Algorithms for detecting and eliminating interference attacks in information systems

Abtract. This article discusses the problems of fast algorithms for detecting and eliminating interference attacks, which is an actual problem of information reliability of control systems. Active algorithms of this type are essential in protecting telemetry systems from presentation attacks. With the progress of information technology, many traditional methods of detecting attacks have lost their relevance. Instead, they require interactive methods that achieve state-of-the-art results. The paper considers variants of fast algorithms that provide the required efficiency of the detection and elimination of interference attacks. Existing fast recognition systems were based on selectable characteristic properties of interference, such as: tracking in certain dynamic ranges gives correct results in some cases, but is useless for combating deliberate jamming attacks. Examples of algorithms based on the use of options for controlling automatic manipulators with program cycles are considered, taking into account the features of a real action. Improving reliability under the influence of spurious interference, when there is an interference of an informational nature through communication channels, through radio channels in certain frequency ranges, as well as from interference and distortion in optoelectronic networks and other influences that violate the safe conditions for the operation of telecommunications equipment. A comparative analysis has been carried out with system variants having similar technological characteristics, in particular, when controlling manipulators operating as part of automatic complexes.


Introduction
The purpose of the work is to study the possibility of improving the reliability and speed of algorithms for automatic control of manipulation systems using information from sensor devices.The object of the study is to identify control boundaries on devices under conditions of intentional optical and electronic interference in transmission channels.In addition, it was taken into account that in real technological conditions, network sources of interference appear through communication channels, wired and wireless channels of telecommunication systems, through radio channels in various radio technical bands.These interferences violate the conditions for accurate and safe operation of sensor devices, electronic and electromechanical technology, as well as characteristics.Modern means of information transmission are quite complex.In the work, an isolated monitoring system was developed.A monitoring system has been developed that allows you to collect information about the parameters of network devices, notify engineers about incidents on the network.The problems of protection of spurious electromagnetic radiation and pickups, their attacks on the current-carrying structures of information systems, lines and technical means connected to them from radiation and pickups, are currently relevant, as they were decades ago, when communication facilities were just beginning to develop.There are so many sources of radiation everywhere that it is very difficult to sort through the clusters of thousands of signals and single out potentially vulnerable ones without advanced technology [1].Measurements show that up to 20 thousand or more accidental and intentional radio and electromagnetic interference with radiation in a wide frequency range "intersect" existing telecommunication systems [2]. Figure 1 shows typical information leakage channel

