Collection "Information Technology and Security"

Risk-oriented analysis of the security of parallel data from leakage through technical channels

Serhii Ivanchenko, Anatolii Holishevskyi, Vadym Yaroshchuk, Maksym Naidon — Fri, 26 Jun 2026 00:00:00 +0300

The article considers risk-oriented analysis of parallel data protection against leakage through technical channels. It examines information security risk management in a man-made environment. According to international standards [1], [2], information security risk is defined as a function of threat probability and damage. The problem of the formation of technical leakage channels through electromagnetic radiation, induction and signal leakage is investigated. In modern information and communication systems, the vast majority of electronic components such as processors, data buses, memory, and peripheral devices operate in parallel processing mode. For them, the effects of self-masking as a result of the summation of their implementations on the tracks significantly change the leakage patterns compared to sequential codes. This usually complicates risk assessment. A discrete-continuous channel model for parallel code has been constructed. Analytical formulas for throughput have been derived based on three-dimensional mutual information, taking into account the weights of bit combinations. An equivalence method has been developed to determine the marginal error probabilities. In addition, direct and inverse relationships between security indicators have been established: risk, maximum permissible throughput, error probability, and signal-to-noise ratio. The error for the optimal enemy receiver in the worst case, verification of formulas by reduction to a sequential code, and the condition of zero throughput with equally probable transitions have been calculated. This provides a mathematical assessment of security and automation of risk management in information and communication systems with parallel data representation. A risk-oriented mathematical apparatus for parallel data is proposed, which takes into account additional noise of uncertainty and self-masking of signals. This fills a gap in the analysis of parallel systems. It provides tools for quantitative assessment of acceptable leakage risk and ensuring information confidentiality in modern information and communication systems with a dominant parallel architecture of processors and data buses.

Consumer vs. industrial traffic in mobile communication networks: analysis of dynamics and forecasting

Oleksandr Zabrudskyi, Oleh Kokotov , Ihor Hepko , Ihor Samoilov — Fri, 26 Jun 2026 00:00:00 +0300

У статті розглянуто трансформацію структури трафіку в сучасних мобільних мережах, об’єктом дослідження є динаміка співвідношення споживчого та індустріального (IoT/M2M) сегментів у контексті еволюції технологій від 3G до 5G та перспектив 6G. Актуальність роботи зумовлена стрімким зростанням кількості промислових сенсорів і систем управління, що створює безпрецедентне навантаження на радіочастотний ресурс. Метою статті є обґрунтування необхідності реформування системи державного регулювання спектра в Україні для забезпечення потреб цифровізації критичної інфраструктури та промисловості в період післявоєнної відбудови. На основі аналізу прогнозів провідних світових агенцій доведено неминуче домінування індустріального трафіку над споживчим до середини 2030-х років. Встановлено, що традиційні моделі ліцензування є малоефективними для гарантування наднизької затримки та безпеки, яких потребують масові IoT-рішення. У роботі сформульовано комплекс пріоритетних кроків для національного регулятора, зокрема: впровадження механізмів динамічного доступу до спектра, стимулювання розгортання приватних мереж та інтеграція нових протоколів кібербезпеки в архітектуру мереж наступних поколінь. На відміну від існуючих досліджень, що фокусуються переважно на технічних аспектах пропускної здатності, ця робота вперше комплексно поєднує аналіз структурних змін трафіку з конкретними регуляторними викликами України в контексті Індустрії 4.0. Новизна полягає у запропонованій концепції “гнучкого управління спектром” як інструменту забезпечення технологічного суверенітету, що враховує специфіку відновлення національної економіки. Реалізація запропонованих заходів дозволить створити конкурентоспроможне середовище для розвитку критичних індустріальних систем та гарантувати надійність підключення в умовах цифрової трансформації.

A comprehensive approach to ensuring the security of software for information and communication systems

