Device for monitoring safety of automated systems

FIELD: electric communications, possible utilization for engineering of automated technical information protection means for monitoring safety of automated systems and operative identification of family of communication protocols TCP/IP utilized by digital communication systems and, in particular, by data transfer network of Internet type.

SUBSTANCE: device has frequency splitter, receiving memory block, subtracting counter, supporting memory blocks, decoding blocks, counters, AND elements, address receipt blocks, comparison blocks, decoders, register, indication block.

EFFECT: improved trustworthiness of detection of an attack against an automated system.

2 dwg

 

The invention relates to telecommunication and can be used in automated technical means of information protection in order to monitor1(1The interpretation of the terms used is given in Appendix 1) security of automated systems2(AU) and rapid identification used in digital communication systems and, in particular, in the data transmission network (DTN) is a type of "Internet" family communication protocols TCP/IP (Transmission Control Protocol/Internet Protocol), described in the book Kuligin M Technology for corporate networks. The encyclopedia. - SPb.: Publishing house "Piter", 1999. - 704 S.: ill.

The claimed technical solution expands the Arsenal of tools for this purpose.

It is known device safety monitoring speakers RF patent No. 2115952 "Device information", class G 06 F 17/40 declared 13.02.96. In this invention the described device search information containing the frequency divider, the memory block subtractive counter, the switch, the first, second, third and fourth units of selection, case-sensitive search strategy, the shaper time intervals and the display unit.

This device has the disadvantage of narrow scope, namely only for the analysis of protocols. The device implements the search information blocks in the array through a structured method of recognition without regard to the possibility of the CSOs in the presence of a large number of recurring types of data blocks, that is without taking into account the rules of establishing and maintaining a communication session, which limits the scope of the prototype in the data networks of the type "Internet" in terms of unauthorised actions (attacks3).

Known monitoring system security as in the patent RF №2179738 "Method of remote detection of attacks in computer networks", class G 06 F 12/14 declared 24.04.2000. The known method includes the following steps. Monitoring schedule addressed to the subscriber data packets, including the constantly renewable counting the number of packets that are performed within a series of packets coming in succession one after another at intervals of not more than specified, validation of incoming data packets according to specified rules perform every time the size of the next observed series reaches a critical number of packages.

The disadvantage of this method is the narrow scope, because its purpose is basically to prevent substitution of one of the participants in the connection. In the analog apply a limited set of the feature space does not take into account the presence of a large number of possible types of packages, and not all of them valid sequence, resulting in reduced availability of speakers by skipping the attack - "storm4" false requests for us is the resolution of the compound (see Medvedovsky I.D. and other Attack on the Internet. - M.: DMK, 1999. - 336 S.: ill. on p.120-128) and limits the scope of its application.

The closest to the technical nature of the claimed device is monitoring the security of the AU for RF patent No. 2219577 "Device information", class G 06 F 17/40 declared 24.04.02. In this invention the described device containing the frequency divider, the first and second memory blocks, subtractive counter, the first, second, third and fourth blocks to decode the first, second and third elements And the first, second, third and fourth counters, first, second, third and fourth blocks of the reception address, the first and second blocks of the comparison, the first and second decoders and display unit.

The input of the frequency divider is clocked by the input device. The information input of the first memory block is an information input device packages. The clock input of the first memory block is connected to the output of the frequency divider and the clock input of a subtractive counter, information input the number of packets which is an information input the number of packets the device. The information output of the first memory block is connected to information inputs of the second memory block, the second block decoding, the fourth a decryption unit, the second unit receiving the address of the fourth block of the receiving address and the second desireto the and. The information output of the second memory block are connected to information inputs of the first and third blocks decryption, the first decoder and the first information input of the first and third blocks of the reception address. The clock inputs of the second memory block, the first block decoding, the second a decryption unit, a first counter, a third of a decryption unit, the fourth a decryption unit, a second counter, the third and fourth counters are combined and connected to a clock output of the frequency divider. Control output of the first a decryption unit connected to the first control input of the first element And the second control input which is connected to the output of the second block decoding. The output of the first element And connected to the control input of the first counter, the output of which is connected to the control input of the third block decode and control input of the fourth block decoding. The output of the fourth a decryption unit connected to the second control input of the second element And the first control input of which is connected to the output of the third block decoding. The output of the second element And is connected to the control input of the second counter, the output of which is connected to the second information input of the first unit receiving the address and the first information input of the second unit receiving address. The first and second information I the waters of the first unit of comparison is connected respectively to the outputs of the first and second blocks of the reception address. The output of the first unit of comparison is connected to the control input of the third counter, the information output of which is connected to the second information input of the third block of the receiving address and the first information input of the fourth block of the reception address. The first and second information inputs of the second unit of comparison is connected to data outputs respectively of the third and fourth blocks of the reception address. The output of the second unit of comparison is connected to the control input of the fourth counter, managing the output of which is connected to the control inputs of the first and second decoders. The first and second control inputs of the third element And connected respectively to the outputs of the first and second decoders. The output of the third element And is connected to the control inputs of the indication unit and subtractive counter control output which is connected to the control input of the first memory block and is the managing output devices. The second control output of subtractive counter connected to the control input of the second memory block.

