Collection "Information Technology and Security"

Using the sequential procedures method for coordination of target functions of node control systems in MANET radio networks

2025-11-26T23:52:05+02:00

Analysis of the military experience of the Russian-Ukrainian war and the situation in the world as a whole indicate that information advantage is a determining condition for victory on the battlefield. To ensure advantage, a mobile, reliable and resilient information and communication network is necessary. A representative of such a network is a radio network of the MANET class, which has the ability to self-recover, self-organize and is able to function in conditions of limited resources and constant topology changes. For effective management of this complex system and ensuring the optimal level of operation of its nodes, coordination of target functions of control systems is important as a criterion by which the quality of the node and network operation is assessed. The article proposes a variant of applying the multi-criteria optimization method, namely the method of successive concessions in the process of coordinating target functions of nodal control systems in tactical mobile radio networks of the MANET class. The method is proposed to be used at the stage of forming the controlling influence of the coordinator node. The method of coordinating objective functions using fuzzy logic is taken as a basis, while the mobile network is considered as a complex hierarchical system. The key feature of using the method of successive concessions in this article is that a non-iterative version is used, which replaces the iterative process of determining the concession, which is necessary in classical methods of multi-criteria optimization. This allows you to reduce the time that the coordinator node spends on forming a fuzzy subset of admissible solutions and, as a result, the entire coordination process is accelerated. It is proposed to introduce typical scenarios of events in a mobile radio network, which will allow you to give priority to objective functions in accordance with each scenario. This will help prevent conflict situations in the network when objective functions contradict each other. The introduction of the method of successive concessions into the coordination process will allow you to obtain a clearer system objective function.

Method for calculating the possibility of attacks in a MANET under uncertainty conditions

2025-11-26T23:54:58+02:00

One of the most significant challenges for modern information technologies is the ability of systems to make rational and adaptive decisions under uncertainty. Humans intuitively cope with incomplete, contradictory, or vague information – a capability that has inspired the development of intelligent models. Today, science is tasked with creating algorithms and models capable of mimicking such cognitive flexibility and implementing it in cyberspace, particularly in decision support systems and information security frameworks. In the context of mobile ad hoc networks (MANETs), which operate under conditions of high dynamism, unstable communication links, and limited resources, the timely detection of potential attacks and assessment of the system’s security level is a critical concern. One of the distinctive features of MANETs is the lack of fixed infrastructure, which significantly complicates the application of traditional security methods. Under such conditions, effective information protection requires new methodologies capable of functioning amid uncertainty. This paper proposes a method for assessing the probability of attacks in MANETs based on fuzzy logic. The method includes the construction of a tuple of fuzzy sets describing key network parameters (node vulnerabilities, trust levels, behavioral anomalies, etc.), risk modeling based on expert evaluations, determination of membership functions, and aggregation of results to derive an integral security indicator. Triangular and trapezoidal membership functions are used to represent fuzzy parameters. The calculation results are presented in the form of graphical dependencies, allowing a visual interpretation of risk levels and confidence in the assessment. The proposed approach enables the assessment of a mobile network’s vulnerability even in the presence of incomplete or fuzzy information about its state and threats. The methodology can be applied to build adaptive intrusion detection systems and support decision-making in data-limited environments.

Management of information and security events of a mobile cellular network using a digital twin