Olha Shevchuk, Zhylin Artem , Diana Uniegova — Fri, 26 Jun 2026 00:00:00 +0300

The article examines approaches to the formation of software security requirements and methods for their verification in the context of ensuring the security of information and communication systems, in particular those that process state information resources and operate at critical infrastructure facilities. The need to consider software security as the result of a continuous process that covers all stages of the life cycle - from the formation of requirements to operation and maintenance is substantiated. International standards, frameworks and methodological approaches are analyzed, in particular ISO/IEC 15408, ISO/IEC 27001, ISO/IEC 27002, ISO/IEC 27034, NIST SP 800-218 (SSDF), OWASP ASVS. It is shown that it is advisable to distinguish between process-oriented, requirements-oriented and formalized-evaluation approaches that perform different functions in the formation and verification of security requirements. It is established that the formation of security requirements and their verification are not isolated stages, but should be integrated into a single software development process. A generalized model is proposed, which includes six main stages: organizational and preparatory, requirements formation, design, implementation with ongoing verification, specialized verification and support. It is proved that security testing should be considered in two interrelated directions: as a verification of compliance with established security requirements and as a technical search for vulnerabilities that are not always formalized in the requirements. The results obtained can be used to improve the regulatory provision of software security in Ukraine and build a comprehensive approach to assessing its security. The proposed approaches contribute to increasing the efficiency of security processes and can be adapted to different types of software systems.

Rating as a factor for improving scientific and pedagogical activities in the field of training cybersecurity specialists

Viktor Horlynskyi, Tetiana Maslennykova, Borys Horlynskyi — Fri, 26 Jun 2026 00:00:00 +0300

Based on the analysis of scientific sources and generalization of knowledge regarding the rating of the activities of scientific, pedagogical, and research workers of educational institutions, the relevance and fundamental requirements for rating as a means of developing educational and scientific activities in the field of training cybersecurity specialists in the conditions of a prolonged cyberwar are substantiated. A number of problematic issues hidden in the social and organizational foundations of rating are highlighted. It is substantiated that the application of European experience and generally recognized European rating standards, along with taking into account the specific socio-political conditions of educational and scientific activity in Ukraine, the actual professional context of training military specialists in cybersecurity due to the development of cyber technologies and cyber weapons, the use of artificial intelligence and quantum computing, constitutes the theoretical prerequisites for the development of basic rating principles in the field of training specialists in cybersecurity and determines the novelty of the work. The content and essence of rating are revealed as a concept that reflects the process of developing theoretical foundations and rating methods, creating an automated computer information and calculation system for rating activity evaluation, developing a mechanism and procedure for evaluating and organizing the results of the activities of social subjects of the educational and scientific process according to certain criteria, generalizing indicators, and constructing and compiling a rating on this basis. The general principles of rating the activities of scientific, pedagogical, and research workers have been clarified and specified, as basic provisions and certain requirements that should guide the organization of the rating in the context of compliance with European, national, and industry standards for training military cybersecurity specialists in the conditions of prolonged cyberwar, rapid development of cyber technologies, artificial intelligence, and quantum computing. It is concluded that the development of theoretical foundations for rating the scientific, pedagogical and scientific activities of employees in the field of training cybersecurity specialists, taking into account the conditions of martial law, prolonged cyberwar with the use of cyberweapons, further post-war reconstruction of Ukraine and its implementation in higher education institutions and scientific institutions of the security and defense sector, is one of the influential factors in ensuring national security and protecting the national segment of cyberspace.

Semantic class as a fundamental artifact of semantic-oriented ai-based software development

Volodymyr Sokolov — Fri, 26 Jun 2026 00:00:00 +0300

The paper proposes an approach to bridging the semantic gap between the problem domain and program code through the introduction of a formal artifact – the semantic class. The approach is based on the integration of semantic-oriented development and the object-oriented programming paradigm, where a semantic class captures not only the structure but also the complete behavioral semantics of a concept, including states, transitions, invariants, and operations. This enables the use of a system of semantic classes as a centralized, semantically consistent representation of the problem domain for the deterministic synthesis of software artifacts – such as code, tests, UML diagrams, and documentation – using artificial intelligence methods, as well as for reverse engineering of semantics from existing code. The paper considers the representation of a software system as a combination of a semantic object model of the problem domain, artifact models, and tasks assigned to artificial intelligence for artifact processing. The semantic object model is represented as a two-level structure: the upper level contains the definition of the problem domain, a list of concepts (class prototypes), and their relationships, while the second level contains a system of semantic classes. Artifact models, at the declarative level, define – depending on the type of artifact – their composition, structure, parameters, and mechanisms for representing semantic annotations transferred from the semantic object model into the artifacts. Tasks assigned to artificial intelligence define operations (such as synthesis, reverse engineering, validation, and synchronization) along with their operands, which are to be executed using the semantic object model and artifact models, for example, synthesizing program code. The practical application of the proposed approach is realized through the creation of domain-specific languages that represent the components of the semantic description of a software system in the form of machine-readable engineering artifacts. This enables more efficient use of artificial intelligence compared to prompt-based approaches. The approach has been validated using several artificial intelligence systems based on large language models by performing synthesis and reverse engineering tasks on artifacts and analyzing the obtained results. A positive effect of applying the proposed approach is an increased level of semantic preservation in the software code and its recovery, improvement of verification and requirements traceability processes, a reduction in the potential error rate through the elimination of a class of logical errors, and an enhancement of code security through semantic control of operations, states, and transitions.

