Scientific electronic reviewed journal
Systems of Control, Communication and Security
ISSN 2410-9916

# 6 2021

Control systems
  • A. S. Leontyev
    Mathematical models of control processes for an aircraft low-altitude flight taking into account the location of enemy air defense means
  • Abstract
    • Relevance. Performing a low-altitude flight of an aircraft in combat conditions is one of the most effective and at the same time complex tactics accompanied by a high probability of losses caused by the influence of various types of hazard carriers. The greatest influence in such conditions is exerted by the proximity of the land and the availability of enemy air defense systems. Modern means of ensuring low-altitude flight do not fully meet the requirements of flight safety. On-board flight safety systems can be an effective means of this drawback eliminating. The aim of the work is to develop mathematical models for the on-board flight safety system for performing a low-altitude flight by a military aircraft taking into account the location of the enemy air defense means on the ground. Results and their novelty. The article proposes mathematical models of the aircraft control process for the formation of a low-altitude flight safety corridor in the space of the flight task. The safety corridor is formed in the longitudinal control channel where the corridor upper border of is determined by the detection zone of the enemy's air defense, and the lower one is determined by the terrain. The corridor boundaries determine the optimal low-altitude flight reference trajectory, the deviation from which allows one to enter a quantitative assessment of the current flight situation danger. The novelty of the proposed models in the field of an aircraft low-altitude flight control, which distinguishes them from the known ones, is that they take into account the nature of the terrain, the location and detection zones of enemy air defense systems as factors of danger determining the optimal reference trajectory of low-altitude flight. Air defense accounting is formalized in the form of danger zones in the space of the flight task obtained by approximating the lower boundary of the radar field with second-order surfaces, while the construction of the safety corridor upper boundary is determined by the section of this zone by the flight task plane. The lower boundary is approximated by a pseudo-relief curve formed from a digital elevation map taking into account the minimum allowable flight altitude and the influence of positioning and control errors. Practical significance. The developed mathematical models make it possible to ensure the implementation of adaptive control methods based on the flight situation danger assessment in the on-board flight safety system, which will allow to exclude unintentional approach to the danger boundaries, provide early warning of possible detection by enemy air defense means or approaching the minimum possible flight altitude under the safety conditions, and upon reaching a critical level of danger it will ensure a decision on the further continuation of the flight up to and including refusal to perform the flight mission. The results of the work can also be applied to the development of automatic control algorithms of low-altitude flight for both manned and unmanned aerial vehicles including cruise missiles.
  • Key words
    • mathematical model, a flight situation hazard assessment, low-altitude flight, terrain model, safety corridor model, flight safety, hazard boundary, adaptive control, digital elevation map of terrain
  • Reference
    • Leontyev A. S. Mathematical models of control processes for an aircraft low-altitude flight taking into account the location of enemy air defense means. Systems of Control, Communication and Security, 2021, no. 6, pp. 8-29. DOI: 10.24412/2410-9916-2021-6-8-29 (in Russian).
Information security
  • O. N. Tushkanova
    Identification of potentially malicious posts on social networks using positive and unlabeled learning on text data
  • Abstract
    • Purpose. The rapid growth of social networks audience and the lack of the possibility of high-quality manual content moderation require the development of automatic methods for detecting potentially malicious information based on machine learning to protect vulnerable groups from this information. A standard method of identifying potentially malicious texts in social networks is classical classification. However, well-known algorithms based on classical classification often do not demonstrate sufficient stability and accuracy in the presence of false negative examples in the training sample. The paper aims to assess the applicability of the machine learning approach based on positive and unlabeled training within the task of identifying malicious posts in social networks and develop an algorithm implementing this approach to improve the accuracy of malicious texts detection. Methods: in the developed algorithm, it is proposed to use machine learning based on positive and unlabeled classifiers training and the multiclass classification approach. Novelty: the novelty elements of the presented solution are the combination of an approach to training a classifier based on positive and unlabeled data and a classical multiclass classifier within the framework of an algorithm for solving the problem. Result: the expediency of applying approaches to machine learning based on positive and unlabeled data in the task of identifying texts containing potentially malicious information is substantiated, and the features of some such approaches are considered. An algorithm for identifying potentially malicious posts in social networks using machine learning based on positive and unlabeled text data and multiclass classification is proposed. The design and results of an experimental study of the proposed algorithm on a sample of the Vkontakte social network text posts are presented. It is shown that the developed algorithm works more stable (in terms of accuracy) than the traditional multiclass classification approach when false negative examples are in the training data. Practical relevance: the results of the study were used in the development of a system for detecting malicious content in social networks. The proposed approach makes it possible to increase the classification accuracy of malicious texts when false negative examples are in the training data.