2025-11-26T23:57:51+02:00

The article focuses on the consideration of currently existing approaches to effectively ensure the information security of modern and promising mobile means of digital communication. It is noted that the modern mobile information and communication cellular network is one of the most important and at the same time vulnerable objects of the critical information infrastructure of the state. This network serves a significant number of users, who, as a rule, make decisions for the organization of effective state management, and also provides digital communication to a number of other subscribers, from the general population to all departmental corporate structures. That is why this critical network acts as a priority object in the context of the organization of effective management of its information security events. To organize the reliable functioning of this important critical information object, a new approach to the synthesis of algorithmic support of the digital twin of the information and event management system of computer systems of the cellular mobile information and communication network has been proposed.The proposed synthesis is based on the logical and dynamic modeling of the currently existing wide range of security events in modern control systems of information and communication networks, attack scenarios and response mechanisms to these information security incidents due to the formation of appropriate effective control influences on the processes of compensation for their destructive consequences. The architecture of the digital twin, the algorithm for its synthesis are considered, as well as possible approaches for the implementation of the integration of this virtual object with such platforms as Wazuh, Streamlit, Neo4j, AWS IoT are proposed. Verification and testing are carried out on the example of a scenario of a typical DDoS attack, the results of the implementation of the algorithm for the synthesis of a digital twin are presented. The effectiveness of the model in adapting to intensive variations in the security environment of the computer system of the cellular mobile digital network is shown. It is noted that the proposed architecture of the digital twin due to the implementation of the appropriate algorithmic and software product will provide cyberization of information and communication network nodes, security events, computer system states in the implementation of security management and response scenarios to the vast majority of all possible information security incidents. It is concluded that the proposed synthesis algorithm allows sequentially implementing the key stages of building a digital twin for the virtual representation of a digital communication system, including the formalization of security events, the construction of logical transitions in computer systems and integration into real structures of the information and communication network.

Method of using artificial intelligence for creating and reverse engineering graphical software models

2025-11-26T23:08:58+02:00

The article presents a method of using generative artificial intelligence systems (AIS) based on large language models to build graphical software models from prompts and restore them from source code. The developed method is considered the basis for integrating AIS and graphical systems (GS), which are traditionally used to build graphical software models. In the process of research, such methods and notations of graphical modeling as BPMN, IDEF, ERD, UML and C4 were considered. In the process of analyzing the formats of representation of graphical models by different GS, it was determined that the most convenient for the use by AIS are language descriptions of models, unlike XML-like and binary formats. The idea of the method is to use the syntax of DSL (Domain Specific Language) of popular GS as intermediate languages for interaction between AIS and GS, which provides the possibility of both intelligent processing of the language description of the graphical model by AIS and its high-quality display by GS. The essence of the method is to represent each graphic model scheme by a three-level architecture and apply a composition of inter-level transformation functions. The three-level architecture of the graphic scheme representation includes an input prompt (model semantics), a DSL description of the scheme for the selected GS (syntactic representation) and a graphic image in the form of a GS export file (visual representation). The inter-level transformation functions include: a prompt translation function in DSL, which is performed by the AIS; a DSL rendering function by the GS and exporting the graphic file; a prompt refinement function based on a human assessment of the adequacy of the resulting visual representation (feedback). This method allows to build a discrete dynamic system for graphical software modeling with iterative refinement. The presented method of using AI for creating and reverse-engineering graphic software models allows to increase the overall efficiency of implementing software life cycle (LC) processes by combining intellectual and representative functions in the process of creating and analyzing software.

No-code approach to building semantic networks by means of prompt engineering

2025-11-26T23:11:19+02:00

The article proposes a no-code approach to building semantic networks by means of prompt engineering using large language models (LLMs). A framework is developed in which the basic primitives – condition, loop, and function – are combined into compositional structures that ensure automated extraction of concepts, establishment of links between them, and construction of formalized knowledge graphs. The proposed method relies on the no-code principle, which makes it possible to describe algorithmic logic in natural language without involving program code. This enables the use of large language models not only as text generators but as full-fledged tools for constructing knowledge structures. Within the study, an LLM is considered as a driver for automated ontology engineering. The model interprets natural-language instructions as formalized actions, which makes it possible to iteratively extract key concepts, determine types of relations, and form knowledge graphs with a given logical sequence. Particular attention is paid to the field of cybersecurity, where rapid creation and updating of threat ontologies is crucial for timely response to new attack vectors. The practical implementation of the approach is carried out on the example of building a semantic network in the topic of phishing attacks. In the course of the experiment, the GPT-5 language model processed 48 news reports, automatically forming about 70 pairs of related concepts. The resulting knowledge graph reflected an integral structure of the domain, where the central concept “phishing” is combined with numerous derivative terms: cyberattack, social engineering, spoofed page, malicious software, etc. The results of the experiment prove that the proposed methodology ensures the relevance of inter-concept relations and the enrichment of the basic terminology with semantically related concepts. The integration of large language models into the process of ontological modeling simplifies the creation of knowledge structures, lowers the entry barrier for users without programming experience, and opens up prospects for the development of neuro-symbolic systems that combine the generative capabilities of models with formal methods of knowledge representation. The proposed approach has high potential for practical application in fields that require dynamic knowledge updating – primarily in cybersecurity, medicine, financial technologies, and data analytics.

