Ukrainian Information Security Research Journal

QUANTITATIVE ASSESSMENT OF SECURE OPERATION OF INFORMATION SYSTEMS

2025-05-19T14:20:57+03:00

The basis of information security is the activity of protecting information — ensuring its confidentiality, availability and integrity, as well as preventing any compromise in a critical situation. Its correct provision is responsible for the security of the company's information infrastructure, the security of all its data and their confidentiality.

Currently, information security is in trend, however, it is always necessary to remember that it is not a set of expensive technical means, but a continuous process that must be constantly improved, responding to the emergence of new threats and attack techniques. The damage from these threats can significantly exceed the cost of implementing protective measures, and it is clear that these risks must be mitigated as effectively as possible.

The article developed a model for quantitatively assessing the coefficient of readiness for safe operation of information systems. To do this, the following was done:

modeling the coefficient of readiness for safe operation, taking into account the impact of the simultaneous appearance in the system of several vulnerabilities of the same type;
modeling the coefficient of readiness for safe operation, taking into account the probability of the presence of r unremedied vulnerabilities (real threats of vulnerabilities) in the system at the same time;
modeling the readiness factor for the safe operation of a set of computers, for example, computer networks, where several vulnerabilities can be eliminated at the same time;
modeling factor of readiness for safe operation if the protection system used for vulnerability leveling is ready for safe operation.

For graphical interpretation of dependencies, graphic materials are presented, for which simulations were performed in the MatLab system. The graphic materials clearly indicate the possibility of obtaining a state of safe operation of information systems depending on the intensity of stopping attempts by the protection system of illegal access to information, and the intensity of such attempts at the entrance to the protection system.

This will allow developers of information systems and service personnel to have quantitative indicators of the coefficient of readiness for safe operation of the system and decision-making regarding possible vulnerabilities.

MANAGEMENT OF INFORMATION FLOWS IN A CYBERSECURITY SYSTEM

2025-05-19T22:13:58+03:00

Methods for controlling information flows in cybersecurity systems using probabilistic models and optimization algorithms have been studied. A mathematical framework has been developed for analyzing and stabilizing data flows in multichannel systems. Markov chains have been used to model the phase states of flows, and the information characteristics of the system, compression coefficients, and quasi-stationarity intervals have been mathematically estimated. The influence of tolerance parameters, phase state probabilities, and discretization levels on information transfer has been considered. Regularization mechanisms have been introduced to prevent singularities and ensure system stability. An adaptive approach to flow control has been proposed, allowing for dynamic adjustment of system parameters in the face of changing threats while maintaining the accuracy of data transmission.

METHOD FOR BUILDING A KEY CYBERSECURITY RISK FACTORS PROFILE OF MODERN DISTRIBUTED INFORMATION SYSTEMS

2025-05-19T21:08:00+03:00

The assessment and analysis of cybersecurity risks are fundamental aspects of developing a reliable and effective information security management system, especially in the context of rapid technological advancements and the increasing complexity of modern distributed information systems. Traditional risk assessment methods, which are primarily based on conceptual approaches and classical techniques, have several limitations and prove to be inefficient in large-scale distributed systems. These methods fail to account for the dynamic nature of the environment and do not provide an effective analysis of interdependencies between numerous risk factors. This study proposes a method for constructing a profile of key risk factors in modern distributed information systems based on correlation analysis and modeling of their interrelationships. This approach enhances the efficiency of cybersecurity risk assessment in dynamic environments. Additionally, the proposed method was used to develop a profile of key risk factors for modern distributed systems, analyze their statistical significance and correlation, and identify and structure priority information security measures and controls, which demonstrate high efficiency in distributed environments, considering both technological and organizational aspects, ensure a systematic approach to information security risk management, reduce the impact of threats, and enhance the resilience of distributed systems against potential attacks. The proposed approach to optimizing the selection of input features and identifying the most significant risk factors, based on the developed risk factor profile for modern distributed information systems, demonstrated comparable numerical results with factor analysis using the principal component analysis (PCA) – method 42 selected metrics versus 40 for PCA. However, it provided a 4% improvement in overall classification accuracy for the designed cybersecurity risk assessment models in DIS compared to the PCA-based control model. This confirms its effectiveness in the context of adaptive risk analysis in distributed environments.