Аpplication of generative artificial intelligence technology in support of decision-making in information protection systems

Serhii Salnyk, Ivan Stotskyi, Sergii Liuk, Oleksandr Holub — Fri, 26 Jun 2026 00:00:00 +0300

The article proposes an approach to decision support in information protection subsystems using generative artificial intelligence. This technology belongs to a type of artificial intelligence that is capable of generating new data by conducting its own training based on a set of existing data, and the process of training a generative network is a constant process in which the generator and discriminator compete with each other and improve. In the course of the work, it was established that the issue of systematizing approaches to the application of generative artificial intelligence technologies based on neural networks for their use in decision support subsystems of information protection systems and improving the efficiency of these subsystems is relevant. The essence of information protection subsystems was determined and it was noted that these elements include the corresponding tools that implement its functions. As a result, the work of the subsystem should be based on the application of appropriate technologies. The most promising technologies today are artificial intelligence-based technologies, which include: machine learning, neural networks, natural language, computer vision, genetic algorithm, generative artificial intelligence, which provides new opportunities for automating information protection, forming modern and adaptive systems for countering information security violations. A new approach to supporting decision-making in information protection subsystems using generative artificial intelligence technology is proposed. Its essence lies in: systematizing the process, formalizing the decision-making support task; building a model learning environment and data generation; developing a generative network consisting of a generator and a discriminator based on neural networks; training the elements of the generative network; implementing the generative network in the decision-making support system; verifying, validating, testing and calibrating the model; obtaining the output data of the developed model. As a result, the proposed approach, thanks to the formulation of the research task and the use of proven mathematical apparatus, satisfies the goals and requirements for conducting the study.

Agent approach to detection of insiders in computer systems

Vasyl Kulikov — Fri, 26 Jun 2026 00:00:00 +0300

In an era of accelerated digitalization, global cyber threats, and geopolitical instability, the problem of internal threats, namely insider attacks, is becoming particularly relevant. Traditional protection measures (firewalls, antivirus, external attack prevention systems) are often insufficient because insiders already have legitimate access to systems. In addition, in the context of hybrid warfare, state and private organizations become targets not only of external hackers, but also of internal employees involved, which increases the risks of hidden leaks of confidential information, sabotage, and sabotage. The paper considers the problem of detecting insider attacks using intelligent agents. The main indicators of a potential insider are analyzed and a review of modern methods for detecting anomalies and suspicious actions is provided. Different types of artificial intelligence agents are considered, a comparative analysis of their functions, advantages and limitations is carried out. The advantages of agents whose work is based on the use of large language models are shown. However, better results can be achieved by insider detection systems using different types of agents simultaneously. A multi-agent detection system architecture is proposed, where AI agents autonomously collect and analyze data about user actions, generate signatures, and collaborate for timely recognition of insider threats. It is shown that the use of ensemble models allows achieving high accuracy. A mathematical model of a multi-agent insider detection system has been developed. The model includes a formalization of normal user behavior in the form of average values of behavioral traits under normal conditions. The conclusion regarding the anomalous behavior is made taking into account the dependencies between the features. The presented mathematical model has linear scalability in terms of the number of users and quadratic dependence on the number of features, which is due to the use of the covariance matrix. This shows its suitability for large SOCs and provides a basis for optimization. The work illustrates the conceptual and practical advantages of an agent-based approach to security, including rapid adaptation to new threats and reduced workload for analysts. The presented results can serve as a basis for the development of insider attack detection systems.