Intelligent system for monitoring the information space of news about artificial intelligence

2025-11-26T23:20:08+02:00

Under conditions of exponential growth in the volume of information related to the development of artificial intelligence (AI) technologies, traditional methods of monitoring the media space become ineffective. Messengers and social networks, particularly Telegram, have become key channels for distributing real-time news, generating high-intensity streams of unstructured data. The article considers the problem of creating an intelligent system for monitoring the information space that is capable of automatically structuring this chaotic data flow. The aim of this work is the design and software implementation of a platform architecture that provides a full ETL (Extract–Transform–Load) cycle: from collecting data via the Telegram API to its semantic analysis and visualization. A modular architecture is proposed that includes subsystems for asynchronous parsing, text preprocessing (NLP pipeline), and an analytical core. The study focuses primarily on the algorithmic support of the system. The use of a hybrid approach to text classification is substantiated, combining dictionary-based methods (Keyword Matching) for accurate identification of entities (for example, models GPT‑4, Gemini, LLaMA) with machine learning components for determining message sentiment. An algorithm for content deduplication is developed, which makes it possible to filter out reposts and information noise and to highlight the sources of news. The results of experimental testing of the developed system on a sample of more than 10,000 messages from thematic Telegram channels are presented. A categorization accuracy of 91% was achieved, which confirms the effectiveness of the chosen methods. The system’s capabilities in detecting trends in real time, constructing the dynamics of mentions of key technologies, and generating automated analytical reports are demonstrated. The practical value of the work lies in creating a toolkit for data researchers, analysts, and developers that significantly reduces the time required to search for relevant information and to track the AI technology landscape.

Methods of intellectual support for decision-making in control systems of programmed mobile radio communication tools

2025-11-26T23:25:44+02:00

The article proposes a method of intelligent decision-making support in control systems of programmable mobile radio communication. In the course of the work, the most common architectures of the management system, types of management system structures, levels of management were considered, an overview of the latest research was conducted, and the relevance of the development of the specified methodology was determined. The process of supporting decision-making in management systems, the process of functioning of the decision-making support system, the list of ways and methods of information technologies that can be used in the functioning of the decision-making support system were also considered. Since modern decision support approaches increase the mathematical complexity of the system, taking into account the goal and requirements for developing the methodology, it is proposed to use a neural network. The essence of the developed methodology is: in the systematization of the process of managing programmable mobile radio communications, the use of initial data that has a connected nature between all the functions of the control system and the characteristic application of programmable mobile radio communications, when using proven mathematical tools to improve indicators of the effectiveness of support decision-making by the control system using neural networks. The proposed technique includes stages that correspond to the sequence of application of appropriate methods and methods in the control system of programmable mobile radio communication devices, namely: data collection and determination of the control goal; construction of a knowledge representation subsystem; classification and clustering of states; selection and application of a neuroalgorithm assessment of conditions; assessment and selection of optimal and alternative solutions; implementation of solutions and their support. The proposed method, thanks to the correct formulation of the research task and the use of a proven mathematical apparatus, allows self-learning of the neural network, taking into account the peculiarities of the functioning of programmed mobile radio communication devices, increasing the speed and accuracy of decision-making based on the intellectualization of decision-making support.

Adaptive AI architecture for implementing privacy-by-design in accordance with GDPR

2025-11-26T23:29:36+02:00

This article addresses one of the key challenges in modern intelligent systems engineering: the practical implementation of the Privacy-by-Design principle, enshrined in the General Data Protection Regulation (GDPR), within artificial intelligence architectures. Existing approaches, such as federated learning, differential privacy, and homomorphic encryption, while effective tools, create a rigid trade-off between the level of personal data protection, model utility (accuracy), and computational efficiency when applied statically. Such a unified “one-size-fits-all” approach is inefficient, as it leads to either excessive protection of non-sensitive data, which unjustifiably degrades performance, or insufficient protection for the most vulnerable categories of information. The objective of this research is to develop a conceptual framework for a novel artificial intelligence architecture that resolves this issue through dynamic, risk-oriented management of privacy mechanisms. The result of this study is a proposed adaptive hybrid architecture. The scientific novelty of this work lies in shifting from a static model of applying Privacy-Enhancing Technologies (PETs) to a flexible, multi-layered system. This system classifies data and model components in real-time based on their sensitivity level and associated risks. Depending on the risk level, the architecture dynamically applies an optimal set of protection tools: from basic federated learning with light differential privacy guarantees for low-risk data to the application of homomorphic encryption for the most critical computations. At the core of the architecture is an optimization model that aims to maximize model utility while minimizing computational costs, ensuring compliance with predefined privacy thresholds for each data category as required by GDPR. This approach enables the creation of more efficient, secure, and productive intelligent systems that meet modern regulatory demands.

