Ukrainian Scientific Journal of Information Security

Electromagnetic shielding as a method of protecting data processing equipment from information leaks

Fri, 22 Aug 2025 00:00:00 +0300

The paper substantiates and experimentally investigates the effectiveness of methods and innovative materials for shielding electromagnetic radiation and guaranteed neutralization of technical channels of information leakage. After all, protection from targeted interception of side electromagnetic radiation and interference and ensuring electromagnetic compatibility of technical means is a strategic necessity required by national and international standards. It is proven that data processing equipment is a source of side electromagnetic radiation and interference and creates critical channels for leakage of confidential information. A material for shielding electromagnetic radiation in a broadband frequency range has been developed. Nanocomposite material, developed on the basis of epoxy resin with finely dispersed iron oxides (Fe2O3 and Fe3O4). Tests were conducted at a frequency of 5 GHz (critical for wireless communication) in order to establish the dependence of the shielding and reflection coefficients on the size and concentration of the filler. It is proven that increasing the dispersion of the metal-containing filler (using particles of 50−100 nm) provides a higher overall shielding coefficient compared to larger particles (200−300 nm) at the same weight concentration, which indicates better dispersion and an increased area of interaction with the electromagnetic field. A direct dependence of the overall shielding efficiency on increasing the filler concentration has been established, which confirms the effectiveness of the absorption and reflection mechanisms. With increasing concentration, the reflection coefficient increases, which indicates an effective improvement in the divergence of wave impedances at the interface. The effectiveness of the developed composite material has been proven, however, its widespread implementation is limited by design shortcomings (large thickness and fragility of the epoxy matrix) and the high cost of specialized production of nanoparticles.

Methodology for forming the input vector of observed network activity variables

Наталія Сергіївна ВИШНЕВСЬКА , Степан Іванович КУБІВ — Fri, 22 Aug 2025 00:00:00 +0300

This paper presents a methodology for constructing the input vector of observed network activity variables for cyberattack detection and prediction systems. The proposed approach involves a step-by-step formation of the vector, beginning with the collection of raw traffic parameters, followed by their normalization, smoothing within sliding time windows, and temporal alignment. The methodology includes the integration of parameters from all functional feature blocks, enabling model adaptation to various types of attacks. As a result, the input vector is fully compatible with probabilistic models exhibiting Markov properties and is capable of capturing both instantaneous fluctuations and long-term behavioral trends in network traffic. The proposed approach enhances anomaly detection accuracy and reduces false positives by enabling flexible adjustment of the vector’s structure in accordance with the threat profile dynamics

ethodology and classification of open-source ML methods for IT monitoring based on the Zabbix system

Ігор Вадимович МАРТИНЮК , Тетяна Олександрівна ОХРІМЕНКО — Fri, 22 Aug 2025 00:00:00 +0300

In this paper examined the use of open-source machine learning methods for IT monitoring tasks based on the Zabbix system. Analyzed approaches to anomaly detection, time series forecasting, and log file analysis, as well as their limitations in the context of operational monitoring. Proposed a methodology for integrating external ML modules with Zabbix and a classification scheme for using ML models depending on the type of data and needed tasks. Performed a comparative analysis of ML approaches and formulated recommendations for their practical application, taking into account the requirements for achieving the target service level (SLO).

Decision-Making Method for Cybersecurity Incident Management in Critical Infrastructure of the State

Вікторія Миколаївна СИДОРЕНКО , Андрій Володимирович МАКСИМЕЦЬ — Fri, 22 Aug 2025 00:00:00 +0300

