Igor Kotenko

Verified

Igor verified their affiliation via an institutional email.

Learn more

Verified

Igor verified their affiliation via an institutional email.

Learn more

• PhD, D.of S.
• Chief Scientist at St. Petersburg Research Center of the Russian Academy of Sciences

The utilization of machine learning (ML) techniques for intrusion detection systems (IDS) in cybersecurity has become increasingly prevalent, demonstrating substantial advancements and effectiveness. This survey systematically reviews the use of ML techniques in IDS for cybersecurity, highlighting both advancements and associated challenges. By exa...

In industrial Internet of Things (IoT) systems, explaining anomalies plays a crucial role in identifying bottlenecks and optimizing processes. This paper proposes an approach to anomaly detection using an autoencoder and its explana-tion based on the SHAP method. The purpose of the anomaly explanation is to provide a set of data features in indus-t...

The growing complexity of cyber threats requires innovative machine learning techniques, and image-based malware classification opens up new possibilities. Meanwhile, existing research has largely overlooked the impact of noise and obfuscation techniques commonly employed by malware authors to evade detection, and there is a critical gap in using n...

The rapid proliferation of electric vehicles (EVs) necessitates advanced charging infrastructure, which is increasingly reliant on cloud-based technologies and the Internet of Things (IoT). However, these systems are vulnerable to cyber attacks that could have severe repercussions, including power grid failures. This paper addresses the security vu...

The object of the study is a new methodological and practical approach to solving the problem of adaptive neural network filtering. A hybrid adaptive approach to the operational assessment of the security of critical resources is described, which combines traditional Kalman filtering methods with the capabilities of artificial neural networks with...

Популярность контейнерных систем привлекает внимание многих исследователей в областиинформационных технологий. Технология контейнеризации позволяет сократить расходы вычис-лительных ресурсов при разворачивании и поддержке сложных инфраструктурных решений.Обеспечение безопасности контейнерных систем и контейнеризации в целом, а также примене-ние зло...

The Internet of Things is a pivotal constituent of the contemporary technological revolution and has experienced expeditious expansion in recent times. The proliferation of Internet of Things devices has led to enhanced convenience and automation. However, the extensive deployment of Internet of Things devices has also engendered concerns regarding...

Accurate real-time prediction of formation pressure and kick detection is crucial for drilling operations, as it can significantly improve decision-making and the cost-effectiveness of the process. Data-driven models have gained popularity for automating drilling operations by predicting formation pressure and detecting kicks. However, the current...

Nowadays, people spend a lot of time in the information space, communicating within various social platforms. Content of those platforms can influence people’s feelings and personalities, which is especially relevant for young people. In this research, we made an attempt to prove this hypothesis. For the experiment, we selected the VKontakte social...

Assessing and prioritizing programs that exploit software vulnerabilities and are used to carry out cyberattacks on a computer system (exploits) is crucial for effectively responding to cyberattacks. This paper presents a method for au-tomatically assessing exploits, where a model is trained to classify exploits using deep learning methods during t...

The object of the research is a new methodological approach to information granulation and fuzzy granular calculations, as a mathematical and methodological tool for improving the reliability of assessing the level of information security of the Smart City infrastructure. The proposed approach is one of the options for the practical application of...

The Internet of Things (IoT) has revolutionised technology in intelligent urban environments. Meanwhile, security and privacy risks have emerged, including the presence of various malware, resulting in detrimental consequences. Generative attack networks (GAN) can not only build superior representations for complex and multi-dimensional data but al...

To develop safer smart city solutions, it is crucial to investigate new technologies for malware analysis and detection to enhance existing malware prevention systems. Deep learning (DL) techniques have surpassed conventional machine learning as the dominant method for network security; therefore, it is crucial for researchers to utilise DL techniq...

This article discusses the problem of ensuring security in container systems, which is due to the rapid growth in the use of containerization technologies and microservice architectures in modern high-load computing systems. The increasing number of threats and vulnerabilities to microservice systems undermines the credibility of such systems and c...

As a system allowing intra-network devices to automatically communicate over the Internet, the Internet of Things (IoT) faces increasing popularity in modern applications and security threats – particularly network intrusions that target both networks and devices. A major threat is network attacks that attempt to obtain unauthorised access and dama...

Smart Cities, the modern digital urban landscapes, are primarily facilitated by the Internet of Things (IoT) infrastructures for information communication. Despite Smart Cities' benefits, risks revolving around data privacy and security within the IoT sphere raise concern. Particularly, malware attacks significantly threaten IoT systems, demanding...

The number of cyber-attacks is growing every year, and the attacks themselves are becoming more complex. Multi-step attacks are a separate category. Their peculiarity is that they are performed in several stages, are often aimed at many nodes and affect many devices. Thanks to deep learning models, it became possible to automatically deliver the co...

