Collection "Information Technology and Security"

Statistical attack on combination keystream generators with irregular clocking

Alexandra Matiyko — 2025-05-20

Combination keystream generators with irregular clocking are the basis for constructing of stream ciphers, the most famous of which are A5 and Alpha1. Each such generator consists of several binary linear feedback shift registers, a Boolean combination function, and a register clocking control unit that defines the rules by which registers are shifted in the process of keystream generating. Despite certain weaknesses of known stream ciphers based on combination keystream generators with irregular clocking, such generators still arouse theoretical and applied interest due to the simplicity of their structure and the potential ability to provide security to a wide class of attacks, provided that their components are properly selected. Combination keystream generators, each register of which is either shifted by one step or is idle in each clock cycle, with one of the registers clocking regularly, are investigated in the article. Previously, the authors of the article showed that the mentioned generators have an inherent weakness, which consists in statistical dependence between each neighboring signs of their output sequences. The main result of this article is a statistical attack based on the mentioned weakness. The proposed attack is aimed at restoring the initial state of the register clocking uniformly by a known output sequence of the generator or several such sequences produced by the generator in the chosen IV mode. It is shown that in the latter case the complexity of the attack depends linearly on the length of the mentioned register. An analytical bound of the amount of keystream required to implement the proposed attack with the required success probability is obtained. In particular, it is shown that for Alpha1 the corresponding amount is approximately 300 keystream frames along with their corresponding initialization vectors. Conditions that weaken the security of generators with irregular clocking against the proposed attack are formulated. They consist in the fact that the Walsh-Hadamard coefficients of the combination function take zero values on all vectors of weight 0 or 1 and non-zero values on certain vectors of weight 2. It is shown that these conditions are fulfilled for the keystream generator of Alpha1. In this case, the average amount of keystream required to recover the initial state of an arbitrary keystream generator that satisfies the above conditions is of the same order as for Alpha1.

Methodology for creating, clustering and visualizing correlation networks determined by the dynamics of thematic information flows

Oleksandr Puchkov — 2025-05-20

Given the rapid growth of information circulating in social media and the Internet space, there is an urgent need for effective methods of analyzing and visualizing thematic information flows. Correlation networks are a powerful tool for formalizing such processes, as they allow identifying relationships between different objects, including by analyzing their dynamics. This is especially relevant for the cybersecurity sector, where prompt detection of trends and connections between events can be crucial. The article is devoted to the development of a methodology for creating, clustering and visualizing correlation networks determined by the dynamics of thematic information flows. The article proposes an approach based on the analysis of vectors of publication dynamics obtained through social media content monitoring systems. Correlation networks are formed based on relationships between vectors reflecting the distribution of documents by dates. To visualize and analyze the networks, tools such as Gephi are used, as well as the author's own Ph-Di diagram to display the dynamics of information flows. The methodology allows identifying groups of interconnected objects, which can be useful for analyzing thematic information flows, particular in the field of cybersecurity. The results of the study can serve as a basis for building probabilistic networks and further scenario analysis. The advantages of the proposed methodology are the low dimensionality of the vectors, which simplifies their processing and analysis, language independence, so that the methodology can be used to analyze information flows in different languages, and ease of implementation, which makes it accessible to a wide range of researchers and analysts in the field of cybersecurity.

Machine learning methods for anomaly detection in the radio frequency spectrum: research methodology