Modern methods of cyberthreat detection in telecommunication networks using artificial intelligence

Dmytro Minochkin, Dmytro Samus — Fri, 26 Jun 2026 00:00:00 +0300

The article examines modern methods for detecting cyber threats in telecommunication networks using artificial intelligence technologies. The relevance of the topic is driven by the intensive development of information and communication technologies, network function virtualization, the expansion of smart city infrastructure, and the rapid increase in network traffic volumes. The growing complexity of cyberattacks, the emergence of zero-day threats, and the use of automation tools by malicious actors pose serious challenges to information security, which traditional signature-based intrusion detection systems can no longer effectively handle. It is noted that the transition to behavioral analysis methods based on machine learning and deep learning allows for automating anomaly detection and identifying complex spatial-temporal threat patterns without direct human operator intervention. The application of classical machine learning algorithms (support vector machines, clustering) and deep neural networks (convolutional neural networks, deep autoencoders) is analyzed. At the same time, it is determined that the implementation of multi-layer architectures in real telecommunication infrastructure is accompanied by the problem of excessive computational complexity, which critically affects packet processing latency in high-speed backbone channels. In this context, the feasibility of using hybrid, ensemble, and lightweight artificial intelligence models that combine the analytical capabilities of neural networks with the speed of classical algorithms is investigated. Particular attention is paid to the specifics of protecting smart city infrastructure, decentralized cloud environments, and monitoring specialized service protocols (AAA protocols). It is proven that effective intrusion detection requires the adaptation of mathematical models to the hardware limitations of edge equipment. Based on the conducted analysis, the necessity for further development of a comprehensive hybrid method for detecting cyber threats is substantiated. It is proven that to ensure high accuracy of attack identification in real-time without degrading the bandwidth of critical telecommunication infrastructure, future research should focus on the integration of fuzzy logic methods and adaptive feature selection.

Methods for generating test cases in microservices testing based on the use of large language models

Viktoriia Bandura, Roman Khrabatyn — Fri, 26 Jun 2026 00:00:00 +0300

The paper addresses the problem of using large language models (LLMs) for automated test case generation in the testing of software systems with microservice architecture. The relevance of the study is driven by the increasing complexity of microservice architectures, which are characterized by distributed components, API-based interactions, and the need for comprehensive integration testing, as well as by the active adoption of artificial intelligence tools in software engineering education and practice. Particular attention is paid to the use of large language models by students of the F2 “Software Engineering” specialty during the creation of test scenarios. The aim of the study is to conduct a comparative analysis of the effectiveness of large language models in generating test cases for microservice testing and to identify typical errors and hallucinations that occur in their outputs. The research employs a standardized description of a software system with microservice architecture and unified textual prompts to ensure the correctness and comparability of results obtained from different models. The generated test cases are evaluated according to several criteria, including coverage completeness, compliance with API specifications, logical correctness of test steps, presence of negative and edge-case scenarios, and suitability of the results for practical and educational use. The results demonstrate that large language models are capable of automating the generation of basic test cases for software systems with microservice architecture; however, their effectiveness varies depending on the type and orientation of the model. General-purpose language models provide high readability and well-structured test scenarios, which is beneficial in educational contexts, whereas specialized software engineering–oriented models show better compliance with API descriptions and more systematic generation of negative and edge-case tests. At the same time, typical hallucinations were identified, including the generation of non-existent endpoints, incorrect request parameters, and logically inconsistent expected results. The practical significance of the obtained results lies in their potential use for developing methodological recommendations on the appropriate and safe application of large language models in microservice testing within the training of future software engineers.

Cybersecurity of electronic communications: theoretical foundations and methodological approaches

Serhii Kravchuk, Iryna Kravchuk — Fri, 26 Jun 2026 00:00:00 +0300

The article addresses the pressing scientific problem of terminological ambiguity and the lack of clear methodological differentiation in the field of electronic communications protection. Modern cybersecurity approaches predominantly consider electronic communications in a fragmented manner, failing to identify them as a distinct object of protection, which complicates standardization, the construction of security models, and specialist training. The study aims to develop theoretical foundations and methodological approaches for defining the subject area of cybersecurity of electronic communications as an independent scientific discipline. The paper provides a systematic analysis of international standards (NIST, ISO/IEC 27032) and contemporary scientific publications, identifying a methodological gap concerning the specifics of protecting data in transit. Based on the data states theory, the feasibility of distinguishing cybersecurity of electronic communications as a separate field is substantiated, its definition is formulated, and a system model covering technical, organizational, legal, and procedural levels is developed. The key distinguishing features from related categories (general cybersecurity and information security) are determined through the specificity of threats, objects, and protection means. The scientific novelty of the work lies in the introduction and formalization of new categories in communication security theory: communication integrity (taking into account sequence, timeliness, and completeness), transit confidentiality (with an emphasis on metadata protection), and communication resilience, which extend the classic CIA triad. A conceptual mathematical model for the integral assessment of the cybersecurity level of communication systems is proposed. The practical significance of the obtained results lies in the possibility of their use for standardizing security requirements for 5G/6G networks, developing specialized protection tools, and training communication security specialists, which is especially relevant in the context of modern cyber threats and hybrid conflicts.

