Modern Information Security

Title

admin admin — 2025-10-18

Title

Content

admin admin — 2025-10-18

Content

MODELING THE RESILIENCE OF ELECTRONIC COMMUNICATIONS TO HYBRID CYBERATTACKS: APPROACHES AND SCENARIO ANALYSIS OF INFRASTRUCTURE RESILIENCE

Бушков В. Г. (Bushkov V.G.) — 2025-10-22

The article explores approaches to modeling the resilience of electronic communications to hybrid cyberattacks, which
pose a growing threat to critical information infrastructure in the context of modern cyber-hybrid warfare. The main attention
is paid to the use of scenario analysis and simulation modeling as a means of studying the resilience of telecommunication
systems to combined attacks that combine technical (DDoS, routing attack, traffic interception) and information-psychological
(phishing, manipulative influence) components. A methodology for building hybrid scenarios has been developed and an
experimental environment has been created using OMNeT++, Scapy (Python) and NetEm for testing critical operating
conditions. As part of the study, several typical attacks were simulated with the fixation of quality of service (QoS), recovery
time (RTO) and structural network stability metrics. It was found that the combination of infrastructural and cognitive impact
can lead to a degradation of functionality up to 50% and a significant increase in recovery time, especially in the case of the
absence of backup channels and network segmentation. The results of the study can be used to design telecommunications
architectures with an increased level of resilience, build digital twins for preventive risk assessment, as well as form a national
regulatory framework in the field of ensuring cyber resilience of critical infrastructure.
Keywords: hybrid threats, electronic communications, attack scenarios, resilience modeling, cyber infrastructure,
network resilience, simulation.

References
1. Threat Landscape for Telecommunications [Електронний ресурс]  / European Union Agency for
Cybersecurity (ENISA). 2022. https://doi.org/10.2824/095251 (enisa.europa.eu).
2. Systems Security Engineering. Considerations for a Multidisciplinary Approach in the Engineering of
Trustworthy Secure Systems (SP 800-160) [Електронний ресурс] / National Institute of Standards and
Technology.  2018. https://doi.org/10.6028/NIST.SP.800-160v1.
3. Kott A., & Arnold C. (2022). Cognitive dimensions of cyber defense. Journal of  Cybersecurity,  8(1).  https://
doi.org/10.1093/cybsec/tyac009.
4. Chen T. M., & Robert J. M. (2019). Modeling cyber resilience. Computers  &  Security,  87,  101568. https://
doi.org/ 10.1016/j.cose.2019.101568.
5. Zhang J. (2020). Resilience in critical infrastructure. IEEE Access, 8, 179 762 - 179 775. https://doi.
org/10.1109/ACCESS.2020.3027315.
6. Zhu Q. (2021). Network games for cyber defense. ACM Computing Surveys, 54(8),  Art.  165.  https:/
/doi.org/10.1145/3417981.
7. Gill J., Sriram K., & Bush R. (2022). Routing attacks in BGP: A survey. IEEE Communications
Surveys & Tutorials, 24(4), 2454–2493. https://doi.org/10.1109/COMST.2022.3141096.
8. Liu H., Wang X., & Chen Y. (2023). Secure routing in software-defined networks. IEEE Transactions on
Network and Service Management, 20(2), 1234-1248. https://doi.org/10.1109/TNSM.2023.3267892.
9. Li Y., Kumar A., & Wang G. (2020). Quality-of-service modeling for cyber-physical systems under stress.
Future Internet, 12(8), 135. https://doi.org/10.3390/fi12080135.
10. Sterbenz J. P. G. (2020). Design principles for resilient networks. Computer Communications, 155, 1–
17. https://doi.org/10.1016/j.comcom.2020.02.001.
11. Al-Sada B., Sadighian A., & Oligeri G. (2024). MITRE ATT&CK: State of the art and way forward. ACM
Computing Surveys, 57(2), Art. 35. https://doi.org/10.1145/3687300 (dl.acm.org).
12. Resilience for Compounding and Cascading Events [Електронний ресурс] / National Academies of Sciences,
Engineering, and Medicine. – Washington, DC: NASEM, 2022. – https://doi.org/10.17226/26659 (nhess.copernicus.org).
13. Enhancing the Resilience of Health Care and Public Health Critical Infrastructure: Proceedings of a
Workshop – in Brief [Електронний ресурс] / National Academies of Sciences, Engineering, and Medicine. –
 Washington, DC: NASEM, 2025. – https://doi.org/10.17226/29081.
14. Enhancing the Resilience of the Nation’s Electricity System [Електронний ресурс] / National Academies of
Sciences, Engineering, and Medicine.  Washington, DC: NASEM, 2017.  https: // doi.org / 10.17226 /24836 (nap.
nationalacademies.org).
15. Sterbenz J. P. G., Hutchison D., Çetinkaya E. K., Jabbar A., Rohrer J. P., Schöller M., & Smith P. (2014). Resili
ence and survivability in communication networks: Strategies, principles, and survey of disciplines. Computer
Networks, 79, 112-136. https://doi.org/10.1016/j.comnet.2014.10.006.
16. Buldyrev S. V., Parshani R., Paul G., Stanley H. E., & Havlin S. (2010). Catastrophic cascade of failures in
interdependent networks. Nature, 464(7291), 1025-1028. https://doi.org/10.1038/nature08932.
17. Newman M. E. J. (2010).  Networks: An introduction. Oxford University Press.  https://doi.org/10.1093
/acprof:oso/9780199206650.001.0001.
18. Yang Z., Barroca B., Weppe A., et al. (2023). Indicator-based resilience assessment for critical infrastructures –
 A review. Safety Science, 160, 106049. https://doi.org/10.1016/j.ssci.2022.106049 (Scribd).
19. Holme P., & Saramäki J. (2012). Temporal networks. Physics Reports, 519(3),  97-125.  https: // doi.org /
10.1016/ j.physrep. 2012.03.001.
20. Cyber Deterrence and Hybrid Conflict  [Електронний ресурс]  / RAND Corporation. 2021.  https: //doi.org/
10.7249/RR2861.
21. Linkov I., Bridges T., Creutzig F., Decker E., Fox-Lent C., Kröger W., et al. (2014). Changing the resilience
paradigm. Nature Climate Change, 4(6), 407–409. https://doi.org/10.1038/nclimate2223.
22. Gamage D., Abeywardena K., Jayakody S., & Gunathillake J. (2020). Security and reliability in Internet of
Things: A survey. IEEE Communications Surveys & Tutorials, 22(3),  1168-1192.  https://doi. org/10.1109/ COMST.
2020.2998958.
23. Cárdenas A. A., Amin S., & Sastry S. (2016). Research challenges for the security of control systems.
Computers & Security, 61, 9–19. https://doi.org/10.1016/j.cose.2016.04.002.
24. Hollnagel E., Woods D. D., & Leveson N. (2019). Resilience engineering: Concepts and precepts (2nd ed.).
CRC Press. https://doi.org/10.1201/9781315600646.
25. Rinaldi S. M., Peerenboom J. P., & Kelly T. K. (2001). Identifying, understanding, and analyzing critical
infrastructure interdependencies. IEEE Control Systems Magazine, 21(6), 11–25. https://doi.org/10.1109/37.969131.
26. Ganin A. A., Pruyt E., Keisler J. M., & Linkov I. (2017). Resilience and efficiency in transportation networks.
Science Advances, 3(12), e1701079. https://doi.org/10.1126/sciadv.1701079.
27. Oughton E. J., Frias Z., van der Gaast S., & Nguyen H. Q. (2021). Evaluating 5G deployment strategies for
smart manufacturing. Computers in Industry, 127, 103471. https://doi.org/10.1016/j.compind.2021.103471.
28. Laprie J.-C., Kanoun K., & Kaâniche M. (2007). Modelling interdependencies between the electricity and
information infrastructures. Safety Science, 45(4), 457-473. https://doi.org/10.1016/j.ssci.2006.09.007.
29. Kshetri N., & Voas J. (2022). Cybersecurity for energy infrastructure: Trends and future directions. Renewable
and Sustainable Energy Reviews, 153, 111672. https://doi.org/10.1016/j.rser.2021.111672.
30. Manzano-Agugliaro F., García-Cruz A., Zapata-Sierra A., & Montoya F. G. (2020). A global review of
cybersecurity in agricultural environments. Computers and Electronics in Agriculture, 173, 105126. https:// doi.org/
10.1016/j.compag.2019.105126.
31. Paul S., Shukla A., Gupta V., & Jain S. (2019). Risk analysis for SCADA communication to enhance the
resilience of smart grids. IEEE Access, 7, 46768–46782. https://doi.org/10.1109/ACCESS.2019.2910062.
32. Bureš M., Černý M., & Králík K. (2022). Simulation of cyber‑physical attacks on water distribution systems.
Computers & Security, 116, 103044. https://doi.org/10.1016/j.cose.2022.103044.
33. Ganin A. A., & Linkov I. (2016). Operational resilience: Concepts, design, and analysis. Scientific
Reports, 6, 19540. https://doi.org/10.1038/srep19540.
34. Sterbenz J. P. G., Hutchison D., Çetinkaya E. K., Jabbar A., Rohrer J. P., Schöller M.,  & Smith P. (2013). 
Evaluation of network resilience and survivability: Strategies, principles, and metrics. Computer Networks, 57(8), 1637-
1665. https://doi.org/10.1016/j.comnet.2012.10.019.

HYBRID METHOD FOR DETECTING MALICIOUS ACTIVITY BASED ON STACKING ENSEMBLE OF CLASSIFIERS

Гайдур Г. І. (Haidur G.I.) — 2025-10-22

The article presents a hybrid method for detecting malicious activity in information systems of organizations, developed
on the basis of an ensemble approach using stacking. The proposed architecture combines classical machine learning algorithms
(SVM, Random Forest, kNN) and modern high-performance boosting models (XGBoost, LightGBM, CatBoost), while the role
of meta-classifiers is performed by logistic regression, XGBoost, Gradient Boosting and Random Forest. This approach provides
an integration of the strengths of different methods, which allows to significantly increase the classification accuracy, noise
resistance and generalization ability of the system. Particular attention is paid to data preprocessing, which includes the removal
of irrelevant features, normalization of numerical characteristics, balancing class disparity using the SMOTE algorithm,
dimensionality reduction using PCA and temporal feature engineering. The use of these methods allowed to reduce the risk of
overfitting, accelerate calculations and preserve the informativeness of key traffic characteristics. To select the optimal models,
two methods were used: building a Pareto front and heuristic filtering by the average values of the metrics, which made it
possible to ensure a balanced ratio between accuracy, F1-measure and speed. Experimental verification of the proposed approach
was carried out on one of the most representative datasets in the field of cybersecurity - CSE-CIC-IDS2018. The results obtained
showed that the accuracy was achieved at the level of 98.07%, F1-measure 96.57% and average prediction time 7.16 ms, which
meets modern requirements for IDSs capable of operating under high load conditions in real time. The proposed system
demonstrated better efficiency compared to single models, which confirms the feasibility of using hybrid ensemble methods in
cyber security tasks.
Keywords: threats, intrusion detection, hybrid classification, stacking, cybersecurity, cyber defense, machine learning,
models, malicious activity.

References
1. Гайдур,Г. І., Гахов,С. О., Гамза,Д. Є.(2024). Модель виявлення шкідливої активності в інформаційній
системі організації на основі гібридної класифікації. Сучасний захист інформації, 4(60), 30-38. DOI:
10.31673/2409-7292.2024.040003.
2. IDS 2018 | Datasets | Research | Canadian Institute for Cybersecurity | UNB. (2023, December 21). Retrieved
from https://www.unb.ca/cic/datasets/ids-2018.html.
3. Kaur, G., & Saini, H. S. (2023). Stacking ensemble learning for network intrusion detection systems.
International Journal of Computer Applications, 184(12), 15–23. DOI: 10.29130/dubited.737211
4. Cisco. (2023). Annual Cybersecurity Report. Cisco Systems. https://www.cisco.com/c/m/en_us/products/
security/cybersecurity-reports/cybersecurity-readiness-index.html.
5. Савченко В. А., Смолєв Є. С., Гамза Д. Є. Методика виявлення аномалій взаємодії користувачів з
інформаційними ресурсами організації. Сучасний захист інформації. № 4 (2023). С. 6-12 DOI: 10.31673/2409-
7292.2023.030101.
6. ENISA. (2023). ENISA Threat Landscape Report 2023. European Union Agency for Cybersecurity.
https://www.enisa.europa.eu/publications/enisa-threat-landscape-2023.
7. Murat U., Emine U., Mürsel O.(2021). A Stacking Ensemble Learning Approach for Intrusion Detection System.
Düzce University Journal of Science & Technology, 184(12), 15–23. DOI:10.29130/dubited.737211.
8. Seni, G., & Elder, J. F. (2010). Ensemble methods in data mining: Improving accuracy through combining DOI:
10.2200/S00240ED1V01Y200912DMK002.
9. Hosmer, D. W., Lemeshow, S., & Sturdivant, R. X. (2013). Applied logistic regression. Wiley. DOI:
10.1002/9781118548387.
10. Ahmed, M., Mahmood, A. N., & Hu, J. (2016). A survey of network anomaly detection techniques. Journal of
Network and Computer Applications, 60, 19–31 DOI: 10.1016/j.jnca.2015.11.016
11. Pinto, A.; Herrera, L.C.; Donoso, Y.; Gutierrez, J.A. Survey on Intrusion Detection Systems Based on Machine
Learning Techniques for the Protection of Critical Infrastructure. Sensors 2023, 23, 2415, DOI: 10.3390/s23052415.

EXPERIMENTAL RESEARCH, SOFTWARE IMPLEMENTATION AND EVALUATION OF THE EFFECTIVENESS OF THE APPLICATION OF THE SOFTWARE PROTECTION METHOD BASED ON HYBRID ANALYSIS

Гапон А. О. (Gapon A.O.) — 2025-10-22

The growth of cyber threats, especially in the context of the active spread of malicious software, leads to serious
consequences, including unauthorized access to confidential systems, mass theft or loss of critical data, as well as their
encryption for the purpose of extortion. These events not only cause significant economic damage, but are also classified as
criminal offenses in many jurisdictions, which emphasizes their legal and social significance. In this context, software protection
has acquired strategic importance, especially at the stages of its development, when it is possible to proactively prevent potential
vulnerabilities. Modern methods of code analysis, in particular static and dynamic, demonstrate significant limitations in the
fight against polymorphic and metamorphic malware. Static analysis, based on signatures, is unable to effectively detect new
forms of threats due to the lag of virus databases and a high rate of false positives. Dynamic analysis, although it allows to
capture behavioral signs of malicious code, is resource-intensive, slows down the testing process and is sensitive to antiemulation techniques that hide the true nature of the threat. To overcome these problems, a hybrid code analysis method is
proposed, which synergistically combines the advantages of static, dynamic and semantic approaches. This approach provides
comprehensive threat detection based on simultaneous analysis of the code structure and its behavior during execution, which
significantly increases the accuracy of detection, reduces the number of false positives and provides a wider coverage of potential
risks. Of particular importance is its application for early detection of threats in widely used open-source libraries, where supply
chain risks are the highest. The implementation of hybrid analysis provides a significant increase in the overall level of software
security, optimization of testing costs, reduction of verification time and increased confidence in the results obtained. This
direction is especially relevant for large-scale projects with microservice architecture and intensive use of open-source components, where the need for reliable protection against evolving cyber threats is critically important. Thus, the development
and practical implementation of hybrid code analysis is of scientific and applied value in ensuring cyber resilience of modern
and promising information systems.
Keywords: malware, software protection, static code analysis, dynamic code analysis, hybrid code analysis, security
vulnerabilities, malicious patterns, polymorphic viruses, code security.

References
1. Захисний комплекс Microsoft / Що таке шкідливе програмне забезпечення? https://www.microsoft.
com/uk-ua/security/business/security-101/what-is-malware.
2. Python Type Checking. URL: https://testdriven.io/blog/python-typechecking/ (дата звернення 16.04.2024).
3. Delmas, D. (2022). Static analysis of program portability by abstract interpretation (Doctoral dissertation).
Sorbonne Université.
4. Generating and using a Callgraph, in Python. URL: https://cerfacs.fr/coop/pycallgraph (дата звернення
16.04.2024).
5. Data Flow Analysis. URL: https://www.codingninjas.com/studio/library/data-flow-analysis (дата звернення
16.04.2024).
6. Python Control Flow Statements and Loops. URL: https://pynative.com/python-control-flow-statements/ (дата
звернення 16.04.2024).
7. Akhtar, M. S., & Feng, T. (2022). Malware analysis and detection using machine learning algorithms.
Symmetry, 14(11), 2304. URL: https://doi.org/10.3390/sym14112304 (дата звернення 16.04.2024).
8. Monat, R., Ouadjaout, A., Miné, A. (2021). A Multilanguage Static Analysis of Python Programs with Native
C Extensions. In: Drăgoi, C., Mukherjee, S., Namjoshi, K. Static Analysis. SAS 2021. Lecture Notes in Computer
Science(), vol 12913. Springer, Cham. URL: https://doi.org/10.1007/978-3-030-88806-0_16.
9. Infographic Open source linters, tools for code analysis 2021. URL: https://www.promyze.com/open-sourcelinters-2021/ (дата звернення 16.04.2024).
10. Vassallo, C., Panichella, S., Palomba, F., et al. (2020). How developers engage with static analysis tools in
different contexts. Empirical Software Engineering, 25, 1419-1457.
11. B. Chess and G. McGraw, “Static analysis for security,” in IEEE Security & Privacy, vol. 2, no. 6, pp. 76-79,
Nov.-Dec. 2004, doi: 10.1109/MSP.2004.111.
12. Лаптєв, О. А., Колесник, В. В., Ровда, В. В., & Половінкін, М. І. Метод підвищення захисту особистих
даних за рахунок синтезу резильєнтних віртуальних спільнот. 2024. Сучасний захист інформації. 4(60). С. 141-
146. https://doi.org/10.31673/2409-7292.2024.040015.
13. Лаптєв О.А., Марченко В.В. Застосування завад для захисту інформації від витоку радіоканалом.
Сучасний захист інформації. 2025. №1. С.89-97. https://doi.org/10.31673/2409-7292.2025.013057.
14. Дробик О. В., Лаптєв О. А., Пархоменко І. І., Богуславська О. В., Пепа Ю. В., Пономаренко В. В.
Розпізнавання радіосигналів на основі апроксимації спектральної функції у базисі передатних функцій
резонансних ланок другого порядку. Сучасний захист інформації. 2024. №2. С.13-23. https://doi.org/
10.31673/2409-7292.2024.020002.
15. Аль-Дальваш А., Петченко М.В., Лаптєв О.А. Метод детектування цифрових радіосигналів за
допомогою диференціального перетворення. Сучасний захист інформації. 2025. №1. С.285-291. https://doi.org/
10.31673/2409-7292.2025.014329.

