• Steganographic algorithm using the different color components of a 24-bit image

    pg(s) 61-63

    The article deals with the steganography system which hides text inside images without losing data in components of RGB model The secret message is hidden in the cover image using Least Significant Bit (LSB) algorithm. The comparative results for the proposed algorithm are very promising for blue components of image. To evaluate steganography system properties are used the measures like Signalto- Noise Ratio (SNR), Peak Signal-to-Noise Ratio (PRSN), Mean Squared Error (MSE) and Structural Similarity Index for measuring (SSIM). The aim of the study is to determine whether there is a change in the qualitative characteristics of the stego image, when it is hidden the same information, but in a different color channel, to determine which color channel shows the most invisibility to others and is it advisable to be used in the transmission of confidential information.

  • Analysis of changes in the probability of an incident with information security

    pg(s) 24-27

    Risk assessments are not a one-off action, but there are no formal guidelines on when and how often a risk assessment should be performed. Changing factors affect the risk assessment parameters. The strongest influence of these changes is the probability of an accident. Examining changes in the likelihood of an accident will allow for more accurate planning of periods for checking ri sk factors and assessing risk. In this way, the assessed risk will reflect the changes that have taken place and will lead to more adequate risk management. The analysis of the influence of the changing risk factors is made with the help of a model, which is built on the basis of one asset and the accident scenarios determined for it. The model examines the characteristics of changes in the risk factors for the asset. Th e probability distribution for the random number of changes is determined. The results of the amended conditions are also random. They are expressed in a change in the level of probability of an accident. For these random variables, the main probabilistic characteristics are d etermined and dependencies are derived that can be used for analysis.

  • Some general traits of the e-cash system and a review of a compact e-cash scheme with practical and complete tracing

    pg(s) 107-110

    The e-cash methodology has its advantages compared to other payment systems and it has brought big changes to the way business is being conducted. Money becomes an intangible item and travels electronically across the world in a widely open network that might expose it to risks. This means that secure end-to-end connections are needed and many different cryptographic algorithms are used to achieve it. In this paper we will go through the main metrics that characterize them and the main properties of the e-cash system. Finally, a review of a compact e-cash scheme with practical and complete tracing will be given.

  • Web application with Python and security of the information system

    pg(s) 103-106

    The aim of the research is to develop a database management system for collecting, processing, storing and using information for the teaching of PhD students at a university using the high-level Python language.
    Studied and researched in the process of development are the main characteristics of the most widely used database management systems. The practical aspects of the design, creation and use of databases were analysed. Has been formulated the requirements to the functional capabilities of the developed database. For the development of the web-application was used Python programming language. The database model, the user interface and a set of reports were developed. A physical data model, oriented towards the design and the development of a database management system using the Python programming language was proposed. The main risks and threats to the security of information in the web-application are characterized. Guidelines for infrastructure protection are proposed.

  • Malware in Social Engineering

    pg(s) 98-102

    Internet connectivity became obligatory for the business processes in each organisation and institution. Communication over the public network infrastructure like Internet brings potential threat for the means of social engineering email letters. Recognition of such letters seems to be a problem to workers. Some malware analysis of such example scam letters is made in this research paper. Impact on computer or network systems is presented.

  • Approaching a DoS attack using change and risk management methods

    pg(s) 64-67

    The Information Technology security threats are emerging with each day passing by. The implementation of the technology into every field of society brings changes. Finding a way to manage these changes would be a success, and, by doing so, it would mitigate the risks they bring. Data transmission nowadays is unsecure like never before. Challenging is the way that should be found to cope with these kinds of evolutionary changes. Among the top threats in networks lies the DoS attack. It has been a long time since this kind of attack is around, but that doesn’t reduce the fact that this type of attacks is still dangerous and devastating. In order to cope with this kind of attack, we need to know how to manage risks and changes during a DoS attack. Because of this, it is very important that defensive mechanisms are implemented and integrated so that unauthorized access would be prevented from accessing your network or data. This refers to individuals and everyone else working in companies that are working in the field of IT, because at some point, we all share the same thing-devices (mobile phones, personal computers, devices at work, etc.). The base of the IT foundation is knowing how to protect yourself and your data. Due to this, we need to work hard and exploit every possible threat and attack from the inside out. Not only to reduce or mitigate the already occurred impact, but also to prevent these types of failures from happening in the future.