Prioritization of security controls for critical infrastructure using the analytic network process and large language models

Igor Svoboda, Dmytro Lande — Fri, 26 Jun 2026 00:00:00 +0300

This paper addresses the applied problem of prioritizing security controls for national critical infrastructure under state‑level threats and severe resource constraints. We use the Analytic Network Process (ANP) to explicitly model nonlinear interdependencies and feedback loops in the system “controls–evaluation criteria–threat vectors–constraints”. A 20‑node ANP model is constructed with four clusters: security controls (7 alternatives), evaluation criteria (5), threat vectors (5), and constraints (3). The main novelty is an expert‑elicitation workflow based on “virtual experts”. Seven role personas (e.g., ICS engineer, SOC lead, CISO) are instantiated using large language models (LLMs) and used to produce the pairwise judgments required by ANP. The judgments are aggregated with the geometric mean. The resulting inputs demonstrate high consistency (mean Saaty consistency ratio ≈0.006; mean Koczkodaj index ≈0.034), enabling reliable synthesis of the limit supermatrix and global priorities. The final ranking assigns the highest priorities to Network Monitoring and Anomaly Detection (0.1948) and Network Segmentation / Unidirectional Gateways (0.1832), followed by Identity & Privileged Access Management (0.1623), Supply‑Chain Security with SBOM and code signing (0.1354), and Incident Response readiness (0.1342). The lowest priority in the considered scenario is Physical Hardening (0.0659). Robustness is confirmed by a leave‑one‑expert‑out (LOEO) analysis and by Monte‑Carlo perturbation (1000 trials), which yield stable rankings. Practical usefulness is illustrated with a portfolio selection model under a $10.2M budget, where a submodular knapsack heuristic selects {Monitoring, Identity, Incident Response, Supply Chain} as the highest‑value bundle for threat coverage.

Methodology for identification and categorization of critical infrastructure objects: application practice and development prospects

Oleksandr Sukhodolia, Bohdan Nikolaienko — Fri, 26 Jun 2026 00:00:00 +0300

The article analyzes the problems of the identification of critical infrastructure facilities. A tendency towards excessive expansion of the list of critical infrastructure facilities is noted, which contradicts the fundamental principle - the concentration of society's efforts on ensuring the protection of the infrastructure most important for its existence in the face of limited resources. Clarification of the Methodology for the categorization of critical infrastructure facilities by expanding the criteria for assessing the facility’s damage impact on the provision of essential services and interdependencies between CI sectors is an important step in the development of Ukrainian legislation in this area and helps to eliminate a contradiction in the practice of its application. Therefore, the purpose of the article is to clarify the methodology for classifying infrastructure facilities as critical infrastructure at the national level to align it with modern security requirements and the evolution of approaches to ensuring the security and resilience of CI, in particular, shifting the emphasis to ensuring the resilience of the provision of vital (core) services. To achieve this goal, it is planned to analyze the current OKI categorization Methodology and the practice of its application, identify the limitations of the current approach to assessing the impact of OKI on the resilience of the provision of vital functions and/or services, justify the feasibility of expanding sectoral and cross-sectoral assessment criteria, and formulate proposals for improving the Methodology taking into account European approaches. The proposed changes also align the Methodology, known to the entities of the national critical infrastructure protection system of Ukraine, with the provisions of EU Directive № 2022/2557 on the resilience of critical entities, adopted at the end of 2022. This allows the subjects of the national critical infrastructure protection system, in particular critical infrastructure operators and sectoral bodies in the field of critical infrastructure, to apply the usual process of categorizing infrastructure objects as a tool for assessing the risks of providing services depending on the scenarios of the impact of threats of various natures on infrastructure objects.

