Ukrainian Scientific Journal of Information Security

Adaptive Information Security Management in Cloud-Oriented Intelligent Transportation Systems

Світлана Леонідівна РЗАЄВА — 2025-04-22

The paper investigates theoretical and applied aspects of adaptive information security management in cloud-oriented Intelligent Transportation Systems (ITS). We analyze architectural features of the “Cloud–Edge–Vehicle” environment, identify key cyber-threat vectors, and substantiate the shortcomings of traditional security approaches—specifically static access policies, centralized PKI solutions, and classical IDS/IPS—in multi-domain, dynamic transportation ecosystems. We develop a mathematical and algorithmic model of adaptive management that treats an ITS as a discrete dynamical system whose state evolves over time under the influence of external threat factors and adaptive security measures. The control problem is formalized as minimization of a combined risk-and-cost functional, ensuring a balance between the level of protection and system performance.
Within the proposed approach, mechanisms for collecting and analyzing telemetry and network data, risk assessment methods, algorithms for optimal selection of security policies, and feedback loops across architectural layers are integrated into a single closed-loop adaptive management system. For anomaly detection in streaming data, we apply machine-learning algorithms (in particular, LSTM/GRU and autoencoders), while model consistency across layers without data centralization is achieved via Federated Learning. We consider methods to counter adversarial attacks both during training and at inference time for ML components. The obtained results provide a scientific foundation for building scalable, threat-resilient, and resource-efficient protection mechanisms for cloud-oriented ITS. The proposed model can be used to enhance the security of transportation networks, ensure policy coherence across architectural layers, and automate real-time cyber-threat response.

Method for calculating information protection in social networks in the conditions of fuzzy sets

Володимир Миколайович АХРАМОВИЧ — 2025-04-22

This paper presents an approach to information security analysis in corporate and local networks under uncertainty based on fuzzy set theory. The proposed methodology integrates mathematical modeling, expert evaluations, and fuzzy logic tools to assess the effectiveness of protection systems. The influence of internal network components and external factors is examined, and their significance is evaluated using PRCC and Sobol sensitivity analyses. Examples of calculations, graphical illustrations, and practical recommendations for improving information protection are provided. The results confirm the effectiveness of applying fuzzy sets as a decision-support tool for cybersecurity assessment under uncertainty.

Vulnerabilities of IoT Network Architectures: Classification and Real Incidents

Даніель Васильович ПАСТУЩАК — 2025-04-22

The rapid expansion of the Internet of Things (IoT) has resulted in a growing number of devices integrated into critical infrastructure, industry, and everyday life. At the same time, limited computational resources, protocol heterogeneity, and the lack of proper update mechanisms make IoT ecosystems vulnerable to a wide range of attacks. This article systematizes the main categories of IoT vulnerabilities, including device limitations, protocol weaknesses, default configurations, physical access, and organizational factors. Special attention is paid to the analysis of communication protocol flaws (MQTT, HTTP, CoAP) and the description of common incidents, such as the Mirai botnet and industrial safety system attacks Triton and CrashOverride. The results show that vulnerabilities exist at all levels of IoT network architecture, and even a single weakness can lead to large-scale consequences. The presented classification and real-world attack cases can be applied to the development of effective IoT protection strategies and further advancement of cybersecurity solutions

Methods of integrating hidden messages into the visual representation of a confidential document

Микола Миколайович СНІЖИНСЬКИЙ — 2025-04-22

This paper examines methods for incorporating hidden messages into the visual representation of confidential documents to ensure controlled distribution. It discusses the practical implementation of digital watermarks (DWM) that can be extracted from both electronic and printed versions of a document. It's possible even after printing, scanning, or photographing. The authors describe the formation of embedded messages, encryption techniques, error-resistant encoding, and visual embedding strategies. Modern AI-based methods for detecting and extracting watermarks are reviewed. Additionally, the paper compares classical error correction codes (Luhn, CRC, Hamming, Reed-Solomon) used to enhance robustness against distortions

Active cyberprotection concept in context of technical capabilities for cyber threats mitigation

Микола Васильович КОВАЛЬ — 2025-04-22

Ensuring cybersecurity has been identified as one of the key priorities within the national security system of Ukraine, while cyberspace is regarded as a potential theater of warfare. The evolution of the cyber threat landscape and the advancement of tools used for their implementation, against the backdrop of rapid digitalization, have led to a significant increase in the speed of cyberattacks and, consequently, a reduction of the time permissible for effective response. This highlights the need for the implementation of proactive cybersecurity measures, limited strictly to non-offensive actions.

The article provides an overview of the cybersecurity strategies of selected European and Asian countries, with a focus on their approaches to the development of active cyber protection and the application of related technological capabilities. Such an analysis makes it possible to identify international trends and explore the potential for their adaptation in the national context.

Special attention is given to approaches aimed at active counteraction to cyber threats based on preventing network communication between victim's device and attacker's infrastructure at the IP and DNS levels. The study also considers the scalability of such solutions, real-time reaction, contextualization of data, and the technical feasibility of generating cyber threat alerts (early warning messages).

Method for early detection and prediction of cybersecurity incidents in information and communication systems based on machine learning

Сергій Олександрович ГНАТЮК — 2025-04-22

In modern conditions of the rapid growth of both the number and complexity of cyber threats, the task of early detection and prediction of incidents becomes crucial for ensuring the cyber resilience of information and communication systems (ICS). An analysis of scientific approaches, open datasets, and current machine learning methods has revealed several systemic limitations, including the absence of a temporal component, imbalance of real-world data, limited generalization capability of models, and low effectiveness in real-time operation. The article presents an integrated method for early detection and prediction of cybersecurity incidents, which combines graph-based modeling of ICS structure, construction of a set of behavioral events, anomaly detection using machine learning algorithms, and attack development forecasting employing temporal neural models such as LSTM. The method enables the identification of critical nodes, assessment of incident propagation probability, and formation of a set of high-risk events for proactive response. The proposed approach provides a foundation for enhancing the cyber resilience of ICS and can be applied within monitoring and information security support systems. Future research will focus on experimental validation of the method using realistic streaming data, as well as evaluating its scalability and effectiveness in dynamic environments.

Методологія підтримки технологічних процесів у критичній інфраструктурі з забезпеченням безпеки інформації на основі хмарних технологій

Тетяна Віталіївна СМІРНОВА — 2025-04-22

This article proposes a methodology for supporting technological processes in critical infrastructure based on cloud technologies. The critical infrastructure of the state requires new approaches to ensure reliability, adaptability and information security of technological processes. At the same time, cloud technologies open up new opportunities for scalable monitoring, analysis and management of critical infrastructure in conditions of hybrid threats. Thus, the proposed methodology is aimed at forming an integrated digital platform based on the use of cloud technologies for monitoring, analysis and automated management of technological processes in conditions of high risks. The purpose of the developed methodology is to ensure continuous, safe and stable operation of technological processes of critical infrastructure facilities of the state through the implementation of cloud technologies for monitoring, analysis and automated management in conditions of high risks. The main task of this methodology is to develop a comprehensive architecture for supporting technological processes of critical infrastructure based on cloud solutions, increasing the level of technological readiness of critical infrastructure facilities for functioning in an unstable environment by implementing adaptive, scalable and secure solutions. The methodology proposed in this work is focused on functioning in conditions of increased threats, both man-made and cyber, taking into account the requirements for information security, communication reliability, redundancy of critical components and flexibility of the system architecture. This approach contributes to increasing the level of technological readiness of critical infrastructure objects to operate in an unstable environment, reduces the likelihood of failures and ensures resistance to external influences.