Viacheslav Riabtsev — 2025-05-20

The experience of the past three years of full-scale warfare testifies to the dynamic transformation of the conceptual foundations of combat operations and the shifting prioritization of the means employed to conduct them. The emergence and increasingly active use of various unmanned systems, the widespread deployment of precision-guided munitions, and the development of advanced electronic warfare capabilities have collectively underscored the strategic significance of the radio frequency spectrum. The provision of continuous spectral monitoring and the detection of anomalous activity in the electromagnetic environment have become critically important components of electronic warfare systems, signals intelligence, and secure communications networks. Traditional approaches to signal analysis – based on fixed thresholds, heuristic rules, or a priori statistical assumptions – are proving insufficiently effective in the highly dynamic and noiseintensive environment of the modern electromagnetic battlespace. In this context, there arises a need to investigate innovative approaches, particularly machine learning methods, for their ability to enable the automatic detection of anomalous signals without reliance on labeled data. Such solutions are expected to enhance the accuracy, adaptability, and response speed of spectral monitoring systems. A research methodology is proposed to assess the feasibility of applying machine learning methods to the task of anomaly detection in the radio frequency spectrum, taking into account the complexity of the data structure, its high dimensionality, and the limited availability of a priori information regarding anomalous samples. This research methodology encompasses the following stages: formulation of the experimental task; selection of anomaly detection methods for experimental evaluation; determination of evaluation metrics; selection and/or generation of test datasets; direct execution of the experimental study; analysis and assessment of the results; visualization and interpretation of the obtained findings; formulation of conclusions based on the experimental outcomes. This article focuses on the theoretical framework of the experimental study. Practical results will be published separately.

Application of large language models for intelligent expansion of semantic networks

Dmytro Lande — 2025-05-20

This paper proposes a methodology for constructing and further expanding semantic networks based on text analysis using large language models (LLM). The initial semantic network is expanded with the help of GPT-4, Llama-3, and DeepSeek-V3, and the obtained results undergo quantitative evaluation of precision and recall. The proposed semantic networking technology is based on the concept of a "swarm of virtual experts", where each LLM enhances the semantic network with its own knowledge and connections. Additionally, an approach to network integration has been developed, enabling the consolidation of results from different LLMs into a unified structure. The use of a weak-link filtering mechanism enhances the reliability of the final network by eliminating false-positive connections and reducing information noise, contributing to a more accurate and complete representation of knowledge. For semantic network visualization, the Gephi software is utilized – a free and open-source network analysis and visualization tool.

Training a neural network to identify objects by parameters in non-overlapping spaces

Dmytro Evgrafov — 2025-05-20

The present moment is characterised by the active use of digital information processing technologies in electronic communications systems. An important task in this case is to develop methods and algorithms for deciding whether a certain object O belongs to one or another m-th class: O_m, m =1, 2, ..., M, M ≥ 2 – number of classes. This task can be solved with the use of neural networks that implement the processing of k conditional estimates of physical parameters x_k1/m, x_k2/m, …, x_kn/m, …, x_kN/m objects, k =1, 2, …, K, K – is the maximum number of training steps, n is the current physical parameter that characterises the object and is an input to the neural network), N – is the number of such physical parameters, N ≥ 2. Contingent valuations x_k1/m, x_k2/m, …, x_kn/m, …, x_kN/m are random, depend on the energy characteristics of the impacts and dynamically change over time, and the decision to determine whether an object O belongs to one or another m-th class involves the use of neural networks, which have the properties of learning and self-learning. Suppose that, from the energy point of view, the input influences are powerful enough to assign the object O to one or another m-th class O_m. Thanks to the expert's ability to accurately determine the m-th class after receiving the k-th conditional vector of physical parameter estimates x_k/m, the m neural network will be trained by refining the lower and upper limits of displacements in the first layers of perceptrons for each m-th class Q_{1m min} and Q_{1m max}, after the next estimates of physical parameters are received and the expert provides the real value of the object O belonging to class m. The article solves the inverse problem of finding, Q_m_min, Q_m_max, which ensure the specified quality indicators in neural network training for the minimum number of steps K. The article considers the implementation of a three-layer neural network trained by an experienced expert to solve the problem of object identification by several parameters. The solution to the problem of object identification by classes is presented for known distributions of conditional estimates of physical parameters. The problem of object identification by classes at infinite signal-to-noise ratios in the process of estimating physical parameters is solved. The expressions that determine the perceptron displacement for the problem of object identification by classes when the spaces of true values of input parameters do not intersect are found.