  • Key words
    • machine learning, PU-learning, multiclass classification, malicious information, social network
  • Reference
    • Tushkanova O. N. Identification of potentially malicious posts on social networks using positive and unlabeled learning on text data. Systems of Control, Communication and Security, 2021, no. 6, pp. 30-52. DOI: 10.24412/2410-9916-2021-6-30-52 (in Russian).

  • E. V. Fedorchenko, E. S. Novikova, D. A. Gaifulina, I. V. Kotenko
    Attacker profiling based on the network traffic analysis
  • Abstract
    • Problem statement. The attacker's model is one of the key models used in the tasks of information security analysis, and its specification is a relevant task. The known methods of the attacker’s model determination do not allow connecting his/her high-level abstract characteristics defined by the standards and low-level characteristics collected by information security monitoring and analysis systems. Purpose. The purpose of the research is to determine the attacker's model using a set of low-level attributes calculated on the basis of network traffic. Methods. To determine the set of attributes, and the relationship of high-level attributes with low-level ones, the methods of system analysis were used. To check the correctness of the mapping of low-level attributes to high-level ones, data analysis methods were used, namely, clustering methods, including t-SNE algorithms, multidimensional scaling, and the k-means method. Novelty. The novelty of the research lies in the proposed attacker model and methods for determining its parameters. Also, the proposed classification of attributes belongs to the elements of novelty. Results. The paper proposes a classification of the attacker's attributes. A formal attacker model is introduced that combines low-level attributes, the values of which are calculated based on data obtained from the network traffic, and the high-level characteristics of the attacker. Experiments have shown that the selected attributes are applicable to profiling an attacker. In future research, it is planned to conduct additional experiments and develop methods for analyzing information security using the proposed attacker model. Practical relevance. The developed attacker model can be used within the framework of information security monitoring and analysis systems to forecast the attacker's behavior and optimize the selection of incident response measures. It can also be used in the investigation of security incidents.
  • Key words
    • attacker model, attacker profiling, network traffic, attributes, information security, data analysis
  • Reference
    • Fedorchenko E. V., Novikova E. S., Gaifulina D. A., Kotenko I. V. Attacker profiling based on the network traffic analysis. Systems of Control, Communication and Security, 2021, no. 6, pp. 76-89. DOI: 10.24412/2410-9916-2021-6-76-89 (in Russian).

  • V. I. Vasilyev, A. M. Vulfin, V. E. Gvozdev, V. M. Kartak, E. A. Atarskaya
    Ensuring information security of cyber-physical objects based on predicting and detecting anomalies in their state
  • Abstract
    • Formulation of the problem. Ensuring the stable functioning of cyber-physical systems by improving predictive analysis methods aimed at identifying operational failures caused by the actions of an attacker and leading to the degradation of cyber-physical objects (CPOs), based on the identification of anomalies in the technological time series of parameters of the state of CPOs within the framework of the concept of advanced detection and elimination of cyber security threats. Purpose. Increasing the efficiency of detecting anomalies in the observed parameters of cyber-physical systems by improving the algorithms for detecting anomalies in technological time series of the accumulated parameters of the state of CPOs based on intelligent analysis. Methods of intellectual analysis of multidimensional technological time series are used with the use of a heterogeneous ensemble of detectors to detect anomalies in the accumulated parameters of the state of a CPO. The anomaly detection model includes a group of detectors for a univariate time series and a detector for a multivariate time series based on neural network autoencoders, an isolation forest model, and an estimate of the local outlier factor. Novelty: anomaly detection model based on a heterogeneous ensemble of detectors. The difference lies in the use of neural network autoencoders based on long short-term memory to simulate the normal behavior of the system. When new types of anomalies appear or the nature of current anomalies changes, the detector, based on the evaluation of the image recovery error, retains its operability. Results: Block diagram of a process anomaly detection system based on the use of predictive analysis methods for collected telemetry data of a CPO and allowing to identify the impact of an attacker who has gained access to an industrial process control network; an algorithm for analyzing technological time series and a heterogeneous model of detectors for detecting anomalies caused by an attacker trying to intercept control or impose a control algorithm on a CPO. Practical relevance. The proposed approach is aimed at improving the mechanisms of predictive analysis as part of systems for detecting and eliminating anomalies in production and technological processes of automated process control systems. The system can be used as part of a complex of industrial network protection tools that act as sources of security events for the system for collecting and correlating cybersecurity events.
