areas of research are outlined.

Keywords: verification, signature, machine learning, dynamic characteristic, hidden Markov models, support vector machine, neural network approach, recurrent neural networks, convolutional neural networks, siamese neural networks, type I error

The article describes a program that reminds users to change their account password in a timely manner, in order to comply with information security requirements and prevent "hacks" and network attacks. The program is developed using a virtual machine (Virtual Box), followed by the installation of the Linux Mint operating system. The software is written in Python programming language, using libraries such as: notify2 (a package for displaying desktop notifications in Linux), schedule (a library for scheduling regular tasks), and other libraries. During the development of Python software for timely password change of the user, key functions were implemented that ensure security and convenience of work: checking the validity of the password, notifying the user.

Keywords: Cyber hygiene, password protection, cybersecurity, programming language, Astra Linux, operating system, graphic editor, software product, program, user account, information security, virtual machine

The article provides an overview of the current state of password authentication and highlights the main problems. Various options for password-free authentication are being considered as a replacement for password authentication. Each option is analyzed in terms of disadvantages and the possibility of replacing passwords.
The analysis revealed that some alternatives can only act as an additional factor in multi-factor authentication, such as OTP and push notifications. Others, on the contrary, should not be used as an authentication method at all; these include QR codes.
As a result of the analysis, two directions of password-free authentication were identified as clear favorites: biometric and passkey. When comparing the finalists, the choice fell on passkey, since it does not have the main and critical drawback of biometric authentication - dependence on concealing the originals of biometrics. In case of biometrics compromise, a person gets huge problems, since without surgical intervention he cannot change it.
Passkey, on the contrary, demonstrates a high level of protection, comparable to biometrics, but is devoid of such a drawback. At the same time, passkey, or rather the current FIDO2 standard, has a few shortcomings that hinder distribution. These include the potential possibility of using malware as a client. Another, no less important problem is unlinking the old and linking a new key in case of loss or failure of the first one.
To solve this problem, it is necessary to develop a secure authentication protocol using passkey technology.

Keywords: password authentication, passwordless authentication, push notification, QR-code, biometric authentication, passkey, FIDO2, WebAuthn, CTAP2.1

The paper proposes a method to counteract unauthorized privilege escalation in the Android operating system. The proposed method involves using the ARM architecture’s hardware virtualization technology to control access to to the operating system’s kernel data structures that store task identification information.  

Keywords: information security, privilege escalation, Android, hypervisor, information protection, hardware virtualization, access control, integrity of language structures, ensuring information security

The paper deals with a problem of assessing the level of security of critical information infrastructure objects in the financial sector based on organizational structure and management factors in the context of internal audit. Standards do not allow flexible assessment of indicators characterizing information security requirements and propose to obtain expert assessments based on subjectively selected elements (documents, facts) related to certain requirements. The article considers a Bayesian approach to assessing the values of private indicators for all available characteristics of information security requirements, which allows obtaining them on a continuous scale. A corresponding model is presented that includes the calculation of private and generalized indicator values. It improves the approach to assessing the level of security of critical information infrastructure objects during internal audit, as defined by standards, from the point of view of assessing private indicator values on a continuous scale and taking into account the influence of the history of changes in the characteristics of information security requirements.

Keywords: information security, Bayesian approach, critical information infrastructure objects, indicators of compliance with information security requirements, level of protection of objects, model with probabilistic components

The article provides a brief analysis of information security measures, which allowed us to substantiate the leading role of technical measures for protecting elements of computer systems, digital systems, cellular communication systems, and users of these systems in modern conditions. The analysis of the growth of cybercrime indicators in Russia revealed the obsolescence of the existing comprehensive approach to protecting elements of computer systems, digital systems, cellular communication systems, and users of these systems, and determined the necessity, timeliness, and relevance of creating and using an information security ecosystem. An analysis of existing single solutions for creating and using information security ecosystems revealed the need to use intelligent digital twins of protected objects to neutralize information security threats. Based on this analysis, the features of implementing an information security ecosystem using intelligent digital twins of computer systems, digital systems, cellular communication systems, and users of these systems have been identified.

Keywords: information security ecosystem, intelligent digital twin, information security threat, vulnerability analysis, threat monitoring and detection, and attack protection and prevention

The paper presents a methodology that includes stages of task performance control, data collection and analysis, determination of reliability and efficiency criteria, reasonable selection, communication, implementation and control of the results of management decisions. A cyclic algorithm for comprehensive verification of compliance with the reliability and efficiency criteria of the system has been developed, allowing for prompt response to changes, increased system stability and adaptation to adverse environmental impacts. Improved mathematical formulas for assessing the state of organizational systems are proposed, including calculation of the readiness factor, level of planned task performance and compliance with established requirements. The application of the methodology is aimed at increasing the validity of decisions made while reducing the time for decision-making, as well as ensuring the relevance, completeness and reliability of information in information resources in the interests of sustainable development of organizational systems.

Keywords: algorithms, time, control, reliability and efficiency criteria, indicators, resources, management decisions, cyclicity

This article examines the growing threat of web scraping (parsing) as a form of automated cyberattack, particularly aimed. Although scraping publicly available data is often legal, its misuse can lead to serious consequences, including server overload, data breaches and intellectual property infringement. Recent court cases against OpenAI and ChatGPT highlight the legal uncertainty associated with unauthorized data collection.
The study presents a dual approach to combat malicious scraping. Traffic Classification Model - a machine learning based solution using Random Forest algorithms results in performance that achieves 89% accuracy in distinguishing between legitimate and malicious bot traffic, enabling early detection of scraping attempts. Data Deception Technique - the countermeasure dynamically modifies HTML content to convey false information to scrapers while maintaining the original look of the page. This technique prevents data collection without affecting the user experience.
Performance results include real-time traffic monitoring, dynamic page obfuscation, and automatic response systems.
The proposed system demonstrates effectiveness in mitigating the risks associated with scraping and emphasizes the need for adaptive cybersecurity measures in evolving digital technologies.

 

Keywords: parsing, automated attacks, data protection, bot detection, traffic classification, machine learning, attack analysis, data spoofing, web security