This paper proposes a Multi-Task Learning (MTL) classifier-based Intrusion Detection System (IDS) for IoT network environments. It compares the effectiveness and generalizability of both hard and soft parameter sharing MTL models against a single task learning model. A hybrid resampling method is introduced, combining a random undersampler with an...

There exists a global challenge related to the boosting number of elderly suffering from chronic diseases like Dementia (EWD). Hence, there is a drastic need for cost-effective disruptive technologies that enable and guarantee the quality of life for EWD via implementing telehealth. The purpose of this paper is to propose a telehealth system based...

The rapid expansion of the Internet of Things (IoT) has led to the need for robust security mechanisms to protect IoT networks and devices against various attacks. In this paper, we propose a novel hybrid intrusion detection solution that harnesses the power of multi-task learning (MTL) to enhance intrusion detection performance. We introduce a MTL...

Among all cybersecurity techniques, intrusion detection systems are the first and effective defense line for network and system. However, to develop an accurate, robust intrusion detection system with decent generalizability, challenges like limited labeled data, balancing between detection rates and false alarms need to be overcome. We propose an...

The intrusion detection techniques remain essential for network security, especially for the Internet of Things (IoT) environment, where there are crucial network systems and voluminous intra-network devices with vulnerabilities and the need for protection. Despite the existence of many deep learning-based approaches for effective and efficient int...

Security monitoring of cyber-physical systems, in particular in important areas such as industry, energy, medicine and others, should be continuous. Information about the security state of the system is typically logged as security events. Due to the increasing complexity and variability of attacks, security analysts spend a lot of time and effort...

The object of the study is a new methodological approach to solving the problem of interval analysis of the security for information and telecommunication resources of critically important infrastructures. This approach is one of the options for the practical application of the theory of interval averages (interval calculations). The analysis of th...

The object of research is a new methodological approach to adaptive neural network filtering as a mathematical tool for improving the accuracy and efficiency of evaluating some properties of complex technical systems. This approach is one of the options for the practical application of adaptive (hybrid) filtering methods. The analysis of the featur...

This paper solves the problem of modeling the scheme for developing software systems, which can be used in building solutions for secure energy networks. A development scheme is proposed in a set of representations through which each program of the software complex passes, namely the following representations: idea, conceptual model, architecture,...

The size of Internet of Things (IoT) networks, the physical devices connected to them, and the volume of data processed have grown exponentially over the past decade. Meanwhile, the confidentiality of data processed by IoT and vulnerabilities of intra-network devices also make security the most crucial issue. While many deep learning-based intrusio...

Currently, the methods and means of human–machine interaction and visualization as its integral part are being increasingly developed. In various fields of scientific knowledge and technology, there is a need to find and select the most effective visualization models for various types of data, as well as to develop automation tools for the process...

The article proposes an approach to ensuring the functioning of Software-Defined Networks (SDN) in cyber attack conditions based on the analytical modeling of cyber attacks using the method of topological transformation of stochastic networks. Unlike other well-known approaches, the proposed approach combines the SDN resilience assessment based on...

The notion of the attacker profile is often used in risk analysis tasks such as cyber attack forecasting, security incident investigations and security decision support. The attacker profile is a set of attributes characterising an attacker and their behaviour. This paper analyzes the research in the area of attacker modelling and presents the anal...

Cyberattacks on cyber-physical systems (CPS) can lead to severe consequences, and therefore it is extremely important to detect them at early stages. However, there are several challenges to be solved in this area; they include an ability of the security system to detect previously unknown attacks. This problem could be solved with the system behav...

This work solves the problem of identification of the machine code architecture in cyberphysical devices. A basic systematization of the Executable and Linkable Format and Portable Executable formats of programs, as well as the analysis mechanisms used and the goals achieved, is made. An ontological model of the subject area is constructed, introdu...

Information systems need to process a large amount of event monitoring data. The process of finding the relationships between events is called correlation, which creates a context between independent events and previously collected information in real time and normalizes it for subsequent processing. In cybersecurity, events can determine the steps...

The purpose of the article: conducting a system analysis of the requirements for the subsystem for preventing computer attacks on critical information infrastructure in order to substantiate the directions for further improved scientific and methodological apparatus for the full functioning of the subsystem for preventing computer attacks. Research...

The purpose of the article: analysis of the problem of ensuring timely authorized access to the resources of the electronic information and educational environment of universities of federal executive authorities and identification of possible directions for its solution. Research methods: system analysis of the problem of ensuring access of offici...

SDN technology in the near future will allow to introduce aspects of the openness of the code of the network component of the cloud infrastructure, which is considered the most favorable basis for the development and implementation of a wide range of applications. It is based on the implementation of network devices and their functions not in separ...

As a system allowing intra-network devices to automatically communicate with each other through the internet, the Internet of Things (IoT) faces both increasing popularity in modern applications and security threats, especially network intrusions to networks and devices within. One major threat is network attacks that attempt to obtain unauthorized...