In comparison with analogues, the device may be used in the wider area, when not only defines the Protocol type, checks the incoming data packets according to the specified rules of precedence, but ignored the rules of the establishment and maintenance of a communication session, what is needed to improve the sustainability of the automated systems in terms of unauthorised actions (attacks).

The disadvantage of this device is relatively low reliability5determine whether the attack on the AU, namely the attack is not recognized when "the storm" requests to establish a connection with alternating ports recipient of message packets. This is because comparing only two package message - next and previous, which is insufficient to accurately detect attacks on the AU.

The purpose of the claimed technical solution is to develop a device security monitoring speakers, providing increased reliability determining attack on AC systems security monitoring speakers for recognition of the "storm" false requests to create a connection due to the accounting rules of establishing and maintaining a communication session by increasing the number of stored packets of the message that is necessary to ensure sustainable functioning of the AU, which means providing services authorized subscribers.

This objective is achieved in that in the known device, containing the frequency divider, the input of which is clocked by the input device, receiving a block of memory, the information I is d which is an information input device packages, clock input receiving unit memory connected to the output of the frequency divider and the clock input of a subtractive counter, information input the number of packets which is an information input the number of packets the device information output of the receiving memory unit connected to the information inputs of the first reference memory block, the second and fourth blocks decryption, the second and fourth blocks of the receiving address and the second decoder, clock inputs of the first reference memory block, the first, second, third and fourth blocks to decode the first, second, third and fourth counters are combined and connected to a clock output of the frequency divider, the control output of the first a decryption unit connected to the first the control input of the first element And the second control input which is connected to the output of the second block decoding, and the output of the first element And connected to the control input of the first counter, the output of which is connected to the control input of the third block decode and control input of the fourth block decoding, the output of which is connected to the second control input of the second element And the first control input of which is connected to the output of the third a decryption unit, and the output of the second element And is connected to the control input of the second counter, the output of which is connected to utoro the information input of the first unit of reception address and the first information input of the second unit receiving addresses the first and second information inputs of the first unit of comparison is connected respectively to the outputs of the first and second blocks of the reception address, and the output of the first unit of comparison is connected to the control input of the third counter, the information output of which is connected to the second information input of the third block of the receiving address and the first information input of the fourth block receiving addresses, the first and second information inputs of the second unit of comparison is connected to data outputs respectively of the third and fourth blocks of the reception address, and the output of the second unit of comparison is connected to the control input of the fourth counter, managing the output of which is connected to the control inputs of the first and second decoders, the first and second control the inputs of the third element And connected respectively to the outputs of the first and second decoders, and the output of the third element And is connected to the control inputs of the indication unit and subtractive counter, a first control output of which is connected to the control input of the receiving memory block and is the managing output devices, inputs of the fifth counter, N reference blocks of memory, where N≥2, and the register, and clock inputs of the reference memory blocks combined and connected to a clock output of the frequency divider, the information output of the i-th eporn the first memory block, where i=1, 2, ..., N, is connected to the information input i+1 of the reference memory block and j-th information input register, data output register connected to information inputs of the first and third block decoding, the first decoder and to the first information input of the first and third blocks of the reception of the address, the control input of the i-th, where i=1, 2, ..., N, the reference memory block is connected to the j-th control output of the fifth counter, the control input of the fifth counter is connected to the second control output of the subtractive counter, information output The N-th reference memory block is connected to the N-th information input register.

Thanks to the new essential features in the claimed device is provided to increase the reliability of systems security monitoring speakers for recognition of the "storm" false requests to create a connection due to the accounting rules of establishing and maintaining a communication session by increasing the number of stored packets of the message that is necessary to ensure sustainable functioning of the automated systems in terms of unauthorised actions (attacks).

The analysis of the level of technology has allowed to establish that the analogues, characterized by a set of characteristics is identical for all features of the claimed technical solution is available, which shows the compliance of the claimed device condition of patentability "novelty". Search results known solutions in this and related areas of technology in order to identify characteristics that match the distinctive features of the prototype of the features of the declared object, showed that they do not follow explicitly from the prior art. The prior art also revealed no known effect provided the essential features of the claimed invention transformations on the achievement of the technical result. Therefore, the claimed invention meets the condition of patentability "inventive step".

The claimed device is illustrated by drawings on which is shown:

figure 1 is a General diagram of the device;

figure 2 - scheme of the register.

Device safety monitoring of automated systems, shown in figure 1, contains the frequency divider 1, subtractive counter 3, the receiving memory unit 2, the first 41the second 42i-th 4Nwhere i=1, 2, ..., N of the reference memory blocks, the first 5, second 6, third 9 and fourth 10 blocks to decode the first 7, second 11 and third 23 items "And", first 8, second 12, third 16, 20 and the fourth the fifth 25 meters, the first 13, second 14, third 17 and 18 fourth blocks of the reception address, the first 15 and second 19 units of comparison, the first 21 and second 22 decoders, display unit 24 and the register 26.

