Theoretical and Applied Cybersecurity

Identification of the malicious group’s digital trace using cryptography tools

Oleh Kozlenko — 2025-12-28

Every year, information about a new data leak or compromise of a public or private organization becomes more commonplace in everyday life. The most dangerous and effective in this field are special hacker groups whose funding is associated with special government agencies or services. The study of the activities of these groups has led to identification of each unique method (or tactics, techniques and procedures - TTP) and systematization of the findings. The advantage of creating a digital fingerprint of APT groups is to quickly identify similarities in TTPs and compare these intervention attempts with known groups or compare the means of existing groups with new ones for which there is little information.

Threat analysis metrics of cloud storage systems

Viktoriia Igorivna Polutsyhanova — 2025-12-28

The security of cloud storage systems remains a critical challenge as the in-creasing interconnection of services exposes them to a wide range of cyber threats. This paper presents a methodology for analyzing the structural characteristics of vulnerabilities and threats in cloud environments using Q-analysis and associated metrics. By modeling the interdependencies between vulnerabilities and threats, the study provides a systematic framework to construct attack profiles and evaluate their likelihood of occurrence. The approach bypasses the direct construction of simplex complexes by employing incidence matrices to derive structural trees, local maps, and connectivity graphs, thereby simplifying the analysis process. Using real-world vulnerability statistics from the Edgescan report, we identify the most exploited weak-nesses, such as cross-site scripting and broken authentication, and link them to corresponding attack vectors. A statistical model of characteristic attack profiles is then developed by applying entropy-based optimization methods, particularly the Nelder-Mead algorithm, to estimate probabilities of threat realization under structural constraints. The findings demonstrate that this method enables more accurate classification and ranking of threats, offering a practical tool for risk assessment and decision-making in cybersecurity management. Ultimately, the proposed approach provides a foundation for improving resilience of cloud storage systems through informed protection strategies.

Forecasting Cyber Threat Intelligence with Memory Augmented Transformer

Anatolii Feher — 2025-12-28

Cyber threat intelligence data are volatile, irregular, and shaped by abrupt regime shifts, making accurate forecasting particularly challenging. Motivated by this, we explore the potential of a memory-augmented Transformer forecaster that integrates an evolving memory mechanism and confidence-regulated attention. Introducing complementary design that enables the model to balance adaptability with stability, remaining robust under noise and structural changes in the threat landscape. Building on and re-architecting the original ACWA-based approach, the resulting ChronoTensor introduced enhanced model achieves parity with state-of-the-art forecasting methods while introducing transparent memory and attention pathways that enhance the interpretability and explainability of its predictions.

Method of Counteracting Manipulative Queries to Large Language Models

Yehor Kovalchuk — 2025-12-28

The integration of Large Language Models (LLMs) into critical infrastructure (SIEM, SOAR) has introduced new attack vectors, specifically prompt injection and jailbreaking. Traditional defense mechanisms, such as input sanitization and Reinforcement Learning from Human Feedback (RLHF), often fail against semantic obfuscation and indirect injections due to their inability to distinguish between control instructions and data context. This paper proposes a novel method for detecting manipulative prompts based on a Multi-Head DistilBERT architecture. Unlike standard binary classifiers, the proposed model decomposes the detection task into four semantic vectors: malicious intent, instruction override, persona adoption, and high-risk action. To address the scarcity of labeled adversarial datasets, we implemented a hybrid data generation strategy using Knowledge Distillation, employing a superior model (Teacher) to label synthetic attacks for the compact Student model. Experimental results on both synthetic and real-world datasets demonstrate that the proposed system achieves a Recall of 0.99, significantly outperforming traditional TF-IDF and keyword-based baselines. The solution operates effectively as a middleware layer, ensuring real-time protection with low computational latency suitable for deployment on edge devices.

Petri Net–Based Analysis of UAV Networks Availability Issues in Conditions of Adversary Counteraction

Iryna Stopochkina — 2025-12-28

The article proposes Petri net-based models that make it possible to simulate scenarios that reflect the real operating conditions of unmanned aerial vehicles (UAVs) in the presence of hostile factors. The modeling takes into account cyber-physical aspects of UAV availability and attacks aimed at disrupting this availability, including by means of enemy electronic warfare (EW) systems. The factor of natural obstacles is also considered, in particular terrain-induced obstacles that interfere with communication between operational UAVs and the relay node.