Information technology for deploying secure virtual environments for software development for critical information infrastructure objects

Ivan Horniichuk, Artem Mykytiuk, Yevhenii Zarovnyi — Fri, 26 Jun 2026 00:00:00 +0300

The article addresses the development of an information technology for deploying secure virtual environments for software development for critical information infrastructure objects. The relevance of the study is determined by the growing number of cyberattacks on software supply chains, increased requirements for the security of critical infrastructure information systems, and the need to minimize risks associated with manual administration of virtual environments. The aim of the work is to develop an information technology for the automated deployment of secure virtual environments for software development for critical information infrastructure objects, ensuring reproducibility, manageability, configuration control, and integration of security mechanisms. The proposed approach is based on the combination of the DevSecOps methodology and the Infrastructure as Code concept. DevSecOps ensures the integration of security into all stages of the software development life cycle, while Infrastructure as Code enables the description of infrastructure in the form of machine-readable configurations. The paper formulates a set of requirements for a secure environment at the methodological, architectural, and technological levels. A formal model of the information technology is developed, describing the relationships between requirements, environment components, network segments, services, security policies, automation scenarios, and verification procedures. An environment architecture based on Proxmox VE is proposed, with division into functional zones: security gateway, design, development, testing, release, and monitoring. This division provides network segmentation, service isolation, controlled access, centralized monitoring, and logging. The practical implementation of the technology is carried out using Terraform for infrastructure provisioning, Ansible for configuration management, and Ansible Vault for protecting sensitive parameters. The experimental evaluation showed that the proposed technology reduces the environment deployment time from 15 to 3 hours, ensures configuration reproducibility, improves infrastructure controllability, and reduces risks associated with the human factor.

Modeling of intelligent control processes in information confrontation using the theory of hypercomplex systems and conceptual provisions of neurophysiology

Serhii Sholokhov, Ivan Samborskyі, Vladyslav Hol — Fri, 26 Jun 2026 00:00:00 +0300

The article considers a possible approach to solving the problem of modeling complex control systems in the conditions of information confrontation, characterized by high dynamism, nonlinearity of processes, and emergent and multidimensional interaction of elements. The relevance of the study is due to the limitations of existing approaches that do not fully formalize the processes of degradation of the system, identify critical states of its functioning, and adequately take into account the impact of destructive information and radio-electronic factors in real time. An additional problem is the lack of a unified approach to the integration of spatial, energy, and information parameters within the framework of a holistic model of system functioning. The article is aimed at developing a scientifically grounded approach to modeling complex control systems, based on the integration of neuromorphic principles, associative-projective networks, and hypercomplex mathematical apparatus for formalizing multidimensional nonlinear processes, assessing the stability of the system, and predicting its behavior under destructive influences. The paper proposes a structural-descriptive model of the control system, which implements the principle of "state-reaction" and provides the formation of control influences based on the recognition of current states. The system is interpreted as an associative-projective neuromorphic structure, in which the interaction of elements is described using a quaternionic representation of states and connections, which allows taking into account the non-commutativity and nonlinearity of interactions. The influence of electronic warfare means is formalized as a diffusion process, which leads to the degradation of the Lyapunov function, a decrease in information energy, and a loss of stability of the system. The scientific novelty lies in the proposed interpretation of destructive influences as diffusion processes in a hypercomplex space, which makes it possible to determine critical threshold states (bifurcations), analyze phase transitions, and describe the mechanisms of loss of controllability of the system. The practical significance of the results lies in the ability to assess the stability of management systems, predict their degradation, increase the efficiency of management, and support decision-making in the conditions of information confrontation, in particular in the tasks of cybersecurity and management of complex technical systems.

Hybrid model for information security management of an enterprise based on fuzzy logic

Hennadii Hulak — Fri, 26 Jun 2026 00:00:00 +0300

The article investigates the problem of improving the efficiency of information security management of an enterprise under conditions of dynamic cyber threats and uncertainty in the information environment. It is shown that existing approaches are mostly based on deterministic or probabilistic risk assessment models, which do not provide sufficient flexibility when processing vague, incomplete, and contradictory information about threats, vulnerabilities, and the state of assets. The object of the study is the process of information security management of an enterprise, while the subject is methods and models of decision-making under uncertainty. The aim of the article is to develop a hybrid model of information security management based on fuzzy logic to improve the validity and adaptability of decision-making. The proposed model integrates Mamdani-type fuzzy inference, multi-criteria assessment of the security state, and an integral risk model. The security state is formalized as a vector of parameters, including levels of threats, vulnerabilities, asset criticality, and protection, using linguistic variables and membership functions. A mechanism for adaptive selection of protection measures based on a fuzzy rule base is implemented. The scientific novelty lies in combining fuzzy logical inference with dynamic integral risk assessment, which, unlike existing approaches, ensures adaptive formation of management decisions considering real-time environmental changes. The obtained results demonstrate an increase in the accuracy of risk assessment and the effectiveness of decision-making compared to classical models. The practical significance lies in the possibility of applying the model in intelligent information security management systems of enterprises.