The input frequency divider 1 is a clock input devices. The information is first input of the input memory block 2 is an information input device packages. Clock input of the memory block 2 is connected to the output of the frequency divider 1 and the clock input of a subtractive counter 3, an information input the number of packets which is an information input the number of packets the device. Information output memory block 2 is connected to information inputs of the first reference memory block 41second a decryption unit 6, the fourth a decryption unit 10, the second decoder 22 and the second information input of the second unit receiving addresses 14 and the fourth reception unit address 18. Clock inputs of the first reference memory block 41the second reference memory block 42, i-th, where i=1, 2, ..., N of the reference block memory 4Nfirst a decryption unit 5, the second a decryption unit 6, the first counter 8, the third a decryption unit 9, the fourth a decryption unit 10, second 12, third 16 and fourth 20 meters combined and connected to a clock output of the frequency divider 1. Control output of the first a decryption unit 5 is connected to the first control input of the first element And 7, the second control input which is connected to the output of the second a decryption unit 6. The output of the first element And 7 are connected to the control input of the first counter 8, the output of which is connected to the control input of the third a decryption unit 9 and the control input of the fourth a decryption unit 10. The output of the fourth is on a decryption unit 10 is connected to the second control input of the second element "And" 11, the first control input of which is connected to the output of the third a decryption unit 9. The output of the second element "And" 11 connected to the control input of the second counter 12, the output of which is connected to the second information input of the first unit of reception address 13 and the first information input of the second unit receiving address 14. The first and second information inputs of the first unit of comparison 15 connected respectively to the outputs of the first 13 and second 14 blocks of the reception address. The output of the first unit of comparison 15 is connected to the control input of the third counter 16, the information output of which is connected to the second information input of the third block of accepting address 17 and the first information input of the fourth block of the reception address 18. The first and second information inputs of the second Comparer 19 is connected to data outputs, respectively, of the third 17 and 18 fourth blocks of the reception address. The output of the second Comparer 19 is connected to the control input of the fourth counter 20, a control output which is connected to the control inputs of the first 21 and second 22 decoders. The first and second control inputs of the third element And 23 connected respectively to the outputs of the first 21 and second 22 decoders. The output of the third element And 23 are connected to the control inputs of the indication unit 24 and subtractive counter 3, the first control is in store the output of which is connected to the control input of the receiving memory block 2 and is the managing output devices. The information output of the first reference memory block 41connected to the information input of the i-th, where i=1, 2, ..., N of the reference block memory 4Nand j-th (where j=1, 2, 3, ... N information input register 26, the information output of the register 26 is connected to the information input of the first a decryption unit 5, the third a decryption unit 9, the first decoder 21, and the first information input of the first 13 and 17 third blocks of the reception address. The control input of the first reference memory block 41connected to the first control output of the fifth counter 25. The control input of the i-th, where i=1, 2, ..., N of the reference block memory 4Nconnected to the j-th control output of the fifth counter 25, and the information output of the i-th reference memory block 4Nconnected to the information input of the (i+1)-th memory block and j-th information input register 26. The control input of the fifth counter 25 is connected to the second control output of the subtractive counter 3. The information input of the N-th reference memory block 4Nconnected to the j-th information input register 26 and an information output the N-th reference block memory, and the control input of the i-th memory block 4Nconnected to the j-th control output of the fifth counter 25.

The bus width Information input packet is determined by the width of the analyzed data, and because the device is processed by numeric control punching the bytes she is eight. The bus width Information inputs the number of packets depends on the amount of random access memory (RAM) memory blocks, and since the RAM is 4096=212she is twelve. Information communication between the memory and the register 26, the second 6 a decryption unit, the fourth 10 a decryption unit, the second unit 14 receiving address, the fourth unit 18 of the receiving address and the second decoder 22 are eight-bit, as are used to transmit bytes and physically represent the tire of the eight conductors. Information communication between the register 26, the first 5 a decryption unit, the third 9 a decryption unit, the first unit 13 receiving the address, the third unit 17 receiving address, the first 21 decoder are eight-bit, as are used to transmit bytes and physically represent the tire of the eight conductors. Controlling communication between the second 12 counter, the first 13 unit receiving address and the second unit 14 receiving addresses are eight. Information communication between the first 13 and second 14 blocks receiving address and the first 15 block comparisons are destinationdirectory. Control connection 16 between the third counter, the third unit 17 receiving addresses and fourth 18 unit receiving addresses are four-digit. Information communication between the third is m 17, fourth 18 blocks of accepting address 19 and the second block are tridtsatidvuhletny. The eight-bit information and control communications are eight parallel conductors. Destinationdirectory information are sixty-four parallel conductors. The four-digit control communication represent four parallel conductors. Tridtsatidvuhletny information are thirty-two parallel conductor.

The frequency divider 1 is used to divide the clock frequency Ft by 8 to ensure byte analysis digital signal sequence Fs. Diagram of the frequency divider 1 is known (see, for example, the patent of the Russian Federation N2115952, class G 06 F 17/40)completely matches the number of inputs and outputs, as well as functional and can be performed on the circuit shown is Shyla V.L. Popular digital circuits: the manual. - M.: Radio and communication, 1987. - 352 S.: ill. - (Mass reliability. VIP) and, in particular, on KIA.

The receiving memory unit 2, the first 41the second 42and the i-th 4Nthe reference memory blocks are intended for storage and later read them byte data packets. The receiving circuit of the memory block 2, the first 41the second 42i-th 4Nthe reference memory blocks oppo is icny, known (see, for example, figure 2 of the patent of the Russian Federation N2115952, class G 06 F 17/40) and identical number of inputs and outputs, as well as functional purpose.