In modern conditions of increasing intensity and complexity of cyber threats, the issue of effective cybersecurity incident management in critical infrastructure of the state becomes a top priority for ensuring national security and the continuity of critical services. The uncertainty of cyber incident development, the multiplicity of possible response options, and limited resources necessitate the application of formalized and scientifically grounded approaches to decision support. This paper presents a decision-making method for cybersecurity incident management in critical infrastructure of the state, which is based on a systems approach and formalization of the response process. The proposed method provides a step-by-step analysis of a cyber incident, formation of a set of response alternatives, modeling of probabilistic development scenarios, quantitative assessment of consequences using a results matrix, and selection of an optimal managerial decision based on the criterion of maximizing the expected effect. A distinctive feature of the proposed method is the integration of a feedback mechanism that enables evaluation of the effectiveness of implemented response measures and adaptation of the decision-making process to changing operating conditions of critical infrastructure facilities and the emergence of new types of cyber threats. The practical significance of the results lies in the applicability of the method in security operation centers and decision support systems to improve the justification of managerial actions and minimize the negative consequences of cyber incidents. Further research will focus on experimental verification of the method in various critical infrastructure sectors and its extension using multi-criteria analysis and dynamic resource constraints.

Адаптивний ШІ для кібербезпеки: практичні приклади усунення сліпих зон

Дмитро Петрович ПРОСКУРІН, Тетяна Василівна ГРИНЮК, Юлія Ярославівна ПОЛІЩУК — Fri, 22 Aug 2025 00:00:00 +0300

Cyber-attacks increasingly evade static, rules-based controls by shifting content, infrastructure, and pace. This article synthesizes practical machine-learning patterns that measurably improve defence across six domains: phishing/social engineering, malware detection, network anomaly detection, insider-risk analytics, vulnerability prioritisation, and incident-response automation. The approach highlights transformer-based NLP that reads messages more like people do (with reported F1 scores of approximately 0.98 on public phishing benchmarks), image-based CNNs that recognise malware “byte-textures,” autoencoders and sequence models that baseline network behaviour, federated and explainable methods for privacy-preserving insider detection, EPSS-driven triage that prioritises by exploitation likelihood, and reinforcement learning that adapts response actions under guardrails. Emphasis is on deployable patterns – shadow-mode pilots, precision/recall tracking, false-positive budgets, human-in-the-loop review, and continuous learning from user feedback and honeypot telemetry – so organisations can move from brittle signature races to adaptive systems that improve with every campaign observed. The transition to 5G and emerging 6G architectures compounds these challenges, introducing ultra-low latency requirements, massive device densities, and decentralized, edge-based infrastructures. Adaptive AI must therefore operate not only in traditional enterprise networks but also in heterogeneous, mobile, and resource-constrained 5G/6G environments where security, privacy, and resilience are paramount

Fundamental principles for the design and application of cyber ranges for training cybersecurity specialists

Fri, 22 Aug 2025 00:00:00 +0300

This paper presents a comprehensive analysis of the fundamental principles for designing and applying cyber ranges as controlled learning and research environments for developing professional cybersecurity competencies. The evolution from static virtual labs to scalable cloud-based ecosystems and digital twins is outlined, emphasizing realistic network topologies, business services, and user behavior modeling. The study substantiates the need to combine technological automation with instructional design, including Bloom’s taxonomy and Kolb’s experiential learning cycle, and to align training outcomes with the NICE Workforce Framework. Particular attention is given to scenario lifecycle management, reproducibility through Infrastructure as Code and “scenario as code”, and objective performance assessment using learning analytics and situational awareness metrics. The paper also discusses the role of AI-driven automation, including agentic RAG approaches and multi-agent reinforcement learning, for adaptive scenario generation and dynamic adversary modeling, while highlighting the importance of verification and controlled use in training settings.

Energy critical infrastructure under attack: incident analysis and implications for ICS/SCADA resilience

Олександр Анатолійович ДОБРИНЧУК , Вікторія Вікторівна ЛУКАШЕНКО — Fri, 22 Aug 2025 00:00:00 +0300

Energy sector critical infrastructure has been increasingly targeted by cyber, physical, and hybrid attacks that exploit vulnerabilities in monitoring and control systems. This paper analyzes major security incidents affecting energy facilities over the past 10-15 years, with a particular focus on attacks that compromise measurement data, telemetry, and situational awareness. Based on incident analysis, the study identifies common attack patterns and resilience gaps and discusses their implications for the secure operation of energy systems. The paper concludes with practical recommendations for strengthening cyber resilience through measurement-aware monitoring, improved detection, and resilient recovery mechanisms in energy critical infrastructure.