Implementation of Control by Parameters of Client Automated Workplaces of Specialized Information Systems for Neutralization malware Mykola Stetsyuka, Vasyl Stetsyuka, Bohdan Savenkoa, Oleg Savenkoa, Maciej Dobrowolskib a Khmelnytskyi National University, Institutska str., 11, Khmelnytskyi, 29016, Ukraine b Kazimierz Pułaski Technology and Humanitarian University, Malczewskiego St 29, Radom, 26-600, Poland Abstract The paper presents a topical scientific problem for the development of information technology, which automatically allows you to neutralize the manifestations of malicious software on specialized information systems. The risks of malicious software attacks depending on the executable file formats are analyzed. The analysis of methods to ensure fault tolerance and survivability of specialized IP showed that the current methods and technologies do not fully ensure their fault tolerance and survivability in terms of counteracting the impact of malware. Despite the invariance of the methods used, the counteraction procedure is reduced to the organization of a single-level scheme at the system-wide level. This is enough to ensure the functionality of an ordinary computer system that provides general information needs, but not enough to ensure access to the functionality of specialized IP at any time. A method of parametric control of client automated workstations (AWP) of specialized information systems to neutralize the effects of malicious software has been developed. The proposed technology to ensure fault tolerance and survivability of automated workstations of specialized IT and developed a method of parametric control of the relevance of client workstation software provide a high level of IP stability in general against the effects of malware. In fact, it realizes the second line of counteraction to malicious software, in comparison with the system-wide one, where it is not always possible to neutralize the destruction by malicious software. At the same time, being combined with the software support service, it does not require additional costs to support its operation. Experimental studies were conducted with the developed information system, which confirmed the improvement of its efficiency, reliability and proposed solutions. Keywords 1 malfunctioning software, information system, information technology, performance, software comparator, vitality 1. Introduction Today, it is difficult to identify areas where the total use of information technology has not found its recognition. Information technology has penetrated into almost all spheres of modern society, including such specialized as financial activities, medical, military. 1 IntelITSIS’2021: 2nd International Workshop on Intelligent Information Technologies and Systems of Information Security, March 24–26, 2021, Khmelnytskyi, Ukraine EMAIL: mikstt777@gmail.com (M. Stetsyuk); swmuau@gmail.com (V. Stetsyuk); Savenko_bohdan@ukr.net (B. Savenko); savenko_oleg_st@ukr.net (O. Savenko); m.dobrowolski@uthrad.pl (M. Dobrowolski) ORCID: 0000-0003-3875-0416 (M. Stetsyuk); 0000-0001-9880-2666 (V. Stetsyuk); 0000-0001-5647-9979 (B. Savenko); 0000-0002-4104- 745X (O. Savenko); ORCID 0000-0003-0296-9651 (M. Dobrowolski) © 2021 Copyright for this paper by its authors. Use permitted under Creative Commons License Attribution 4.0 International (CC BY 4.0). CEUR Workshop Proceedings (CEUR-WS.org) But along with the positive aspects of their use, we have to accept the idea that new information technologies are very sensitive to various kinds of destruction, one of which is the various ways of malicious software, which in the absence of properly organized counteraction paralyzes the information system which entails a lot of negative consequences [1-7]. Therefore, the task of organizing the work of specialized information systems in the face of malicious software, which in turn is part of a more global task of ensuring fault tolerance and survivability of the information system. This task is considered to have a continuous solution and, at the same time, being complex, includes a number of sub-tasks, such as legal, organizational and, of course, software and hardware, which are responsible for developing mechanisms to counter the effects of malware. It is the latter that have become the subject of this article. 2. Analysis of known solutions The analysis of methods to ensure fault tolerance and survivability of specialized information systems showed that the current methods and technologies do not fully ensure their fault tolerance and survivability in terms of counteracting the impact of malicious software. Despite the invariance of the methods used, the counteraction procedure is reduced to the organization of a single-level scheme at the system-wide level. This is sufficient to ensure the operability of an ordinary computer system that provides general information needs, but not enough to guarantee access to the functionality of a specialized information system at any time. In [1] presents approaches to responding to accidents in computer systems under the influence of malicious software. This is important, including the operation of information systems in computer networks. [2] explains the features of hardware security. In [3] such type of malicious software as botnets is analyzed. Using them causes significant harm to users of computers connected to the Internet. In [4] the security features of IP networks are analyzed. [5] presents