Subtractive counter 3 is designed to determine the number of bytes of the packet, including bytes, which is analysed in the current time, in the receiving memory unit 2, the control operation of receiving 2 of the memory block and the fifth counter 25 and provide a control signal (logical "1") Fr-resolution broadcast digital signal sequence Fs coming to demodulate device (channel controller). Information N on the number of bytes contained in the packet received by the receiving unit memory 2 is written in the subtractive counter 3 in parallel by his second - thirteenth inputs at the time of receiving the last byte of the packet in the receiving memory block 2. Reducing the indications of the counter occurs at each receiving at its first input control signal from the output of the frequency divider 1. The zeroing of the counter occurs when the flow control signal on the fourteenth subtractive input of the counter. When the value of the subtractive counter 3, 0, at its first output control signal is formed, and when the value of the subtractive counter 3 is equal to 1, at its second output is formed by managing ignal. It can be executed according to the scheme depicted in RIS (awl V.L. Popular digital circuits: the manual. - M.: Radio and communication, 1987. - 352 S.: ill. - (Mass reliability. VIP).) and, in particular, on KIA.

The first 5 and second 6 blocks decryption are identical and are designed to determine in the digital signal sequence Fs received from the receiving memory unit 2 and the first reference memory block 41the type of network layer Protocol. In this case, the IP Protocol and frame format Ethernet 802.3/LLC this value in decimal is equal to six (Kuligin M Technology for corporate networks. The encyclopedia. - SPb.: Publishing house "Piter", 1999. - 704 S.: ill.). The option of constructing the first 5 and second 6 blocks to decode known (see figure 2 RF patent №2219577, class G 06 F 17/40) and the same number of inputs and outputs, as well as functional purpose.

The first 8 counter is designed to count down 9 bytes for the detection of 24-th byte of the packet and generate the control signal recording resolution of this byte in the third 9 and fourth 10 blocks decoding. The option of constructing such a unit is known (see Fig.6 patent RF №2219577, class G 06 F 17/40) and the same number of inputs and outputs, as well as functional purpose.

The third 9 and fourth 10 blocks decryption are identical and are designed to determine the 24-Ohm buy the e from the beginning of the frame is a numeric value "six" (06) in decimal form, identifies the transport layer Protocol (Kuligin M Technology for corporate networks. The encyclopedia. - SPb.: Publishing house "Piter", 1999. - 704 S.: ill.). The option of constructing the third 9 and fourth 10 blocks to decode known (see figure 3 RF patent №2219577, class G 06 F 17/40) and the same number of inputs and outputs, as well as functional purpose.

The second 12, the counter is designed to count down two bytes to the first byte of the field of the sender's address in the IP packet header and generate control signals permit records of the following eight bytes (27th 34th bytes) of the packet in the first 13 and second 14 unit receiving address. The option of constructing such a unit is known (see Fig.7 patent RF №2219577, class G 06 F 17/40) and the same number of inputs and outputs, as well as functional purpose.

The first 13 and second 14 blocks of the receive address are identical and are used to store the addresses of the sender and recipient IP datagrams. The option of constructing such a unit is known (see figure 4 RF patent №2219577, class G 06 F 17/40) and the same number of inputs and outputs, as well as functional purpose.

The third 16 counter is designed to count down four bytes and generate control signals in the third 17 and 18 fourth blocks of the reception address. The option of constructing such a unit is known (see Fig patent RF №2219577, class G 06 17/40) and the same number of inputs and outputs, as well as functional purpose.

Third 17 and 18 fourth blocks of the receive address are used to store the port numbers of the sender and the receiver of the TCP packets. The option of constructing such a unit is known (see figure 5 RF patent №2219577, class G 06 F 17/40) and the same number of inputs and outputs, as well as functional purpose.

Fourth 20 counter is designed to count down the ten bytes and outputting control signals write permissions in the first 21 and second 22 decoders 48-th byte from the beginning of the frame. The option of constructing such a unit is known (see Fig.9 patent RF №2219577, class G 06 F 17/40) and the same number of inputs and outputs, as well as functional purpose.

As the first 7, second 11 and third 23 elements And can be used a known chip series 555, for example CLI (awl V.L. Popular digital circuits: the manual. - M.: Radio and communication, 1987. p.40, RIS).

The first 21 and second 22 decoders are designed for the selection of the 48-th byte from the beginning of the frame control bits synchronization of rooms in the SYN queue. The option of constructing such a unit is known (see figure 10 patent RF №2219577, class G 06 F 17/40) and the same number of inputs and outputs, as well as functional purpose.

The first 15 Comparer that compares two destinationdirectory the x word 19 and the second block comparison comparing the two tridtsatidvuhletny words, can be implemented on the chip CSP. Schema extension Comparators for comparing two N-bit words known and described in the book Shiloh V.L. Popular digital circuits: the manual. - M.: Radio and communication, 1987. - 352 S.: ill. - (Mass reliability. VIP) on pages 183-184, 187, RES.

The display unit 24 is used for visual display of the decision of the repetitive packet of TCP/IP. Scheme indicators are known and described, for example, in the book he V.N., Lebedev, O., Miroshnichenko A.I. Chips and their applications: a reference guide. - M.: Radio and communication, 1989, str, Fig.7.1.