AI-based image steganalysis under limited computational resources

2025-11-26T23:32:57+02:00

This study addresses the challenges of modern steganalysis, which lies in the dichotomy between highly effective yet computationally expensive State-of-the-Art (SOTA) artificial intelligence models and lightweight architectures that are fast but incapable of independently detecting weak steganographic signals. The hypothesis proposed in this research suggests that combining classical feature engineering techniques – particularly the use of Spatial Rich Model (SRM) filters to enhance residual noise – with a modern self-supervised learning (SSL) approach for regularization and improved generalization capability can endow a lightweight convolutional neural network with the necessary properties for effective performance. To verify this hypothesis, a comprehensive comparative experiment was conducted involving four models: a baseline lightweight architecture, a model employing SRM filters, a heavy SOTA SRNet (Residual Network) model, and the proposed hybrid model. The experiment was carried out on a complex heterogeneous dataset comprising images processed by three distinct steganographic algorithms with two embedding rates. Performance evaluation was conducted on two datasets: a test sample from the same data domain (in-distribution) and a completely new, external dataset to assess generalization capability (out-of-distribution). The experimental results fully confirmed the main hypothesis. The hybrid model achieved the highest detection accuracy among lightweight approaches (AUC – Area Under the ROC Curve of 0.636) and, most importantly, demonstrated the greatest robustness to domain shift (AUC of 0.539 on the external dataset), showing the smallest degradation in performance. The study also revealed a counterintuitive effect: the heavy SOTA SRNet architecture exhibited a significant failure (AUC of 0.348) under heterogeneous data conditions, indicating its tendency to overfit to specific artifacts.

Model of assessment of the security of information and communication systems based on fuzzy visions

2025-11-26T23:02:31+02:00

The current stage of development of information and communication systems is characterized by their massive advances in all spheres of everyday life: military law, government, economics, finance, industry, etc. The advancement of digital technologies will ensure the efficiency and speed of data processing, while simultaneously increasing the risk of threats to information security in the cyberspace. The task of assessing the threat or the security of information and communication systems based on known intelligence is important for several reasons. First of all, it allows you to go from a clear description of the risks to comprehensive estimates, which creates a basis for an economical solution. In another way, the analysis of traffic jams allows you to identify priority threats and optimize defense resources, focusing on the most critical scenarios. Thirdly, it reveals the possibility of using current mathematical methods for modeling non-significance in the field of information security. Classic methods for assessing the security of information and communication systems are based on the collection of clear statistical data about the threats and attacks. However, in practice, information about the severity of attacks and the scale of traffic attacks is often inconsistent, overly sensitive, or presented in what appears to be linguistic categories (“high risk of threat”, “significant losses”). In such minds, traditional methods demonstrate limited effectiveness due to the low accuracy of such assessments. This necessitates the need to create assessment systems that effectively deal with fuzzy information and establish cause-and-effect relationships between threats and potential losses. The article proposes a model for assessing the security of information and communication systems through potential losses based on type II fuzzy relations. A special feature of the model is the ability to deal with types of non-significance in a comprehensive manner. Fuzzy terms of threats and losses are formalized by interval functions of type II reliability, as a result of which the world significance of threats and losses is determined at intervals. The type II fuzzy model will be based on the extended compositional rule of Zadeh's derivation, from which two systems of fuzzy relations are combined. These systems link the lower (upper) boundaries of fuzzy relationships and the lower (upper) boundaries of the world of significance of threats and losses. The value of the output variable is determined by type reduction and defuzzification operations.