Modern information systems generate a lot of events. Analysis of the events allows detecting malicious activity within the system. There are a lot of event correlation techniques intended for the detection of cyber security incidents and different types of cyber attacks, as well as there are a lot of techniques for multi-step attack modeling. At th...

Журнал "Вопросы кибербезопасности" / Cybersecurity issues journal / RU: / Цель статьи: устранение противоречия, состоящего в существующей потребности в наборе простых и понятных показателей защищенности информации и персональных данных для пользователей устройств интернета вещей и их производителей, и отсутствием такого набора, объединяющего взаимо...

In modern data transmission networks, in order to constantly monitor network traffic and detect abnormal activity in it, as well as identify and classify cyber attacks, it is necessary to take into account a large number of factors and parameters, including possible network routes, data delay times, packet losses and new traffic properties that dif...

At present, IoT networks have penetrated almost all spheres of life in modern society. They have a fairly wide arsenal of various network devices and also have a fairly developed and branched structure. However, the high dynamics of the behavior of IoT networks, coupled with the large volumes of information processed in them and the transmitted tra...

The rapid growth of tasks solved with the help of machine learning leads to an increase in the importance of artificial intelligence systems (AISs). These systems are gradually being integrated into the business structure and widely used in various applications. The data sets and trained models used in AISs are of great interest to competitors, and...

In this paper, we propose an approach for anomaly and attack detection based on the analysis of kernel logs obtained with enhanced Berkley Packet Filter (eBPF). Based on the logs we generate white and blacklists in form of rules for detection, that in comparison with machine learning models can be interpreted and adjected by specialist. In paper we...

The article discusses an approach to the construction and operation of a proactive system for protecting smart power grids against cyberattacks on service data transfer protocols. It is based on a combination of computational intelligence methods: identifying anomalies in network traffic by evaluating its self-similarity, detecting and classifying...

Information systems need to process a large amount of event monitoring data. The process of finding the relationships between events is called correlation, which creates a context between independent events and previously collected information in real time and normalizes it for subsequent processing. In cybersecurity, events can determine the steps...

The specificity of the water treatment field, associated with water transmission, distribution and accounting, as well as the need to use automation and intelligent tools for various information solutions and security tools, have resulted in the development of integrated approaches and practical solutions regarding various aspects of the functionin...

Asset inventory is one of the essential steps in cyber security analysis and management. It is required for security risk identification. Current information systems are large-scale, heterogeneous, and dynamic. This complicates manual inventory of the assets as it requires a lot of time and human resources. At the same time, an asset inventory shou...

Nowadays, the whole driver monitoring system can be placed inside the vehicle driver's smartphone, which introduces new security and privacy risks to the system. Because of the nature of the modern transportation systems, the consequences of the security issues in such systems can be crucial, leading to threat to human life and health. Moreover, de...

The paper considers an issue of analysis of security risks posed by the multistage cyber attacks using known tactics, techniques, and procedures. The technique for cyber attack sequences modeling and testing using source data from the MITRE ATT&CK database and the production model is proposed. Risk assessment is implemented for the generated cyber...

The paper describes a new technique for the design of abstract models of microcontroller-based physical security systems. Under the abstract model of the system, this work considers an abstract representation of the system, the design of which is carried out based on abstract elements such as electronic components, microcontrollers and single-board...

To diagnose computer incidents based on a neural network model, it is necessary to determine the optimal number of neurons of both the hidden and the input layer. An increase in the frequency of feature collection entails an increase in the dimension of the input layer, which, with a limited set of training examples, leads to a deterioration in the...

The object of the research is a new methodological approach to solving the problem of interval analysis of the security of information and telecommunication resources of critical infrastructures. This approach is one of the variants of practising the methods of the class midvalues (interval calculations). The approach characteristics were analyzed...

Introduction: diagnosing mental illness is a complex process that includes conducting dialogue conversations, analyzing the behavior of the subject and passing specialized tests. The successful solution of this problem can be influenced by both the lack of knowledge and experience of the psychologist, and the presence of contradictory or incomplete...

Currently, personal data collection and processing are widely used while providing digital services within mobile sensing networks for their operation, personalization, and improvement. Personal data are any data that identifiably describe a person. Legislative and regulatory documents adopted in recent years define the key requirements for the pro...

This article covers the issues of constructing tools for detecting network attacks targeting devices in IoT clouds. The detection is performed within the framework of cloud infrastructure, which receives data flows that are limited in size and content, and characterize the current network interaction of the analyzed IoT devices. The detection is ba...

Ensuring security for modern IoT systems requires the use of complex methods to analyze their software. One of the most in-demand methods that has repeatedly been proven to be effective is static analysis. However, the progressive complication of the connections in IoT systems, the increase in their scale, and the heterogeneity of elements requires...

Ensuring the security of modern cyberphysical devices is the most important task of the modern world. The reason for this is that such devices can cause not only informational, but also physical damage. One of the approaches to solving the problem is the static analysis of the machine code of the firmware of such devices. The situation becomes more...