ADAPTIVE INTERFERENCE SUPPRESSION IN WIRELESS NETWORKS BASED ON ARTIFICIAL NOISE

2025-05-19T21:48:30+03:00

Adaptive interference suppression based on artificial noise is a promising approach to enhancing the security of wireless networks. In traditional cryptographic protection systems, attackers can exploit physical-layer attacks to intercept signals. One of the effective protection methods is the use of artificial noise (AN), which generates specially designed interference to complicate unauthorized access. This paper investigates the principles of adaptive artificial noise power control using the gradient descent method. The proposed approach enables dynamic noise level regulation based on communication channel parameters such as attacker distance, signal strength, and environmental interference. The modeling was conducted using an open-source wireless sensor network (WSN) dataset, allowing us to evaluate the impact of adaptive noise on packet loss and signal strength. The results demonstrate that the optimized method effectively reduces the probability of interception without significantly degrading the communication quality for legitimate users. The proposed model can be applied in modern mobile communication systems, IoT networks, and critical infrastructures requiring an increased level of data protection.

ORGANIZING STUDENT OLYMPIADS AND OTHER COMPETITIONS IN INFORMATION SECURITY: IMPLEMENTING THEIR OUTCOMES INTO THE EDUCATIONAL PROCESS

2025-05-19T22:30:06+03:00

The purpose, methodology, and evaluation system of the International Student Olympiad “Ways and Mechanisms of Protecting Ukraine’s Information Space from Malicious Information and Psychological Influence” and the All-Ukrainian Student Olympiad “Developing Critical Thinking Through Identifying Reliable, Unreliable, Partially Reliable, and Possibly Reliable Information” (also titled “Social Engineering: Ways and Mechanisms of Protection”) are described. The VII International Conference “Protection of Democratic Values and Respect for Human Rights in the Activities of Special Services” is also presented, focusing on the specialization “Russian Aggression Against Ukraine as a Fundamental Threat to Freedom, Democratic Values, and Human Rights: Ukrainian, European, and Global Contexts.” The practical significance of these competitions is demonstrated through the implementation of their outcomes into the educational process of higher education institutions. Proposals are being developed for organizing new student olympiads, particularly in non-technical aspects of information security and in the field of religious studies.

IMPLEMENTATION OF PROTECTION OF SERVERS WITH ABNORMAL ACCOUNTS IN THE PACKAGE SYSTEM

2025-05-19T22:41:41+03:00

Server protection is a very important aspect of information security as cyber threats grow, especially as network traffic increases and attack complexity. One effective approach is to use a protection system that takes into account network packet anomalies. The detection and processing of such anomalies allows you to quickly identify and neutralize threats where DDos attacks occupy a special place. This article describes how to analyze network traffic in real time based on statistical methods and machine learning algorithms and classify network packets according to their behavioral characteristics [1]. The system implements a multi-layered approach to server protection, which includes three main stages: initial data filtering, statistical analysis, and the use of machine learning models. At the first stage, malicious packets are excluded based on simple criteria, such as forbidden IP addresses and incorrect packet formats.[2] In Phase 2, statistical analysis is used to detect deviations in the traffic distribution, for example, a sharp increase in the number of requests or a change in packet size [3]. The third stage involves the use of classifiers trained with historical data to identify anomalies in network operation. The list of presented models allows you to adapt to new types of attacks by automatically updating [4]. The advantages of the presented system are: It detects both traditional DDoS attacks (port scans, exploits of network protocol vulnerabilities, and SQL injection attempts) and other types of threats. Second, integration with existing monitoring tools and firewalls. Integration with existing monitoring tools and firewalls [5] also makes it easy to implement without significant cost increases. The system is characterized by high attack detection accuracy, low false positive rate. It provides efficient real-time server protection to ensure business continuity and prevent financial and reputation loss.

SYSTEM APPROACH TO WEB APPLICATION SECURITY: ANALYSIS OF THREATS AND METHODS OF CYBER PROTECTION

2025-05-19T22:56:40+03:00

The study focuses on analyzing common vulnerabilities in web applications, their impact on information system security, economic, reputational, and legal consequences, as well as methods for their detection and mitigation. A comprehensive review of the current state of web application security is conducted, including statistical data on current threats, analysis of attack trends, and an overview of the most notable incidents in recent years. Special attention is given to comparing different approaches to vulnerability classification, including OWASP Top 10, CWE Top 25, MITRE ATT&CK, NIST SP 800-53, and other standards, to evaluate their effectiveness and practical applicability. The study examines web application security testing methods, including static (SAST), dynamic (DAST), and interactive application security testing (IAST), as well as the potential of artificial intelligence (AI) and machine learning (ML) for automated threat detection. The advantages and limitations of different cybersecurity methods are analyzed, along with practical aspects of their implementation in real-world scenarios. Additionally, a detailed analysis of the impact of vulnerabilities on organizations is presented, covering economic consequences (direct financial losses, response costs, market value decline), reputational risks (loss of user trust, brand damage), and legal repercussions (fines, lawsuits, regulatory compliance requirements). The results of the study contribute to forming a comprehensive approach to risk minimization, including the implementation of advanced security analysis methods, adherence to international security standards, and the application of modern cybersecurity tools. This ensures more efficient detection and mitigation of threats at the early stages of web application development and operation.