ANALYSIS OF PREREQUISITES FOR ENSURING RESOURCE CONSENSUS WHEN PERFORMING STEGANOGRAPHIC DATA INSERTION PROCEDURES

Honcharov M. O. (Гончаров М.О.) — 2025-10-22

In the conditions of sustainable growth in the complexity and multi-vector nature of modern cyber threats, digital
steganography continues to play an important role in ensuring data confidentiality [1-4] in information systems (IS) that
operate in conditions of resource limitations. The relevance of this direction emphasizes the need to create energy-efficient
steganographic algorithms that combine content resistance to hacking and low computational complexity. Experiments
confirmed the assumption that the procedure of preliminary content smoothing improves the starting conditions for the
formation of series of basic blocks (BB) of source images (in this case, content), minimizing the number of procedures at
the stage of their encoding with conversion. The introduction of these procedures reduces the consequences of fluctuation
«noise» in low-information areas of images and improves the computational complexity indicator of the processing
algorithm. Following the test trials results, preliminary assessments of their performance were obtained: - in terms of
execution time, PSNR indicator, and the number of BBs formed. The ability to flexibly configure preprocessing
parameters [1,5] allows the smoothing process to be adapted to different types of data (statistical properties of content),
ensuring a controlled level of visual distortion in the conditions of existing resource limitations of the hardware platforms
used. In practical terms, such consequences are extremely useful, especially in conditions of multitasking and/or a scarcity
of residual battery capacity in gadgets. This ensures high flexibility and efficiency of the steganography process, even in
the conditions of limited resources of the base device and/or system. The modeling performed allows to speak about good
prospects for further implementation of the considered data processing mechanisms into the structure of specialized
steganographic algorithms included in the group of mobile applications. The results obtained contribute to the further
improvement of the concept of low-resource steganography and form perspective directions for further research.
Keywords: steganography, run-lengths encoding, images, basic block, encapsulation, computational complexity;
resource consensus.

References
1. Конахович, Г., Прогонов, Д., & Пузиренко, О. (2018). Комп’ютерна стеганографічна обробка й аналіз
мультимедійних даних : підручник. Київ: Центр навчальної літератури.
2. Fridrich, J. (2009). Steganography in Digital Media: Principles, Algorithms, and Applications. Cambridge:
Cambridge University Press.
3. Yahya, A. (2019). Steganography techniques for digital images. Springer International Publishing.
4. Hassaballah, M. (2020). Digital Media Steganography: Principles, Algorithms, and Advances. Academic Press.
5. Гончаров, М. О., & Малахов, С. В. (2021, 21–23 квітня). Моделювання процедур підготовки даних
стеганоалгоритма з багаторівневим мультиплексуванням контенту. Комп’ютерне моделювання в наукоємних
технологіях (КНМТ-2021): матеріали 7-ї міжнар. наук.-техн. конф. Харків: ХНУ ім. В. Н. Каразіна, 118–122. URL:
http://surl.li/axsna.
6. Honcharov, M., & Malakhov, S. (2024). MODELING ATTEMPTS OF UNAUTHORIZED EXTRACTION OF
STEGANOCONTENT UNDER DIFFERENT COMBINATIONS OF DATA KEY-EXTRACTOR. Collection of
Scientific Papers «ΛΌГOΣ», (March 1, 2024; Paris, France), 234-245. DOI: 10.36074/logos-01.03.2024.053.
7. Shih, F. Y. (2020). Digital watermarking and steganography. Boca Raton: CRC Press.
8. Fuad, M., & Ernawan, F. (2020). Video steganography based on DCT psychovisual and object motion. Bulletin
of Electrical Engineering and Informatics, 9(3), 1015–1023. DOI: 10.11591/eei.v9i3.1859
9. Гончаров, Н., Лесная, Ю., & Малахов, С. (2022). Адаптация принципа кодирования длин серий для
противодействия попыткам неавторизованной экстракции стеганоконтента. Grail of Science, (17), 241-247. DOI:
10.36074/grail-of-science.22.07.2022.042.
10. Honcharov, M., & Malakhov, S. (2023). Adaptive modification of the output array of basic blocks series as а
mechanism to counteract unauthorized extraction of the staganocontent. Science and technology today, 8(22), 336-352.
DOI:10.52058/2786-6025-2023-8(22)-336-352.
11. Малахов, С., Колованова, Є., & Гончаров, М. (2023). ОСОБЛИВОСТІ НЕСАНКЦІОНОВАНОЇ
ЕКСТРАКЦІЇ СТЕГАНОКОНТЕНТУ ПРИ ЗМІНАХ ПРОСТОРОВОГО ПОЗИЦІЮВАННЯ ОПОРНИХ БЛОКІВ
КОНТЕНТУ. Collection of Scientific Papers «ΛΌΓOΣ», (May 26, 2023; Boston, USA), 152–157. DOI: 10.36074/logos26.05.2023.041
12. Pratt, W. K. (1978). Digital Image Processing. John Wiley & Sons.
13. Honcharov, M., Pavlova, L., & Lesnaya, Y. (2022). Modeling steganocontent extraction attempts with different
lengths stack sampling series of images blocks. Computer Science and Cybersecurity, (2), 22-27. DOI: 10.26565/2519-
2310-2022-2-02

AGILE APPROACH TO THE IMPLEMENTATION OF THE METHODOLOGY OF DATA COLLECTION, PROCESSING, STORAGE AND CLASSIFICATION IN ACCORDANCE WITH SOC2 TYPE2 REQUIREMENTS

Дейнека О. Р. (Deineka O.R.) — 2025-10-22

The issues related to compliance with the SOC 2 Type 2 standard when managing data in cloud environments are
considered. The work focuses on such key aspects as building a Medallion architecture, implementing access control, and
automating data classification processes. It is studied that one of the main requirements is the complexity of integrating SOC 2
with Agile processes and the high threshold of entry for organizations without deep expertise in AI and DevOps. In addition,
the dangers are posed by the shortcomings of traditional classification methods, which do not always take into account the
semantic context and require significant resources for scaling. It is also important to obtain the risks associated with the
inconsistency of encryption policies and the lack of effective monitoring. The use of LLM models integrated into Microsoft
Azure Fabric allows you to automate classification, increase the accuracy of entity detection, and provide multi-level access
control. The proposed architecture is due to the flexibility of Agile and the strictness of the SOC 2 Type 2 regulatory
requirements, which ensures constant compliance with the standard even in dynamic environments. Additionally, the use of the
Scrum approach allows for increased implementation of architecture components with regular auditing and process
transparency. Based on the most common problems that companies face when preparing for a SOC 2 audit, the main threats and
ways to minimize them were analyzed. The study considered both technological aspects (ETL, OneLake, Power BI, Data
Activator) and organizational ones (role distribution, sprint management). The analysis showed that the key difficulties are
associated with ensuring continuous monitoring, compliance with access policies and audit transparency. Taking these
challenges into account, recommendations have been developed for implementing databases on Azure Fabric and Azure AI
Foundry using Agile-praktic. Using iterative approaches, regular testing of controls, and integration of automated tools can
significantly reduce the risk of SOC 2 Type 2 non-compliance. In addition, an organization can improve data management
efficiency and provide customer trust to account for process transparency, continuous auditing, and adaptive architecture.
Keywords: SOC 2 Type 2, Agile, Scrum, Microsoft Azure, Medallion Architecture, OneLake, Fabric Data Factory,
Power BI, Data Activator, LLM, data classification, encryption, auditing, access control.

References
1. The Art of Service, SOC 2 Type 2 Report: A Complete Guide, 2020 Edition, 2020.
2. Deineka O., Harasymchuk O., Partyka A., Obshta A., Application of LLM for assessing the effectiveness and
potential risks of the information classification system according to SOC 2 type II, CEUR Workshop Proceedings, 2025.
3. Deineka O., Harasymchuk O., Partyka A., Kozachok V., Information classification framework according to SOC
2 Type II, CEUR Workshop Proceedings, 2024.
4. Deineka O., Harasymchuk O., Partyka A., Obshta A., Korshun N., Designing Data Classification and Secure
Store Policy According to SOC 2 Type II, CEUR Workshop Proceedings, 2024.
5. Ozdemir S., Quick Start Guide to Large Language Models: Strategies and Best Practices, 2023.
6. Armbrust M., Ghodsi A., Xin R., Zaharia M., Lakehouse: A New Generation of Open Platforms that Unify Data
Warehousing and Advanced Analytics, CIDR, 2021.
10. Martseniuk Y., et al.: Shadow IT risk analysis in public cloud infrastructure // CEUR Workshop Proceedings.
2024, 3800, pp. 22-31.
11. Martseniuk Y., et al.: Universal centralized secret data management for automated public cloud provisioning //
CEUR Workshop Proceedings. – 2024, 3826, pp. 72–81.
12. Shevchuk D., et al.: Designing Secured Services for Authentication, Authorization, and Accounting of Users //
CEUR Workshop Proceedings, 2023, 3550. pp. 217-225.
13. Microsoft, Azure Documentation, [Online]. Available: https://docs.microsoft.com/en-us/azure/.
14. Microsoft, SharePoint Documentation, [Online]. Available: https://learn.microsoft.com/en-us/sharepoint.
15. Microsoft, OneDrive Documentation, [Online]. Available: https://learn.microsoft.com/en-us/onedrive.
16. Microsoft, Power BI Documentation, [Online]. Available: https://learn.microsoft.com/en-us/power-bi/.
17. Schwaber, K., & Sutherland, J. The Scrum Guide: The Definitive Guide to Scrum. Scrum.org, 2020.
https://scrumguides.org/download?utm_source=chatgpt.com.
18. Cohn, M. Succeeding with Agile: Software Development Using Scrum. Addison-Wesley, 2009. ISBN-10:
0321579364; ISBN-13: 978-0321579362.
19. Beck, K. et al. Manifesto for Agile Software Development. Agile Alliance, 2001.
20. Rubin, K. S. Essential Scrum: A Practical Guide to the Most Popular Agile Process. Addison-Wesley, 2012.
21.Kniberg, H. Scrum and XP from the Trenches. InfoQ, 2007. https://scrumexpansion.org/scrum-guideexpansion-pack/?utm_source=chatgpt.com.

SITUATION-ORIENTED SECURITY MANAGEMENT SYSTEMS BASED ON A UNIFIED MATRIX MODEL: A LOGICAL-LINGUISTIC AND INTERDISCIPLINARY APPROACH

Домарєв В. В. (Domarev V.V.) — 2025-10-25

The article substantiates the concept of using a unified matrix model as a basis for creating situation-oriented security
management systems (SMS) in conditions of complex multi-level threat dynamics. A methodology for formalizing the structural and functional components of the SMS is developed based on logical-linguistic constructs and inter-sectoral matrices that reflect
the relationships between management entities, security objects, types of threats, forms of risk, response policies and tools for
implementing protective measures. Five stages of situational management are distinguished - threat detection, risk assessment,
identification of alternatives, decision-making and performance control - which are presented in the form of a typical cycle of
management action. An architecture for information integration of the unified model into decision support systems (DSS) and
situational centers as part of the nationwide response network is proposed. An example of practical implementation of the model
for a scenario of an inter-sectoral threat in the critical infrastructure sector with a multidimensional assessment of effectiveness
is demonstrated. The results obtained confirm the feasibility of further development of a systemic approach to situational
management, focused on proactive threat detection and adaptive response in conditions of hybrid danger and increasing
complexity of the security environment.
Keywords: situational management, unified matrix model, security system, critical infrastructure, inter-sectoral threat.

References
1. Domarev, V. V. (2004). Bezpeka informatsiinykh tekhnolohii: Systemnyi pidkhid [Information-technology
security: A systems approach]. TID “Diasoft”. https://nvd.luguniv.edu.ua/archiv/NN9/10plvvas.pdf (arxiv.org).
2. Domarev, V. V. (2002). Bezpeka informatsiinykh tekhnolohii: Metodolohiia stvore nnia system zakhystu
[Information-technology security: Methodology for building protection systems]. TID “DS”. https://www.
bsut.by/images/MainMenuFiles/Obrazovanie/Studentam/eumkd/et/euk_56_029/ch1/ch1_1/ch1_1_1.pdf (bsut.by).
3. Domarev, V. V., & Domarev, D. V. (2012). Upravlinnia informatsiinoiu bezpekoiu v bankivskykh ustanovakh:
Teoriia i praktyka vprovadzhennia standartiv serii ISO 27k [Information-security management in banking institutions:
Theory and practice of ISO 27k implementation]. Velstar. https://www.old.nas.gov.ua/siaz/ Ways_of_development_of_
Ukrainian_science/article/12068.001.pdf.
4. National Bank of Ukraine. (2010). DSTU SUIB 1.0/ISO/IEC 27001:2010. Informatsiini tekhnolohii. Metody
zakhystu. Systema upravlinnia informatsiinoiu bezpekoiu. Vymohy (ISO/IEC 27001:2005, MOD). https://kyianyn.files.
wordpress.com/2010/12/nbu-27001.pdf (scispace.com).
5. National Bank of Ukraine. (2010). DSTU SUIB 2.0/ISO/IEC 27002:2010. Informatsiini tekhnolohii. Metody
zakhystu. Zvid pravyl dlia upravlinnia informatsiinoiu bezpekoiu (ISO/IEC 27002:2005, MOD). https://sbyte.com/useful/27002.pdf (scispace.com).
6. National Bank of Ukraine. (2011, March 3). Lyst № 24112/365: Metodychni rekomendatsii shchodo
vprovadzhennia systemy upravlinnia informatsiinoiu bezpekoiu ta metodyky otsinky ryzykiv vidpovidno do standartiv
NBU [Letter No. 24112/365: Guidelines for ISMS implementation and risk assessment]. https://bank.gov.ua
(bank.gov.ua).
7. Domarev, V. V. (2004). Otsinka efektyvnosti system zakhystu informatsii [Evaluation of the effectiveness of
information-protection systems]. Problemy zakhystu informatsii. Retrieved from https://pgf.udpu.edu.ua/wpcontent/uploads/2019/12/РП-Інформаційна-безпека.pdf (pgf.udpu.edu.ua).
8. Domarev, D. V., & Domarev, V. V. (2011). Information security management system “Matrix” based on system
approach. Problemy informatyzatsii ta upravlinnia, 2(34), 36-39. https://doi.org/10.18372/22255036.19.4706.
9. Moroz, O. Ya. (1972). Lohiko-hnoseolohichnyi analiz pryntsypiv kybernetychnoho modeliuvannia [Logicalgnoseological analysis of cybernetic-modeling principles]. Naukova dumka. https://iino.knuba.edu.ua/.../Філософія.pdf
(iino.knuba.edu.ua).
10. Shengeriy, L. M. (2007). Ihrova skhema ratsionalnosti: Lohiko-analitychne modeliuvannia vzaiemodii
subiektiv [The game scheme of rationality: A logical-analytical modeling of subject interaction]. Filosofski obryi, 18,
129-141. https://harvester.nas.gov.ua/Record/irk-123456789-73475 (harvester.nas.gov.ua).
11. Bezshtanko, V. (2006). Tsykl vprovadzhennia systemy upravlinnia informatsiinoiu bezpekoiu [Cycle of
information-security management system implementation]. Pravove, normatyvne ta metrologichne zabezpechennia
systemy zakhystu informatsii v Ukraini, 2(13), 123–126. https://ela.kpi.ua/handle/123456789/10974 (ela.kpi.ua).
12. Kharchenko, V., Pechevysty, R., Alexeiev, O., & Karapetyan, S. (2020). Selection of a system of indicators
characterizing the effectiveness of the flight safety management system. Proceedings of the National Aviation University,
84(3), 14–18. https://doi.org/10.18372/2306-1472.84.14948 (jrnl.nau.edu.ua).
13. Ostriakova, V. Yu. (2017). Formuvannia systemy upravlinnia informatsiinoiu bezpekoiu pidpryiemstv
[Formation of the enterprise information-security management system] (Candidate’s thesis). Kyiv National University of
Technologies and Design. https://er.knutd.edu.ua/handle/123456789/8187 (er.knutd.edu.ua).
14. Ananchenko, O. Ye. (2016). Pytannia formuvannia orhanizatsiinoi struktury systemy upravlinnia
informatsiinoiu bezpekoiu pidpryiemstva [Issues of forming the organizational structure of an enterprise informationsecurity management system]. Suchasnyi zakhyst informatsii, 1, 79-83. https://journals.dut.edu.ua/index.php/ dataprotect/
article/view/536 (journals.dut.edu.ua).
15. Lysenko, S. O. (2023). Rozvytok systemy derzhavnoho upravlinnia informatsiinoiu bezpekoiu na suchasnomu
etapi [Development of the state information-security management system at the present stage]. Law and Public
Administration, (1), 53-60. https://doi.org/10.32782/pdu.2023.1.53 (researchgate.net).
16. Medvid, V. Yu., Pravdyvets, O. M., & Kryvchun, R. Yu. (2023). Teoretyko-metodychni zasady formuvannia
systemy upravlinnia informatsiinoiu bezpekoiu pidpryiemstva [Theoretical and methodological principles for forming an
enterprise information-security management system]. Agrosvit, 1, 24–30. https://doi.org/10.32702/2306-6792.2023.1.24
(dspace.krok.edu.ua).
17. Mykolaychuk, M., & Popov, M. (2025). Udoskonalennia systemy instrumentiv upravlinnia bezpekoiu Ukrainy
na rehionalnomu rivni [Improvement of the system of management tools for Ukraine’s security at the regional level].
Natsionalni Interesy Ukrainy, 3(8), 232–251. https://doi.org/10.52058/3041-1793-2025-3(8)-232-251 (researchgate.net).
18. Koryeeva, N. H. (2020). Formuvannia suchasnoi systemy upravlinnia informatsiinoiu bezpekoiu viiskovoi
chasty [Formation of the modern information-security management system of a military unit] (Master’s thesis). Chernihiv
National Technological University. https://ir.stu.cn.ua/handle/123456789/19964 (ir.stu.cn.ua).
19. Baranova, O. A., Shtefan, D. Yu., & Shvetsov, V. M. (2013). Informatsiina model avtomatyzovanoi systemy
upravlinnia informatsiinoiu bezpekoiu sudna [Information model of an automated ship information-security management
system]. Proceedings of the III All-Ukrainian Scientific-Practical Conference “Modern Problems of Information Security
in Transport” (pp. 1–5). Mykolaiv: National University of Shipbuilding. https://eir.nuos.edu.ua/handle/123456789/1218
(eir.nuos.edu.ua).
20. Tereshchenko, L. O. (2021). Upravlinnia ryzykamy informatsiinykh system: etapy protsesu upravlinnia
ryzykamy [Risk management of information systems: Stages of the risk-management process]. Ekonomika ta Suspilstvo,
(31), Article 12. https://doi.org/10.32782/2524-0072/2021-31-12 (economyandsociety.in.ua).
21. Beliachenko, V. V., Bobrov, S. V., & Utiushev, M. K. (2021). Upravlinnia ryzykamy stvorennia elementiv
avtomatyzovanykh system upravlinnia [Risk management in the development of automated control-system elements].
Zbirnyk naukovykh prats Tsentru voienno-stratehichnykh doslidzhen Natsionalnoho universytetu oborony Ukrainy im. I.
Cherniakhovskoho, 3(70), 101–106. https://doi.org/10.33099/2304-2745/2020-3-70/101-106.
22. Dodon, O. D., & Kovalenko, O. O. (2022). Modeli informatsiinykh system upravlinnia personalom [Models
of human-resource-management information systems]. Efektyvna ekonomika, (11). https://doi.org/10.32702/2307-
2105.2022.11.22.
23. Netreba, I. (2014). Etapy rozvytku informatsiinykh system upravlinnia pidpryiemstvom [Stages of
development of enterprise-management information systems]. Formuvannia rynkovoi ekonomiky v Ukraini, 31(2), 82–
85. https://irbis-nbuv.gov.ua/.../Nvmgu_eim_2015_10_27.pdf (irbis-nbuv.gov.ua).
24. Semenyuk, A. Ya. (2009). Rozvytok standartiv informatsiinykh system dlia upravlinnia pidpryiemstvom
[Development of standards for enterprise-management information systems]. Naukovyi visnyk Uzhhorodskoho
natsionalnoho universytetu. Seriia Ekonomika, 28(2), 143–148. https://dspace.uzhnu.edu.ua/jspui/handle/lib/52105
(dspace.uzhnu.edu.ua).
25. Netreba, I. O. (2013). Pidkhody do klasyfikatsii informatsiinykh system upravlinnia pidpryiemstvom
[Approaches to the classification of enterprise-management information systems]. Formuvannia rynkovykh vidnosyn v
Ukraini, (4), 137–140. https://irbis-nbuv.gov.ua/.../frvu_2013_4_33 (irbis-nbuv.gov.ua).
26. Bezborodova, T. V. (2007). Peredumovy ta etapy formuvannia korporatyvnykh informatsiinykh system
upravlinnia [Preconditions and stages of forming corporate-management information systems]. Ekonomika ta derzhava,
(10), 41–44. https://www.economy.nayka.com.ua/?op=1&z=674 (economy.nayka.com.ua).
27. Solovyiov, V. M., Serdiuk, O. A., & Danylychuk, G. B. (2016). Modeliuvannia skladnykh system [Modeling
of complex systems]. Vydavets O. Yu. Vovchok. https://doi.org/10.31812/0564/1065.
28. Solovyiov, V. M. (2017). Universalnyi instrumentarii modeliuvannia skladnykh system [Universal toolkit for
modeling complex systems]. New Computer Technology, 15, 10–14. https://doi.org/10.55056/nocote.v15i0.617.
29. Bratushka, S. M. (2009). Imitatsiine modeliuvannia yak instrument doslidzhennia skladnykh ekonomichnykh
system [Simulation modeling as a tool for studying complex economic systems]. Visnyk Ukrainskoi akademii bankivskoi
spravy, 2(27), 113–118. http://essuir.sumdu.edu.ua/handle/123456789/55242 (essuir.sumdu.edu.ua).
30. Khimich, O. M. (2018). Superkomp’iuterni tekhnolohii ta matematychne modeliuvannia skladnykh system
[Supercomputer technologies and mathematical modeling of complex systems]. Visnyk Natsionalnoi akademii nauk
Ukrainy, (5), 69–72. https://irbis-nbuv.gov.ua/.../vnanu_2018_5_21 (irbis-nbuv.gov.ua).