The fifth counter 25 is used to supply the enable signal to read the first 41the second 42i-th reference memory blocks 4Nwhere i=1, 2, ..., N. meter Scheme known and described, see, for example Shyla V.L. Popular digital circuits: the manual. - M.: Radio and communication, 1987. - 352 S.: Mass reliability. VIP on p.92, RES., moreover, the bit counter can be increased, the increase of capacity is known and described (awl V.L. Popular digital circuits: the manual. - M.: Radio and communication, 1987. - 352 S.: Mass reliability. VIP on p.91). In particular, such a scheme can be implemented on the chip CIE.

The register 26 is designed to unite for the surgery is the first-eighth conductors informational outputs of the first 4 1the second 42i-th 4Nthe reference memory blocks and submission of bytes in the packet for informational inputs of the first a decryption unit 5, the third a decryption unit 9, the first decoder 21, and the first information input of the first 13 and 17 third blocks of the reception address. The register 26 is an eight N-vchodove items OR. Version of the construction of the register 25 is shown in figure 2. The register 26 26.1 contains the first, second 26.2, third 26.3, fourth 26.4, fifth 26.5, sixth 26.6, seventh 26.7, eighth 26.8 elements OR. The first inputs of the first 26.1, second 26.2, third 26.3, fourth 26.4, fifth 26.5, sixth 26.6, seventh 26.7, eighth 26.8 elements OR the first input register 26 and is connected to the first-eighth conductors of the information output of the first reference 41memory block. The second inputs of the first 26.1, second 26.2, third 26.3, fourth 26.4, fifth 26.5, sixth 26.6, seventh 26.7, eighth 26.8 elements OR the second input register 26 and is connected to the first-eighth conductors of the information output of the second support 42memory block, j-s inputs 26.1 first, second 26.2, third 26.3, fourth 26.4, fifth 26.5, sixth 26.6, seventh 26.7, eighth 26.8 elements OR are the j-th input of the register 26 and is connected to the first-eighth conductors of the information output of the i-th 4Nthe reference memory block. The output of the first item 26.1 OR t is aetsa the first output register 26. The output of the second 26.2 element OR the second output register 26. The output of the third 26.3 element OR is the third output of the register 26. Fourth 26.4 element OR is the fourth output of the register 26. The output of the fifth 26.5 element OR is the fifth output of the register 26. The output of the sixth 26.6 element OR is the sixth output of the register 26. The output of the seventh 26.7 element OR is the seventh output of the register 26. The output of the eighth 26.8 element OR is the eighth output of the register 26. Schema elements OR known and described, see, for example, Shyla V.L. Popular digital circuits: the manual. - M.: Radio and communication, 1987. - 352 S.: (Mass reliability. VIP) on page 48, RISS. In particular, such a scheme can be implemented on the chip CLL.

The device operates as follows. The frequency divider byte 1 provides an analysis of the input digital sequence. When receiving from the first output of the reversible counter 3 write permissions (logical "1") is to fill the cells of the RAM receiving 2 units of memory bytes of the packet received from demodulateur device (channel controller). Once recorded all the bytes of the next packet of the analyzed Protocol, subtractive counter 3 is filled in with the total number of recorded bytes in RAM, then at its first output is formed by the permission p is byte reading data (logic 0). At this time in the first RAM 41the second 42and the i-th 4Nwhere i=1, 2, ..., N reference blocks of memory recorded the previous packages (or the initial state is zero).

With the outputs of the receiving memory unit 2 and the first 41the second 42and the i-th one, where i=1, 2, ..., N, the reference memory blocks bytes packets sequentially act on the information inputs of the first 5, second 6, third 9 and fourth 10 blocks to decode the first 21, second 22 decoders, the first 13, second 14, third 17 and 18 fourth blocks of the reception address. The register 26 provides the Association for the surgery OR the first-eighth informational tires first 41the second 42and the i-th 4N, i=1, 2,..., N reference blocks of memory. The first 5 and second 6 blocks decode determine in the digital signal sequence Fs numerical value of six (06) as a decimal number corresponding to a packet Protocol. It should be noted that in this application is considered a frame format Ethernet 802.3/LLC. In the case of other types of frames, such as Ethernet DIX (Ethernet II), the length of this field would be 2 bytes and its value would be in decimal form of the number "eight" (0800) (Kuligin M Technology for corporate networks. The encyclopedia. - SPb.: Publishing house "Piter", 1999. - 704 S.: ill.). In the first 7 element And compares these values to generate a control signal to the first 8 counter to what that counts 9 bytes for the detection of 24-th byte of the packet and generates the control signal recording resolution of this byte in the third 9 a decryption unit 10 and in the fourth block decoding. The third 9 and fourth 10 blocks to decode intended for determination in this byte numeric value "six" (06) in decimal form. In this case, the used Protocol is TCP. The second element 11 And compares these values to generate the enabling signal on the second 12 counter, which counts two bytes to the first byte of the field of the sender's address in the IP packet header and generates the control signals permit records of the following eight bytes of digital signal sequences (27-34-th bytes of the packet) in the registers of the first 13 unit receiving address and the second 14 unit receiving address.

As a result, in the first 13 and second 14 blocks receiving addresses are recorded address of the sender and recipient IP datagrams. In the first block 15 a comparison of these addresses are compared and if they match, generates a control signal on the third 16 counter which counts four bytes and generates the control signals for recording in the registers 17 third unit receiving addresses and registers 18 fourth block of the reception address of the 35th, 36th, 37th and 38th byte packet, which are the port numbers of the sender and recipient of the package. If they match, the second 19 block comparison produces a control signal on the fourth 20 meter designed for issuing control signals to representatice in the first 21 and second 22 decoders 48-th byte from the beginning of the frame. These decoders are used for the selection of the 48-th byte from the beginning of the frame control bits synchronization of rooms in the SYN queue. If this bit in both packages the third element 23 And produces a control signal on the display unit 24 and Abdoulaye readings subtractive counter 3.