Model of knowledge presentation in mobile radio media decision support systems

Serhii Salnyk — 2025-05-20

The article proposes a model of knowledge representation in decision support systems for mobile radio communication. In the course of the work, the process of construction and the process of functioning of modern mobile radio communications were considered, the essence of decision support systems and the main classes of decision support systems were revealed. An analysis of the latest research on methods of presenting knowledge, the functioning of management systems, decision support systems, and mobile radio communication tools was carried out. The essence of the concept of knowledge and the system of presenting knowledge were also revealed. The levels of knowledge representation are considered, a generalized classification of types of knowledge representation methods is indicated. It was indicated that the main issue in building knowledge representation systems is the choice of the form of knowledge representation. Also, the knowledge representation model should characterize the tasks being solved, and should be built consistently on the basis of appropriate templates, properties, program characteristics, interaction language, etc. Also, the work puts forward requirements for the development of a decision support model, taking into account the need for its use in mobile radio communication tools, and suggests a method of modification and development of such a model. The essence of the model consists in the modification of the decision-making support process, a method of adapting the production and neuro-fuzzy way of presenting knowledge, taking into account the conditions of operation of mobile radio communication tools to improve the effectiveness of decision-making support. The proposed model, thanks to the correct formulation of the research task and the use of a proven mathematical apparatus, satisfies the requirements for the development of such a model and allows to increase the speed and accuracy of decision support. As a result, the goal of developing a knowledge representation model in decisionmaking support systems of mobile radio communication tools to systematize the management process and improve the performance indicators of the decision-making support system based on the use of proven mathematical devices was achieved.

Discrete models of geometric objects in parallel computing systems

Anastasiia Kaliuzhniak — 2025-05-20

The usage of powerful computer systems defines computational experiments as novel and significant research methods enabling to solve complex. Taking into account the fact that raditional analytical methods for visualizing mathematical models are of a determinative nature, there is still a need to apply modern mathematical theories which in their turn will enable to expand the possibilities of applied mathematical research. The object of the research is the process of developing functional design of complex geometric models. The subject of the research is the usage of parallel methods for constructing the surfaces of discrete models of some geometric objects. The methods of the research are: application of the apparatus of analytical geometry, mathematical analysis, the theory of R-functions, parallel architecture and numerical methods. The purpose of the research is to solve current scientific and technical problems, in particular to increase the efficiency in the design of the programme for building discrete models, which can be implemented in the finite element analysis of complex technical systems by means of using parallel architecture. The following tasks were set to achieve the goal: analysis and review of currently known methods and approaches related to the construction of discrete models in complex computing systems. Development of the appropriate method and visualization of mathematical models based on the functional approach. Modification of the "Marching Cubes" method. Implementation in parallel architectures resorting to modern technologies and programming libraries, such as OpenMP and MPI, and conducting test experimental calculations that prove the efficiency of the proposed algorithm. Considering the importance of geometric model accuracy for the safety of complex technical systems, the application of parallel methods for building discrete models can significantly impact the reliability and safety in the development and testing of high-tech products, particularly in fields such as rocket engineering. In the process of creating models used for designing rocket systems and other advanced technologies, it is crucial to achieve high precision, computational speed, and reliability of results. The developed parallel computation methods help reduce the risk of errors and optimize the design processes, which is vital for ensuring safety in this critical area.

Model of the route of the electronic communication network, taking into account the parameters of equipment condition monitoring

Iryna Kononova — 2025-05-20

Analytical relationships are proposed that establish a link between the quality of the electronic communication network route and the reliability indicators of communication equipment. In contrast to previous studies, which assumed perfect control of the performance of communication equipment, this paper takes into account practical operating conditions under which control is carried out periodically. This makes it possible to bring the models closer to the actual operating conditions of the equipment. A random process is introduced that characterizes the state of the equipment at an arbitrary point in time, taking into account the probable transitions between the states of operability, failure, control, and repair. The process is regenerative, since after the completion of inspection or repair, the equipment fully restores its operational characteristics, and the moment of the next inspection is updated. An analytical expression for the equipment availability factor is obtained, which takes into account the frequency of control, the duration of inspections, and the reliability characteristics of the equipment. An analysis of this function is carried out, the conditions for the existence of its extremes are established, and the interval between inspections is determined to achieve the maximum level of system availability. In addition, a formula for the probability of timely delivery of messages in an electronic communication network is determined, taking into account the allowable time of packet delivery and the characteristics of equipment performance monitoring. The obtained results contribute to a reasonable choice of parameters of the equipment condition monitoring system and can also be used in the modernization and design of an electronic communication network.