forecasts on trends in the development of threats from malicious software. In [6] the influence on the possibility of detecting this type of viruses as metamorphic was analyzed. Their masking complicates the processes of their effective detection. In [7] the possibilities of protection of the hardware and software of the user from external influences are presented. Considered various aspects of the problem area to ensure security in computer systems, indicate the existence of an unresolved problem to ensure the security of processes in them due to the impact of malicious software. If the object of the attack is a specific information system, and the goal is to block its work, then one level of resistance, as the events of 2016 have shown, may not be enough. This is confirmed by successful malware attacks recorded on December 6, 2016 [8]. Their targets were the internal telecommunications networks of the Ministry of Finance, the State Treasury, the Pension Fund and, as a result, blocking access to critical databases, which led to delays in budget payments. On December 15, an attack was made on Ukrzaliznytsia's information system, as a result of which its work was completely blocked during the day. Another aspect that was considered in the analysis of the construction of anti-malware systems is that the construction of such systems is by typification and standardization [9-11]. This is a natural way of developing the defense mechanisms of computer systems, which has many positive, no doubt, moments, but at the same time, its undeniable drawback is that the typing process itself facilitates the creation of mechanisms to overcome the means of protection. And here there is a collision, when on the one hand, we can not give up the benefits of typification and standardization in creating mechanisms to counter the effects of malicious software, and on the other hand, we can not accept the fact that such an approach effectively, in turn, simplifies the creation of mechanisms to overcome the protection of the information system. Thus, standardization in the development of IP makes it easier for attackers to develop malicious software focused on such IP. An important area of ensuring the stability of IP under the influence of malware is the choice of an appropriate effective mathematical apparatus as a basis for the search for abnormal or malicious manifestations [12-15]. Malicious software controlled by an attacker, which is a botnet [16-17], is aimed precisely at taking control of reptiles by user computer systems and gaining access to information systems [18-25]. The authors of the article [24, 25] consider cloud programs, which are considered to be components of several components of cloud services that interact with each other, where each component performs certain functionalities. A comprehensive recovery scheme based on software rejuvenation for cloud applications is proposed, which consists of three important parts: adaptive fault detection, aging assessment, and component-based rejuvenation checkpoint. In the article [26] the use of the clonal selection algorithm as a mathematical apparatus is considered. Therefore, the choice of mathematical software as the basis of methods for detecting abnormal or malicious manifestations, when creating IP that must meet the requirements of fault tolerance and survivability in the face of malware, is an important task. We will also consider other strategic approaches to solving the problem of ensuring the stability and survivability of IP in the face of malware. In [27] the approach for avoiding functional failures during execution in component application systems is presented. The approach uses the internal redundancy of components to find workarounds as alternative sequences of operations to avoid failures. In articles [28, 29] methods of ensuring reliability and functional security of software packages in real time are offered. In [30], tolerance to failure is a major problem in ensuring the availability and reliability of critical services, as well as program implementation. In order to minimize the impact of failures on the system and the implementation of applications, it is necessary to anticipate deviations and take measures for them. Failure tolerance methods are used to predict these failures and take appropriate action before the failures actually occur. In [31] the use of application software interface calls in malware detection problems is shown. This is required for inclusion in detection systems or as part of certain IPs. In [32, 33], cyber resilience and viability are presented as closely related concepts with similar technologies and practices. For historical reasons, these concepts have been embedded in different frameworks that define different constructs to describe problems and areas of solution. In [34-40] shows the impact on the resilience and survival of IT of various types of malware and computer attacks. Paper [39] presents and discusses a method for classifying Android applications to detect malware. Based on the use of an artificial immune system and artificial neural networks, an antivirus system has been proposed, especially for the Android system, which can detect and block unwanted and malicious programs. This system can be characterized by self-adaptation and self- evolution and can detect even unknown and previously unseen malware. That is, the proposed approaches allow the system to respond dynamically to