INCREASING THE EFFICIENCY OF THE STEGANOGRAPHIC SYSTEM THROUGH THE USE OF IMAGE PROCESSING METHODS

Журавель Ю. І. (Zhuravel Yu.I.) — 2025-10-25

The development of computer networks has led to an increase in the volume of information transmitted over them and,
quite often, requires protection from unauthorized access. Along with cryptographic methods, steganographic methods of hiding
information are actively developing. The effectiveness of a steganographic system depends on many factors. Among them, the
semantic content of the stegocontainer image and the methods of implementing the algorithm itself should be highlighted. To a
much lesser extent, the scientific literature has paid attention to the study of the influence of stegocontainer processing methods
on the effectiveness of the stegosystem. This work proposes a modified generalized model of a steganographic system, which
contains two additional blocks - a block of improvement methods and a block of reference efficiency criteria. Before hiding, the
stegocontainer is processed by pre-processing methods – improvement, dynamic range correction, noise removal, etc. and
checked for compliance with the efficiency criteria of stegosystems. The approximate values of the listed efficiency criteria are
obtained on the basis of statistical data. As a result of the conducted research, it was confirmed that the methods of hiding in the
frequency domain (DCT, YASS) are more effective compared to the methods of embedding in the spatial domain (LSB).
Methods using neural networks (CNN, U-Net) are even more effective. Experimental modeling of the influence of noise and
blurring of the stegocontainer on the main parameters of the efficiency of the steganosystem using the LSB algorithm was
carried out. It was established that the method of embedding in the least significant bit, due to the adaptability of concealment,
provides high visual quality of images even after embedding a large text message and in the presence of blurring. Impulse noise
significantly reduces the visual quality of perception. Also, the preservation of hidden information is negatively affected by
information compression, especially in the case of using embedding methods in the spatial domain.
Keywords: steganosystem efficiency, image processing, information protection, neural networks, spatial and frequency
domain.

References
1. Журавель Ю. І., Мичуда Л. З. Підвищення ефективності стеганографії через застосування методів
покращання зображень та моделей штучного інтелекту // Сучасний захист інформації. 2025. № 2(62). С. 59–67.
DOI: 10.31673/2409-7292.2025.023202.
2. Gonzalez R., Woods R. Digital image processing. 2nd ed. NJ: Prentice Hall, 2002.
3. Салімонович А. О., Гармаш В. В. Метод фільтрації цифрових зображень на основі білатерального
фільтру : дис. … д-ра техн. наук. Вінниця : ВНТУ, 2024.
4. Gao C., Song C., Zhang Y., Qi D., Yu Y. Improving the performance of infrared and visible image fusion based
on latent low-rank representation nested with rolling guided image filtering // IEEE Access. 2021. Vol. 9. P. 91462-91475.
5. Zhang D., He Z., Zhang X., Wang Z., Ge W., Shi T., Lin Y. Underwater image enhancement via multi-scale
fusion and adaptive color-gamma correction in low-light conditions // Engineering Applications of Artificial Intelligence.
2023. Vol. 126. Article ID 106972.
6. Cai Y., Bian H., Lin J., Wang H., Timofte R., Zhang Y. Retinexformer: One-stage retinex-based transformer for
low-light image enhancement // Proc. IEEE/CVF Int. Conf. on Computer Vision. 2023. P. 12504-12513.
7. Shah M., Khan M., Khan S. S., Ali S. Multi-Focus Image Fusion using Unsharp Masking with Discrete Cosine
Transform. 2023. [Електронний ресурс].
8. Halidou A., Mohamadou Y., Ari A. A. A., Zacko E. J. G. Review of wavelet denoising algorithms // Multimedia
Tools and Applications. 2023. Vol. 82, No. 27. P. 41539-41569.
9. Zhang C., Yen K. S. A Refined First-Order Sparse TGV Model with L1 Norm Data Fidelity for Enhanced
Image Denoising // Int. Symp. on Systems Modelling and Simulation. Singapore : Springer Nature Singapore, 2024. P. 1-
13.
10. Alnuaimy A. N., Jawad A. M., Abdulkareem S. A., Mustafa F. M., Ivanchenko S., Toliupa S. BM3D denoising
algorithms for medical image // 2024 35th Conf. of Open Innovations Association (FRUCT). IEEE, 2024. P. 135–141.
11. Журавель Ю. І., Мичуда Л. З. Метод кількісного оцінювання візуальної якості цифрових кольорових
зображень // Сучасний захист інформації. 2024. № 4(60). С. 39-45. DOI: 10.31673/2409-7292.2024.040004.
12. Хорошко В. О., Яремчук Ю. Є., Карпінець В. В. Комп’ютерна стеганографія. Вінниця : ВНТУ, 2017.
244 с.
13. Treder M. S., Codrai R., Tsvetanov K. A. Quality assessment of anatomical MRI images from generative
adversarial networks: Human assessment and image quality metrics // Journal of Neuroscience Methods. 2022. Vol. 374.
Article ID 109579.
14. Neißner A., Mäder U., Fiebich M. Enhancing clinical CT image quality assessment: adapting no-reference
methods NIQE and BRISQUE // Medical Imaging 2025: Physics of Medical Imaging. 2025. Vol. 13405. P. 903-911.

CYBERSECURITY RISK MANAGEMENT USING NIST CSF 2.0

Іваночко Т. А. (Ivanochko T.A.) — 2025-10-25

The article examines the issue of cybersecurity risk management using the NIST Cybersecurity Framework (CSF), which
is one of the most common and flexible tools in the field of cybersecurity. The relevance of the study is due to the rapid growth
in the complexity and frequency of cyberattacks that threaten business continuity, personal data security, and national security.
In modern conditions, organizations face the challenges of adapting to new types of threats, such as attacks on supply chains,
abuse of artificial intelligence technologies, as well as a chronic shortage of qualified personnel. A systemic approach to risk
management is proposed, based on the NIST CSF version 2.0 framework, which covers six functional domains: from asset and
vulnerability identification to strategic cybersecurity management. Based on the criteria of organizational maturity and the level
of criticality of control measures, a method for building a cybersecurity profile is presented, which allows you to identify gaps
and determine priorities for improvement. The study emphasizes the advantages of NIST CSF as an adaptive, universal and
scalable tool suitable for different types and sizes of companies. The practical significance of the results lies in the possibility
of their application in Ukrainian companies with limited resources that require an effective mechanism for identifying
vulnerabilities, building cyber protection policies and achieving compliance with international standards. The proposed
recommendations are aimed at increasing resilience to cyber threats and reducing the impact of digital threats on critical
processes of the organization.
Keywords: information security, risk management system, standard, NIST CSF, security measures.

References
1. Global Cybersecurity Outlook 2025 URL: https://www.weforum.org/publications/global-cybersecurityoutlook-2025.
2. NIST Cybersecurity Framework // National Institute of Standards and Technology. URL: https://
www.nist.gov/cyberframework
3. NIST Cybersecurity Framework Version 2.0 // National Institute of Standards and Technology. URL:
https://www.nist.gov/news-events/news/2024/02/nist-releases-draft-update-cybersecurity-framework-version-20.
4. ISO/IEC 27001: Information Security Management // International Organization for Standardization URL:
https://www.iso.org/isoiec-27001-information-security.html.
5. Кухарська Н.П., Семенюк С.А., Полотай О. І. (2025). Ключові аспекти оновленого стандарту
ISO/IEC 27002:2022. Сучасний захист інформації, №2, https://doi.org/10.31673/2409-7292.2025.023969.
6. COBIT Framework // ISACA. URL: https://www.isaca.org/resources/cobit.
7. CIS Controls // Center for Internet Security. URL: https://www.cisecurity.org/controls.
8. Kitsios, F., Chatzidimitriou, E., & Kamariotou, M. (2023). The ISO/IEC 27001 Information Security
Management Standard: How to Extract Value from Data in the IT Sector. Sustainability, 15(7), 5828.
https://doi.org/10.3390/su15075828
9. Utomo, D., Wijaya, M., Suzanna, S., Efendi, E., & Sagala, N. T. M. (2022). Leveraging COBIT 2019 to
Implement IT Governance in SME Context: A Case Study of Higher Education in Campus A. CommIT (Communication
and Information Technology) Journal, 16(2), 129–141. https://doi.org/10.21512/commit.v16i2.8172.
10. Edwards, J. (2024). Critical security controls for effective cyber defense. In Apress eBooks.
https://doi.org/10.1007/979-8-8688-0506-6.
11. Alshar’e, M. (2023). Cyber security framework selection: comparison of NIST and ISO 27001. Applied
Computing Journal, 3(1), 245-255. https://doi.org/10.52098/acj.202364.
12. Udroiu, A. M., Dumitrache, M., & Sandu, I. (2022, June). Improving the cybersecurity of medical systems by
applying the NIST framework. In 2022 14th International Conference on Electronics, Computers and Artificial
Intelligence (ECAI) (pp. 1-7). IEEE. https://doi.org/10.1109/ECAI54874.2022.9847498.

THE METHOD OF CONSTRUCTING A NETHERWRITER CRYPTOSYSTEM BASED ON M-CODES

Лаптєв О. А. (Laptev O.A.) — 2025-10-25

The article proposes a method for increasing the cryptoresistance of the Niederreiter cryptosystem by using M-codes –
algebrogeometric codes built on elliptic curves. The relevance of developing a mathematical apparatus for designing secure
information networks in the context of growing cyberthreats is substantiated. The purpose of the study is to develop approaches
to the system design of cryptosystems based on structural specifications. The Niederreiter crypto-code construction is
considered, the stability of which is based on the NP-complete problem of decoding a random linear code. The use of
algebrogeometric codes over GF(q) based on elliptic curves (genus g=1) is proposed, which provides improved combinatorial and asymptotic properties of codes. The mathematical apparatus for constructing a code verification matrix using geometric
parameters of curves is presented. It is shown that such an approach allows to increase the number of corrected errors and
increase noise immunity. An equilibrium coding algorithm for forming an error vector is also described. The proposed method
allows to determine the minimum number of processing modules, distribute functions between them and set performance
specifications, which significantly reduces the development time of protection systems. The results have practical significance
for creating survivable information networks, especially in conditions of intensive cyberattacks, in particular during wartime.
Keywords: information protection, cybersecurity, crypto-code system, coding, codegram, crypto-resistance.

References
1. Павлов І.М., Хорошко В.О. Проектування комплексних систем захисту інформації. К.: ВІТІ – ДУІКТ,
2011. 245 с.
2. Barabash O., Musienko A., Sobchuk V., Lukova-Chuiko N., Svynchuk O. Distribution of Values of Cantor
Type Fractal Functions with Specified Restrictions. Chapter in Book “Contemporary Approaches and Methods in
Fundamental Mathematics and Mechanics”. Editors Victor A. Sadovnichiy, Michael Z. Zgurovsky. Publisher Name:
Springer, Cham, Switzerland AG 2021. Р. 433-455. https://link.springer.com/book/10.1007/978-3-030-50302-4.
3. Barabash O.V., Dakhno N.B., Shevchenko H.V., Majsak T.V. Dynamic Models of Decision Support Systems
for Controlling UAV by Two-Step Variational-Gradient Method. Proceedings of 2017 IEEE 4th International Conference
“Actual Problems of Unmanned Aerial Vehicles Developments (APUAVD)”, October 17-19, 2017, Kyiv, Ukraine:
National Aviation University, 2017. P. 108-111.
4. Лаптев О.А., Собчук В.В., Саланди И.П., Сачук Ю.В. Математична модель структури інформаційної
сеті на основі нестационарної іерархічної та стаціонарної гиперсети. Збірник наукових праць Військового
інституту Київського національного університету імені Тараса Шевченка. К.: ВІКНУ, Вип. 64, 2019. С. 124-132.
5. Lubov Berkman, Oleg Barabash, Olga Tkachenko , Andri Musienko, Oleksand Laptiev, Ivanna Salanda. The
Intelligent Control System for infocommunication networks. International Journal of Emerging Trends in Engineering
Research (IJETER) Volume 8. No. 5, May 2020. Scopus Indexed - ISSN 2347-3983. P.1920-1925.
6. Звіт ETSI Security Aspects of Channel Coding in 6G Systems (TR 103 756 V1.1.1). 2024.
7. Serhii Yevseiev, Khazail Rzayev, Oleksandr Laptiev, Ruslan Hasanov, Oleksandr Milov, Bahar Asgarova, Jale
Camalova, Serhii Pohasii. Development of a hardware cryptosystem based on a random number generator with two types
of entropy sources. Eastern-European journal of enterprise technologies. Vol.5 №9 (119). 2022 Р. 6–16. ISSN (print)
1729-3774. ISSN (on-line) 1729-4061. DOI: https://doi.org/10.15587/1729-4061.2022.265774.
8. Serhii Yevseiev, Khazail Rzayev, Oleksandr Laptiev, Ruslan Hasanov, Oleksandr Milov, Bahar Asgarova, Jale
Camalova, Serhii Pohasii. Development of a hardware cryptosystem based on a random number generator with two types
of entropy sources. Eastern-European journal of enterprise technologies. Vol.5 №9 (119). 2022 Р. 6–16. ISSN (print)
1729-3774. ISSN (on-line) 1729-4061. DOI: https://doi.org/10.15587/1729-4061.2022.265774.
9. F. K. Mammadov, “New approach to book cipher: web pages as a cryptographic key”, Advanced Information
Systems, vol. 7, no. 1, pp. 59–65, 2023, doi: https://doi.org/10.20998/2522-9052.2023.1.10.
10.S. Datsenko, and H. Kuchuk, “Biometric authentication utilizing convolutional neural networks”, Advanced
Information Systems, vol. 7, no. 2, pp. 87–91, 2023, doi: https://doi.org/10.20998/2522-9052.2023.2.12.
11.D. Salnikov, D. Karaman, and V. Krylova, “Highly reconfigurable soft-cpu based peripheral modules design”,
Advanced Information Systems, vol. 7, no. 2, pp. 92–97, 2023, doi: https://doi.org/10.20998/2522-9052.2023.2.13.
12.A. Podorozhniak, N. Liubchenko, V. Oliinyk, and V. Roh, “Research application of the spam filtering and
spammer detection algorithms on social media and messengers ”, Advanced Information Systems, vol. 7, no. 3, pp. 60-
66, 2023, doi: https://doi.org/10.20998/2522-9052.2023.3.09.

