Abstract: Disclosed herein are systems and methods for providing a security policy for an electronic control unit (ECU) implementing an Autosar Adaptive Platform (AAP) standard. In one aspect, an exemplary method comprises maintaining a list of allowed interactions, the allowed interactions being between control applications and a basic component, the basic component including at least a program element defined by the AAP standard. In one aspect, when a request for a verdict as to whether or not access for an interaction of a first control application with the basic component is received from an operating system (OS) kernel, the method comprises performing a search in the list of allowed interactions, and when the interaction for which the request is received is found in the list, the method comprises providing a verdict to the OS kernel allowing the interaction.

Abstract: Disclosed herein are systems and methods for configuring IoT devices from the network infrastructure component based on a type of network, wherein the network contains at least one IoT device. In one aspect, an exemplary method comprises, by the network infrastructure component, collecting, data on one or more IoT devices, wherein each of the one or more IoT devices is connected to the network infrastructure component; for each IoT device, identifying a type of network; defining policies for configuring each of the one or more IoT devices based on the identified network; and for each of the one or more IoT devices, applying policies for monitoring and configuring the IoT device.

Abstract: Disclosed herein are systems and methods for changing a password of an account record under a threat of unlawful access to user data. In one aspect, an exemplary method comprises generating, by an account records generator, a set of known user account records and sending the generated set of known user account records to a determination module, identifying, by the determination module, a use of at least one user account record from the generated set, and sending, to a verification module, data about the at least one user account record, performing, by the verification module, a verification of a presence of a threat of unlawful access to user data, the unlawful access being performed using the at least one user account record and performing, by a change module, the changing of a password of the at least one user account record the use of which has been identified.

Abstract: Disclosed herein are systems and method for sending user data in a client-server architecture with data anonymity and consistency. In an exemplary aspect, a client device may identify, a structure to send to the server, wherein the structure comprises the user data. The client device may divide the structure into two or more substructures and for each respective substructure of the two or more substructures, the client device may (1) assign a degree of confidentiality to the respective substructure and (2) send the respective substructure to a respective node of a plurality of nodes based on the assigned degree of confidentiality and a degree of security of the respective node. The respective node may be configured to apply a respective transformation to the respective substructure and transmit the transformed respective substructure to the server. The server may be configured to combine received transformed substructures into a transformed structure.

Abstract: Systems and methods are provided for detecting system anomalies. The described technique includes receiving system parameters specifying functionality of a computing system. An anomaly is detected within the computing system. A recovery method is determined based on a recovery-method model and information about the detected anomaly, responsive to detecting the anomaly in the computing system. The determined recovery method is configured to ensure requirements of the computing system are met. Furthermore, responsive to detecting the anomaly in the computing system, the determined recovery method is implemented in response to installation of the selected system-compatible tool.

Abstract: Disclosed herein are systems and methods for handling unwanted telephone calls through a branching node. In one aspect, an exemplary method comprises, intercepting a call request from a terminal device of a calling party to a terminal device of a called party, establishing a connection through the branching node via two different communication channels, a first communication channel being with the terminal device of the called party and a second communication channel being with a call recorder; duplicating media data between the terminal devices such that one data stream is directed towards a receiving device of the media data and a second data stream is directed towards the call recorder; recording and sending the recorded call to an automatic speech recognizer for converting the media file to digital information suitable for analysis; and when the call is unwanted, handling the call based on classification of the call.

Abstract: A method for processing information security events of a computer system includes receiving information related to a plurality of information security events occurred in the computer system. Each of the events includes an event related to a possible violation of information security of the computer system. A verdict is determined for each of the events. The verdict includes: i) information security incident or ii) false positive. The verdict is false positive if the probability of a false positive for the corresponding event is greater than a first threshold. Verdicts are changed for a subset of the events from the false positive to the information security incident. A number of events in the subset is lower than a second threshold. An analysis of the events having a verdict of the information security incident is performed to determine if the computer system is under a cyberattack.

Abstract: A method for emulating execution of a file includes emulating execution of the instructions of a file on a virtual processor of an emulator. The execution of the instructions is halted in response to an invocation of an API function. A determination is made whether the invoked API function is present in the updatable modules of the emulator. The updatable modules contain implementation of API functions. In response to determining that the invoked API function is present in the updatable modules, execution of the invoked API function is emulated according to corresponding implementation contained in the updatable modules. Otherwise, result of execution of the invoked API function is generated by executing a corresponding virtual API function on a processor of a computing device.

Abstract: Disclosed herein are methods and systems for detecting malicious files. An exemplary method comprises: selecting a file from a database of files used to perform training of a model for detecting a malicious file, forming one or more behavior patterns from intercepted one or more commands and parameters during execution of the file, forming a detection model, wherein the detection model selects a method of machine learning and is initialized with one or more hyper-parameters, training the detection model by calculating the one or more hyper-parameters based on the one or more behavior patterns to form a group of rules for calculating a degree of maliciousness of a resource and calculating a degree of maliciousness of another file based on the trained detection model.

Abstract: Disclosed herein are systems and methods for casting a vote in an electronic balloting system. In one aspect, an exemplary method comprises, authenticating a voter from whom a request for casting a vote is received, when the voter is successfully authenticated, generating an electronic ballot based on voting information, gathering data about an electronic vote of the voter, the electronic vote representing a choice of the voter on the electronic ballot, generating and sending at least one request to the voter, the request being generated for confirmation of a validity of the gathered data on the electronic vote, generating a hardcopy of the ballot filled out by the voter and placing the generated hardcopy in a centralized repository, and counting the vote, when the hardcopy of the ballot is successfully generated and an affirmative response is received from the voter in response to the at least one request.

