+7 (495) 987 43 74 ext. 3304
Join us -              
Рус   |   Eng

Authors

Abzalov A.

Degree
Senior Lecturer, Kazan National Research Technical University A. N. Tupolev
E-mail
Abzalov@land.ru
Location
Kazan, Russia
Articles

Users authentication by the dynamics of keystrokes when using automatic proctoring systems

Online courses and testing systems are becoming an integral part of distance learning systems today. As an increasing number of people embrace online examinations, the need for validity protection becomes more important. Personification is a huge challenge in online examinations administering because of online users’ anonymity. In this article, we solved this problem through the use of keystroke dynamics, which refers to the identification of users based on their typing patterns. Our work confirmed the fact that it is possible to distinguish users according to their typing patterns. Our architecture promises higher accuracy and reliability compared to other methods that use the dynamics of keystrokes to distinguish between real and fake users, since it has 3 levels. The architecture contains of a statistical level, machine learning level, and a logical comparison level in hierarchical order. When a user signs up in the system, his typing data is automatically captured for use in templates generation. The templates are used as references to continuously authenticate the user while taking an online examination. An experiment was conducted, the research results showed that the accuracy of user authentication was 97.5%. Also we found out that our architecture outperformed other decision in several aspects. That aspects are also observed in our work.
Read more...

Investigation of the results of using a soft simulator for responding to the facts of the implementation of computer threats in an automated process control system

Ensuring information security of automated process control systems (IACS) is a difficult task and its solution requires an integrated approach. Various computer threats need to be considered, which may be external, internal, accidental or deliberate. With the global growth of cybercrimes and the constant improvement of cyberattacks, it is necessary to increase the level of security of IACS, web resources, information systems, etc. Achieving the goal of increasing the level of security is possible by solving the problem of training users to respond to the facts of the implementation of computer threats during the operation of the IACS, i. e. information security incidents. The article describes software, the main task of which is to provide users of an industrial automated system with practical skills for an adequate response to incidents, which will increase the level of users' knowledge in the field of information security. The paper presents an analysis of the information security of an automated process control system, which showed that, on average, in 89.5% of cases, attackers use malicious software to gain access to information unauthorizedly, and on average, in 83% of cases, they use social engineering methods. An industrial automated system of a large enterprise in the machine- building industry of the Republic of Tatarstan was selected for the study. The results of the study and experimental data showed that as a result of training and after it, users more correctly and adequately respond to emerging information security incidents due to the fact that most situations were considered and analyzed during the training period using software. On average, the number of attacks in the analyzed periods as a whole decreased by 28%: the number of attacks carried out using social engineering methods decreased by 51.75%, the number of attacks using malicious software by 40.25%, the number of DoS-type attacks – by 11.75%, the number of credential brute-force attacks – by 7.5%. Read more...