Сyber threat information intelligence integration models

2025-11-26T23:05:02+02:00

In the context of the constant growth of information on attacks on information systems, the task of increasing the effectiveness of cyber threat intelligence processes is relevant. As a rule, all information accompanying these processes is called cyber threat intelligence information, without dividing it by the essence of a specific process. On the other hand, the description of the structure of the complex of all processes is very general. All this leads to a high level of uncertainty in the description of cyber threat intelligence, which significantly complicates the implementation of classical automation technologies, assessing their necessity and effectiveness. The lack of specificity in understanding information processes also hinders the implementation of artificial intelligence tools: it is difficult to determine the place of application and the fundamental possibility of training a neural network on cyber threat intelligence data. One of the directions of overcoming this problem can be the use of formalized constructions that describe the relationship between the main components of the process of formation and application of an intelligence product. As part of the research based on the paradigm of the attributive-transfer approach to the nature of information, means of system and semantic analysis, a method of structural analysis of information processes and a method of semantic synthesis of basic concepts were developed. The use of these methods allowed to form: a basic set of agreed concepts of cyber threat intelligence; a model of the role (function) of threat intelligence in the process of cyber defense; a model of cyber threat intelligence processes. The research results allow us to present cyber threat intelligence as a set (information-functional structure) of coordinated information processes. For each of these processes, the semantics of information and the essence of its transformations are defined. In order to refine to the required level of specification, each of the processes can also be represented by an information-functional structure. The proposed models allow us to classify threat intelligence information and form structures for its integration within the framework of the introduction of classical automated processing technologies. The procedure for analyzing the possibility of using artificial intelligence technologies is significantly simplified. Based on the research results, a computer system was developed to support the processes of managing cyber threat risks in a corporate information system.

Risk assessment and analysis for threats and vulnerabilities of the corporate infrastructure information system

2025-11-25T23:20:29+02:00

This article presents a methodological approach to assessing risks associated with the threats and vulnerabilities of the information system of a corporate infrastructure object. The relevance of this topic is due to the growing number and complexity of cyber threats and the need for more accurate risk assessment tools that account for the structure of interdependencies between potential vulnerabilities and attacks. The main problem addressed in the study is the insufficient precision of traditional risk assessment methods that do not reflect the composite nature of threats within complex systems. To solve this issue, the authors employ an extended Q-analysis methodology, which considers the structural relationships between threats and vulnerabilities to form a more detailed risk model. The purpose of the study is to apply the theoretical foundations of extended Q-analysis to a practical example using real expert data. As part of this, the authors construct an incidence matrix between threats and vulnerabilities, form a simplex complex, and build a structural tree to visualize interdependencies. Based on these models, calculations are performed to estimate the loss values associated with each threat and their combinations (“gluing”). Using optimization methods, including the Lagrange method, the authors identify conditions for maximum and minimum risk, analyze the behavior of the risk function under different probability distributions, and construct comparative graphs. The results demonstrate that the refined methodology allows a reduction in overall risk by up to 23.3% compared to linear models, depending on the threat distribution. The findings confirm the practical value of the proposed approach, offering more accurate risk estimates and improved decision-making support in cybersecurity management of complex information systems.

Selection of algorithms and data structures for secure storage and processing of metadata in IoT systems based on the Ethereum blockchain

2025-11-26T22:58:10+02:00

The article examines the theoretical foundations for selecting algorithms and data structures to ensure secure storage and processing of metadata in IoT systems using the Ethereum blockchain. A classification of metadata types specific to heterogeneous IoT environments is presented, taking into account semantic significance, update frequency, and data criticality. Formal requirements for algorithms are formulated, covering resistance to forgery, computational complexity, scalability under high-intensity request loads, and resource efficiency in terms of gas costs and network throughput. A comparative analysis of data structures employed in the Ethereum infrastructure, including Merkle Tree, Merkle-Patricia Trie (MPT), Multi-State MPT, and GPU-accelerated modifications, is performed according to criteria such as asymptotic complexity, memory efficiency, and suitability for incremental updates. A conceptual model for organizing metadata exchange between IoT nodes and smart contracts is proposed, incorporating modules for encoding, verification, gas cost optimization, and standardized interaction interfaces. The presented results provide a theoretical basis for developing formally verified and energy-efficient solutions in the field of secure Ethereum blockchain integration with the Internet of Things.