After taking both positive and negative decisions on duplicate requests for the establishment of a logical connection is reset subtractive counter 3 and the device information search is ready to conduct analysis of incoming digital input sequence.

Thus, from the principle of the device shows that the device allows the analysis of protocols that determine the use of the TCP Protocol, receipt of the decision on the presence of repeated requests to create an arbitrarily large number of logical communication channels by comparing the incoming data blocks that are necessary to ensure sustainable functioning of the automated systems in terms of unauthorised actions (attacks). This achieves the stated aim is to increase the reliability of the claimed device, which allows not only to determine the Protocol type (as in the prototype), but also to consider the rules for establishing and maintaining the of EASA communication. Detection of unauthorized action (attack) occurs in the second cycle with a probability close to one.

List of used terms

1. Monitoring is the routine tracking of events in the process of information exchange, registration and analysis of predefined significant or suspicious events. [Koneyev I.R., Belyaev A.V. company's Information security. - SPb.: BHV-Petersburg, 2003. - 752 S.: ill. on p.30].

2. Automated system (AC) system, consisting of staff and complex automation of its activities, implementing information technology compliance functions [Information security and data protection. A collection of terms and definitions. The state technical Commission of Russia, 2001].

3. Attack - the practical realization of the threat or attempt of its implementation using varying vulnerability [koneyev I.R., Belyaev A.V. company's Information security. - SPb.: BHV-Petersburg, 2003. - 752 S.: ill. on p.30].

4. The storm is passing on the object of attack as possible spoofed TCP requests to create a connection on behalf of any host. [Medvedovsky I.D. and other Attack on the Internet. - M.: DMK, 1999. - 336 S.: ill. on p.121].

5. Reliability - the degree objective results are consistent with the diagnosis (control) valid technical the definition of the state of the object [V.E. Kuznetsov, Likhachev A. M., Parashchuk IB, Prysiazhniuk S. p. telecommunications. Explanatory dictionary of key terms and abbreviations. Edited Amochaev, Supprising. - SPb.: Publishing house of the Ministry of defense, 2001.].

The device information contains the frequency divider, the input is a clock input of the receiving memory unit, the information input by the information input device packages, a clock input receiving unit connected to the output of the frequency divider and the clock input of a subtractive counter, information input the number of packets which is an information input the number of packets the device information output of the receiving memory unit connected to the information inputs of the first reference memory block, the second and fourth blocks decryption, the second and fourth blocks of the receiving address and the second decoder, clock inputs of the first reference memory block, the first, second, third and fourth blocks decode the first, second, third and fourth counters are combined and connected to a clock output of the frequency divider, the control output of the first a decryption unit connected to the first control input of the first element And the second control input which is connected to the output of the second block decoding, and the output of the first element And connected to the control input of the first counter is, the output of which is connected to the control input of the third block decode and control input of the fourth block decoding, the output of which is connected to the second control input of the second element And the first control input of which is connected to the output of the third a decryption unit, and the output of the second element And is connected to the control input of the second counter, the output of which is connected to the second information input of the first unit receiving the address and the first information input of the second unit receiving the addresses of the first and second information inputs of the first unit of comparison is connected respectively to the outputs of the first and second blocks of the reception address, and the output of the first unit of comparison is connected to the control input of the third counter information output of which is connected to the second information input of the third block of the receiving address and the first information input of the fourth block receiving addresses, the first and second information inputs of the second unit of comparison is connected to data outputs respectively of the third and fourth blocks of the reception address, and the output of the second unit of comparison is connected to the control input of the fourth counter, managing the output of which is connected to the control inputs of the first and second decoders, the first and second control inputs of the third element And connected to the outputs with the responsibly of the first and second decoders, and the output of the third element And is connected to the control inputs of the indication unit and subtractive counter, a first control output of which is connected to the control input of the receiving memory block and is a control output, wherein the inputs of the fifth counter, N-1 of the reference memory blocks, where N≥3, and the register, and clock inputs of the reference memory blocks combined and connected to a clock output of the frequency divider, the information output of the i-th reference memory block, where i=1, 2,...,N-1, connected to the information input (i+1)-th reference memory block and j-th information input register, where j=1, 2,... N-1, data output register connected to information inputs of the first and third blocks decryption, the first decoder and to the first information input of the first and third blocks of the reception of the address, the control input of the i-th reference memory block, where i=1, 2, ..., N, is connected to the j-th control output of the fifth counter, where j=1, 2, ... N, the control input of the fifth the counter is connected to the second control output of the subtractive counter, the information output of the N-th reference memory block is connected to the N-th information input register.



 

Same patents:

FIELD: computer science, in particular, analytical system of governmental population register.

SUBSTANCE: system has three registers, three counters, block for selecting base reading address, block for signs identification, memory block, generator of reading signals for database, comparison block, control signals discriminator, block for detecting a tendency and prediction block.

EFFECT: higher speed of operation of system due to excluded data search for statistical analysis across whole database of population register and localization of search by means of exclusively time-based and individual signs of personal identifier.

