Подход к извлечению робастного водяного знака из изображений, содержащих текст
This paper presents an approach to a robust watermark extraction from images containing text. Data extraction based on developed approach to robust watermark embedding into text data, characterizing by conversion invariance of text data into an image format. The comparative analysis of existing approaches of steganographic data embedding into text data is carried out, their advantages and disadvantages are determined. The choice of groups to steganographic data embedding methods based on text formatting is justified. As an embedding algorithm is determined approach based on interline space shifting. The block diagram and the description of the developed algorithm of data embedding into text data are given. An experimental estimation of the embedding capacity and perceptual invisibility of the developed data embedding approach was carried out. An approach to extract embedded information from images containing a robust watermark, based on the existing limitations, has been developed. The Radon transform is chosen as the basic extraction procedure of embedded information, allowing to extract values of the interline spacing. An approach based on Gaussian mixture model separating to isolate the values of the bits was chosen. The limits of the retrieval of embedded data have been experimentally established, and the robustness of the developed embedding approach to the implementation of various transformations has been estimated. The following parameters of robustness developed approach are defined: rotation of an image containing embedded data at any angle; scaling an image with a scaling factor not exceeding 1.5; conversion to any bitmap format; the application of a median filter to an image with a convolution core limit of not more than 9, a Gaussian blur filter with a blurring limit not exceeding 8 and an average filter with a convolution kernel limit of not more than 5.
Widespread acceptance and adoption of cloud computing calls for adaptation and development of existing risk assessment models of information systems. The approach suggested in this article can be used for risk assessment of information systems functioning on the basis of cloud computing technology, and assess the effectiveness of security measures.
Some provisions of SWOT analysis and assessment of its productivity in business are criticized.
The use of hardware virtualization for ensuring information security is discussed. A review of various approaches to improving the security of software systems based on virtualization is given. A review of possible scenarios of using virtualization by intruders is also presented. The application domains and limitations of the available solutions and perspectives of future development in the field are discussed.
This paperwork overviews core technologies implemented by comparably new products at information security market - web application firewalls. Web applications are a very wide-used and convenient way of presenting remote users with access to corporate information resources. It can however become single point of failure rendering all the information infrastructure unreachable for legitimate clients. To prevent malicious access attempts to endpoint information resources and, intermediately, to web server, a new class of information security solutions has been created. Web application firewalls function at the highest, seventh layer of ISO/OSI model and serves as a controlling tunnel for all the traffic heading to and from company’s web application server(s). To ensure decent levels of traffic monitoring and intrusion prevention web application firewalls are equipped with various mechanisms of data exchange session “normalness” control. These mechanisms include protocol check routines, machine learning techniques, traffic signature analysis and more dedicated means like denial of service, XSS injection and CRRF attack prevention. Ability to research and add user rules to be processed along with vendor-provided ones is important since every company has its own security policy and, therefore the web application firewall should provide security engineers with ways to tweak its rules to reflect the security policy more precisely. This research is based on wide practice experience integrating web application firewalls into security landscape of various organizations, their administration and customization. We illustrate our research of available filtering mechanisms and their implementations with example product features by market leaders, schemes and screenshots from real web application firewall systems.
In this paper we present a virtualization-based approach of protecting execution of trusted applications inside potentially compromised operating system. In out approach, we do not isolate application from other processes in any way; instead, we use hypervisor to control processes inside OS and to prevent undesired actions with application resources. The only requirement for our technique to work is presence of hardware support for virtualization; no modifications in application or OS are required.
The Conference is focused on the actual problems in the field of Quality Management, Transport and Information Security, Information Technologies (Navigation and Information Systems, Information Security Systems and Computer Security, Transport Security Management, Information and Communication Technologies in Education, Scientific Research and Economy, Automation of Business Processes, Automated Systems of Control and Quality Management, Quality Management Systems including Integrated Systems of Quality Management of Information Systems (Implementation, Certification, Auditing), Engineering Management, IT Service Management, Management of Projects and Risks as well as other issues related to the field). Previous Conferences on these topics revealed great interest of both Russian and foreign researchers in this issues. Organizing and hosting the 2016 IEEE Conference on Quality Management, Transport and Information Security, Information Technologies (IT&MQ&IS) in Russia is of great value for exchange of research ideas and practical results in this field, for discovering new problems and development trends, for development of new effective practical methods and tools targeted on solving complex practical problems. During the IT&MQ&IS 2016 Conference sessions, it is expected and planned to discuss a wide range of issues, both of theoretical and practical value. One of the key Conference aims is also attracting young researchers and practitioners to discussions and exchange of ideas with the professional community.
A model for organizing cargo transportation between two node stations connected by a railway line which contains a certain number of intermediate stations is considered. The movement of cargo is in one direction. Such a situation may occur, for example, if one of the node stations is located in a region which produce raw material for manufacturing industry located in another region, and there is another node station. The organization of freight traﬃc is performed by means of a number of technologies. These technologies determine the rules for taking on cargo at the initial node station, the rules of interaction between neighboring stations, as well as the rule of distribution of cargo to the ﬁnal node stations. The process of cargo transportation is followed by the set rule of control. For such a model, one must determine possible modes of cargo transportation and describe their properties. This model is described by a ﬁnite-dimensional system of diﬀerential equations with nonlocal linear restrictions. The class of the solution satisfying nonlocal linear restrictions is extremely narrow. It results in the need for the “correct” extension of solutions of a system of diﬀerential equations to a class of quasi-solutions having the distinctive feature of gaps in a countable number of points. It was possible numerically using the Runge–Kutta method of the fourth order to build these quasi-solutions and determine their rate of growth. Let us note that in the technical plan the main complexity consisted in obtaining quasi-solutions satisfying the nonlocal linear restrictions. Furthermore, we investigated the dependence of quasi-solutions and, in particular, sizes of gaps (jumps) of solutions on a number of parameters of the model characterizing a rule of control, technologies for transportation of cargo and intensity of giving of cargo on a node station.
Event logs collected by modern information and technical systems usually contain enough data for automated process models discovery. A variety of algorithms was developed for process models discovery, conformance checking, log to model alignment, comparison of process models, etc., nevertheless a quick analysis of ad-hoc selected parts of a journal still have not get a full-fledged implementation. This paper describes an ROLAP-based method of multidimensional event logs storage for process mining. The result of the analysis of the journal is visualized as directed graph representing the union of all possible event sequences, ranked by their occurrence probability. Our implementation allows the analyst to discover process models for sublogs defined by ad-hoc selection of criteria and value of occurrence probability
Existing approaches suggest that IT strategy should be a reflection of business strategy. However, actually organisations do not often follow business strategy even if it is formally declared. In these conditions, IT strategy can be viewed not as a plan, but as an organisational shared view on the role of information systems. This approach generally reflects only a top-down perspective of IT strategy. So, it can be supplemented by a strategic behaviour pattern (i.e., more or less standard response to a changes that is formed as result of previous experience) to implement bottom-up approach. Two components that can help to establish effective reaction regarding new initiatives in IT are proposed here: model of IT-related decision making, and efficiency measurement metric to estimate maturity of business processes and appropriate IT. Usage of proposed tools is demonstrated in practical cases.