  • CMS security tips and tricks

    pg(s) 61-63

    Content management systems become more popular and due to the speed provided during the development the number of websites developed with a CMS growns extremely. This is the reason the sites developed with a CMS become a more attractive target for cybercriminals. The CMSes are divided in 2 categories: free open-source and paid. According to that categorization the security level of the system is limitless. As part of my research, we are investigating only the free tools supporting the application development process and the presented tools and softwares are only from personal experience! So for the present article, we are going to present the Umbraco CMS with its integrated security tools and some other free to use tricks in order for the system we develop to be secure.

  • Application of Digital Signatures in the Electronic System for Public Procurement in Republic of North Macedonia

    pg(s) 57-60

    The development of telecommunications and computer science has created a favorable climate regarding the increased development of electronic communication and has also led to an increase in the number of electronic documents that are being generated, stored or transmitted via computer networks. These documents are valuable but prone to manipulation by unauthorized persons that consequently leads to a need for enforced protection of the information contained in those documents from unauthorized third parties.
    Digital signatures provide required validation and verification of electronic documents and represent a series of units and zeros obtained from a particular digital signature algorithm. The article emphasizes the practical application of digital signatures in the electronic system for public procurement by introducing the manner of the electronic signing of documents depending on the application software used by users in the Republic of N. Macedonia.

  • ON THE POWER TO DETECT ERRORS OF ONE ERROR-DETECTING CODE

    pg(s) 170-173

    When messages are transmitted through the communication channel, due to the noises in the channel, they can be incorrectly transmitted. Therefore, the receiver must ensure that it has the correct message. Similarly, the data stored in the storage media due to different circumstances can be corrupted. In order to check whether the data is corrupted or to check whether the receiver received the correct message, so-called error-detecting codes are used. When using such a code, it is important to know the power of the code to detect errors. In this paper we will analyze the ability to detect errors of one such error-detecting code. We compare the error-detecting capabilities of the code in a case when a quasigroup of order 4, order 8 and order 16 is used for coding for three different lengths of the redundancy. At the end we made a conclusion about the best choice of parameters from the aspect of the ability of the code to surely detect errors.

  • CODE CONTRACTS VS INPUT VALIDATION

    pg(s) 167-169

    The unstoppable growth of security flaws makes the developers more patient in integrating different security defenses in the application development! Most of the security breaches are due to uninformed or unqualified developers! The good part is that Internet provides a large amount of rules/documentations/guidelines/tools free for use to help the developers in their work! But as the coin has two sides each web application needs to provide two parts of security flaws protection. The first level of defense is the well known protection from the outside world, called user input validation! And the second side is to ensure that the application works without a problem! Which means to protect it from inside out by integrating what is called code contracts! Even thought those two types of protection have similar purposes there is a difference which we are going to present in the research!

  • CROSS-SITE SCRIPTING ATTACKS AND THE SECURITY OF WEB APPLICATIONS

    pg(s) 163-166

    This report focuses on vulnerabilities on web-applications and web-sites from Cross-Site Scripting attacks (XSS). The different types of XSS attacks are examined: DOM-based, active and passive attacks. The spread of XSS attacks across platforms – government and financial institutions, transportation companies, hospitality and entertainment has been analyzed. Research and analysis of the security of corporate websites and their resistance to XSS attacks have been carried out. The basic guidelines for preventing valuable data theft and unauthorized access to websites and applications from XSS attacks are reviewed and systematized.

  • MACHINE LEARNING DATASETS FOR CYBER SECURITY APPLICATIONS

    pg(s) 109-112

    The main objective of this study is not to identify the best machine learning model, but instead to review the main datasets, publicly available, used to train and test security solutions that employ modern classification algorithms for anomaly detection. Hence, DARPA 1998 and KDD were studied as they were the first initiatives taken in this direction, while NSL-KDD, ISCXIDS2012 and CICIDS2017 are taken in consideration for future research because of their advantages. Personalized datasets will always bring a reasonable amount of uncertainty, especially since some feature vectors used for training remain unknown. Nevertheless, training on data specific to the protected infrastructure is more efficient, from the security point of view, than training on old attack signatures.