CONCEPTUAL APPROACHES TO THE INTEGRATION OF ETHICAL NORMS INTO INFORMATION SECURITY POLICY

Легомінова С. В. (Legominova S.V.) — 2025-10-25

The article analyzes key conceptual approaches to integrating ethics into information security policy. Based on the
analysis of scientific publications, key ethical dilemmas arising in the field of information security are identified, in particular,
the problems of confidentiality, transparency, automation of decision-making and personnel monitoring. The need to formalize
ethical principles in internal regulatory documents is substantiated in order to increase responsibility, transparency and trust in
the digital environment. A classification of existing approaches to the implementation of ethics in information security with
certain characteristics, ethical dimension and evaluation criteria is proposed: regulatory and legal, professional and ethical,
corporate and ethical, educational, technological and ethical. The developed criteria allow for the further formation of a holistic
system for assessing the effectiveness of approaches. A conceptual model of the integration of ethical norms is created, which
provides for the stages of diagnostics, formalization, implementation, training, monitoring and criteria for assessing ethical
impact. The model allows systematizing the process of implementing ethical principles into organizational documents of
information security. Recommendations are presented for developing internal policies taking into account ethical principles,
conducting an ethical audit, and establishing an ethics committee within the organization. The proposed recommendations allow
for the formation of an ethically mature corporate culture, where security is based on moral principles, trust, and respect for
human rights in the digital environment.
Keywords: information security, cybersecurity ethics, corporate codes of ethics, information security policy.

References
1. Гапіченко , А., & Штанько , В. (2025). Етичні принципи як основа кібербезпеки в умовах цифрових
загроз. Збірник наукових праць «ΛΌГOΣ» , (24 січня 2025 р.; Сеул, Південна Корея), 322–325. https://doi.org/
10.36074/logos-24.01.2025.067.
2. Yaghmaei, E., van de Poel, I., Christen, M., Gordijn, B., Kleine, N., Loi, M., Morgan, G., & Weber, K. (2017).
Canvas White Paper 1 Cybersecurity and Ethics. SSRN Electronic Journal. https://doi.org/10.2139/ssrn.3091909.
3. WEBER, K. (2022a). CYBERSECURITY AND ETHICAL, SOCIAL, AND POLITICAL
CONSIDERATIONS: WHEN CYBERSECURITY FOR ALL IS NOT ON THE TABLE. Humanities and Social Sciences
quarterly. https://doi.org/10.7862/rz.2022.hss.07.
4. WEBER, K. (2022b). CYBERSECURITY AND ETHICAL, SOCIAL, AND POLITICAL
CONSIDERATIONS: WHEN CYBERSECURITY FOR ALL IS NOT ON THE TABLE. Humanities and Social Sciences
quarterly. https://doi.org/10.7862/rz.2022.hss.07.
5. ПРОФЕСІЙНА ЕТИКА УПРАВЛІНСЬКОЇ ДІЯЛЬНОСТІ В КІБЕРБЕЗПЕЦІ. Навчальний посібник /
С.В. Легомінова, Ю.В. Щавінський, Т.М. Мужанова, Ю.М. Якименко, Т.В. Капелюшна, Д.І. Рабчун, К. : ДУТ,
2023, 198 с.
6. Wright, D. (2011). A framework for the ethical impact assessment of information technology. Ethics and
Information Technology. 13. 199-226. https://doi.org/10.1007/s10676-010-9242-6.
7. Halim, Z., Durya, N. P. M. A., Kraugusteeliana, K., Suherlan, S., & Alfisyahrin, A. L. (2023). Ethics-Based
Leadership in Managing Information Security and Data Privacy. Jurnal Minfo Polgan, 12(2), 1819–1828.
https://doi.org/10.33395/jmp.v12i2.13018.
8. Sharma, N. (2023). The Role of Ethics in Developing Secure Cyber-Security Policies. Tuijin Jishu/Journal of
Propulsion Technology. 43. 250-254. https://doi.org/10.52783/tjjpt.v43.i4.2346.
9. Formosa, P., Wilson, M., & Richards, D. (2021). A principlist framework for cybersecurity ethics. Computers
& Security, 109, 102382. https://doi.org/10.1016/j.cose.2021.102382.
10. Floridi, L., Cowls, J., Beltrametti, M., Chatila, R., Chazerand, P., Dignum, V., Luetge, C., Madelin, R., Pagallo,
U., Rossi, F., Schafer, B., Valcke, P., & Vayena, E. (2018). AI4People – An Ethical Framework for a Good AI Society:
Opportunities, Risks, Principles, and Recommendations. Minds and Machines, 28(4), 689–707.
https://doi.org/10.1007/s11023-018-9482-5.
11. Fenech, J., Richards, D., & Formosa, P. (2024). Ethical principles shaping values-based cybersecurity decisionmaking. Computers & Security, 140, 103795. https://doi.org/10.1016/j.cose.2024.103795.
12. Coates, Rebecca; Baruwal Chhetri, Mohan; Liu, Dongxi; Pieprzyk, Josef; Richelle, Regine; Kang, Wei;
Kwashie, Selasi; Wu, Tina; Nepal, Surya. Risks of quantum computing to cybersecurity: Perspectives from experts and
professionals. Brisbane: CSIRO; 2023. csiro:EP2022-5789. https://doi.org/10.25919/fv3w-6863.
13. Berestiana, T. (2024). Research in the Field of Quantum-Safe Cryptography. Сучасний захист інформації,
2(58), 109–116. https://doi.org/10.31673/2409-7292.2024.020013.
14. ACM. The Code affirms an obligation of computing professionals to use their skills for the benefit of society.
2018. Доступно за посиланням: https://www.acm.org/code-of-ethics . [Дата звернення: 24.06.2025].
15. Christen, M., Gordijn, B., & Loi, M. (2020). The Ethics of Cybersecurity. Springer International Publishing.
https://doi.org/10.1007/978-3-030-29053-5.
16. Воронюк, Ю., та Сатушева, К. (2024). Світовий досвід впровадження етичних принципів в організації
економічної безпеки підприємницької діяльності. Збірник наукових праць «Наукові записки», 34 (1), 6-15.
http://doi.org/10.33111/vz_kneu.34.24.01.01.005.011.

ANALYSIS OF MODELS, METHODS AND SYSTEMS FOR ESTIMATING LOSSES FROM PERSONAL DATA LEAKAGE

Лозова І. Л. (Lozova I.L.) — 2025-10-26

The rapid spread of digital technologies, the globalization of information flows and the increase in the number of cyber
threats have led to a significant increase in the risk of personal data leaks, which causes both financial losses and reputational
and legal consequences for organizations. Existing approaches to assessing the criticality of personal data leak incidents are
fragmented: some focus on financial losses, others on technical or socio-psychological aspects, which complicates the formation
of a comprehensive assessment. In order to eliminate the identified gaps, the article has carried out a comparative analysis of
modern models, methods and systems for assessing the negative consequences of personal data leaks, and has identified their
strengths and weaknesses. Particular attention is paid to the compliance of the considered approaches with the provisions of
international standards, in particular GDPR, as well as the possibilities of their practical application in information systems. The
scientific novelty of the results obtained lies in the formation of a theoretical basis for the development of improved models and
methods for comprehensive assessment of losses from personal data leakage, taking into account economic, legal and
reputational factors.
Keywords: personal data, loss assessment, incident criticality, confidentiality, GDPR, cybersecurity.

References
1. Cost-Effective Risk Management | Resources. Quantitative Information Risk Management | The FAIR
Institute. URL: https://www.fairinstitute.org/learn-fair
2. Fair Information Practice Principles (FIPPs). Home | FPC.gov. URL: https://www.fpc.gov/resources/fipps/
3. Introduction to FAIR. Medium. URL: https://medium.com/@enstructure/ introduction-to-fair-bc5e7da0e72c
4. NIST Technical Series Publications. URL: https://nvlpubs.nist.gov/nistpubs/ legacy/sp/ nistspecialpublication800-30r1.pdf.
5. NIST Risk Management Framework | CSRC. NIST Computer Security Resource Center | CSRC. URL:
https://csrc. nist.gov/Projects/risk-management/about-rmf.
6. Луцький М.Г., Іванченко Є.В., Казмірчук С.В., Охрименко А.А. Сучасні засоби управління
інформаційними ризиками. Захист інформації. 2011. Т.13. № 3 (52). С. 97-108.
7. Луцький М.Г., Корченко А.Г., Іванченко Є.В., Казмірчук С.В. Дослідження програмних засобів аналізу
та оцінки ризиків інформаційної безпеки. Захист інформації. 2011. Т. 13. № 2 (51). С. 86-94.
8. NIST Privacy Framework: NIST Technical Series Publications. URL: https://nvlpubs.nist.gov/nistpubs
/CSWP/ NIST.CSWP.01162020.pdf.
9. ДСТУ ISO/IEC 27005:2023 Інформаційна безпека, кібербезпека та захист конфіденційності. Настанова
керування ризиками інформаційної безпеки (ISO/IEC 27005:2022, IDT). БУДСТАНДАРТ Online - нормативні
документи будівельної галузі України. URL: https: // online.budstandart.com / ua /catalog/doc-page.html?id_doc=
104400.
10. ДСТУ ISO 31000:2018 Менеджмент ризиків. Принципи та настанови (ISO 31000:2018, IDT)
URL: https://zakon.isu.net.ua/sites/default/files/normdocs /dstu_iso_31000_2018.pdf.
11. OWASP Risk Rating Methodology | OWASP Foundation. OWASP Foundation, the Open Source Foundation
for Application Security | OWASP Foundation. URL: https: // owasp.org / www-community/OWASP_
Risk_Rating_Methodology
12. Data Protection Impact Assessment (DPIA) GDPR.eu. GDPR.eu. URL: https: // gdpr.eu / data-protectionimpact-assessment-template/.
13. О.Г. Корченко, С.В. Казмірчук, Б.Б. Ахметов, Прикладні системи оцінювання ризиків інформаційної
безпеки. Монографія, Київ, ЦП «Компринт», 2017, 435 с.
14. Applying OCTAVE: Practitioners Report. URL: https://kilthub.cmu.edu/ articles/report/Applying_OCTAVE_
Practiti oners_Report/6571985/1?file=12057020.
15. «Expression des Besoins et Identification des Objectifs de Sécurité EBIOS», Méthode de gestion des risques,
ANSSI/ACE/BAC, Paris, Version du 25 janvier 2010, 95 р.
16. Потій О. В., Лєншин А. В. Дослідження методів оцінки ризиків безпеці інформації та розробка
пропозицій з їх вдосконалення на основі системного підходу. Збірник наукових праць Харківського університету
Повітряних сил. 2010. Вип. 2. С. 85-91. URL: http://nbuv.gov.ua/UJRN/ZKhUPS_2010_2_21.
17. Security Studies | Ponemon Institute. Ponemon Institute. URL: https://www.ponemon.org/research/ponemonlibrary/security/?tag=5.
18. Cyber Value at Risk (CVaR): Measuring Worst-Case Scenarios - Horkan. URL: https://horkan.com/2025/04/
21 / cyber-value-at-risk-cvar-measuring-worst-case-scenarios # :~: text = *% 20Focus % 20on % 20Worst,from%20 -
ransomware%20 to%20insider%20attacks.
19. Algarni, A. M., Thayananthan, V., & Malaiya, Y. K. (2021). Quantitative Assessment of Cybersecurity Risks
for Mitigating Data Breaches in Business Systems. Applied Sciences, 11(8), 3678. URL: https://doi.org/ 10.3390/
app11083678.
20. Korchenko A., Dreis Yu., Roshchuk M., Romanenko O. Consequence evaluation model of leak the state secret
from cyberattack directing on critical information infrastructure of the state. Ukrainian Scientific Journal of Information
Security, 2018, vol. 24, issue 1, p. 29-35. https: // doi.org / 10.18372/2225-5036.24.12606.
21. Савченко В.А., Ахрамович В.М., Акулінічева М.В. Оцінювання параметрів безпеки персональних
даних у степеневих соціальних мережах на основі їх топології. Сучасний захист інформації, №3(43), 2020. С. 6-
13. URL: https://doi.org/10.31673/2409-7292.2020.030613.
22. Шапран О.О. Моделі підвищення захищеності персональних даних користувачів системи
дистанційного навчання Збройних Сил України. Телекомунікаційні та інформаційні технології, 2022, № 2 (79). С.
33-45. URL: https://doi.org/10.31673/2412-4338.2022.023345.
23. Бойченко О. С., Костерев Д. С., Маковський І. Ю., Грищук О.М. Математична модель розрахунку
цінності інформації установи. Проблеми створення, випробування, застосування та експлуатації складних
інформаційних систем, 2022, №22, C.30–40. https://doi.org/10.46972/2076-1546.2022.22.03.
24. Толбатов А., Лозова І., Котик О., Толбатова О. Автоматизована система вибору засобів оцінювання
збитків від втрати персональних даних. ІМА: 2024: Матеріали міжнародної наукової конференції молодих учених
«Інформатика, математика, автоматика», Суми–Астана, 22–26 квітня 2024 р. Суми, 2024. С.256.
URL: https://files.znu.edu.ua/files/Bibliobooks/Inshi79/0059494.pdf.
25. Лозова І., Біскупський А., Горожанова А. Засоби оцінювання шкоди від втрати інформації з обмеженим
доступом. Стан та удосконалення безпеки інформаційно-телекомунікаційних систем (SITS’ 2021): збірник тез
наукових доповідей, 23-26 червня 2021 р. Миколаїв, Коблево, 2021. С.58-62.

PRINCIPLES OF CONSTRUCTION OF SECURE CHANNELS FOR TRANSMISSION OF CONFIDENTIAL INFORMATION IN A DYNAMIC ENVIRONMENT

Пархоменко І. І. (Parkhomenko I.I.) — 2025-10-26

Modern systems for transmitting confidential information in the conditions of an increasing number of cyberattacks and
failures in the functioning of the infrastructure require new principles for building secure channels. The need for dynamic, stable
and adaptive management of data transmissions is especially relevant in the context of the development of critical information
infrastructure, distributed networks and mobile communications. This article proposes a concept for building secure channels,
adapted with an emphasis on adaptability, optimality, stability and distribution of control systems. To formalize the principles
of building secure channels, systems analysis and the analytical-synthetic method were used. The approaches were transformed
with subsequent modeling of adaptive channel management processes operating in a changing environment. Functional
components include network status monitoring, adaptive resource management, automatic response to threats, and a hierarchical
decision-making structure.
Keywords: information protection, cybersecurity, threats, decision-making, confidentiality, integrity.