events. Problems to ensure fault tolerance and survivability of specialized information technologies in the face of malicious software and computer attacks are issues of research, including the hardware infrastructure where they operate. Work [40] shows a study of such a class of devices as a router. This document examines the spread of DDoS attacks on the router subsystems of the Smart Office system. This paper analyzes and solves the problem of optimizing the search for the minimum path of attack on the router subsystems. The result of this work is to determine the most vulnerable subsystems of the router to the consequences of DDoS-attacks. Paper [41-44] considers the problems of hidden faults that are inherited in security systems aimed at ensuring the functional safety of high-risk facilities to combat accidents, which is also important and should be taken into account when ensuring resilience and survivability of specialized information technologies. The problem of hidden faults is considered in terms of resource-oriented approach as a problem of growth from the lowest level of replication to the next level of diversification in the development of models, methods and tools [45-46]. To consider malicious manifestations and methods of counteraction to them allow to use these results at creation of information technologies with the increased level of maintenance of fault tolerance and survivability in the conditions of influences of malicious software. 3. Formulation of the problem The practice of using information technology has shown that viable methods to ensure fault tolerance and survivability of the information system are those that are characterized not only by potentially high efficiency parameters, but at the same time, remain simple and cheap to use. This fully applies to measures to neutralize the effects of malicious software. The events that took place in Ukraine in the period from 2013 to 2018 showed the vulnerability of modern information technologies, which in turn makes it urgent to develop methods to improve the efficiency of fault tolerance and survivability of the information system and, even more, specialized information systems in which critical data is usually processed. It is proposed to supplement the existing methods of ensuring the resilience and survivability of the information system in terms of neutralizing the impact of malicious software technology, which is based on the idea of ease of implementation and ensuring high efficiency of specialized information technology in the effects of malicious software. In this case, despite the simplicity of implementation, a feature of the new technology of information system protection is its operation in automatic mode. An important point of its operation is the inclusion in its tasks to document the identified manifestations of malware, which allows for constant analysis of information about events in the information system in order to improve methods of counteraction. 4. Main part One of the ways to solve this problem is to use two levels of counteraction to the effects of malicious software, the first of which, system-wide, is built using conventional counteraction mechanisms, and the second, local, is implemented within the most specialized information system, using its nuances of operation and architecture (Figure 1). . Figure 1: A two-tier anti-malware scheme for client automated workstations of a specialized information system. This approach will increase the likelihood of neutralizing the target attack of malicious software on the objects of a specialized information system, make the work of malicious software as difficult as possible in order to increase the availability of the information system at any time. It is proposed to use as a mechanism to counter attacks, already existing in most developed specialized information systems, the service of maintaining the relevance of client software, giving it new qualities, described in the following method. 5. A method of ensuring the fault tolerance and survivability of the information system in the face of malicious software using parametric control of the relevance of software modules of client automated workstations and their masking To solve the problem of restoring the functionality of the information system in order to prevent the effects of malicious software, increase the degree of warranty of the information system, a method of ensuring fault tolerance and survivability is proposed, the model of which is shown in Figure 2. Figure 2: Model of the method of ensuring fault tolerance and survivability of the information system under the influence of malicious software using parametric control of the relevance of software modules of client automated workstations and their masking The essence of the method is to carry out constant cyclic control of the parameters of the modules of client automated workstations with a given discreteness D. Discreteness is a parameter whose value is chosen based on the level of system-wide performance of the computer network and client computers on which automated workstations are based. This allows you to adapt this technology to the hardware platforms of the information system of different performance. To ensure the robustness of the method, its model includes a software bank that contains software modules of all client automated workstations of the information system and their reference parameters, such as checksums KS1 - KSn