8 dwg

FIELD: computers, in particular, system for receipt, storage and reading of data about competitive offers in governmental purchases.

SUBSTANCE: system has block for receiving applications for participation in competition, block for selection of support address of providers in database, block for identification of limiting values of number of competitions, block for modification of addresses of server database, block for identification of competition codes, block for identification of electronic digital signatures of providers, OR element, block for data receipt of server database, block for selecting number of competitions participants, block for controlling selection of applications, block for controlling reading and recording of database, block for launching competitions procedure, block for selecting addresses of applications of providers in database, block for identification of closed encryption keys, register and block for outputting confirmations to providers.

EFFECT: higher reliability of system defense against unauthorized access due to encryption of competitive applications of providers by data encryption keys.

11 dwg

FIELD: manufacture of aircraft instruments; display of flying vehicle and onboard equipment parameters.

SUBSTANCE: proposed complex includes two control onboard digital computers, port, central and starboard multi-functional color displays, collimator display on windshield and multi-functional control panel combined by multiplex information exchange channel, local all-round information exchange channel, first and second local radial information exchange channels, thus forming integral information system. Connected to this information system are system of mode parameter sensors, power supply system, generator subsystem and storage battery. Both onboard digital computers are connected by means of inter-computer information exchange channels. Proposed complex is also provided with TV image switching unit connected with multi-functional color displays for transmission of TV image.

EFFECT: enhanced operational reliability and survivability of complex.

2 cl, 1 dwg

FIELD: computer science.

SUBSTANCE: method includes performing a block of operations along N1 channels, where N1 is selected from 1 to 2256, wherein received information is separated on logically finished fragments, encoded on basis of preset algorithm, to produce a block of N-dimensional sets adequate for converted source information Aj with elements like {Bm, X1, X2,...,Xn}, where j - order number of set in range from 1 to 2256, Bm - identifier, X1-Xn - coordinate of element from its coordinates center, m and n are selected from 1 to 2256; received block of sets is compared to already accumulated and/or newly produced sets from multiple channels, intersecting portions of sets are found and cut out; after that cut intersections and sets remaining after cutting are distributed among databases, placing each same set into database appropriate for it and each of sets different with some parameter to databases appropriate for them and identifiers of databases storing these sets are substituted in place of cut sets.

EFFECT: higher speed of operation, higher precision, lower costs, broader functional capabilities, higher efficiency.

9 dwg

FIELD: electronic engineering.

SUBSTANCE: for each channel device has digital signal converter, block for setting conversion digitization frequency, conversion level adjustment block, block for transferring electric signals to physical values, block for observing converted signals, block of precision of signal conversion, block of signal conversion time, block for disabling unused channels, block for synchronization of analog signals, visualization block, converted signal recording block. Device allows to convert signals of different levels, to change digitization frequency and conversion time, to disable unused channels, transfer sensors signals to physical values with consideration of sensors scales, observe signals at different scales, appropriate to levels of converted signals, to measure precision of recording of converted signals.

EFFECT: higher efficiency.

5 dwg

FIELD: computers.

SUBSTANCE: device has base address selector, registers, delay elements, elements of OR groups, OR elements, memory block, reverse counter, comparator.

EFFECT: higher speed of operation.

3 dwg

FIELD: measuring technologies.

SUBSTANCE: method includes setting tolerance for controlled parameter, measuring physical value, associated with said controlled parameter, with numeric characteristic of its value, then measured value is compared to its tolerated values (tolerances for controlled parameter), and decision concerning level of match of measurement results to tolerances for parameter is taken, when determining tolerance for controlled parameter an affiliation function is set for phrase "parameter on basis of measurements in tolerance", and during taking of decision trustworthiness of phrase is evaluated, expressed in non-precise measure, as value of affiliation function, matching value of measured parameter.

EFFECT: higher trustworthiness.

2 dwg

FIELD: computers.

SUBSTANCE: device has control trigger, random pulse generators, block for forming program of functioning of modeled multimode system, working modes and technological mode blocks, operation time counters, random pulses generators, OR block, orders counters.

EFFECT: broader functional capabilities.

3 dwg

FIELD: computers.

SUBSTANCE: system has nine registers, four address selectors, triggers, AND elements, OR elements and delay elements.

EFFECT: higher speed.

8 dwg

The invention relates to methods of electronic voting

FIELD: electric communications, possible implementation by attack detection systems.

SUBSTANCE: method includes recording supporting identifiers of sanctioned information streams, setting maximally allowed number of appearances of each of unsanctioned information streams, receiving serially of message packets, recording, separating identifiers from headers of these packets, comparing these to supporting identifiers, in case of match, receiving another message packet, comparison cycle is repeated, if match is not found, identifiers of stream are recorded, next identification number is assigned thereto, number of its appearances is increased by one, and assigned identifiers of another received packet after their comparison and in case of mismatch are compared to identifiers of previously recorded unsanctioned information stream, in case of match number of appearances is increased by one, in case of mismatch identifiers of this stream are recorded, it is assigned another identification number and number of its appearances is incremented by one.

EFFECT: higher trustworthiness of detection of unsanctioned information streams.

8 dwg

FIELD: microprocessor circuits engineering, technologies for providing access to data loaded into memory.