Materials and methods
The technical channel of information leakage is a combination of an object, the physical environment for the propagation of an informative signal and information radiation receivers.As a rule, the following diagrams of the components of this information leakage channel are formed for spurious electromagnetic radiation and interference (Figure 2) and for radiation and interference (Figure 3).EMR sources are all lines and devices in which certain electrical signals are present, all cables that are part of an automatic system significantly affect radiation, because they actually act as antennas.moreover, as practice shows, a lot depends on the quality of the performance of a particular cable, and the length also obviously affects.Automatically complex systems with a large number of information display devices (monitors, projectors, TVs) connected via KVM switches create such a level of EMP signals that you have to think about laying video cables, shortening their length, installing additional noise generators.Another practical example is the difference in signals when connecting USB drives to the front panel of the system unit and to the ports on the rear panel.The output of ports on the front panel inside the system unit is carried out through a cable, and this is an antenna, which leads to a significant difference in the levels of EMI signals.Based on the examples given, it can be clearly concluded that the composition of the connecting cables, options for connecting external devices, and the modes of operation of the elements must be strictly and without fail taken into account.
Therefore, in the process of conducting research on EMR, as well as in the operation of an automatic system, they should be given special attention.It should also be taken into account that the system unit, on the contrary, has a shielding effect on the sources of EMP signals.Conventionally, the entire spectrum of radiation can be divided into potentially informative and non-informative radiation.The set of components of the EMP spectrum, generated by the flow of currents in circuits through which signals containing confidential information are transmitted, is, as a rule, potential-informative radiation.Non-informative EMR sources usually include those devices, interfaces and lines that are in no way connected with the processing, storage and transmission of confidential information.For example, radiation from the power supply of the system unit or monitor.Also does not apply to informative radiation from the interfaces connecting the "mouse" manipulators.The coordinates of moving and pressing the mouse buttons in most cases do not carry any information.For a personal computer, potentially informative EMPs are radiation generated by the following circuits: ⎯ keyboard (USB or PS/2 interfaces); ⎯ video path (monitor, cables, video adapter, KVM switch; D-SUB(VGA) or DVI, as well as internal interfaces for forming an image on the monitor screen (LVDS); ⎯ HDD/SSD (SATA, IDE interface automatically system is not considered due to its large bit depth, also it is almost never found); ⎯ USB drives (flash drives, card readers, external HDDs, external optical drives, etc. using the USB interface); ⎯ optical drives (also only with SATA interface); ⎯ peripheral devices (printers, scanners, etc., most often USB, but sometimes LPTs are still encountered); ⎯ network equipment (Ethernet).
In almost every digital device, there are circuits that perform auxiliary functions, through which signals containing sensitive information will never be transmitted.The radiation generated by the flow of currents in such circuits is safe in terms of information leakage.For such radiations, the term non-informative radiations is quite suitable.From the point of view of information protection, non-informative radiation can play a positive role, acting in the event of a coincidence of the range of the automatic system, which interferes with the reception of informative EMR (the term "mutual interference" is found in the literature).For a personal computer, non-informative PEMI are radiation generated by the following circuits: ⎯ synchronization signal generation and transmission circuits (south and north bridges); ⎯ circuits forming the control bus and system bus address bus; ⎯ circuits that transmit hardware interrupt signals; ⎯ internal circuits of the computer's power supply, etc. Fundamentally informative radiation from a PC can be attributed to radiation generated by the following circuits: ⎯ the circuit that carries signals from the keyboard controller to the port input-output on the motherboard; ⎯ The circuits that carry the video signal from the video adapter to the monitor.Recovery of information when intercepting radiation from the circuits through which the video signal is transmitted is one of those cases when, when using a multi-bit (at least three bits for a color monitor) parallel code, the information presentation format allows you to restore most of the automatic system.Between the source of confidential information in the circuit of data processing devices and the power network, there may be 4 types of electromagnetic connections through: ⎯ electric field; ⎯ magnetic field; ⎯ electromagnetic field; ⎯ wires connecting electrical circuits.To protect information from leakage through communication channels, it is advisable to reduce the signal-to-noise ratio.The reduction can be carried out by using automatically a system of passive and / or active methods and means of protection.The active method consists in overlapping the useful signal with more powerful noise.This method of protection is carried out in hardware through special devices, the so-called "Noise Generator".Noise generators intentionally create powerful electromagnetic emissions that have no informative value and make it difficult or impossible to analyze the useful signal relative to ambient noise (Figure 4).The figures below show spectrograms of radiation at a frequency of 128 MHz with the PC turned off (Figure 5)and with the PC running (Figure 6).For example, if the mode of switching on and off technical means is known, then this can lead to a side EMIN attack on other informative radiations associated with this technical means or other types of attacks.In this case, the PC synchronization signal is recorded by the spectrum analyzer at a level of -80 dBm from a distance of up to 5 meters.The actual problem of achieving effective and reliable monitoring of the controlled area is the identification of noise objects in a given direction and space.The results of diagnostics of noise objects in the control zone are shown in Figure 7.

Conclusion
The use of side EMIN methods can significantly affect the quality and protection of transmitted information, in particular, by using side EMIN attacks.The development of cryptographic means of protection creates a situation where the likelihood of using side EMINs increases to interfere with the system.To protect potentially vulnerable channels and devices, hardware is needed to investigate a wide range of emissions generated by technical means.

E3SFig. 4 .
Fig. 4. Methods of protection against information leakage through the channel radiation and interference (GKZ -the border of the controlled zone; EMP -electromagnetic radiation) Thanks to the analyzer, you can clearly see how the radiation level changes when you change the operating mode of a personal computer (PC).The figures below show spectrograms of radiation at a frequency of 128 MHz with the PC turned off (Figure5)and with the PC running (Figure6).

Fig. 7 .
Fig. 7. Graph of the dependence of the recorded information in the spectrum with radiation with a wavelength of 700 microns or more on the distance and direction to the object