code pages, calculated according to a given rule. The set of control parameters can be changed according to the structure of the controlled software modules. In the process of monitoring the relevance of the state of the software module of the client automated workplace, its availability is checked in a given way, its parameters are calculated and compared with the reference. The task of parametric control of relevance of modules within the limits of this method is assigned to the software implemented comparator. In the absence of a controlled module in a given place, or a difference between the actual and reference parameters ∆par at the output of the comparator, the software of the client automated workstation is restored using the reference software stored in the bank. The very fact of detecting discrepancies ∆par is automatically documented while maintaining the necessary parameters for further analysis in the database. If no discrepancies are found between the standard and the module that has passed the relevance check, it can, in addition, be masked by renaming. This will reduce the likelihood of the module being attacked by malicious software, which is known to primarily affect executable files. This method allows you to control the relevance of the modules of client automated workstations in automatic mode, which in turn allows you to ensure fault tolerance and survivability of the information system under the influence of malicious software. In this case, the nature of the attack of malicious software on client software does not play a special role. Because no information system data is stored on client computers, malicious software can only damage program files. This fact is manifested in the process of monitoring the relevance of software modules for automated workstations and they are replaced by reference. 6. Technology to ensure fault tolerance and survivability of the information system under the influence of malicious software using the method of parametric control of software relevance of client automated workstations It is known that all information systems are characterized by a long life cycle, during which their software, under the influence of many external and internal factors is subject to change. And these changes are all the more significant the larger the subject area covered by the information system. The task of maintaining the relevance of the software of client workstations of a specialized information system is quite extensive, so, as a rule, the natural course of development of the information system leads to the transition to an automated subsystem to restore the relevance of software. In the future, we will call it the software support service for client automated workstations. Its task is to detect software updates for client automated workstations of the information system and perform its replication to all workstations with settings for a specific automated workstation. The main component of the software relevance support service is the reference software bank. In the process of improving the information system, changes are made to the software, which in turn leads to the replacement of the standard software in the bank. The task of the support service is to identify the fact of changing the standard of the software and, in response to this, to start the procedure of updating the software of all client workstations where it is used. If we compare the above method of ensuring the fault tolerance and survivability of the information system under the influence of malicious software with the work of the information system software support service, we will see that their implementation will be based on similar algorithms. The only difference is that the algorithms of the software relevance service respond to the change of the software standard, and the algorithms of the method of ensuring the fault tolerance and survivability of the information system to the loss of compliance with the software instance standard n-th client workplace. The reaction in both cases will be the same - the restoration of the software of the client workplace of its standard in the bank. Therefore, the basis of the proposed technology to ensure fault tolerance and survivability of a specialized information system under the influence of malicious software is to put the idea of using the functionality of the existing service to maintain the relevance of software for client automated workstations. To do this, its algorithms have been improved by including in its composition functions that ensure fault tolerance and survivability of the client part of the information system in the conditions of malicious software. The method of counteracting attacks of malicious software, the model of which is shown in Figure 2, implemented in the form of information technology, which includes several interacting at the software level processes. This technology is in addition to the already known ways to protect the information system by counteracting malicious software attacks. It includes a background process, the algorithm of which is shown in a simplified form in Fig. 3, during which, in fact, the relevance of software modules of client automated workstations and a special procedure are checked launching software modules for automated workstations for execution (Figure 4). Figure 3: Algorithm of the background process of the software relevance support service in terms of ensuring fault tolerance and survivability of the client part of the specialized information system under the influence of malicious software. 