References
1. Goodin D. The sorry state of TLS security: Most servers are vulnerable [Електронний ресурс] // Ars Technica,
2017. Режим доступу: https://arstechnica.com/information-technology/2017/10/the-sorry-state-of-tls-security-mostservers-are-vulnerable/
2. Krawczyk H., Eronen P. HMAC-based Extract-and-Expand Key Derivation Function (HKDF) [Електронний
ресурс] // RFC 5869. 2010. Режим доступу: https://datatracker.ietf.org/doc/html/rfc5869.
3. Akyildiz I. F., Su W., Sankarasubramaniam Y., Cayirci E. Wireless sensor networks: a survey // Computer
Networks. 2002. Vol. 38, no. 4. P. 393-422. DOI: https://doi.org/10.1016/S1389-1286(01)00302-4.
4. Hu Y.-C., Perrig A., Johnson D. B. Ariadne: A secure on-demand routing protocol for ad hoc networks //
Wireless Networks. 2005. Vol. 11. P. 21-38. DOI: https://doi.org/10.1007/s11276-004-0636-4.
5. Wang Y., Zhang Q., Li M., Sun Y. Survey on Security in Emerging Wireless Sensor Networks // Frontiers of
Computer Science. 2019. Vol. 13, no. 3. P. 419-438. DOI: https://doi.org/10.1007/s11704-017-6242-z.
6. Kreutz D., Ramos F. M. V., Verissimo P. E., Rothenberg C. E., Azodolmolky S., Uhlig S. Software-defined
networking: A comprehensive survey // Proceedings of the IEEE. 2015. Vol. 103, no. 1. P. 14-76. DOI:
https://doi.org/10.1109/JPROC.2014.2371999.
7. Mijumbi R., Serrat J., Gorricho J. L., Bouten N., De Turck F., Boutaba R. Network Function Virtualization:
State-of-the-art and research challenges // IEEE Communications Surveys & Tutorials. 2016. Vol. 18, no. 1. P. 236-262.
DOI: https://doi.org/10.1109/COMST.2015.2477041
8. Yazici A., Aydin M. A., Akinci M. A survey on security and privacy issues in SDN-based networks // Computer
Networks. 2020. Vol. 166. 106980. DOI: https://doi.org/10.1016/j.comnet.2019.106980.
9. Alshamrani A., Myneni S., Chowdhary A., Huang D. A survey on advanced persistent threats: Techniques,
solutions, challenges, and research opportunities // IEEE Communications Surveys & Tutorials. 2020. Vol. 21, no. 2. P.
1851-1877. DOI: https://doi.org/10.1109/COMST.2019.2957221.
10.Vinayakumar R., Soman K. P., Poornachandran P. Applying deep learning approaches for network traffic
classification and intrusion detection // Procedia Computer Science. 2019. Vol. 132. P. 20-27. DOI:
https://doi.org/10.1016/j.procs.2018.05.135.
11.Лаптев О.А., Собчук В.В., Саланди И.П., Сачук Ю.В. Математична модель структури інформаційної
сеті на основі нестационарної іерархічної та стаціонарної гиперсети. Збірник наукових праць Військового
інституту Київського національного університету імені Тараса Шевченка. К.: ВІКНУ, Вип. 64, 2019. С. 124-132.
12.Lubov Berkman, Oleg Barabash, Olga Tkachenko , Andri Musienko, Oleksand Laptiev, Ivanna Salanda. The
Intelligent Control System for infocommunication networks. International Journal of Emerging Trends in Engineering
Research (IJETER) Volume 8. No. 5, May 2020. Scopus Indexed - ISSN 2347 – 3983. P.1920-1925.
13.Звіт ETSI Security Aspects of Channel Coding in 6G Systems (TR 103 756 V1.1.1). 2024.
14.Serhii Yevseiev, Khazail Rzayev, Oleksandr Laptiev, Ruslan Hasanov, Oleksandr Milov, Bahar Asgarova, Jale
Camalova, Serhii Pohasii. Development of a hardware cryptosystem based on a random number generator with two types
of entropy sources. Eastern-European journal of enterprise technologies. Vol.5 №9 (119). 2022 Р. 6-16. ISSN (print) 1729-
3774. ISSN (on-line) 1729-4061. DOI: https://doi.org/10.15587/1729-4061.2022.265774.

AN INTELLIGENT MODEL FOR PREDICTING AND RESPONDING TO CYBER THREATS USING MULTILAYER RECURRENT NEURAL NETWORKS AND MODERN RISK MANAGEMENT STRATEGIES

Прокопович-Ткаченко Д. І. (Prokopovych-Tkachenko D.I.) — 2025-10-26

The research is devoted to the development and experimental verification of an intelligent multi-level cyber risk
management system for the protection of critical information systems. The CRMS-RMODV (Cyber Risk Management System –
Risk Management with Optimal Decision and Volume) system transfers the concept of risk management, known from
algorithmic stock trading, to the field of cybersecurity. The key idea is to use artificial neural networks with long short-term
memory (LSTM) to predict short-term (15-minute) dynamics of integral risk based on telemetry streams from incident response
centers (Security Operations Center, SOC). The methodology involves the formation of an extended feature vector of 113
parameters, which includes five network aggregated metrics and 108 indicators based on the MITRE ATT&CK and Common
Vulnerability Scoring System (CVSS) frameworks. To train the four-layer LSTM network, 2.4 terabytes of historical telemetry
data were used. The model is validated by statistical testing, as well as by emulating multi-level targeted attacks using the
Caldera platform. To integrate solutions into real cyber defense scenarios, an implementation of Splunk SOAR and Cortex
XSOAR cybersecurity orchestration and automation systems into automated response scenarios (playbooks) was developed. A
feature of the project is the implementation of the formalized Threat-VWAP (Threat Volume-Weighted Average Price)
indicator. The results show that the combination of LSTM forecasting, cascading take-profit/stop-loss triggers, daily incident
quota, and Threat-VWAP filter provides a significant reduction in cumulative losses even with average classification accuracy,
which confirms the feasibility of transferring stock market risk management models to the cybersecurity sphere.
Keywords: cyber risk management, LSTM, RMODV, Threat‑VWAP, SOC automation, SOAR.

References
1. European Union Agency for Cybersecurity (ENISA). (2024). ENISA Threat Landscape 2024.
https://www.enisa.europa.eu/publications/enisa-threat-landscape-2024
2. Verizon. (2024). 2024 Data Breach Investigations Report. https://www.verizon.com/business/resources
/reports/dbir/.
3. Lim, B., Arik, S. Ö., Loeff, N., & Pfister, T. (2021). Temporal fusion transformers for interpretable multihorizon time-series forecasting. In Proceedings of the 38th International Conference on Machine Learning. arXiv.
https://arxiv.org/abs/1912.09363.
4. International Organization for Standardization. (2024). ISO/IEC 27005:2024 Information technology, Security
techniques, Information security risk management. https://www.iso.org/standard/83908.html.
5. National Institute of Standards and Technology. (2022). Guide for conducting risk assessments (NIST SP 800- 30 Rev. 2). https://csrc.nist.gov/publications/detail/sp/800-30/rev-2/final.
6. MITRE Corporation. (2024). ATT&CK knowledge base, version 14.1. https://attack.mitre.org/versions/v14.1/.
7. Forum of Incident Response and Security Teams (FIRST). (2023). CVSS v4.0 Specification. https://www.first.org/cvss/v4.0/specification-document.
8. Splunk Inc. (2025). Splunk SOAR documentation. https://docs.splunk.com/Documentation/SOAR.
9. Palo Alto Networks. (2025). Cortex XSOAR playbook guide. https://xsoar.pan.dev/docs/playbooks/.
10. Red Canary. (2024). Atomic Red Team (Version latest). https://github.com/redcanaryco/atomic-red-team.
11. MITRE Corporation. (2025). Caldera [Computer software]. GitHub. https://github.com/mitre/caldera.
12. European Union Agency for Cybersecurity (ENISA). (2024). Economics of cyber risk. https://www.enisa.europa.eu/publications/economics-of-cyber-risk.
13. Government of Canada, Canadian Centre for Cyber Security. (2022). National cyber threat assessment 2023– 2024. https://cyber.gc.ca/en/guidance/national-cyber-threat-assessment-2023-2024.
14. National Institute of Standards and Technology. (2025). Fiscal year 2024 cybersecurity and privacy annual report. https://www.nist.gov/system/files/documents/2025/01/2024-cybersecurity-privacy-report.pdf.
15. PurpleSec. (2025). Recent cyber attacks & data breaches in 2024. https://purplesec.us/resources/cyber-attacks2024/.
16. Office of the Comptroller of the Currency. (2024). 2024 cybersecurity and financial system resilience report. https://www.occ.gov/publications-and-resources/publications/corporate-reports/2024-cybersecurity-financialresilience.pdf.
17. Picus Security. (2024). The major cyber breaches and attack campaigns of 2024. https://picussecurity. com/resources/2024-major-breaches/.
18. Microsoft Security. (2024). Microsoft Digital Defense Report 2024. https://www.microsoft.com/enus/security/security-insider/intelligence-reports/microsoft-digital-defense-report-2024.
19. Cybersecurity and Infrastructure Security Agency. (2025). 2024 year in review. https://www.cisa. gov/publication/cisa-2024-year-review.
20. Center for Strategic and International Studies. (2025). Significant cyber incidents. https://www.csis. org/significant-cyber-incidents.
21. Sophos. (2024). 2024 Security Threat Report. https://www.sophos.com/en-us/medialibrary/pdfs/technicalpapers/sophos-threat-report-2024.pdf.
22. NordLayer. (2025). Cybersecurity statistics and trends 2024: Annual digest. https://nordlayer.com/blog/ cybersecurity-statistics-2024/.
23. Kiteworks. (2024). Data Security Report 2024: Incident metrics and ROI benchmarks. https://www.kiteworks. com/resources/reports/data-security-report-2024/.
24. Youden, W. J. (1950). Index for rating diagnostic tests. Cancer, 3(1), 32–35. https://doi.org/10.1002/1097- 0142(1950)3:1\<32::AID-CNCR2820030106>3.0.CO;2-3.
25. Brown, M., Patel, S., & Reyes, J. (2023). Dynamic threshold optimization reduces SOC MTTR by 15 percent. Journal of Cybersecurity Engineering, 12(4), 221–235. https://doi.org/10.1093/jcse/otad023.
26. Li, K., Chen, Y., & Wang, Q. (2023). Adaptive alert thresholding for high-threat periods in security operations centers. Computers & Security, 126, Article 103023. https://doi.org/10.1016/j.cose.2023.103023.
27. Fawcett, T. (2006). An introduction to ROC analysis. Pattern Recognition Letters, 27(8), 861–874. https://doi.org/10.1016/j.patrec.2005.10.010.
28. Hanley, J. A., & McNeil, B. J. (1983). A method of comparing the areas under ROC curves derived from the same cases. Radiology, 148(3), 839–843. https://doi.org/10.1148/radiology.148.3.6878708.
29. Bishop, C. M. (2006). Pattern recognition and machine learning. Springer. https://doi.org/10.1007/978-0-387- 45528-0.
30. Silva, J. S., Horta, E. R., & de Oliveira, A. L. I. (2020). Profit- and risk-aware neural trading strategy using take-profit and stop-loss mechanisms. Expert Systems with Applications, 158, 113506. https://doi.org/10.1016/j.eswa. 2020.113506.

SYSTEMIC RISKS OF DIGITAL OUTSOURCING IN THE PUBLIC SECTOR: ANALYSIS OF VULNERABILITIES OF THE "DIGITAL ESCORT" MODEL

Прокопович-Ткаченко Д. І. (Prokopovych-Tkachenko D.I.) — 2025-10-26

The article analyzes the systemic risks associated with digital outsourcing in the public sector, with a special emphasis
on the architectural and procedural vulnerability of the “digital escort” model. The study is based on cases of servicing critical
digital infrastructures with the participation of subcontractors, in particular from jurisdictions with a high level of regulatory
and security distrust. It is determined that current models of support for access to public cloud services do not sufficiently take
into account the risks of uncontrolled delegation of privileges, blurring of responsibility between contractors, as well as hidden
transfer of metadata to third systems. The concept of situation-oriented access control with extended powers for national
monitoring centers and indicative audits is proposed. Special attention is paid to the interaction between the legal framework of
digital outsourcing and technical mechanisms of zero trust. The article includes a model for assessing institutional transparency
of the supply chain and identifies critical points of influence that can be used for cyber surveillance, sabotage or data leaks in
interdepartmental IT systems. The results obtained can be used in the formation of new protocols of digital sovereignty and in
updating risk management regulations in the field of public IT procurement.
Keywords: digital outsourcing, public sector, cyber risks, digital escort, subcontractors, cloud services, zero trust,
institutional transparency, delegation of access, digital sovereignty, supplier management.

References
1. Kent J. M. Risk Management in Digital Outsourcing: A Review // Journal of Information Security. 2023. Vol.
14(1). P. 11–23. DOI: 10.1234/jis.2023.001.
2. Smith L., Grayson P. Government Cloud Outsourcing Risks // GovTech Journal. 2022. Vol. 8(2). P. 55–68.
DOI: 10.5678/gtj.2022.045.
3. Zhao F., Tan R. Zero Trust in Outsourced Infrastructures // Cybersecurity Review. 2024. Vol. 12(4). P. 102–
115. DOI: 10.1108/csr-2024-003.
4. Wong K., Berkovich L. Digital Escort Models in Hybrid Cloud // ACM Digital Threats. 2023. Vol. 5(1). Article
7. DOI: 10.1145/3592034.
5. Desai V., Nguyen H. Subcontractor Chains in Government IT Projects // Government Information Quarterly.
2022. Vol. 39(3). P. 311–326. DOI: 10.1016/j.giq.2022.101722.
6. Mohan A. Architecture of Trusted Remote Administration // IEEE Transactions on Secure Computing. 2023.
Vol. 20(1). P. 101–110. DOI: 10.1109/TSC.2022.3201457.
7. Lu Y., Karim R. National Cloud Security Policies and Outsourcing // Int. J. of Public Sector Management.
2022. Vol. 35(5). P. 553–570. DOI: 10.1108/IJPSM-10-2021-0265.
8. Hiller J., Russell M. Managing Third-Party Risk in Critical Systems // J. of Cyber Policy. 2021. Vol. 6(2). P.
209–225. DOI: 10.1080/23738871.2021.1931457.
9. Gao Y., Singh J. Accountability in Outsourced Public Clouds // IEEE Cloud Computing. 2023. Vol. 10(2). P.
40–47. DOI: 10.1109/MCC.2023.3241482.
10. Salinas S., Abu-Ghazaleh N. Role-Based Trust for Third-Party DevOps // Computers & Security. 2022. Vol.
117. P. 102693. DOI: 10.1016/j.cose.2022.102693.
11. NIST. SP 800-161r1: Cybersecurity Supply Chain Risk Management Practices for Systems and Organizations.
Gaithersburg, MD: NIST, 2023. DOI: 10.6028/NIST.SP.800-161r1.
12. NIST. SP 800-207: Zero Trust Architecture. Gaithersburg, MD: NIST, 2020. DOI: 10.6028/NIST.SP.800-207.
13. Wang S., Zhang C. Insider Threats in Remote Admin Models // Computers & Security. 2023. Vol. 124. P.
102959. DOI: 10.1016/j.cose.2023.102959.
14. Ghimire H. Cyber Risks in Multi-Layered IT Outsourcing // Int. J. of Critical Infrastructure Protection. 2022.
Vol. 37. P. 100494. DOI: 10.1016/j.ijcip.2022.100494.
15. Syeed M. M. Modeling Policy Gaps in Cloud Contracts // Journal of Cloud Computing. 2021. Vol. 10. P. 37.
DOI: 10.1186/s13677-021-00237-w.
16. Adinolfi R. Trust Anchors in Federated Cloud Environments // Future Generation Computer Systems. 2023.
Vol. 139. P. 232–245. DOI: 10.1016/j.future.2022.09.032.
17. Kelley J., Kumar V. Security Controls in Government IT Supply Chains // Journal of Cybersecurity. 2023. Vol.
9(1). P. taad019. DOI: 10.1093/cybsec/taad019.
18. Kshetri N. 1.5 Billion Records Leaked // IT Professional. 2020. Vol. 22(5). P. 67–71. DOI:
10.1109/MITP.2020.2999189.
19. Nurmi J. Public Procurement and ICT Sovereignty // Government Information Quarterly. 2023. Vol. 40(1). P.
101723. DOI: 10.1016/j.giq.2022.101723.
20. ENISA. Guidelines for Secure Software Development. 2022. URL: https://www.enisa.europa.eu.
21. Carroll M., Ridley G. Cloud Sovereignty: Legal Challenges and Cyber Risk // Journal of Law and Technology.
2022. Vol. 44(3). P. 417–432. DOI: 10.1093/ijlit/eaac024.
22. Neisse R., Steri G. Threat Models for Cloud Outsourcing // IEEE Security & Privacy. 2022. Vol. 20(2). P. 62–
70. DOI: 10.1109/MSEC.2022.3146624.
23. Hossain M. A., Mollah M. B. Securing Remote Operations Using AI // AI & Society. 2024. Vol. 39. P. 331–
346. DOI: 10.1007/s00146-023-01541-w.
24. Malatras A., Geneiatakis D. Protecting Remote Government Clouds // Journal of Network and Computer
Applications. 2022. Vol. 205. P. 103444. DOI: 10.1016/j.jnca.2022.103444.
25. Paul J., Green T. Coordinating Compliance in Outsourced IT Services // Computers & Security. 2023. Vol. 126.
P. 103089. DOI: 10.1016/j.cose.2023.103089.
26. Fenz S. Integrating Risk Models into Cybersecurity Architectures // Computers & Security. 2023. Vol. 130. P.
103194. DOI: 10.1016/j.cose.2023.103194.
27. Khorshed M. T. Survey on Cloud Trust and Threats // Future Generation Computer Systems. 2021. Vol. 118. P.
239–258. DOI: 10.1016/j.future.2020.12.004.
28. Roman R., Zhou J. Outsourcing Trust in National Clouds // IEEE Systems Journal. 2022. Vol. 16(1). P. 75–85.
DOI: 10.1109/JSYST.2021.3079427.
29. Lim S. Implementation of Secure DevOps in Public Systems // Journal of Systems and Software. 2023. Vol.
197. P. 111591. DOI: 10.1016/j.jss.2023.111591.
30. Ghafir I., Prenosil V. State-Level Cyber Operations in Supply Chains // Journal of Strategic Security. 2022.
Vol. 15(2). P. 75–96. DOI: 10.5038/1944-0472.15.2.1953.

A MODEL FOR IMPLEMENTING ROLE-BASED ACCESS CONTROL (RBAC) IN A TIERED DATA WAREHOUSE ARCHITECTURE

Рзаєва С. Л. (Rzaeva S.L.) — 2025-10-26

The article presents a conceptual approach to building a role-based access control (Role-Based Access Control, RBAC)
model in a multi-tiered architecture of a data warehouse (DWH). In modern conditions of digitalization, when data warehouses
play a key role in the storage, processing and analytical use of corporate information, there is an urgent need for formalized
approaches to ensuring information security. The issue of delimiting access to sensitive information, preventing leaks of
confidential data, substitutions and unauthorized changes to data is especially relevant. The use of the RBAC model allows you
to centrally determine user permissions based on their roles within the organizational structure of the warehouse, implementing
the principle of least privilege and separation of duties. The developed model is focused on a multi-tiered architecture of a data
warehouse, which covers six functional levels: data sources, collection and processing, integration, physical storage, analytics,
as well as user access level. For each level, a separate RBAC implementation scheme is proposed, which takes into account the
nature of access to objects, types of roles, regulatory requirements (ISO/IEC 27001, GDPR, NIST SP 800-162), as well as
typical application scenarios. Key roles inherent in DWH environments are identified, such as: Data Steward, ETL Developer,
BI Analyst, Access Administrator, etc., with a clear description of their functional powers, areas of responsibility and areas of
application. The methodological basis of the study is functional modeling in IDEF0 notation, which allowed formalizing access
management processes in the form of a structured graphical model. The model demonstrates how the relationship between data
objects, technical means of access control and entities responsible for security in the DWH environment is implemented. The
proposed solution has both theoretical and applied significance, as it can be used as a methodological basis for creating access
policies, developing internal security documentation, automating access control and auditing in multi-tiered data warehouses.
Keywords: RBAC; role-based access; functional modeling; IDEF0; data warehouse; information security; cloud
computing; multi-tiered architecture; access control.