A set of basic places and transitions is proposed and implemented as a software model. The study uses both ordinary and colored Petri nets. In the ordinary Petri net, the state corresponds to the signal level of the device, and the simulation is carried out to track precisely this characteristic for each UAV in the network. Interference leads to degradation of the state, which can be improved by introducing additional relay devices into the line of sight of the current UAV, reducing the distance between the current UAV and the relay, or deliberately searching for an exit from the EW coverage area.

The colored Petri net is intended for more general tasks, which include counting the active devices in the network, assessing the impact of interference on changes in the network structure, and evaluating mission success. Simulation based on this model was implemented in a Python software application, with visualization performed using the graph-oriented library Graphviz. To account for specific conditions such as terrain and changes in device parameters, an additional module was developed that extracts data from open terrain map datasets.

Dynamic Detection and Classification of Critical Attention Objects under Crisis Events

Dmytro Lande — 2025-12-28

This article presents the development of a universal methodology for selecting and classifying Critical Objects of Attention (COAs) during crisis events, replacing static, standardized approaches with a dynamic, substantiated model. The authors propose formalizing criticality as an emergent property of the “world–governance–observer” system, where criticality is determined not by an object’s intrinsic attributes, but by its role within crisis dynamics. Leveraging graph theory, information theory, and models of cognitive salience, a phase space of attention is constructed, equipped with a dynamic criticality function κ(o, t) and an attentional energy functional L, enabling optimal selection of a compact subset of COAs. A five-stage methodology – DCSC (Dynamic Criticality Selection & Classification) – is introduced, implemented, and validated on a simulated cyberattack scenario. The model is unsupervised, interoperable with existing monitoring systems (e.g., SIEM, digital twins), and applicable across domains including cybersecurity, critical infrastructure management, and digital public governance.

Research on the Possibility of Applying Acoustic Metamaterials for the Protection of Speech Information

Nazarii Lytvynenko — 2025-12-28

The paper analyzes modern methods of technical protection of speech information and proposes a novel approach using acoustic metamaterials. The features of existing passive and active speech protection measures (soundproof constructions, sound-absorbing materials, noise jammers) are considered, as well as the characteristics of traditional sound absorbers and their limitations at low frequencies. The principles of constructing acoustic metamaterials, in particular resonance-based and periodic metastructures are presented, and the physical effects (Bragg band gaps, wave localization, negative effective mass density, etc.) that enable metamaterials to achieve extraordinarily high sound absorption in the speech frequency range are discussed. Recommendations are given for practical implementation of such panels in secure facilities and for evaluating their effectiveness using speech intelligibility criteria. It is concluded that acoustic metamaterials are a promising new means of technical protection of speech information, not yet covered by current standards.

Oblivious S-functions and Their Security against Rotational Cryptanalysis

Serhii Yakovliev — 2025-12-28

This paper considers a specific class of ARX primitives: oblivious S-functions, which are distinguished by their computational states being independent of each other. We present generic analytical expressions for the rotation probabilities of oblivious S-functions, which characterize security against rotational cryptanalysis. We also examile particular classes of oblivious S-functions, including generalized NORX-like mappings and LRX-analogues for multiplication by three. For these mappings, we provide numerical values of the rotation probabilities.

Proof Of Data Possession Protocol With Hash-based Deterministic Challenges And Privately Verifiable Payments

Maksym Strielnikov — 2025-12-28

The research presents a novel protocol for remote verification of data outsourced to a third-party
storage. The protocol aims to verify the possession of data in potentially untrusted storage without
downloading. We identified challenges in existing proof-of-possession protocols (PDP) by conducting
a comprehensive literature review. We stated the optimal threshold for the minimal communication
cost needed in existing PDP protocols to ensure the validity of the target percentage of data blocks
while maintaining high confidence. Building on these findings, we propose our own PDP requires a
fixed amount of communication and offers practically deterministic validity guarantees based on the
security of cryptographic hash functions. We show a scenario for monetization in both cloud-native
and blockchain environments to incentivize storage providers. A rigorous security analysis
demonstrates resilience against forgery attacks aimed to falsify integrity checks or compromise
verifiability assumptions. Our protocol significantly reduces communication overhead compared to
existing solutions while eliminating the cheating probability to negligible levels.