1. The background process checks the availability of a service request from the loader of the client automated workstation modules. This is necessary in order that the reaction to the fact of failure to start some software module of the automated workplace was the fastest (Figure 3, operator 2). The background process of the software relevance service, running at a specified frequency, monitors the software modules of each registered in the information system client automated workstation. In each iteration, the process performs a given sequence of operations, which implements the algorithm for monitoring the relevance of the software of client automated workstations: This situation in the information system can occur when the operator of an automated workstation tries to run its client program for execution, and it is for some reason unavailable. The program downloader, at the time of attempting to run it, detects this fact and submits an application to the background process for the primary recovery of the software specified in the application automated workstation. Upon receipt of the application, the background process reads from it the number of the software module, which requires priority maintenance and goes to step 6. 2. If there is no request for emergency maintenance, the background process proceeds to check the next module in the queue (Figure 3, operator 3). 3. In the next step, it is checked whether the module of the client automated workstation under analysis is located in a certain place in the file directory of the client computer. In case of its absence for any reason the transition to point 6 (Figure 3, operator 4) is carried out. 4. If the module is available and in a given place, then check its activity (Figure 3, operator 5). At this stage, it is determined whether it is loaded into the memory of the PC and performs the function assigned to it within the information system. If at the time of testing the module is active, then go to step 7. 5. Control of parameters of the next software module of the n-th automated workplace on conformity to the reference stored in bank of service of actuality of the software (figure 3, operator 6). If no deviations from the reference parameters are detected, the file is masked by renaming (Figure 3, operators 9,10). This allows you to remove it from a possible attack by malware, knowing that it attacks executable files, focusing on their extension. Then go to step 7, otherwise to the next. 6. Replace the damaged or restore the missing software module with a reference from the software bank (Figure 3, operator 8). 7. The supply of the command to stop the background process is checked (Figure 3, operator 11). If not, the current iteration is completed, followed by step 1. 8. Completion of the background process. Since this technology is intended for specialized information systems, which in themselves can be the object of targeted attack, the algorithm (Figure 3) may include another function, the task of which is to form the location of the executable modules of client automated working places special files- traps that should serve as false objects of attack for malware, while the real modules are disguised. Trap files are no different from software modules in automated information system workstations except that they can never be downloaded for execution. Before starting the real module, they are destroyed and then re-created after the module completes its work. Along with the function of masking the software modules of automated workstations, the function of creating false objects of attack allows you to direct the destructive actions of malicious software in a direction that does not threaten the functioning of the information system. The process of launching software modules of client automated workstations for execution also has its own feature - it is performed in two stages. First, from the client PC, a short bootloader program is launched, which is permanently stored in a secure directory of the software service of the specialized information system. The bootloader starts, finds the file of the corresponding module in a certain place, restores its name and transfers control to it. Figure 4: Algorithm of work of the loader of modules of the automated workplaces of service of support of actuality of the client software. If the file for some reason is not found, the module loader will issue to the background process a request for an extraordinary software update of the specified automated workstation and will go into standby mode (Figure 4. operators 4,5). After the background process executes the loader's request, it will in turn repeat the procedure of starting the corresponding module (Figure 4 operators 6,7). The ability of this technology to restore damaged and destroyed software of client automated workstations allows you to eliminate the effects of malicious software attacks that penetrate into the module of automated workstations information system, and those whose destructive actions are manifested in data encryption. 