SUBSTANCE: circuit has at least one microprocessor, memory for operation system and at least one memory for free programming with individual side software, wherein multiple memory areas are provided with appropriate address spaces, to each of which additional mark corresponds, means, which load the mark, matched by appropriate memory area, into first auxiliary register, and mark of addressed memory area is loaded into second auxiliary register and comparison of first and second auxiliary registers is performed. To each address space of memory area at least one bit series corresponds, containing access privileges, due to which code commands and data can be protected from access for recording from other unauthorized programs.

EFFECT: simplified access to data loaded into memory.

2 cl, 10 dwg

FIELD: computers, in particular, system for receipt, storage and reading of data about competitive offers in governmental purchases.

SUBSTANCE: system has block for receiving applications for participation in competition, block for selection of support address of providers in database, block for identification of limiting values of number of competitions, block for modification of addresses of server database, block for identification of competition codes, block for identification of electronic digital signatures of providers, OR element, block for data receipt of server database, block for selecting number of competitions participants, block for controlling selection of applications, block for controlling reading and recording of database, block for launching competitions procedure, block for selecting addresses of applications of providers in database, block for identification of closed encryption keys, register and block for outputting confirmations to providers.

EFFECT: higher reliability of system defense against unauthorized access due to encryption of competitive applications of providers by data encryption keys.

11 dwg

FIELD: systems and method for software control of access between one or more nodes and multiple devices connected thereto.

SUBSTANCE: system has system of parallel used memorizing devices and node, programmed for identification of each memorizing device and masking access from node to at least one memorizing device. System for controlling access to multiple memorizing devices in system of memorizing devices has node, programmed for determining, whether for each of multiple memorizing devices masking should be performed relatively to node and interface for selective modification of programmed data structure. Method describes operation of system for controlling access to multiple parallel use memorizing devices by multiple computers.

EFFECT: possible concurrent transfer of frames in both directions at speed, exceeding 1 Gbit per second, for distance over 10 km.

6 cl, 13 dwg

FIELD: digital communication systems.

SUBSTANCE: method includes considering rules of setting up and maintaining of communication session by increasing number of cached message packets and maximal allowed number of coincidences, to provide higher stability and reliability to authorized clients.

EFFECT: higher reliability, higher durability, higher efficiency.

2 cl, 4 dwg, 1 tbl

FIELD: computer science.

SUBSTANCE: after procedure call, control saving of return address in address space of calling program is performed, and prior to return from procedure, control check of return address is performed, and if values match, than transfer of control to calling software is permitted, in other cases, program, to which procedure belongs, is forcibly removed from memory of computer system.

EFFECT: possible effective detection and prevention of unsanctioned access attempt with use of distortion of memory address due to reservation of true return address.

FIELD: data protection technologies.

SUBSTANCE: method includes setting a number of standards for possible attacks, minimally allowed value of likeness coefficient of compared sign fields of message packets, maximally allowed number of matches of fields of support i-numbered packet (standard) to compared fields of packet from communication channel and setting a number of matches, recording a set of support packets, containing standards of given attacks, and after receiving from communication channel of k-numbered message packet, selecting it from fields header, comparing their value to values of fields of support packets, calculating comparison coefficients, comparing them to preset value Km.min, and with ≥ Km.min recoding Km.i, appropriate for it message packet, increasing Kmi for one unit, with < Km.min, receipt of k+1 message packet, after that actions, starting from selecting fields from header of k+1 packet, are repeated until satisfying condition Kmi≥Km.iadd, after that possibility of attack going on is evaluated.

EFFECT: higher efficiency.

2 cl, 7 dwg, 1 tbl

FIELD: computer science.

SUBSTANCE: device has external information carrier 1, made in form of energy-independent memory, external block 2 for reading information from external information carrier, containing external contact assembly 3 for reading information from external information carrier and controller 4 for information exchange with external carrier, and, positioned on same board 5, permanent memory device 6, processor 7 of identification and authentication, controller 8 for information exchange with personal computer, local bus 9, interface block 10, energy-independent memory block 11, power control device 12, and device 13 for blocking common bus 14 for control and data exchange of personal computer.

EFFECT: safe identification and authentication operations, higher effectiveness of protection.

2 dwg

FIELD: data protection.

SUBSTANCE: device has buffer memory block, conjunction device, device for forming control commands by conjunction device, indication block, block for controlling and transforming information to encoded and decoded states, hard memory device and device for information input from keyboard.

EFFECT: higher efficiency, higher speed of operation.

17 dwg

FIELD: electric communications.

SUBSTANCE: method includes counting rules of setting up and maintaining of communication session by increasing number of recorded message packets and using maximal allowed number of coincidences, which is necessary for stable functioning of automatic systems, including offering services to authorized clients. For monitoring sensitivity threshold is predetermined for safety monitoring system of automated system, which threshold is determined by maximal allowed number of matches and number of standards, while values of coefficients can be selected dependently on required trustworthiness of attack detection.

EFFECT: higher trustworthiness.

3 dwg

Processor // 2248608

FIELD: computers, data protection.

SUBSTANCE: processor has bus interface device, device for selection/decoding of commands, device for dispatching/execution, program string decoding device, which string is selected from program and loaded in first levels command cash, which contains a set of N two-input elements XOR, keys memory, storing different N-bit decoding keys.

EFFECT: higher efficiency.

2 dwg

Up!