Management of information and security events of computer systems using logical-dynamic models

Petro Pavlenko — 2025-05-20

The article discusses one of the possible approaches to the organization of information management and security events of computer systems. The analysis of the known research results shows that the existing information and security event management systems are characterized by a number of functional limitations that prevent the achievement of a given level of management quality. These limitations are associated with the impossibility of optimal interpretation of security events and ensuring the full adaptive management of these incidents, taking into account real changes in the behavior of threats. Therefore, the purpose of the article is to offer an effective approach to the synthesis of algorithmic and software for information and security event management systems, the implementation of which will expand their capabilities by forming, depending on the dynamics of threats, automatic scenarios for responding to incidents. To achieve this goal, the fundamental provisions of the theory of logical-dynamic systems are used in modeling the processes of organization of information management and security events of computer systems. Based on this theory, a logical-dynamic model of information and security event management has been proposed, which has differences from existing models (for example, Petri Nets, Markov Chains, Bayesian Networks). The use of this model makes it possible to formalize the collection, processing and analysis of information about incidents, as well as to develop algorithms for their compensation. It is noted that the use of logical-dynamic models allows taking into account the complexity and dynamism of processes in computer systems, as well as the incompleteness of information about security events. An algorithm is presented that synergizes information about various incidents of computer systems and their processing in arrays of security events in order to further respond to these destructive events. The proposed algorithm has a number of advantages, including adaptability and flexibility. The practical significance of the work lies in the possibility of implementing the obtained research results to improve the existing and develop promising systems for protecting computer systems, which are part of the structure of critical information infrastructure facilities. The novelty of the proposed approach lies in the combination of traditional signature and behavioral methods of threat identification with their logical-dynamic analysis. This allows you to increase the accuracy and efficiency of detecting dangerous anomalies in computer systems.

Method for calculating the computer information protection index under conditions of uncertainty

Vadym Akhramovych — 2025-05-20

The most striking property of human intelligence is the ability to make correct decisions under conditions of incomplete and uncertain information. Building models that replicate human thinking and applying them in computer systems is currently one of the most critical challenges in science. One of the key tasks in analyzing and managing information security in modern computers is the justified selection of the optimal set of system elements and determining their parameters in such a way as to ensure maximum functional efficiency under complex conditions of uncertainty. This task becomes particularly relevant due to the increasing complexity of computers and constantly changing operating conditions and potential security threats. A proper choice of information security system elements and their parameters allows for creating a flexible, adaptive, and reliable system capable of effectively countering risks, even in cases where complete information about the threats is unavailable. Therefore, determining the composition of elements and their parameters is one of the fundamental stages of ensuring information security, requiring the application of modern methods of analysis, modeling, and evaluation. This paper investigates the security system of a computer and its components under conditions of uncertainty. To achieve this, a tuple of fuzzy sets comprising computer components was constructed, modeled, and analyzed. Risk levels and computer security levels were calculated, along with the aggregation of results and membership functions. Trapezoidal and triangular methods were applied to calculate parameters. The calculations are illustrated with graphical material. The approach implemented in this study enables the visualization of an expert's confidence in the membership of values to the selected acceptable indicator of computer information security and represents this confidence through graphs and corresponding calculations. The proposed method for calculating the security indicator includes procedures for determining this indicator using triangular and trapezoidal metrics, reflecting the impact of computer components. The developed method can be effectively used for solving tasks related to assessing the information security indicator of a computer, as well as for further improving methods of information security analysis.

Requirements to point for autonomous access to information in a 4G mobile communications network