7. Influence of executable file format on the frequency of malware attacks In order to find ways to improve the efficiency of the proposed method of ensuring the resilience and survivability of specialized information systems, an analysis of the frequency of malware attacks depending on the type of executable files within the operating system MS Windows. This operating system allows you to work with a fairly wide range of executable files. These are primarily COM and EXE program files. Next are the system drivers. They have the extension SYS or BIN. Executable files also include batch files. These are called BAT files. Executable files also include overlay files and dynamically loaded libraries that are used by programs as needed. The analysis (Table 1) showed that malicious software most often uses files in COM and EXE formats as objects of its attack. They are followed by CMD and BAT files and SYS and BIN driver files. But the use of other file types (INF, INS, MSC, MSI, PIF, REG, VBS, MDB, MDE) for destructive purposes by malicious software is rare. Table 1 Dependence of the frequency of malware attacks on the format of the executable file File type Risk of being attacked by malware EXE Highest COM High CMD & BAT Average SYS & BIN Low MDB, MDE The lowest Other types Not analyzed Of all the above files, we will be interested only in the file with the MDE format of the MS Access package. Executed with functionality that allows you to implement a software system of any complexity, it has the lowest risk of being attacked by malicious software. This means that it is ignored by the developers of the malicious code and no cases of infection have been found. To date, only attempts to destroy the contents of the MDE file by the destructive actions of the Blackmal virus by entering the line "DATA Error" have been detected. But the destruction of the contents of the file is not an infection of the file and, accordingly, such destruction by malicious software does not threaten serious consequences for the data, but only requires the replacement of the distorted file with a new one. Therefore, this fact (the presence of its own format of the executable MDE-file, little prone to infection with malware), among others, significantly influenced the recommendation to choose MS Access as a tool for software development of client automated workstations of specialized information systems. The MDE file is a special format of the MS Access database, and in turn is derived from the MDB-type database of MS Access. Its feature is that part of the database components, which may include executable modules - forms, reports, modules, macros - is stored in the middle of the MDE- file in compiled form, which does not allow any changes to their source text, as well as their review, but it remains possible to make changes to the table and queries. It is positioned as a DBMS file with advanced data manipulation capabilities. The database data can be in the same file, or in another MDE file, or MDB-file. It is also possible to work with data contained in any non-MS Access database that supports ODBC data access technology. An MDE file is an executable file in MS Windows and MAC. It can be started by MS Microsoft Access or RUN Time Access. Such properties of the MDE-file can significantly increase the security of the information system as a whole, because its users do not have access to the source code of the software modules of the user's automated workstation components, and therefore their potentially destructive actions against databases. 8. Experimental studies The subsystem of control of integrity of the client software is realized in the specialized information system "Management of financial resources of KhNU" in its automated workplace "ADMINISTRATOR". The software of this information system was developed in MS Access, which was caused by a number of points, one of which was the desire to reduce the likelihood of its modules to be attacked by malicious software. Unfortunately, this approach only works if this development tool is not widely used. An experiment was performed with this information system, in which the situation of damage to one of the files of the automated workplace №46 by malicious software was simulated - changes were made to one of its code pages using a HEX editor. As a result, its structure began to differ from the reference. As can be seen from the fragment of the log file shown in Figure 5, when trying to run at 14:38 10.6.19 the program of the automated workstation "BALANCE" for execution, the software comparator of comparison of files of the subsystem of control of actuality of the client software, deviations from reference parameters were revealed. Figure 5: Fragment of the Log-file of documentation of events in the subsystem of control of actuality of the client software of the information system of management of financial resources of KhNU The situation was recorded in the log-file of this subsystem in the form of a record number 177082 with error code "15". This code indicates the mismatch of the checksum of the code module of the file rab_bal.mde workplace №46 to the parameters of the file stored in the database of standards. As a result of further operation of the client software relevance control subsystem, the file with the damaged part of the code was deleted and replaced with a new one from the database of standards. Another operation of the comparator, recorded in line 201981 of the listing, documented the event of a discrepancy between the parameters of the standard and the file NDS_rab.mdb in the workplace №50. Error code "0" indicates that the cause of the operation was an update of the software version of this automated workstation. 