Cyber incident detection model based on fuzzy hypergraph of SIEM events

Ihor Subach, Danylo Kopych — Fri, 26 Jun 2026 00:00:00 +0300

In today’s rapidly evolving IT infrastructure and the ever-increasing number of cyber threats, security information and event management (SIEM) systems generate a huge volume of routine alerts. However, a single isolated event is rarely sufficient to reliably conclude that a cyber incident has occurred, as complex targeted attacks typically manifest themselves through a set of multidimensional and interconnected events that form a time-structured process. Traditional approaches to threat detection in monitoring systems are primarily based on rigid correlation rules or static thresholds. Such methods have significant limitations, do not take into account the multifaceted nature of security events, poorly model the uncertainty inherent in the data, and create a too sharp binary transition between the normal state and the incident itself, which inevitably leads to a significant number of false positives. The article is devoted to the development of a model for detecting cyber incidents in SIEM event logs, which is based on a fuzzy hypergraph representation of security events. An approach is proposed in which each individual event is considered and formalized as a hyperedge that flexibly connects a set of heterogeneous system entities, such as a target host, a compromised user, an external IP address, a system process, or an applied attack technique. For a comprehensive assessment of the threat level, a fuzzy function of the local incidence of the event and a mathematical mechanism for aggregating the parameters of the connected component of the hypergraph are used. This measure is calculated taking into account key criteria: the degree of anomaly of deviation from the typical behavior profile, the a priori criticality of the triggered rule, contextual consistency within a given time window, semantic significance, and accumulated historical suspicion of the involved entities. Formalization of contextual dependence through the definition of non-trivial intersection of entities in the vicinity of the event allows for the effective interpretation of any cyber incident as a detected connected fuzzy substructure in the general hypergraph of SIEM events. The advantages of the proposed model lie in the possibility of deep integration of multi-entity relationships with the fuzzy logic apparatus, which provides the formation of a graded risk assessment, significantly increases the accuracy of identification of complex multi-stage attacks and optimizes analytics processes.

Improving the efficiency of computer modelling by using asynchronous computational algorithms

Oleg Zhulkovskyi, Iurii Savchenko, Oleksandr Korneiko — Fri, 26 Jun 2026 00:00:00 +0300

Modern computers with multi-core architecture allow using asynchronous programming software to increase the efficiency of computer simulation by achieving high computational performance. Therefore, this work aims to increase the performance of computational algorithms of computer implementation of the runtime method by applying modern asynchronous programming techniques. In the process of research, methods of matrix algebra, asynchronous computation, algorithm efficiency analysis, as well as software code timing tools were used. Computational programs were implemented using Microsoft Visual Studio for the order of SLAE up to . As a result, we have developed computational algorithms of sequential and asynchronous methods of running with the subsequent estimation of the execution time, as well as carried out a comparative analysis of the effectiveness of the implementation of the investigated algorithms using the standard template for asynchronous programming. Computational experiments have resulted in a -foid increase in computational efficiency. The obtained results correspond with similar data from available sources of information, as well as with the data obtained earlier by the authors in similar studies using alternative software tools. The scientific novelty of the work consists in the further development of promising approaches to increasing the efficiency and productivity of computer simulation through the use of progressive technologies and principles of asynchronous programming with computational experiments on modern hardware-software architectures. The computational algorithms proposed by the authors have been successfully employed in investigations of thermal conductivity and hold promise for effective application in modeling a wide range of physical systems, including practical cryptographic problems.

Mathematical model of continuous authentication based on dynamic trust in zero trust architecture (ZTNA)