  • Key words
    • cyber-physical object; time series; anomaly detectors; neural network autoencoder with long-short-term memory
  • Reference
    • Vasilyev V. I., Vulfin A. M., Gvozdev V. E., Kartak V. M., Atarskaya E. A. Ensuring information security of cyber-physical objects based on predicting and detecting anomalies in their state. Systems of Control, Communication and Security, 2021, no. 6, pp. 90-119. DOI: 10.24412/2410-9916-2021-6-90-119 (in Russian).
Communication systems and telecommunication network
  • N. P. Budko, N. V. Vasiliev
    Review of graph-analytical approaches to monitoring of information and telecommunication networks and their application to identify abnormal states
  • Abstract
    • Task statement: Problem statement: modern approaches to monitoring telecommunications networks are focused on measuring the state of individual devices and services, leaving behind the scenes the state of the network "as a whole" as a single monitoring object. As a consequence, for sufficiently large telecommunication networks, especially in the case when the network element is present in the measurement for an insignificant time compared to the period of existence of the entire network, it becomes impossible to analyze the monitoring results. Despite the increasing prevalence of multidimensional data analysis methods in monitoring systems, the task of visual representation of the "health of the network" is more than relevant. Moreover, unlike multidimensional data cubes, the interpretation and analysis of which is akin to art, methods based on the editorial distance of graphs make it possible to visually visualize the dynamics of not only the entire network, but also its individual fragment, which requires less qualification of personnel operating telecommunication systems. The lack of methods for identifying the state depending on the degree of topology change has long hindered the practical application of methods based on the distance of graph editing. However, the development of the theoretical basis, in particular, the proof of results in the field of average sequence graphs and clustering methods, makes it possible to remove the requirement of preliminary normalization of the measure of topology change, replacing it with the concept of a "cluster of state". The purpose of the work is to develop, on the basis of a scientific and methodological apparatus for evaluating graph sequences, a technique for detecting abnormal states of a telecommunications network by analyzing the degree of change in the topology of a monitoring object. Methods used: methods of computational graph theory; methods of data analysis (cluster analysis); linear algebra and spectral graph theory; methods of behavioral analytics; network monitoring technologies as a set of engineering practices that support reliable and trouble-free operation of applications in the present and future; Operation Support Systems, as a technology to support operations; methods of system analysis, structural synthesis, prediction theory, diagnostic theory, classification theory. The novelty of the work: the novelty of the research is determined by the completeness of the analysis of existing graph-analytical approaches and the use of theoretical results on the averaging of graph sequences within the k-means algorithm to form an adaptive classification methodology for assessing the state of a telecommunications network. Result: based on a preliminary analysis of the results in the field of graph monitoring of telecommunication networks, as well as graph clustering methods, an approach to identifying abnormal states of a telecommunications network is proposed. The proposed approach has been tested on real data of a botnet attack on a telecommunications network and shows a fairly clear identification of the periods when the network is in various states, such as: attack, normal and transient modes.
  • Key words
    • graph editing distance, average graph, graph spectrum, graph clustering, information and telecommunication network, network monitoring subsystem
  • Reference
    • Budko N. P., Vasiliev N. V. Review of graph-analytical approaches to monitoring of information and telecommunication networks and their application to identify abnormal states. Systems of Control, Communication and Security, 2021, no. 6, pp. 53-75. DOI: 10.24412/2410-9916-2021-6-53-75 (in Russian).

  • M. S. Ivanov, A.V. Ponamorev, S. I. Makarenko
    Simulation of the teletraffic that transmitted in a radio channel of control combat aircraft. Part 1. Non-stationary teletraffic intensity model at various flight stages
  • Abstract
    • Relevance. The intensity of the use of the Russian Air Force increased significantly at the beginning of the XXI century. At the same time, problematic technical aspects of the operation and management of combat aircraft began to be identified more often. One of these aspects is the discrepancy between the high requirements for operational control of a combat aircraft and the truly timely teletraffic (commands and data on the air situation) transmission on an aircraft board. Preliminary studies have shown that when transmitting teletraffic, changes in the of transmitted teletraffic intensity on various flight stages and the gist of aircraft tasks are not taken into account. This leads to a decrease of the teletraffic timeliness and, as a result, to a decrease in the efficiency of combat aircraft control. The goal of the article is to develop a model of non-stationary teletraffic that transmitted in a radio channel of control combat aircraft. This model takes into account as the stationary part - commands and data on the state of on-board systems, as the non–stationary part - information about the air situation, the volume of which can vary significantly. Novelty. The elements of the novelty of the model include taking into account the structure and truly non-stationary of teletraffic in a radio channel of control combat aircraft on various flight stages. The practical significance of the article lies in the fact that the developed model of non-stationary teletraffic can be used to increase efficiency of combat aircraft control when aircraft is pointing at an aerial target.