9. Conclusions The proposed technology to ensure fault tolerance and survivability of automated workplaces of specialized information systems based on the method of parametric control of software relevance of client automated workplaces provides a high level of stability of the information system as a whole against malware. In fact, it implements the second line of counteraction to malicious software, compared to the system-wide, which is not always possible to neutralize the destruction of malicious software. At the same time, being combined with the software relevance support service, it does not require additional costs to support its operation. The direction of further research is to find ways to increase the efficiency of the proposed technology in ensuring fault tolerance and survivability of specialized information systems. 10.References [1] A. Steve. Applied Incident Response. John Wiley & Sons, Inc., 2020. [2] S. Bhunia, M. Tehranipoor Hardware Security: A Hands-on Learning Approach. Morgan Kaufmann, 2019 [3] O. Savenko, S. Lysenko, A. Kryschuk Multi-agent based approach of botnet detection in computer systems, Communications in Computer and Information Science 291 (2012) 171-180 [4] B. Swarup, R. Sandip, S.-K. Susmita. Fundamentals of IP and SoC Security: Design, Verification, and Debug. Springer, 2017 [5] R. S. Grinyov, O. V. Severinov, Analysis of trends in viral threats in Ukraine, in: Proceedings of Modern directions of development of information and communication technologies and management tools, Kharkiv, 2019 [in Ukrainian] [6] O. Savenko, S. Lysenko, A. Nicheporuk, B. Savenko, Metamorphic Viruses’ Detection Technique Based on the Equivalent Functional Block Search, CEUR-WS, 1844 (2017) 555–569. [7] Y. Y. Gromov, O. G. Ivanova, K. V. Starodubov, A. A. Kadykov, Software and hardware means of protection of information systems, TSTU, 2017 [in Russian] [8] Electronic magazine "Nowoe Vremya". The largest cyber attacks against Ukraine since 2014. Infographics, URL: https://nv.ua/ukraine/events/krupnejshie-kiberataki-protiv-ukrainy-s-2014- goda-infografika-1438924.html [in Russian] [9] O. S. Savelyeva, O. M. Krasnozhon, O. U. Lebedeva, Using the structural fault-tolerance index in project designing. Odes’kyi Politechnichnyi Universytet. Pratsi, 2 (2014) 130–135. doi: 10.15276/opu.2.44.2014.24. [10] S. Boranbayev, S. Altayev, A. Boranbayev. Applying the method of diverse redundancy in cloud based systems for increasing reliability, in: Proceedings of the 12th International Conference on Information Technology: New Generations (ITNG 2015), Las Vegas, Nevada, 2015, pp. 796- 799. [11] A. Boranbayev, S. Boranbayev, K. Yersakhanov, A. Nurusheva, R. Taberkhan R, Methods of Ensuring the Reliability and Fault Tolerance of Information Systems, Advances in Intelligent Systems and Computing, 738 (2018) [12] Y. Kondratenko, N. Kondratenko, Soft Computing Analytic Models for Increasing Efficiency of Fuzzy Information Processing in Decision Support Systems. Chapter in book: Decision Making: Processes, Behavioral Influences and Role in Business Management, R. Hudson (Ed.), Nova Science Publishers, New York, 2015, 41-78 [13] L. Bedratyuk O. Savenko, The Star Sequence and the General First Zagreb Index, MATCH Communications in Mathematical and in Computer Chemistry, 79 2 (2018) 407-414. [14] M. Chinnaiah, N. Niranjan, Fault tolerant software systems using software configurations for cloud computing, J Cloud Comp 7 3 (2018). doi: https://doi.org/10.1186/s13677-018-0104-9. [15] D. Fitzpatrick, D. Bodeau, R. Graubart, R. McQuaid, C. Olin and J. Woodill, (DRAFT) Cyber Resiliency Evaluation Framework for Weapon Systems: Foundational Principles and Their Potential Effects on Adversaries, The MITRE Corporation, Bedford, MA, 2019. [16] O. Pomorova, O. Savenko, S. Lysenko, A. Kryshchuk, Multi-Agent Based Approach for Botnet Detection in a Corporate Area Network Using Fuzzy Logic, Communications in Computer and Information Science 370 (2013) 243-254 [17] S. Lysenko, O. Savenko, A. Kryshchuk, Y. Kljots, Botnet detection technique for corporate area network, in: Proceedings of the 2013 IEEE 7th International Conference on Intelligent Data Acquisition and Advanced Computing Systems, 2013, pp. 363-368 [18] NIST, "Initial Public Draft of NIST SSP 800-160 Volume 2, Systems Security Engineering: Cyber Resiliency Considerations for the Engineering of Trustworthy Secure Systems, 2018 URL: https://csrc.nist.gov/CSRC/media/Publications/sp/800-160/vol-2/draft/documents/sp800-160- vol2-draft.pdf. [19] X. Zhu, J. Wang, H. Guo, D. Zhu, L .T. Yang, L. Liu Fault-tolerant scheduling for real-time scientific workflows with elastic resource provisioning in virtualized clouds, IEEE Transactions on Parallel and Distributed Systems, 27 12 (2016) 3501–3517. doi: https://doi.org/10.1109/TPDS.2016.2543731. [20] A. Bala, I. Chana, Fault tolerance-challenges, techniques and implementation in cloud computing, International Journal of Computer Science Issues 9(1) (2012) [21] W. Zhao, Z. Wenbing, P. M. Melliar-Smith, L. E. Moser, Fault Tolerance Middleware for Cloud Computing, in: Proceedings of 2010 IEEE 3rd International Conference on Cloud Computing, Miami, USA, 2010, pp. 67–74. doi: https://doi.org/10.1109/CLOUD.2010.26. [22] I. P. Egwutuoha, S. Chen, D. Levy, B. Selic A fault tolerance framework for high performance computing in cloud, Cluster, Cloud and Grid Computing (CCGrid), in: Proceedings of the 12th IEEE/ACM international symposium. 