Algorithm for tracking violators in multi-address key distribution schemes

2025-11-28T11:02:33+02:00

The article is devoted to the study of randomized multi-address key distribution schemes based on code constructions and their application for implementing traitor tracing schemes. A multi-address key distribution scheme is a cryptographic protocol in which a key distribution center transmits certain auxiliary information (to which only authorized users should have access) to subscribers of a communication network so that, over time, in the event of compromise of the cryptographic keys of some subscribers, whose list the key distribution center has managed to establish, other subscribers will be able to restore the shared cryptographic key, which is transmitted in encrypted form from the key distribution center via a broadcast communication channel. At the same time, subscribers whose keys have been compromised will not be able to decrypt the broadcast message. As can be seen, for such schemes to function successfully, there is a need for approaches and tools to establish a list of compromised subscribers (for different tasks, there may be a need for either a complete list of such subscribers or at least one of them). Classic traitor tracing schemes can be the basis for building such tools because they were created to identify a user or group of unscrupulous users who transferred their keys to create an array of compromised keys that can be used for malicious purposes (the so-called “violators decoder”). However, with the growing number of subscribers, the rapid development of computing resources, the creation of adaptive attacks, and increasing privacy requirements, such schemes are becoming less effective. The approach proposed in the article aims to combine the capabilities of multi-address key distribution schemes and intruder tracking schemes while maintaining a balance between the accuracy of intruder tracking and the efficiency of available computing resources. Thanks to the use of Geffding's estimates, the algorithm constructed in the article is -identifying, i.e., it is capable of guaranteeing the identification of at least one participant in any coalition that does not exceed violators. The sufficient conditions given for the code parameters provide a significant improvement over the classical ones. It is demonstrated that the randomized approach preserves the stability of the system and does not degrade the security properties of the original scheme, but significantly enhances its ability to distinguish users in case of key compromise. The analytical expressions obtained in the article allow obtaining accurate lower bounds on the reliability of the traitor tracing algorithm, which, in turn, can be used in the practical construction of randomized traitor tracing protocols with a given required (high) reliability.

Mathematical modeling of intellectual and cryptographic protection of authentication keys

2025-11-25T22:57:34+02:00

The article substantiates the scientific and methodological foundations of mathematical modeling of intellectual-cryptographic systems for preventive response to authentication key compromise threats. A generalized conceptual model is proposed, integrating symmetric encryption mechanisms (in particular, the AES algorithm), steganographic methods for concealing cryptographic parameters, and intelligent attack prediction modules based on deep learning techniques. The developed mathematical framework is grounded in the synthesis of probability theory, information entropy, and adaptive optimization principles, enabling quantitative assessment of compromise risks and the formation of dynamic response strategies under variable threat conditions. Special attention is given to formalizing adaptive adjustment processes of cryptographic complexity levels and degrees of concealment, depending on the results of intelligent traffic analysis and anomaly detection in data transmission channels. Approaches to building energy- and computation-efficient implementations of such systems for embedded and mobile environments with limited resources are also examined. The obtained results establish the scientific basis for developing a new class of intellectual-cryptographic systems capable of self-learning, adaptive security parameter management, and preventive response to potential authentication data compromise threats in a dynamic information environment.

Mathematical aspects of the combined application of the AES algorithm and steganographic methods in authentication key protection

2025-11-25T23:09:46+02:00

The article examines the mathematical foundations of the combined application of the AES algorithm and steganographic methods in the protection of authentication keys. It is shown that the use of symmetric encryption ensures a high level of confidentiality and cryptographic strength, but has limitations in cases where communication channels remain accessible for adversarial analysis. To mitigate these risks, the integration of steganographic techniques is substantiated as an additional security layer that enables concealing the very existence of protected data. A mathematical model of the combined approach is proposed, taking into account the entropy characteristics of the keys, probabilistic estimates of AES resistance to attacks, and indicators of steganographic concealment capacity. An analytical evaluation of the proposed approach demonstrates a reduction in the probability of unauthorized disclosure of authentication keys compared to traditional protection methods. The obtained results have practical significance for the development of multi-level cybersecurity architectures in access control systems, cloud services, and password managers such as LastPass, where the secure storage and transmission of authentication keys are critical.