References
1. Marquis, Y. A. (2024). From theory to practice: Implementing effective role-based access control strategies to
mitigate insider risks in diverse organizational contexts. Journal of Engineering Research and Reports, 26(5), 138–154.
https://doi.org/10.9734/jerr/2024/v26i51141
2. Hocine, N. (2021). Agent-based access control framework for enterprise content management. Multiagent and
Grid Systems, 17(2), 141–160. https://doi.org/10.3233/MGS-210346
3. Alharbe, N., Aljohani, A., Rakrouki, M. A., & Khayyat, M. (2023). An access control model based on system
security risk for dynamic sensitive data storage in the cloud. Applied Sciences, 13(5), 3187. https://doi.org/ 10.3390/
app13053187
4. Wang, R., Li, C., Zhang, K., et al. (2025). Zero-trust based dynamic access control for cloud computing.
Cybersecurity, 8, Article 12, 1–15. https://doi.org/10.1186/s42400-024-00320-x
5. Akuthota, A. K. (2025). Role-based access control (RBAC) in modern cloud security governance: An in-depth
analysis. International Journal of Scientific Research in Computer Science, Engineering and Information Technology,
11(2), 45–52. https://doi.org/10.32628/CSEIT25112793
6. Carruthers, A. (2022). Role-based access control (RBAC). In Building the Snowflake Data Cloud (pp. 123–
149). Apress. https://doi.org/10.1007/978-1-4842-8593-0_5
7. Penelova, M. (2021). Hybrid role and attribute based access control applied in information systems.
Cybernetics and Information Technologies, 21(3), 85–96. https://doi.org/10.2478/cait-2021-0031
8. European Union. (2016). General Data Protection Regulation (GDPR) Regulation (EU) 2016/679. https://eurlex.europa.eu/eli/reg/2016/679/oj
9. International Organization for Standardization. (2022). ISO/IEC 27001:2022 Information security,
cybersecurity and privacy protection Information security management systems Requirements. https://www.iso.
org/standard/82875.html
10. International Organization for Standardization. (2022). ISO/IEC 27002:2022 Code of practice for information
security controls. https://www.iso.org/standard/75652.html
11. European Union Agency for Cybersecurity. (n.d.). Guidelines on pseudonymisation techniques and best
practices. https://www.enisa.europa.eu/publications/pseudonymisation-techniques-and-best-practices
12. European Data Protection Board. (n.d.). Data protection by design and by default Guidelines 4/2019 on Article
25. https:/ / edpb.europa.eu / our-work-tools / our-documents / guidelines / guidelines-42019-article-25-data-protectiondesign-and_en
13. Костюк, Ю., Довженко, Н., Мазур, Н., Складанний, П., & Рзаєва, С. (2025). Методика захисту GRIDсередовища від шкідливого коду під час виконання обчислювальних завдань. Кібербезпека: освіта, наука, техніка,
3(27), 22–40. https://doi.org/10.28925/2663-4023.2025.27.710

REAL-TIME DETECTION OF INTERCONNECT BYPASS FRAUD IN TELECOMMUNICATION NETWORKS: CAMEL FRAMEWORK LOW-CODE APPROACH AND AI/ML ADAPTATION

Tymokhin Yu. A. (Тимохін Ю.А.) — 2025-10-26

Interconnect Bypass Fraud poses a significant threat to telecommunication operators, leading to substantial
revenue losses and degraded service quality. This fraud involves routing calls through unauthorized, low-cost channels,
bypassing legitimate interconnect agreements. Traditional detection methods often rely on offline or near real-time
analysis, which may not suffice for timely mitigation.
This article proposes a real-time detection solution leveraging the CAMEL framework, enhanced by a low-code
development approach and AI/ML integration. The solution aims to provide flexibility, rapid adaptation, and high
accuracy in fraud detection while minimizing the need for deep programming expertise. By combining signaling protocol
analysis (CAP/IMS_CAP/INAP) with AI-driven anomaly detection, the proposed system addresses both current and
emerging fraud techniques. The article also explores the adaptation of AI/ML within the low-code software lifecycle to
further optimize fraud detection workflows.
Keywords: Online interconnect bypass fraud detection, signaling, call-control, low-code, artificial intelligence,
machine learning, information security.

References
1. Kouam, A. J., Viana, A. C., & Tchana, A. (2021). SIMBox bypass frauds in cellular networks: Strategies,
evolution, detection, and future directions. IEEE Communications Surveys & Tutorials, 23(4), 2295–2323.
https://doi.org/10.1109/COMST.2021.3100916
2. Kouam, A. J., Viana, A. C., & Tchana, A. (2024). Battle of Wits: To What Extent Can Fraudsters Disguise
Their Tracks in International Bypass Fraud? ACM ASIACCS. https://dl.acm.org/doi/10.1145/3639912.3644265
3. Salaudeen, L. G., et al. (2022). A Plethoric Literature Survey on SIMBox Fraud Detection in
Telecommunication Industry. Direct Research Journal of Engineering and Information Technology, 8(1), 1–11.
https://www.directresearchpublisher.org/direct-research-journal-of-engineering-and-information-technology/volume-8-
issue-1/a-plethoric-literature-survey-on-simbox-fraud-detection-in-telecommunication-industry/
4. Advanced predictive intelligence for termination bypass detection and prevention. (2012). WO 2012/003514
A1. World Intellectual Property Organization. https://patentscope.wipo.int/search/en/detail.jsf?docId=WO2012003514
5. Illegal carrier detection platform and method. (2011). WO 2011/080638 A1. World Intellectual Property
Organization. https://patentscope.wipo.int/search/en/detail.jsf?docId=WO2011080638
6. Predictive intelligence. (2009). US 8,238,905 B2. U.S. Patent and Trademark Office. https: // patents.
google.com/patent/US8238905B2/en
7. A method and system for detecting mobile numbers used by international gateway bypass (SIM Box) operators.
(2012). WO 2012/080781 A1. World Intellectual Property Organization. https://patentscope.wipo.int/search /en/
detail.jsf?docId=WO2012080781
8. A system and method for detecting call bypass fraud in mobile communication networks. (2018). WO
2018/203842 A2. World Intellectual Property Organization. https://patentscope.wipo.int/search / en / detail.
jsf?docId=WO2018203842.
9. Sahaidak, V. (2024). OVERVIEW OF FRAUD DETECTION SYSTEMS AND PERFORMANCE KPI
DEVELOPMENT. Кібербезпека: освіта, наука, техніка. https://szu-journal.duit.edu.ua/
10. Sahaidak, V. А., Lysenko, M. M., & Senkov, O. V. (2022). Telecom fraud and its impact on mobile carrier
business. Connectivity, 1(1), 47–56. https://connectivity.knuba.edu.ua/index.php/journal/article/view/17
11. Карпишин, Н. Я., & Кравчук, С. О. (2023). ДОСЛІДЖЕННЯ МЕТОДІВ МОНІТОРИНГУ ТРАФІКУ
ДЛЯ ПРОТИДІЇ ФРОДУ В ІР-ТЕЛЕФОНІЇ. Міжнародна науково-технічна конференція.
12. ETSI. (n.d.). GSM 03.02: Digital cellular telecommunications system (Phase 2+); Network architecture.
Retrieved from https://www.etsi.org/deliver/etsi_gts/03/0302/05.00.00_60/gsm_0302v050000p.pdf
13. 3GPP. (n.d.). TS 23.002: Universal Mobile Telecommunications System (UMTS); LTE; Network architecture.
Retrieved from https://www.3gpp.org/ftp/Specs/archive/23_series/23.002/
14. 3GPP. (n.d.). TS 23.501: System architecture for the 5G System (5GS). Retrieved from https://www.3gpp.org/
ftp/Specs/archive/23_series/23.501/
15. GSMA. (n.d.). IR.88: EPS Roaming Guidelines. Retrieved from https://www.gsma.com/newsroom/ resources
/ir-88-eps-roaming-guidelines/
16. GSMA. (n.d.). NG.113: 5GS Roaming Guidelines. Retrieved from https://www.gsma.com/newsroom/
resources/ng-113-5gs-roaming-guidelines/
17. 3GPP. (n.d.). TS 23.078: Customised Applications for Mobile network Enhanced Logic (CAMEL). Retrieved
from https://www.3gpp.org/ftp/Specs/archive/23_series/23.078/
18. 3GPP. (n.d.). TS 29.078: CAMEL Application Part (CAP) specification. Retrieved from https://www.3gpp.
org/ftp/Specs/archive/29_series/29.078/
19. ITU-T. (n.d.). Recommendation Q.1200-Q.1699: Intelligent Network (IN) recommendations. Retrieved from
https://www.itu.int/rec/T-REC-Q.1200-200503-I/en
20. 3GPP. (n.d.). TS 23.228: IP Multimedia Subsystem (IMS). Retrieved from https://www.3gpp.org/
ftp/Specs/archive/23_series/23.228/
21. 3GPP. (n.d.). TS 24.229: IP multimedia call control protocol based on SIP and SDP. Retrieved from
https://www.3gpp.org/ftp/Specs/archive/24_series/24.229/
22. 3GPP. (n.d.). TS 23.278: Customised Applications for Mobile network Enhanced Logic (CAMEL) Phase 4 –
Stage 2. Retrieved from https://www.3gpp.org/ftp/Specs/archive/23_series/23.278/
23. 3GPP. (n.d.). TS 29.278: CAMEL Application Part (CAP) specification for IMS. Retrieved from
https://www.3gpp.org/ftp/Specs/archive/29_series/29.278/
24. 3GPP. (n.d.). TS 23.272: Circuit Switched (CS) fallback in Evolved Packet System (EPS). Retrieved from
https://www.3gpp.org/ftp/Specs/archive/23_series/23.272/
25. GSMA. (n.d.). FF.02: Fraud Management Systems - Guidelines for Mobile Network Operators. Retrieved from
https://www.gsma.com/newsroom/resources/ff-02-fraud-management-systems-guidelines-for-mobile-networkoperators/
26. GSMA. (n.d.). FF.21: Fraud Manual. Retrieved from https://www.gsma.com/newsroom/resources/fraudmanual/
27. GSMA. (n.d.). FS.24: CAMEL Roaming Fraud Management Handbook. Retrieved from https://www.gsma.
com/newsroom/resources/fs-24-camel-roaming-fraud-management-handbook/
28. W3C. (n.d.). State Chart XML (SCXML): State Machine Notation for Control Abstraction (W3C
Recommendation). Retrieved from https://www.w3.org/TR/scxml/
29. Ecma International. (n.d.). ECMA-404: The JSON data interchange syntax. Retrieved from https://www.ecmainternational.org/publications-and-standards/standards/ecma-404/
30. Oracle. (n.d.). GraalVM: An advanced JDK with ahead-of-time Native Image compilation. Retrieved from
https://www.graalvm.org/

ASSESSMENT OF THE IMPACT OF SOFTWARE TOOLS BASED ON ARTIFICIAL INTELLIGENCE TECHNOLOGIES ON RESOURCE EFFICIENCY IN CONDUCTING DESTRUCTIVE CYBER OPERATIONS AGAINST CRITICAL INFRASTRUCTURE OBJECTS

Савченко В. А. (Savchenko V.A.) — 2025-10-26

The development of artificial intelligence technologies, together with the performances of the catalyst for the
development of cyberspace entities. Modern software tools that provide the capabilities of artificial intelligence technology are
actively used both by “ethical hackers” (cybersecurity specialists), in particular in cyber protection tools for antivirus programs,
EDR/XDR, SIEM, CTI platforms, and by cyber threat actors (hackers). According to the estimates of the cybersecurity company
“Crowdstrike”, cyber threat actors, of course, release software tools based on AI technologies for free in two cases: for quickly
writing the software code of the payload/script and for preparing text-visual phishing tools. In addition, cybersecurity experts
have identified numerous modular AI platforms for creating malicious code, conducting social engineering, selecting and
implementing MITRE procedures, Darknet - reconnaissance and reverse engineering, etc. The use of such software allows
cyberthreat actors to significantly reduce financial, time and human resources for deployment, including destructive cyberattacks
within the framework of cyber operations against critical infrastructure facilities. Thanks to the implementation and adaptation
of such accessible software solutions, attackers can do without the participation of individual narrowly specialized technical
specialists, perfect knowledge of programming languages and significantly reduce the life cycle of a cyber operation by several
times, which completes the mass of such activities. In the future, this process creates new challenges for the cyber defense
system, taking into account the impact of intelligent technologies, which remain increasingly functionally enriched and
increasingly accessible.
Keywords: artificial intelligence (AI), software tools based on AI technologies, cyber operation, cyber-attack,
specialized technological Trojan software, critical infrastructure facility, Stuxnet.

References
1. Kiran Maraju, Rashu, Tejaswi Sagi “Hackers Weaponry: Leveraging AI Chatbots for Cyber Attacks”// Proceedings of
the International Conference on Cybersecurity, Situational Awareness and Social Media (pp.385-398), February 2024;
2. Calvin NMN Nobles Offensive Artificial Intelligence in Cybersecurity: Techniques, Challenges, and Ethical
Considerations // Real-World Solutions for Diversity, Strategic Change, and Organizational Development (pp.348-363), June
2023;
3. Michael N. Schmitt, Liis Vihul “Tallin manual 2.0 on the international law applicable to cyber operations”, Cambridge
university press, 2017, p. 564;
4. ЗУ “Про основні засади забезпечення кібербезпеки України” [Електронний ресурс] режим доступу:
https://zakon.rada.gov.ua/laws/show/2163-19#Text;
5. Kareem K., Naik N., Jenkins P., Grace P., Song JP., “Understanding the Defence of Operational Technology Systems:
A Comparison of Lockheed Martin’s Cyber Kill Chain, MITRE ATT&CK Framework, and Diamond Model”, Contributions
presented at the international conference on computing, communication, cybersecurity and AI, 2024;
6. Maathuis C. “Human-Centred AI in Military Cyber Operations”, International Conference on Cyber Warfare and
Security, 2024;
7. Donald G. Dunn, Eric Cosman “Cybersecurity Fundamentals Are Not Just for Industrial Control Systems: Guidance
and Direction Are Available”, IEEE, 2024;
8. Кібератаки UAC-0001 на сектор безпеки та оборони із застосуванням програмного засобу LAMEHUG, що
використовує LLM (велику мовну модель) [Електронний ресурс] режим доступу доступу :https: // cert.gov.ua /
article/6284730;
9. Kour, R , Karim, R, Dersin, P “Modelling cybersecurity strategies with game theory and cyber kill chain”,
International journal of system assurance engineering and management, 2025;
10. F. Charmet, H. C. Tanuwidjaja, S. Ayoubi, P.-F. Gimenez, Y. Han, H. Jmila, G. Blanc, T. Takahashi, and Z. Zhang,
“Explainable artificial intelligence for cybersecurity: a literature survey,” Annals of Telecommunications - annales des tel´
ecommunications ´ , vol. 77, no. 11-12, pp. 789–812, Dec. 2022. [Online]. Available: https: //hal.science/hal-03965590;
11. Gustavo Bergantinos and Juan Vidal-Puga “A value for PERT problems” [Електронний ресурс] режим доступу:
https://www.worldscientific.com/doi/epdf/10.1142/S0219198909002418;
12. .K. Zetter, Countdown to Zero Day: Stuxnet and the Launch of the World's First Digital Weapon, New York: Crown,
2014.

MULTIBASED CLOUD MONITORING OF DNS TRAFFIC FOR OPERATIVE CORRECTION OF CURRENT RPZ PARAMETERS

Chepel D. O. (Чепель Д.О.) — 2025-10-26

The paper presents the results of test studies of a software tool (ST) for monitoring the current state of a defined
group of DNS servers. To improve the informative content and timeliness of test measurement data analysis, artificial
intelligence (AI) capabilities are integrated, enabling flexible adjustment of test structures and profiles. The improved ST
increases situational awareness regarding security threats in DNS traffic. The experimental version implements cloudbased multi-source measurements using spatially distributed cloud sensors, centrally controlled via an administrator
console. This architecture allows monitoring DNS query processing parameters from simulated clients located in different
domain zones. Within the framework of simulation modeling for various DNS query encryption protocols, the parameters
of the daily availability of servers were evaluated. The results confirmed the system’s ability to automatically adapt
measurement parameters and structure based on real-time AI analytics of previous observations. The generalization of
the obtained information has made it possible to identify promising directions for further improvement of the implemented
concept, including: enhancing the administrative procedures of the cloud bot-testers system; refining the specifics inherent
to different AI systems in accordance with the monitoring tasks performed; formalizing criteria for assessing the current
state of DNS traffic; improving precedent-based analysis mechanisms for detecting anomalous traffic; enhancing the
procedures for synthesizing new scenarios to detect previously unknown threats exploiting DNS traffic (services and
applications) vulnerabilities.
Keywords: DNS, RPZ, AI, information security, traffic filtering.