2012, 709–710. doi: https://doi.org/10.1109/CCGrid.2012.80. [23] S. Lysenko, K. Bobrovnikova, S. Matiukh, I. Hurman, O. Savenko, Detection of the botnets’ low-rate DDoS attacks based on self-similarity, International Journal of Electrical and Computer Engineering (Q2) 10 4 (2020) 3651-3659 [24] J. Liu, J. Zhou J., R. Buyya, Software rejuvenation based fault tolerance scheme for cloud applications, in: Proceedings of 2015 IEEE 8th International Conference on Cloud Computing, New York, USA, 2015, pp. 1115–1118. https://doi.org/10.1109/CLOUD.2015.164. [25] J. Liu, S. Wang, A. Zhou, S.A.P. Kumar, F. Yang, R. Buyya, Using Proactive Fault-Tolerance Approach to Enhance Cloud Service Reliability, in: Proceedings of IEEE Trans Cloud Computing PP(99), 2016. doi: http://dx.doi.org/10.1109/TCC.2016.2567392. [26] S. Lysenko, K. Bobrovnikova, O. Savenko, A Botnet Detection Approach Based on The Clonal Selection Algorithm, in: Proceedings of 2018 IEEE 9th International Conference on Dpendable Systems, Services and Technologies, DeSSerT-2018, Kyiv, Ukraine, 2018, pp. 424-428. [27] P. Nicolo, A frame work for self-healing software systems, in: Proceedings of the IEEE 35th International Conference on Software Engineering, 2013, pp. 1397–1400. doi: https://doi.org/10.1109/ICSE.2013.6606726. [28] A. S. Markov V. L. Tsirlov, A. V. Barabanov, Methods for assessing the inconsistency of information security measures, Radio and communication, Echelon-Espadon, 2012 [in Russian] [29] V. V. Lipaev Reliability and functional security of real-time software packages, Institute of System Programming, Russian Academy of Sciences, 2013 [in Russian] [30] A. Balyk, M. Karpinski, A. Naglik, G. Shangytbayeva, I. Romanets, Using graphic network simulator 3 for DDoS attacks simulation, International Journal of Computing 16 4 (2017) 219- 225 [31] O. Savenko, A. Nicheporuk, I. Hurman, S. Lysenko, Dynamic signature-based malware detection technique based on API call tracing, CEUR-WS 2393 (2019) 633-643 [32] S. Pitcher, "New DoD Approaches on the Cyber Survivability of Weapon Systems, 2019. URL: https://www.itea.org/wp-content/uploads/2019/03/Pitcher-Steve.pdf. [33] D. J. Bodeau, R. D. Graubart, R. M. McQuaid and J. Woodill, Cyber Resiliency Metrics and Scoring in Practice: Use Case Methodology and Examples (MTR 180449), the MITRE Corporation, Bedford, MA, 2018. [34] K. Alminshid M. N. Omar, Detecting backdoor using stepping stone detection approach, in: Proceedings of the 2013 Second International Conference on Informatics & Applications, Lodz, Poland, 2013, pp. 87-92 [35] J. Zaddach, A. Kurmus, D. Balzarotti, E.-O. Blass, A. Francillon, et al., Implementation and Implications of a Stealth Hard-drive Backdoor, in: Proceedings of the 29th Annual Computer Security Applications Conference, New Orleans, Louisiana, US, 2013. [36] T. F. Dullien, Weird machines, exploitability, and provable unexploitability, IEEE Transactions on Emerging Topics in Computing 99 (2017) 1-15 [37] S. L. Thomas, T. Chothia, F. D. Garcia, HumIDIFy: A Tool for Hidden Functionality Detection in Firmware, in: Proceedings of the 14th International Conference on Detection of Intrusions and Malware, and Vulnerability Assessment, Bonn, Germany, 2017, pp. 279-300 [38] S. L. Thomas, T. Chothia, F. D. Garcia, Measuring the Importance of Static Data Comparisons to Detect Backdoors and Undocumented Functionality, in: Proceedings of the 22nd European Symposium on Research in Computer Security. Oslo, Norway, 2017, pp. 513-531 [39] S. Bezobrazov, A. Sachenko, M. Komar, V. Rubanau, The method of artificial intelligence for malicious applications detection in android OS, International Journal of Computing, 15(3) (2016) 184-190 [40] M. Kolisnyk, V. Kharchenko, I. Piskachova, Research of the attacks spread model on the smart office’s router, International Journal of Computing, 19(4) (2020) 629-637. [41] V. Golovko, Y. Savitsky, T. Laopoulos, A. Sachenko, L. Grandinetti, Technique of learning rate estimation for efficient training of MLP, in: Proceedings of the International Joint Conference on Neural Networks 1, 2000, pp. 323-328 [42] R. Kochan, K. Lee, V. Kochan, A. Sachenko, Development of a dynamically reprogrammable NCAP, in: Proceedings of the Conference Record - IEEE Instrumentation and Measurement Technology Conference 2, 2004, pp. 1188-1192 [43] A. Melnyk, V. Melnyk, Specialized Processors Automatic Design Tools-the Basis of Self- Configurable Computer and Cyber-Physical Systems, in: Proceedings of the 2019 IEEE International Conference on Advanced Trends in Information Theory, ATIT 2019, pp. 326-335. doi:10.1109/ATIT49449.2019.9030481 [44] J. Drozd, A. Drozd, M. Al-dhabi, A resource approach to on-line testing of computing circuits, in: Proceedings of the IEEE East-West Design & Test Symposium, Batumi, Georgia, 2015, pp. 276-281. doi: 10.1109/EWDTS.2015.7493122. [45] M. Drozd, A. Drozd, “Safety-Related Instrumentation and Control Systems and a Problem of the Hidden Faults,” The 10th International Conference on Digital Technologies 2014, Zhilina, Slovak Republic, 2014, pp. 137–140. DOI: 10.1109/DT.2014.6868692 [46] J. Drozd, A. Drozd, S. Antoshchuk, A. Kushnerov, V. Nikul, “Effectiveness of Matrix and Pipeline FPGA-Based Arithmetic Components of Safety-Related Systems,” The 8th IEEE International Conference on Intelligent Data Acquisition and Advanced Computing Systems: Technology and Applications, Warsaw, Poland, 2015, pp. 785–789. DOI: 10.1109/IDAACS.2015.7341410