  • Key words
    • teletrafic, aerial radio communication network, aviation, communication organization, military aviation, aircraft control
  • Reference
    • Ivanov M. S., Ponamorev A. V., Makarenko S. I. Simulation of the teletraffic that transmitted in a radio channel of control combat aircraft. Part 1. Non-stationary teletraffic intensity model at various flight stages. Systems of Control, Communication and Security, 2021, no. 6, pp. 120-147. DOI: 10.24412/2410-9916-2021-6-120-147 (in Russian).

  • M. S. Ivanov, A.V. Ponamorev, S. I. Makarenko
    Simulation of the teletraffic that transmitted in a radio channel of control combat aircraft. Part 2. Extrapolation and forecasting of the intensity of non-stationary traffic
  • Abstract
    • Relevance. The intensity of the use of the Russian Air Force increased significantly at the beginning of the XXI century. At the same time, problematic technical aspects of the operation and management of combat aircraft began to be identified more often. One of these aspects is the discrepancy between the high requirements for operational control of a combat aircraft and the truly timely teletraffic (commands and data on the air situation) transmission on an aircraft board. In particular, the combat aircrafts control network uses a way of direct assignment of time-frequency resources for individual radio channel of control aircraft. This does not allow adaptive allocation of time-frequency network resources if teletraffic changed. Preliminary studies have shown that when transmitting teletraffic, changes in the of transmitted teletraffic intensity on various flight stages and the gist of aircraft tasks are not taken into account. This leads to a decrease of the teletraffic timeliness and, as a result, to a decrease in the efficiency of combat aircraft control. Therefore, to increase efficiency of combat aircraft control necessary to distribute the time-frequency resources of the network taking into account the forecast of traffic intensity in the aircraft control channels. The goal of the paper is to extrapolate the of the non-stationary teletraffic intensity in the control aircraft channel to the next control cycle for further adaptive planning and distribution of the time-frequency resource of the aircrafts control network. Novelty. The novelty elements of the study are to uses the least squares method to extrapolate non-stationary teletraffic, real statistical data on teletraffic intensity in the control aircraft channel at each control cycle, as well as approximation errors that are taken into account. The practical significance of the article lies in the fact that the theoretical solutions for the approximation of non-stationary traffic in the control aircraft channel can be used to increase efficiency of combat aircraft control when aircraft is pointing at an aerial target.
  • Key words
    • teletrafic, aerial radio communication network, aviation, communication organization, military aviation, aircraft control
  • Reference
    • Ivanov M. S., Ponamorev A. V., Makarenko S. I. Simulation of the teletraffic that transmitted in a radio channel of control combat aircraft. Part 2. Extrapolation and forecasting of the intensity of non-stationary traffic. Systems of Control, Communication and Security, 2021, no. 6, pp. 148-172. DOI: 10.24412/2410-9916-2021-6-148-172 (in Russian).
Scientific contribution
  • V. I. Levin
    Avram N. Rabinovich: an outstanding teacher and scientist
  • Abstract
    • Relevance. In 2021, the 115th anniversary of the birth of the outstanding Soviet mechanical scientist and teacher A.N. Rabinovich will be celebrated. In this regard, it is useful to comprehend what he has done in science, to assess the impact of what he has done on science and society. The purpose of the article is to form an understanding of the fundamental processes of evolutionary and revolutionary approaches to the formation of new scientific knowledge, the laws of the development of science among novice scientists using the example of the results of A.N. Rabinovich's scientific work. Result. To achieve the purpose of the article, the domestic literature on the history of science, the works of A.N. himself were used. Rabinovich, memoirs of his colleagues. The article describes the meaning of the scientific results of A.N. Rabinovich, the possibility of their use in technology. The scientific biography of the scientist has been recreated. The memoirs of his colleagues and acquaintances are given. His features as a person, scientist, teacher are described. Novelty and theoretical significance. The article recreates for the first time the history of the creative activity of the outstanding scientist and teacher A.N. Rabinovich, describes his results in the field of mechanical engineering and instrumentation and achievements in pedagogy. The work will be useful for young scientists studying the methodology of scientific research, as well as specialists working on complex scientific and technical problems as an example of their successful resolution.
  • Key words
    • mechanical engineering, instrumentation, automation, tank building, Kiev, Stalingrad, Chelyabinsk
  • Reference
    • Levin V. I. Avram N. Rabinovich: an outstanding teacher and scientist. Systems of Control, Communication and Security, 2021, no. 6, pp. 1-7. DOI: 10.24412/2410-9916-2021-6-1-7 (in Russian).