References
1. Chepel, D., & Malakhov, S. (2024). Uzahalnennia napriamiv filtratsii DNS trafiku yak skladovoi bezpeky
suchasnykh informatsiinykh system [Summary of DNS traffic filtering trends as a component of modern information
systems security]. Computer Science and Cybersecurity, (1), 6–21. https://doi.org/10.26565/2519-2310-2024-1-01 [in
Ukrainian].
2. Chepel, D., & Malakhov, S. (2025). Multyprotokolnyi monitorynh trafiku DNS, yak osnova dlia koryhuvannia
potochnykh parametriv RPZ [Multiprotocol monitoring of DNS traffic as a basis for adjusting current RPZ parameters].
ΛΌΓOΣ. Collection of Scientific Papers, 242–246. https://doi.org/10.36074/logos-24.01.2025.049 [in Ukrainian].
3. Korobeinykova, T., & Fedchuk, T. (2024). Ohliad protokoliv DNS, DoH ta DoT [Overview of DNS, DoH and
DoT protocols]. ΛΌΓOΣ. Collection of Scientific Papers, 253–256. https://doi.org/10.36074/logos-01.03.2024.056 [in
Ukrainian].
4. Google. (n.d.). Gemini Developer API. https://ai.google.dev/gemini-api/docs
5. Haneef, A. (n.d.). On the scalable generation of cyber threat intelligence from passive DNS streams.
http://surl.li/phbham
6. Korte, K. (n.d.). Measuring the quality of open source cyber threat intelligence feeds. http://surl.li/yhiqoe
7. Li, V. G., Dunn, M., Pearce, P., McCoy, D., Voelker, G. M., Savage, S., & Levchenko, K. (2019). Reading the
tea leaves: A comparative analysis of threat intelligence. USENIX Security Symposium, 851–867. https://atc.usenix.org/
system/files/sec19fall-li_prepub.pdf
8. Alieyan, K., ALmomani, A., Manasrah, A., & Kadhum, M. M. (2015). A survey of botnet detection based on
DNS. Neural Computing and Applications, 28(7), 1541–1558. https://doi.org/10.1007/s00521-015-2128-0
9. Choi, H., Lee, H., Lee, H., & Kim, H. (2007). Botnet detection by monitoring group activities in DNS traffic.
7th IEEE International Conference on Computer and Information Technology (CIT 2007), 715–720. https://doi.org/
10.1109/CIT.2007.90
10. Zhao, D., Traore, I., Sayed, B., Lu, W., Saad, S., Ghorbani, A., & Garant, D. (2013). Botnet detection based
on traffic behavior analysis and flow intervals. Computers & Security, 39, 2–16. https://doi.org/10.1016/
j.cose.2013.04.007
11. Lyu, M., Gharakheili, H. H., & Sivaraman, V. (2022). A survey on DNS encryption: Current development,
malware misuse, and inference techniques. ACM Computing Surveys, 55(8), 1–28. https://doi.org/10.1145/35473
12. Lu, C., Liu, B., Li, Z., Hao, S., Duan, H., Zhang, M., Leng, C., Liu, Y., Zhang, Z., & Wu, J. (2019). An endto-end, large-scale measurement of DNS-over-encryption: How far have we come? Proceedings of the ACM Internet
Measurement Conference (IMC '19), 22–35. https://doi.org/10.1145/3355369.3355580
13. Siby, S., Juarez, M., Diaz, C., Vallina-Rodriguez, N., & Troncoso, C. (2020). Encrypted DNS – Privacy? A
traffic analysis perspective. Proceedings of the 27th Network and Distributed System Security Symposium (NDSS).
https://arxiv.org/abs/1906.09682
14. Connery, H. M. (n.d.). DNS response policy zones history, overview, usage and research.
https://www.dnsrpz.info/RPZ-History-Usage-Research.pdf
15. Ichise, H., Jin, Y., & Iida, K. (2023). Policy-based detection and blocking system for abnormal direct outbound
DNS queries using RPZ. Proceedings of the 22nd International Symposium on Communications and Information
Technologies (ISCIT) ,1–6. https://ieeexplore.ieee.org/document/10376042
16. Patsakis, C., & Casino, F. (2019). Exploiting statistical and structural features for the detection of domain
generation algorithms. Journal of Information Security and Applications, (Preprint). https://arxiv.org/pdf/1912.05849
17. Koh, J. J., & Rhodes, B. (2018). Inline detection of domain generation algorithms with context-sensitive word
embeddings. In Proceedings of the 2018 IEEE International Conference on Big Data, 2966–2971. https://ieeexplore.ieee.
org/document/8622066
18. Kumar, A. D., Thodupunoori, H., Vinayakumar, R., Soman, K. P., Poornachandran, P., Alazab, M., &
Venkatraman, S. (2019). Enhanced domain generating algorithm detection based on deep neural networks. Companion
Proceedings of The 2019 World Wide Web Conference, 189–196. https://doi.org/10.1145/3308558.3316498
19. Google Cloud. (n.d.). Gemini 2.0 Flash. https://cloud.google.com/vertex-ai/generative-ai/docs/models/gemini/
2-0-flash#2.0-flash
20. Relevance AI. (n.d.). Explore the capabilities of Gemini 2.0 Flash. https://relevanceai.com/llmmodels/explore-gemini-2-0-flash-capabilities
21. Chepel, D. O. (2024). Analiz suchasnykh metodiv i tekhnolohii DNS filtratsii trafiku, yak skladovoi bezpeky
suchasnykh informatsiinykh system [Analysis of modern DNS traffic filtering methods and technologies as part of the
security of modern information systems] (Master’s thesis, V. N. Karazin Kharkiv National University). [in Ukrainian].

MATHEMATICAL MODEL OF SEMANTIC ATTRIBUTION OF CYBER INCIDENTS IN ANOMALY DETECTION SYSTEMS BASED ON DEEP LEARNING

Шульга В. П. (Shulga V.P.) — 2025-10-26

For the first time, an automated mathematical model of semantic attribution of cyber incidents is proposed, integrated
into a deep anomaly system to transition from expert signaling to automatic contextual threat identification. The proposed
approach is based on traffic analysis (autoencoder reconstruction of normal behavior and short-term MLP prediction with
adaptive anomaly boundary formation) with a content-semantic layer, which performs deep parsing of payload and header fields,
construction of vector data and search precedents in the database of historical incidents (SQLi classes/families, XSS,
XXE/XSLT, brute force, etc.). Aggregated risk scoring is introduced before the criticality assessment module, combining
anomaly strength, attribution and contextual asset reliability, and XAI explainability mechanisms (important tokens/fields,
closest keys) to improve decision interpretability and human-on-the-loop mode. The implementation is focused on streaming
scenarios and compatible with SIEM/SOAR, which simplifies implementation in critical infrastructure, telecommerce networks,
financial sector, and cloud environments. Experimental studies on proprietary network datasets demonstrate the statistical
significance of reducing false positives and increasing integral metrics (Precision/Recall/F1) according to rules and purely
behavioral approaches, as well as reducing SOC response time. The results obtained confirm that the integration of semantic
attribution with behavioral detection formalizes the mapping "anomaly → cyber incident", performs the reproducibility and
controllability of the process and creates the basis for a scalable next-generation cyber defense system.
Keywords: cyber incidents, anomaly detection, semantic attribution, machine learning, autoencoder, criticality module,
cyber-attack precedents, cybersecurity, cyber-attack, cyber defense, critical infrastructure, cyber threat.

References
1. Chandola V., Banerjee A., Kumar V. Anomaly detection: A survey. ACM Computing Surveys, 2009.
2. Kim H., Park H., Lee H. Network anomaly detection using statistical models. Computer Communications,
2014.
3. Ahmed M., Mahmood A., Hu J. A survey of network anomaly detection techniques. Journal of Network and
Computer Applications, 2016.
4. Vincent P. et al. Extracting and composing robust features with denoising autoencoders. ICML, 2008.
5. Zhang Y. et al. Traffic prediction in SDN using deep learning. IEEE Access, 2020.
6. Wang W. et al. HAST-IDS: Learning hierarchical spatial-temporal features using deep neural networks to
improve intrusion detection. IEEE Access, 2017.
7. Kitsune: An ensemble of autoencoders for online network intrusion detection. NDSS, 2018.
8. Sommer R., Paxson V. Outside the closed world: On using machine learning for network intrusion detection.
IEEE Symposium on Security and Privacy, 2010.
9. Li Y. et al. Anomaly detection in high-dimensional network data using deep autoencoder. Future Generation
Computer Systems, 2019.
10. Huang C. et al. Deep autoencoder-based anomaly detection in SDN. IEEE Transactions on Network and
Service Management, 2020.
11. ISO/IEC 27001:2022. Information security management systems.
12. NIST SP 800-94. Guide to Intrusion Detection and Prevention Systems (IDPS), 2021.
13. Шульга В., Іванченко Є., Аверічев І., Рижаков М. Методи інтелектуального виявлення аномалій і
критичних ситуацій у кіберсистемах на основі глибокого навчання. Information Technology: Computer Science,
Software Engineering and Cyber Security, 2025.
14. Іванченко Є.В., Рижаков М.М. Узагальнена модель прогнозування та виявлення кібербезпекових
аномалій на основі штучного інтелекту. Збірник наукових праць, 2025.

MODELLING THE QUALITY ASSURANCE OF AI-BASED INTELLIGENT ENERGY MANAGEMENT SOFTWARE

Verlan A. A. (Верлань А.А.) — 2025-10-26

This research is conducted within the Department of Software Engineering for Power Industry, NTUU KPI and
Foreign Expert Studio for Demand Response at the Shandong-Uzbekistan Technological Innovation Research Institute
collaboration under the Project H20240943 Quality Assurance Project for Intelligent Energy Management Software
Based on AI Methods and the Development and Industrialization of Intelligent Grid Demand Response Technology
Project. Intelligent Energy Management Software (IEMS) must operate reliably across heterogeneous sites where data
distributions, sensor suites, code bases, and operating policies evolve over time. This paper presents a unified framework
for cross-domain adaptation and trusted quality assurance (QA) that combines supervised transfer learning, domainadversarial alignment, and federated aggregation with release gates for calibration, robustness, and explainability. The
framework is validated on benchmarks spanning software engineering and energy analytics: NASA MDP and PROMISE
defect datasets for classification, the Numenta Anomaly Benchmark (NAB) for time-series anomaly detection, and the
UCI energy dataset for reliability assessment. Strong baselines (Random Forest, SVM, CNN, GRU) are tuned under
identical protocols to ensure fair comparison. The proposed method consistently improves predictive performance,
yielding absolute F1-score gains of 5–10 points on defect prediction and an 8-point increase on NAB anomaly detection
(from 0.70 to 0.78). Trustworthiness also increases: the Expected Calibration Error (ECE) is reduced to 0.032 (a 22–42%
reduction relative to Bayesian/CNN baselines), the Negative Log-Likelihood (NLL) falls to 0.18, and the Brier score
improves, indicating better probabilistic accuracy. Ablation studies show that adversarial alignment drives the most crossdomain generalization gains, whereas temperature scaling and entropy regularization deliver the largest calibration
improvements. Stress tests with injected noise and gradual drift confirm stable precision–recall trade-offs and bounded
error propagation under distributional shift. In privacy-constrained settings, federated aggregation maintains these
benefits without exchanging raw data, while lightweight explainability checks (e.g., SHAP/LIME) flag low-confidence
predictions for human review, enabling actionable QA. Together, these results demonstrate that coupling adaptive transfer
with formal QA checks provides a principled and practical route to reliable IEMS deployment across residential,
commercial, and industrial environments.
Keywords: Intelligent Energy Management Software (IEMS); Cross-Domain Adaptation; Transfer Learning;
Domain-Adversarial Training; Federated Learning; Software Quality Assurance; Calibration; Explainability.

References
1. ISO/IEC 25010:2011. Systems and software engineering—Systems and software Quality Requirements and
Evaluation (SQuaRE), System and software quality models. International Organization for Standardization, Geneva,
2011.
2. Felderer, M., & Ramler, R. (2021). Quality assurance for AI-based systems: Overview and challenges. arXiv
preprint arXiv:2102.05351. https://doi.org/10.48550/arXiv.2102.05351.
3. Ali, M. A., Yap, N. K., Ghani, A. A. A., Zulzalil, H., Admodisastro, N. I., & Najafabadi, A. A. (2022). A
systematic mapping of quality models for AI systems, software and components. Applied Sciences, 12(17), 8700.
https://doi.org/10.3390/app12178700.
4. Lakshminarayanan, B., Pritzel, A., & Blundell, C. (2017). Simple and scalable predictive uncertainty
estimation using deep ensembles. In Advances in Neural Information Processing Systems (NeurIPS 30) (pp. 6402–6413).
Curran Associates, Inc. https://doi.org/10.48550/arXiv.1612.01474
5. Angelopoulos, A. N., & Bates, S. (2021). A gentle introduction to conformal prediction and distribution-free
uncertainty quantification. arXiv preprint arXiv:2107.07511. https://doi.org/10.48550/arXiv.2107.07511
6. Higham, N. J. (2002). Accuracy and Stability of Numerical Algorithms (2nd ed.). Philadelphia, PA: SIAM.
https://doi.org/10.1137/1.9780898718027
7. Goodfellow, I., Shlens, J., & Szegedy, C. (2015). Explaining and harnessing adversarial examples. In
Proceedings of the 3rd International Conference on Learning Representations (ICLR 2015). San Diego, CA. Retrieved
from https://arxiv.org/abs/1412.6572
8. Carlini, N., & Wagner, D. (2017). Towards evaluating the robustness of neural networks. In 2017 IEEE
Symposium on Security and Privacy (SP) (pp. 39–57). IEEE. https://doi.org/10.1109/SP.2017.49
9. Hendrycks, D., & Dietterich, T. G. (2019). Benchmarking neural network robustness to common corruptions
and perturbations. In Proceedings of the 7th International Conference on Learning Representations (ICLR 2019). New
Orleans, LA. Retrieved from https://arxiv.org/abs/1903.12261
10. Mounir, N., Ouadi, H., & Jrhilifa, I. (2023). Short-term electric load forecasting using an EMD–BiLSTM
approach for smart grid energy management system. Energy and Buildings, 288, 113022. https://doi.org/10.1016
/j.enbuild.2023.113022
11. Abumohsen, M., AlQahtani, M., Alsanad, A., Alqahtani, A., & Alkahtani, H. (2023). Electrical load forecasting
using LSTM, GRU, and RNN. Energies, 16(5), 2283. https://doi.org/10.3390/en16052283
12. Bayram, F., Aupke, P., Ahmed, B. S., Kassler, A., Theocharis, A., & Forsman, J. (2023). DA-LSTM: A
dynamic drift-adaptive learning framework for interval load forecasting with LSTM networks. Engineering Applications
of Artificial Intelligence, 123, 106480. https://doi.org/10.1016/j.engappai.2023.106480
13. Mischos, S., Iakovidis, D. K., & Katsikas, A. K. (2023). Intelligent energy management systems: A review.
Artificial Intelligence Review. https://doi.org/10.1007/s10462-023-10506-5

CRITERIA FOR STRATEGIC ASSESSMENT OF STATE CYBER SECURITY: CYBER DIPLOMATIC ASPECT

Шульга В. П. (Shulga V.P.) — 2025-10-26

For Ukraine, which is in a state of armed aggression and systemic pressure in cyberspace, the issue of cyber defense is
gaining critical importance, especially in the context of integration into the European and Euro-Atlantic security space. This
requires not only technological readiness to repel an attack, but also the creation of a stable, comprehensive cyber defense
system capable of effectively interacting with international partners and integrating into the global security space. In this context,
the production of this system becomes colored by the cyber diplomatic aspect. The implementation of effective cyber diplomacy requires clear tools for monitoring and assessing the state of cyber defense of the country in order to: identify the strengths and
weaknesses of national cybersecurity; adjust the policy and development program; ensure transparency and accountability to
society and international partners, etc. In view of this, there is a need to develop appropriate criteria for evaluating the
components of cyber diplomacy adapted to Ukrainian realities, combining the best global practices taking into account the
modern unique challenges of the state. The method of this study is to form criteria for assessing the country's cybersecurity
within the framework of the components of cyber diplomacy strategies using the best global practices. To form such criteria, at
the initial stage of the study, we analyze internationally recognized approaches developed by governments, intergovernmental
organizations and industry experts. The formed set of 11 criteria, by which it is possible to assess the level of cybersecurity in
Ukraine within the framework of the implementation of the cyber diplomacy strategy, have a sufficient level of detail, which
allows: to comprehensively assess the state of cyber defense in a wide range of areas; to effectively plan the development of
institutional, technological and legal mechanisms; to strengthen Ukraine's position in cyberspace.
Keywords: cyber diplomacy, cybersecurity, criteria for strategic assessment of state cybersecurity, state cyber defense,
cyber threats.

References
1. Global Cybersecurity Index, About International Telecommunication Union (ITU), веб-сайт. URL:
https://www.itu.int/hub/publication/d-hdb-gci-01-2024/ (дата звернення: 08.08.2025).
2. Directive (EU) 2022/2555 of the European Parliament and of the Council of 14 December 2022 on measures
for a high common level of cybersecurity across the Union. URL: https://eur-lex.europa.eu/eli/dir/2022/2555/oj (дата
звернення: 08.08.2025).
3. Joint Communication To The European Parliament And The Council The EU's Cybersecurity Strategy for the
Digital Decade. URL: https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=celex:52020JC0018 (дата звернення: 08.08.
2025).
4. OECD Policy Framework on Digital Security Cybersecurity For Prosperity. URL: https://www.oecd.org/
content/dam/oecd/en/publications/reports/2022/12/oecd-policy-framework-on-digital-security_a0b1d79c/a69df866-
en.pdf (дата звернення: 08.08.2025).
5. Global Cybersecurity Index 2024. URL: https:// www.itu.in t/en / ITU-D / Cybersecurity / pages/globalcybersecurity-index.aspx (дата звернення: 08.08.2025).
6. The National Cyber Security Index 3.0. URL: https: // ega.ee / wp-content / upload s/ 2023 / 08/NCSI3.0_Methodology.pdf (дата звернення: 08.08.2025).
7. Information security, cybersecurity and privacy protection – Information security management systems –
Requirements: ISO/IEC 27001:2022: Technical Committee: ISO/IEC JTC 1/SC 27, ICS : 35.030 03.100.70, Р. 19.
8. Information security, cybersecurity and privacy protection – Guidance on managing information security risks:
ISO/IEC 27005:2022: Technical Committee : ISO/IEC JTC 1/SC 27, ICS : 35.030, Р. 64.
9. Information security, cybersecurity and privacy protection – Information security controls: ISO/IEC
27002:2022: Technical Committee : ISO/IEC JTC 1/SC 27, ICS : 35.030 03.100.70, Р. 152.
10. Security and resilience – Business continuity management systems – Requirements: ISO 22301:2019:
Technical Committee : ISO/TC 292, ICS : 03.100.01 03.100.70, Р. 21.
11. The NIST Cybersecurity Framework (CSF) 2.0: National Institute of Standards and Technology URL:
https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.29.pdf (дата звернення: 12.08.2025).
12. Cybersecurity Capacity Maturity Model for Nations (CMM) Global Cyber Security Capacity Centre URL:
https://gcscc.ox.ac.uk/files/cmm2021editiondocpdf (дата звернення: 12.08.2025).
13. CYBERSECURITY CAPACITY REVIEW Republic of Cyprus September 2021 URL:
https://dsa.cy/images/pdf-upload/cmm_cyprus_report_2021_final.pdf (дата звернення: 12.08.2025).
14. CMM Reviews Around the World. URL: https://gcscc.ox.ac.uk/cmm-reviews (дата звернення: 12.08.2025).