Cryptographic attacks on AES based on side-channel information

Yevhenii Tolmachov — 2025-12-28

The topic of this work is the refinement of side-channel attacks, using the AES cipher as an example.
Most such attacks are based on statistical methods and physical measurements of side-channel infor-
mation, which is why the key obtained as a result of the attack may contain errors. The goal of this
work is to investigate error correction algorithms for the key found during the attack. In the course of
the work, two cryptographic models and attack algorithms on them are considered. The probability of
success and the complexity of the attacks are theoretically derived and calculated.

Pseudorandomness Analysis of Ciphertexts in the AJPS-2 Cryptosystem

Yurii Doroshenko — 2025-12-28

This paper investigates the post-quantum cryptographic primitive AJPS-2 based on arithmetic modulo Mersenne numbers. We describe modified versions of this cryptosystem that utilize generalized Mersenne numbers and Crandall numbers as moduli. We conduct a comparative analysis of ciphertext pseudorandomness for the original cryptosystem and its modifications using the NIST SP 800-22 pseudorandomness test suite. The results show that the use of alternative moduli increases the overall stability and parameters variability of the AJPS-2 cryptosystem.

Differential Attack on IDEA Block Cipher Based on Its Key-Adding Function

Oleksandr Parshyn — 2025-12-28

This paper examines a new theoretical differential attack on the IDEA block cipher and several related ciphers from the same design family, such as PES and MESH. We present an analysis of the most probable differentials, which characterise the ciphers' security against the proposed attack. We also propose a design modification targeting the cipher's key-adding function to enhance its security against the attack.

Influence of srm filters preprosesing on stego data localization in digital images

Pavlo Yatsura — 2025-12-28

Early detection and counteraction to unauthorized transmission of sensitive information via publicly available networks are topical tasks today. Of special interest are steganalysis methods aimed for effective destruction of hidden messages embedded into innocuous media files, like digital images. However, practical usage of such methods introduces significant changes into statistical and spectral parameters of processed images, thus revealing the intrusion into stego channels. There are proposed novel methods for localization positions of embedded stego bits into cover images and pointwise processing only these positions. The article quantifies the impact of cover images preprocessing on accuracy of stego bits localization. The case of Spatial Rich Model (SRM) filters usage is considered, while stego bits position detection is performed using novel deep neural networks, such as Unet, LinkNet, PSPNet and FPN models. The results of comparative analysis of localization accuracy proved effectiveness of SRM filters usage, namely to increase of localization accuracy up to five times (from 2.01% to 10.9% of Intersection-over-Union metric values) even for modern adaptive embedding (like MG and MiPOD) and low cover image payload values (about of 3%-5%). Obtained results create preconditions for development of high-accuracy methods for localization positions of stego bits embedded into cover images according to novel embedding methods.

Quantum cryptanalysis of ciphers based on generalized Feistel and Lai-Massey schemes

Andrii Fesenko — 2025-12-28

This paper investigates generalizations of the Lai-Massey scheme, including unified constructions
combining it with the Feistel scheme (MD GLM, UFLM, L-Feistel, and quasi-Feistel). New reductions
to the quasi-Feistel scheme are provided. Known efficient quantum attacks are analyzed, including
chosen-plaintext attacks on 3 rounds and chosen-ciphertext attacks on 4 rounds for a special case of the
quasi-Feistel cipher using Simon’s algorithm. It is demonstrated that restrictions in that work led to the
degeneration of the quasi-Feistel scheme into the standard Feistel scheme, replicating known quantum
attacks on the Feistel scheme. New two-round distinguishing attacks are presented for the L-Feistel and
MD-1 GLM schemes, enabling round key recovery.