Pavlo Skladannyi, Yuliia Kostiuk — Fri, 26 Jun 2026 00:00:00 +0300

This paper proposes a formalized mathematical model of continuous authentication within the Zero Trust Network Access (ZTNA) architecture, which is particularly relevant for remote access, cloud services, and mobile devices, where a single authentication at login does not guarantee session security. Continuous authentication is modeled as a controlled process of dynamic user trust assessment based on a normalized multidimensional feature vector that aggregates identity attributes, device posture, network context, and behavioral signals from typical sources, including IdP/IAM, EDR/MDM, network telemetry, and SIEM/UEBA systems. The trust level is interpreted as a quantitative probabilistic measure suitable for automated decision-making in the Policy Engine and is computed using an interpretable logistic model with feature influence weights. A time-based trust degradation mechanism is introduced to reflect decreasing security assurance in the absence of confirming events and to define the strictness of verification policies during an access session. To account for atypical or potentially risky behavior, a behavioral trust correction mechanism based on a risk coefficient and a sensitivity parameter is proposed, enabling early system response to insider threats or credential compromise. Based on the adjusted trust level, an adaptive threshold-based access control policy is formed with respect to resource sensitivity, implementing ALLOW, STEP-UP, and DENY modes and enforcing decisions at the Policy Enforcement Point. To balance security and user convenience, a loss function is introduced that accounts for incident costs and the friction of additional verification, allowing optimization of access policy parameters. The obtained results confirm the practical applicability of the proposed model for interpretable and adaptive access control in ZTNA and provide a foundation for its further development in corporate and cloud environments.

Perfect uniformly robust secret sharing scheme for a vector access structure

Anton Alekseychuk, Mykhailo Pokydko — Fri, 26 Jun 2026 00:00:00 +0300

A secret sharing scheme is a cryptographic protocol designed to distribute a secret among designated participants in such a way that only certain (authorized) coalitions of participants can reconstruct the value of the secret by combining the components (shares of the secret) they receive. The set of all authorized coalitions of participants is called an access structure. Vector secret sharing schemes are constructed using linear block codes over finite fields so that the sets of participants’ shares are random codewords whose first coordinate equals the value of the secret. Any access structure for which there exists a vector scheme implementing it is called a vector access structure. One of the requirements imposed on modern secret sharing schemes is unconditional resistance to attacks by “dishonest” participants who may substitute their obtained shares in order to distort the value of the secret during its reconstruction. Such schemes are called robust. A secret sharing scheme is said to be uniformly robust if it remains robust regardless of the method used to select the set of secret keys from the set of all elements that can potentially be distributed. At present, uniformly robust secret sharing schemes are known only for a narrow class of threshold access structures. This paper proposes a construction of a uniformly robust secret sharing scheme for an arbitrary vector access structure. The construction is based on the use of random block codes that are equivalent to a predetermined code defining the underlying vector secret sharing scheme. Informally, the robustness of the resulting scheme relies on the participants’ lack of complete information about the selected code. The scientific basis of the proposed method for constructing uniformly robust secret sharing schemes is an obtained analytical relation that provides an upper bound on the probability of successful substitution of shares by participants of unauthorized coalitions with the aim of distorting the secret. The practical significance of the obtained results lies in the possibility of applying the proposed construction to the development of cryptographic protocols for distributed storage and processing of confidential information with increased resistance to actions of dishonest participants. The proposed approach can be used in access control systems, distributed information systems, and collaborative data storage services where it is necessary to guarantee the integrity and correctness of secret reconstruction.

Integration of a semantic-statistical approach into a multi-level model for determining expert competence when aggregating pairwise comparisons

Vitaliy Tsyganok, Yaroslav Khrolenko — Fri, 26 Jun 2026 00:00:00 +0300

This article examines the problem of objectively determining expert competence in group decision-making tasks, particularly when aggregating the results of pairwise comparisons. The paper provides a detailed analysis of the limitations of traditional approaches based on experts’ self-assessment, their mutual evaluation, and the use of various bibliometric indicators. It proposes integrating a semantic-statistical approach into a multilevel model for assessing expert competence. The approach is based on constructing a subject domain model using the OpenAlex concept taxonomy and a detailed analysis of the co-occurrence of terms in scientific publications. An expert’s competence is defined as an integral indicator of the thematic relevance of their scientific profile to the subject domain model, taking into account the semantic distance of concepts from the core of the topic. An experiment conducted to select reviewers for student research papers in the field of information security confirmed the method’s ability to effectively differentiate the level of experts’ thematic competence. The proposed approach can be successfully used in automated systems for forming expert groups to improve the quality of group decision-making in various spheres of scientific and practical activity, which is particularly important in the context of the rapid development of scientific fields and the growth of information volumes, as well as to ensure more well-founded and reliable collective decisions. This method opens up new opportunities for creating effective tools to support expert activities, minimizes the influence of subjective factors, and contributes to the formation of truly competent groups of specialists capable of providing high-quality evaluations in the complex conditions of the modern scientific environment. Furthermore, the proposed model can be adapted to various subject areas and integrated into modern digital platforms for peer review and expert evaluation, making it promising for broad practical application in the scientific and educational spheres.