Abstract: Disclosed herein are systems and methods for assessing an impact of malicious software causing a denial of service of components of industrial automation and control systems (IACS). In one aspect, an exemplary method comprises, generating a configuration of the IACS on a testing device based on specifications, obtaining a set of investigated software, where the set includes at least one sample of one malicious software, testing the generated configuration using the received set of investigated software, identifying occurrences of denials of service of the components of the testing device which are used to simulate the generated configuration, determining an impact of the malicious software on the generated configuration, and a degree of degradation of a performance of the generated configuration of IACS, and pronouncing a verdict as to a danger of the malicious software for the generated configuration of IACS based on the determined impact of the malicious software.

Abstract: A method for detecting unmanned aerial vehicles (UAV) includes detecting an unknown flying object in a monitored zone of air space. An image of the detected unknown flying object is captured. The captured image is analyzed to classify the detected unknown flying object. A determination is made, based on the analyzed image, whether the detected unknown flying object comprises a UAV.

Abstract: Disclosed herein are systems and methods for granting access to data of a user. In one aspect, an exemplary method comprises, blocking the processing of data of a user, transferring the data of the user to a storage device, receiving a request for data processing from a collected data processor of a device, redirecting the received request to the storage device, determining, by the storage device, data access rights for the collected data processor of the device from which the request for data processing is received in accordance with data access rights established by a data access rights manager, and providing access to the data in accordance with the determined data access rights.

Abstract: Disclosed are systems and methods for countering a cyber-attack on computing devices by means of which users are interacting with services, which store personal data on the users. Data is collected about the services with which the users are interacting by means of the devices, as well as data about the devices themselves. The collected data is analyzed to detect when a cyber-attack on the devices is occurring as a result of a data breach of personal data on users from the online service. A cluster of the computing devices of different users of the online service experiencing the same cyber attack is identified. Attack vectors are identified based on the characteristics of the cyber attack experienced by the computing devices in the cluster. Actions are selected for countering the cyber-attack based on the identified attack vector and are sent to the devices of all users of the corresponding cluster.

Abstract: Systems and methods for protecting an automated system (AS) including building a security configuration based on architecture data of the AS such that compliance with the security configuration ensures a security level for AS devices, installing a data transmission application on a gateway of an AS network using the security configuration, and transmitting data from one of the AS devices through the data transmission application such that the actions of the data transmission application are defined by the security configuration.

Abstract: A method for controlling secure access to user requested data includes retrieving information related to potential unauthorized access to user requested data. The information is collected by a plurality of sensors of user's mobile device. A trained statistical model representing an environment surrounding a user is generated based on the retrieved information. A first data security value is determined using the generated trained statistical model. The first data security value indicates a degree of information security based on user's environment. A second data security value is determined using the generated trained statistical model. The second data security value indicates a degree of confidentiality of the user requested data. The user requested data is filtered based on a ratio of the determined first data security value and the second data security value.

Abstract: Disclosed herein are systems and methods for generating heuristic rules for identifying spam emails based on fields in headers of emails. In one aspect, an exemplary method comprises, collecting statistical data on contents of a plurality of emails; analyzing the statistical data to identify different types of content, including headers or hyperlinks in said emails; grouping the emails into clusters based on types of content identified in said emails, wherein at least one cluster group being based on fields in headers of said emails; generating a hash from the most frequent combination of group of data in each cluster; formulating regular expressions based on analysis of hyperlinks of emails corresponding to the generated hashes; and generating heuristic rule for identifying spam emails by combining the hashes and the corresponding regular expressions, wherein the hash is generated based on fields in the headers of said emails.

Abstract: Disclosed herein are systems and methods for granting access to a file. In one aspect, an exemplary method comprises, calculating a first hash of a portion of the file, searching for the first hash in a local database, when the first hash is found indicates that the file is malicious, calculating a second hash, searching for the second hash in the verdict cache, and pronouncing a final decision as to a harmfulness of the file, and when either the first hash is not found in the verdict cache or the first hash is found and indicates that the file is trusted, granting access to the file, calculating a second hash of the file, generating a request for information about the file and sending the request to a remote server, and pronouncing a decision as to harmfulness of the file based on results of the search received from the remote server.

Abstract: A method for defending a network of electronic devices from cyberattacks includes obtaining information about a plurality of devices and information about communication links between the plurality of devices and surrounding environment and determining types of the communication links using heuristic rules. The types of communication links are compared using corresponding link profiles. One or more similar communication links are identified based on the comparison. A cluster of devices is generated by combining a subset of the plurality of devices. The cluster includes one or more devices having one or more similar communication links. A surrounding environment profile is generated for the generated cluster of devices. When a cyberattack is detected on one of the devices in the cluster, the surrounding environment profile is modified for the cluster of devices in order to defend all devices in the cluster from the cyberattack.

Abstract: Disclosed herein are systems and methods for determining a coefficient of harmfulness of a file using a trained learning model. In one aspect, an exemplary method includes forming a first vector containing a plurality of attributes of a known malicious file. A learning model is trained using the first vector to identify a plurality of significant attributes that influence identification of the malicious file. A second vector is formed containing a plurality of attributes of known safe files. The learning model is trained using the second vector to identify attributes insignificant to the identification of the malicious file. An unknown file is analyzed by the learning model. The learning model outputs a numerical value identifying a coefficient of harmfulness relating to a probability that the unknown file will prove to be harmful.