Yurii Chelpan — 2025-05-20

The article examines requirements to point for autonomous access to information in a 4G mobile communications network. It is noted, that the objects of interception are the content of communication sessions of interception subjects (surveillance subscribers), information about their location and service profiles fixed to the end (terminal) equipment of interception subjects. Two groups of requirements are specified: general and specific only for the interception of information in specified network. The authors, like a number of scientists, consider a single system of technical means to be a functional combination of control and processing means of bodies authorized to remove information from electronic communication networks, means of protected transport network and network set. Certain functional modules of the 4G mobile communication networks, interaction with which is necessary for authorized bodies to lawful intercept information, are given. It is established the type and content of the information, that generated by the specified functional modules. It is noted, that actions for simultaneous interception of information must be carried out in automatic mode at the point for autonomous access to information in the mobile network. Attention was drawn to the need to modernize the gateways of network sets of the technical means for their adaptation to use in the 4G mobile communication network. The gateway of the network set of the technical means of the interception system on the internal interfaces must provide to functional modules a surveillance table with identification objects and must receive from them informational messages and metadata of interception objects, related with interception subjects (surveillance subscribers). Suggested offers for changes to the normative document on lawful interception in Ukraine. The proposals are recommended to be used during the planning of operativesearch, counter-intelligence, reconnaissance measures and covert investigative (search) actions in 4G mobile communication networks of public use in Ukraine.

Сyberwar as a systemic challenge to Ukraine's cybersecurity

Viktor Horlynskyi — 2025-05-20

Based on the analysis of scientific sources and generalization of knowledge about the confrontation in global cyberspace, the basic characteristics of cyberwar have been identified, namely: the parties to cyberwar can be states, coalitions or other subjects of international relations; the main targets in cyberwar are state strategic and military facilities, financial institutions, and the country's critical infrastructure; the main means of cyberwar is the complex, coordinated in time and space, use of various types of cyberweapons; the basic form of using cyberweapons as an element of a cyberoperation is a cyberattack; the involvement of cyber troops and cyber units in preventive cyberoperations; the organization of preventive cyberdefense as a counteraction to the destructive impact on cyberspace in the forms of cyberespionage, cybersabotage, cyberterrorism, and cybercrime. The proposed understanding of the essence of cyberwar as a way of resolving geopolitical and socioeconomic contradictions between subjects of international relations with the complex use of cyberweapons and other forms of destructive influence on cyberspace is revealed. The substantive side of cyberwar, which is determined by the composition and functions of the structural components of the organization of preventive active counteraction in cyberwar, is revealed. The factors of the functioning of the national segment of cyberspace in the conditions of cyberwar are substantiated, namely: − the presence of cyber potential for confrontation in cyberspace, deterrence of cybercrime, cyberterrorism and other cyberthreats; − effective cyber defense based on the use of cyber units with the authority to conduct confrontation in cyberspace and effective interaction of the main subjects of the national cybersecurity system and defense forces; − cyber resilience, security and cyber readiness of national critical infrastructure; − national cyber sovereignty – legal security of the established functioning of cyberspace on national and international legal principles; − the presence of the state's professional and educational potential – ensuring the personnel needs of cyber troops with cybersecurity specialists.

Impact of redundancy on the security of technical information leakage channels and approximate correction of the channel error probability

Sergii Ivanchenko — 2025-05-20

The article considers the impact of redundancy on the security of technical information leakage channels and the approximate correction of the error probability in the channel in the absence of information about the origin of redundancy. The mechanisms of introducing redundancy into signals are investigated, which contribute to improving noise immunity by correcting errors, but also create risks of reducing the confidentiality of transmitted information. The article considers two main types of redundancy: artificial, which is formed through coding and control characters, and natural, which is a consequence of the peculiarities of the information source. The principles of its decoding differ significantly. This makes it impossible to directly apply error probability correction methods developed for artificial redundancy to natural redundancy. Artificial redundancy has a clear structure and is used to increase noise immunity, while natural redundancy arises from the characteristics of the information source, manifesting itself through correlations between symbols, repeated patterns and statistical regularities. The article considers the features of speech and visual channels, where natural redundancy plays a key role in error correction. In speech channels, it helps to increase the reliability of information reception due to the subjectivity of pronunciation and perception, and in visual channels - due to the regularity of pixel distribution in images. A new approach to decoding based on the ordering of code combinations by weight is proposed. The method of dividing possible 7-bit combinations into groups is used, which provides more efficient error correction. The traditional approach to error correction in the Hamming (7,4) code and its limitations at high levels of interference are also considered. The results obtained can be used to improve methods of increasing the reliability of data transmission and reducing the risks of information leakage through technical channels. Importantly, this method not only improves error correction, but also opens up new opportunities for adaptive coding in complex information transmission conditions. Its versatility makes it possible to apply the approach in various fields, from digital communications to speech signal processing.