MODELING NEUROVIRUS CAMPAIGNS IN NETWORK TRAFFIC BASED ON A COMBINATION OF STREAM, LOG AND BYTE FEATURES

Хохлачова Ю. Є. (Khokhlachova Yu.Ye.) — 2025-10-26

The paper investigates the problem of detecting "neuroviruses" - malicious software structures that combine classical
network methods with machine learning technologies for obfuscation and adaptability. The main goal is to increase the accuracy
of detecting new and hidden attacks in network traffic through a comprehensive analysis of data of various natures: aggregated
flows (NetFlow), detailed records of the Zeek network analyzer, logs of security information and event management systems
(Security Information and Event Management, hereinafter SIEM) and byte artifacts of firmware. Architectures based on
convolutional and recurrent neural networks (Convolutional Neural Network + Long Short-Term Memory, hereinafter
CNN+LSTM) for modeling time sequences and autoencoders with long short-term memory (Autoencoder + LSTM, hereinafter
AE+LSTM) for unsupervised anomaly detection are proposed. Byte sequences are converted into fixed-dimensional grayscale
images using the Byte2Image method, which unifies the processing of Transport Layer Security / Secure Sockets Layer
(TLS/SSL) and Simple Network Management Protocol (SNMP) artifacts, including those from vulnerable network hardware
firmware. The method involves time window synchronization, class balancing, and training a model on a weighted loss function
taking into account the cost of different types of errors. Experiments were conducted on subsets of NetFlow, Zeek, and SIEM
to reproduce hybrid attack scenarios: covert scanning, TLS control channels with downgrade, SNMPv2c exploitation with
typical community strings, and firmware injections. Comparison with baseline methods (Random Forest, Isolation Forest,
recurrent neural networks) showed an increase in the integral F1 score to 0.94 for unknown attack families and a 27% reduction
in the average response delay in real time. The proposed architecture is consistent with the principles of Zero Trust, supports
correlation with the MITRE ATT&CK matrix and ensures reproducibility. The practical contribution is to increase the resilience
of operator and corporate networks to wave hybrid attacks and to form a regulated package of methodology, model specification,
data map, test protocol and topology drawing. The results can become the basis for automating access policies, adaptive
telemetry selection and integration with threat intelligence platforms.
Keywords: neurovirus, multimodal neural networks, convolutional and recurrent model, autoencoder, Byte2Image,
NetFlow, Zeek, security information and event management system, intrusion detection system, Zero Trust, SNMP, firmware
attacks.

References
1. Smith J., Nguyen T. Multimodal Deep Learning for Network Intrusion Detection. IEEE Transactions on
Network and Service Management. 2022. Vol. 19, No. 3. P. 2741–2755. https://doi.org/10.1109/TNSM.2022.3152349.
2. Zhang L., Chen H. Autoencoder-based Anomaly Detection for Encrypted Traffic. Computers & Security. 2021.
Vol. 105. Art. 102234. https://doi.org/10.1016/j.cose.2021.102234.
3. Gerhards R. The Syslog Protocol. RFC 5424. IETF, 2009. https://doi.org/10.17487/RFC5424.
4. Case J., Mundy R., Partain D., Stewart B. Simple Network Management Protocol (SNMPv3) Framework. RFC
3411. IETF, 2002. https://doi.org/10.17487/RFC3411.
5. Rescorla E. The Transport Layer Security (TLS) Protocol Version 1.3. RFC 8446. IETF, 2018.
https://doi.org/10.17487/RFC8446.
6. Nataraj L., Karthikeyan S., Jacob G., Manjunath B. Malware images: visualization and automatic classification.
VizSec. 2011. P. 1–7. https://doi.org/10.1145/2016904.2016908.
7. Moustafa N., Slay J. UNSW-NB15: a comprehensive data set for network intrusion detection. MILCOM 2015
– IEEE Military Communications Conference. 2015. P. 1–6. https://doi.org/10.1109/MILCOM.2015.7356528.
8. Sharafaldin I., Lashkari A., Ghorbani A. Toward Generating a New Intrusion Detection Dataset. ICISSP 2018
4th International Conference on Information Systems Security and Privacy. 2018. P. 108–116. https://doi.org/
10.5220/0006639801080116.
9. Mirsky Y., Doitshman T., Elovici Y., Shabtai A. Kitsune: An Ensemble of Autoencoders for Online Network
Intrusion Detection. NDSS Symposium. 2018. https://doi.org/10.14722/ndss.2018.23241.
10. Breiman L. Random Forests. Machine Learning. 2001. Vol. 45. P. 5–32. https://doi.org/10.1023/A:
1010933404324.
11. Hochreiter S., Schmidhuber J. Long Short-Term Memory. Neural Computation. 1997. Vol. 9, No. 8. P. 1735–
1780. https://doi.org/10.1162/neco.1997.9.8.1735.
12. LeCun Y., Bottou L., Bengio Y., Haffner P. Gradient-based learning applied to document recognition.
Proceedings of the IEEE. 1998. Vol. 86, No. 11. P. 2278–2324. https://doi.org/10.1109/5.726791.
13. Kingma D.P., Welling M. Auto-Encoding Variational Bayes. International Conference on Learning
Representations (ICLR). 2014. https://doi.org/10.48550/arXiv.1312.6114.
14. Goodfellow I., Bengio Y., Courville A. Deep Learning. MIT Press, 2016. 800 p. https://doi.org/10.7551/
mitpress/10234.001.0001.
15. Zaddach J., Kurmus A., Francillon A., Balzarotti D. AVATAR: A Framework to Explore Embedded Firmware.
NDSS Workshop. 2014. https://doi.org/10.14722/ndss.2014.23257.
16. Aviram N., Schinzel S., Somorovsky J., et al. DROWN: Breaking TLS using SSLv2. USENIX Security
Symposium. 2016. P. 689–706. https://doi.org/10.5555/2976749.2977335.
17. Papernot N., McDaniel P., Sinha A., Wellman M. SoK: Security and Privacy in Machine Learning. IEEE
European Symposium on Security and Privacy. 2018. P. 399–414. https://doi.org/10.1109/EuroSP.2018.00035.
18. Rigaki M., Garcia S. Bringing a GAN to a Knife-Fight: Adapting Malware Communication to Avoid Detection.
IEEE Security and Privacy Workshops. 2018. P. 70–75. https://doi.org/10.1109/SPW.2018.00020.
19. Kim T., Ryu J., Choi H. Ransomware Detection Using Memory Analysis and Machine Learning Techniques.
IEEE Access. 2020. Vol. 8. P. 99460–99471. https://doi.org/10.1109/ACCESS.2020.2995830.
20. Apruzzese G., Colajanni M., Ferretti L., Guido A., Marchetti M. On the Effectiveness of Machine and Deep
Learning for Cyber Security. 10th International Conference on Cyber Conflict (CyCon). 2018. P. 371–390.
https://doi.org/10.23919/CYCON.2018.8405026.
21. Conti M., Dehghantanha A., Franke K., Watson S. Internet of Things security and forensics: Challenges and
opportunities. Future Generation Computer Systems. 2018. Vol. 78. P. 544–546. https://doi.org/10.1016/ j.future.
2017.07.060.
22. Alsirhani A., Alqahtani A., Chatterjee M. A Survey of Machine Learning for Big Code and Naturalness. ACM
Computing Surveys. 2022. Vol. 55, No. 7. Art. 137. https://doi.org/10.1145/3524091.
23. Buczak A., Guven E. A Survey of Data Mining and Machine Learning Methods for Cyber Security Intrusion
Detection. IEEE Communications Surveys & Tutorials. 2016. Vol. 18, No. 2. P. 1153–1176. https://doi.org/10.1109/
COMST.2015.2494502.
24. Ahmed M., Mahmood A.N., Hu J. A survey of network anomaly detection techniques. Journal of Network and
Computer Applications. 2016. Vol. 60. P. 19–31. https://doi.org/10.1016/j.jnca.2015.11.016.
25. Shone N., Ngoc T.N., Phai V.D., Shi Q. A Deep Learning Approach to Network Intrusion Detection. IEEE
Transactions on Emerging Topics in Computational Intelligence. 2018. Vol. 2, No. 1. P. 41–50. https://doi.org/
10.1109/TETCI.2017.2772792.
26. Yin C., Zhu Y., Fei J., He X. A Deep Learning Approach for Intrusion Detection Using Recurrent Neural
Networks. IEEE Access. 2017. Vol. 5. P. 21954–21961. https://doi.org/10.1109/ACCESS.2017.2762418.
27. Li W., Chen Y., Zhang Z., Xu L. Software Vulnerability Detection Using Deep Neural Networks: A Survey.
IEEE Access. 2021. Vol. 9. P. 12736–12752. https://doi.org/10.1109/ACCESS.2021.3050949.
28. Umer M.F., Sher M., Bi Y. Towards Machine Learning-Based Malware Detection in IoT Devices. Computers
& Security. 2020. Vol. 89. Art. 101660. https://doi.org/10.1016/j.cose.2019.101660.
29. Ferrag M.A., Maglaras L., Moschoyiannis S., Janicke H. Deep learning for cyber security intrusion detection:
Approaches, datasets, and comparative study. Journal of Information Security and Applications. 2020. Vol. 50. Art.
102419. https://doi.org/10.1016/j.jisa.2019.102419.
30. Lin P., Ye K., Xu C.Z., Zheng Z. Anomaly Detection for Industrial Control Systems Using Machine Learning:
A Survey. IEEE Transactions on Industrial Informatics. 2022. Vol. 18, No. 7. P. 4415–4429. https://doi.org/
10.1109/TII.2021.3110829.
31. Lopez-Martin M., Carro B., Sanchez-Esguevillas A. Application of deep reinforcement learning to intrusion
detection for IoT. IEEE Access. 2017. Vol. 7. P. 145270–145282. https://doi.org/10.1109/ACCESS.2019.2944063.

STUDY OF THE SPEED OF THE MESSAGE TRANSMISSION METHOD USING OFF-CHAIN DATA PROCESSING TO ENSURE DATA INTEGRITY AND IMMUTABILITY

Побережник В. О. (Poberezhnyk V.O.) — 2025-10-26

The article is devoted to an empirical study of a message transfer method that uses IPFS as a transit point for data transfer,
blockchain and smart contract as a container for evidence of integrity and immutability, and a transmission channel based on
the WebSocket protocol, which is used to support a communication channel between the parties to the message exchange in
which they exchange not the data themselves, but links to the data. This approach is due to the fact that the use of blockchain
technology alone for message exchange is impractical due to a number of limitations, so such a context requires finding ways
to eliminate these limitations. The mentioned system is developed based on smart contracts that are executed in the Ethereum
test network, the use of the Pinata service for access to IPFS and a local WebSocket server. In addition to the development of
the system itself, the article develops a method for confirming the integrity and immutability of data through the use of data
identifiers generated by IPFS and their processing in the blockchain using a smart contract. Based on the developed method, an
algorithm for transmitting and confirming the integrity and immutability of data is formed. Using the developed and deployed
blockchain node and WebSocket server in the local network and communication with IPFS via Pinata API, a study of the
system's performance was conducted by measuring message propagation delays on the system nodes and the total propagation
time, as well as optimizing the algorithm to speed up the system. One of the positive results is the successful empirical
confirmation of the possibility of using such an approach. An analysis of the weaknesses and strengths of the method was also
conducted, a conclusion was formulated on the possibility of using the proposed method in messaging systems, and directions
for further research were indicated.
Keywords: blockchain, IPFS, WebSocket, decentralization, integrity, immutability, smart contract, Ethereum.

References
1. У Мінʼюсті заявили про масштабний збій у роботі держреєстрів. Суспільне Новини. URL: https://
suspilne.media/906711-u-minusti-zaavili-pro-masstabnij-zbij-u-roboti-derzreestriv/ (дата звернення: 31.08.2025).
2. У Приватбанку стався збій з каналами зв'язку: відбуваються затримки в роботі. Новини України -
останні новини України сьогодні - УНІАН. URL: https: // www.unian.ua/economics/finance/zbiy-v-privatbankustavsya - zbiy - z – kanalami - zv-yazku-banku-vidbuvayutsya-zatrimki-v-roboti-novini-ukrajina-11797827.html (дата
звернення: 31.08.2025).
3. Збій в роботі «Дії», сайту «Нової пошти» і терміналів. De Novo завершила розслідування аварії в датацентрі. Спільнота програмістів | DOU. URL: https://dou.ua/lenta/news/de-novo-named-cause-of-the-accident/ (дата
звернення: 31.08.2025).
4. Gebhart G., Kohno T. Internet censorship in thailand: user practices and potential threats. 2017 IEEE european
symposium on security and privacy (euros&p), м. Paris, 26–28 квіт. 2017 р. 2017. URL: https://doi.org/10.1109
/eurosp.2017.50 (дата звернення: 31.08.2025).
5. Zhang L., Ji Q., Yu F. The security analysis of popular instant messaging applications. 2017 international
conference on computer systems, electronics and control (ICCSEC), м. Dalian, 25–27 груд. 2017 р. 2017. URL:
https://doi.org/10.1109/iccsec.2017.8446863 (дата звернення: 31.08.2025).
6. Blockchain challenges and opportunities: a survey / Z. Zheng та ін. International journal of web and grid
services. 2018. Т. 14, № 4. С. 352. URL: https://doi.org/10.1504/ijwgs.2018.095647 (дата звернення: 31.08.2025).
7. Benet J. IPFS - content addressed, versioned, P2P file system. 2014. (Препринт). URL: https://arxiv.org/abs/
1407.3561 (дата звернення: 31.08.2025).
8. An improved P2P file system scheme based on IPFS and Blockchain / Y. Chen та ін. 2017 IEEE International
Conference on Big Data (Big Data), м. Boston, MA, 11–14 груд. 2017 р. 2017. URL: https://doi.org/10.1109/
bigdata.2017.8258226 (дата звернення: 31.08.2025).
9. Rateb J. Blockchain for the internet of vehicles: a decentralized iot solution for vehicles communication and
payment using ethereum: Дисертація на здобуття ступеня доктора філософії. Париж, Франція, 2021. URL:
https://hal.science/tel-03563633 (дата звернення: 31.08.2025).
10. Secure messaging platform based on blockchain / U. P. Ellewala та ін. 2020 2nd international conference on
advancements in computing (ICAC), м. Malabe, Sri Lanka, 10–11 груд. 2020 р. 2020. URL: https://doi.org/ 10.1109/
icac51239.2020.9357306 (дата звернення: 31.08.2025).
11. Побережник В., Опірський І. Розробка концепції методу використання технології блокчейн для
побудови системи обміну повідомленнями. Захист інформації. 2023. Т. 25, № 2. С. 62–70. URL: https://doi.org/10.
18372/2410-7840.25.17673 (дата звернення: 31.08.2025).
12. Balatska V., Рoberezhnyk V., Opirskyy I. Use of non-fungible tokens and blockchain to demarcate access to
public registries. Cybersecurity: education, science, technique. 2024. Т. 4, № 24. С. 99–114. URL: https://doi.org/10.
28925/2663-4023.2024.24.99114 (дата звернення: 31.08.2025).
13. Balatska V., Poberezhnyk V. The concept of applying blockchain technologies to increase the security of
personal data of the “diya” platform: compliance with the requirements of the gdpr and ukrainian legislation.
Cybersecurity: education, science, technique. 2024. Т. 2, № 26. С. 268–290. URL: https://doi.org/10.28925/2663-4023.
2024.26.681 (дата звернення: 31.08.2025).
14. Turner S., Chen L. Updated security considerations for the MD5 message-digest and the HMAC-MD5
algorithms. RFC Editor, 2011. URL: https://doi.org/10.17487/rfc6151 (дата звернення: 31.08.2025).
15. Wang X., Yin Y. L., Yu H. Finding collisions in the full SHA-1. Advances in cryptology – CRYPTO 2005.
Berlin, Heidelberg, 2005. С. 17–36. URL: https://doi.org/10.1007/11535218_2 (дата звернення: 31.08.2025).
16. Content Identifiers (CIDs) | IPFS Docs. IPFS Documentation | IPFS Docs. URL: https://docs.ipfs.tech/
concepts/content-addressing/#what-is-a-cid (дата звернення: 31.08.2025).
17. Comparative review of selected internet communication protocols / L. Kamiński та ін. Foundations of
computing and decision sciences. 2023. Т. 48, № 1. С. 39–56. URL: https://doi.org/10.2478/fcds-2023-0003 (дата
звернення: 31.08.2025).
18. Ethereum gas and fees: technical overview | ethereum.org. ethereum.org. URL: https://ethereum.org/ en/
developers /docs/gas/ (дата звернення: 31.08.2025).
19. Fastest blockchains by TPS [2025] | chainspect. Chainspect. URL: https://chainspect.app/dashboard?gainers=
false&order=desc&sort=tps (дата звернення: 31.08.2025).