Theoretical and Applied Cybersecurity https://tacs.ipt.kpi.ua/ <p>"Theoretical and Applied Cybersecurity" journal is the scientific publication of the National Technical University of Ukraine "Igor Sikorsky Kyiv Polytechnic Institute". The publication unveils the results of the latest scientific research on the theory and practice of providing cybersecurity and cyber protection of its objects in cyberspace. The greatest attention is paid to research based on the use of modern mathematical methods and information technologies.</p> National Technical University of Ukraine “Igor Sikorsky Kyiv Polytechnic Institute” en-US Theoretical and Applied Cybersecurity 2664-2913 <p dir="ltr"><span>Authors who publish with this journal agree to the following terms:</span></p><ol><li dir="ltr"><p dir="ltr"><span>Authors retain copyright and grant the journal right of first publication with the work simultaneously licensed under a </span><a href="https://creativecommons.org/licenses/by/4.0/deed.uk"><span>Creative Commons Attribution License</span></a><span> that allows others to share the work with an acknowledgement of the work's authorship and initial publication in this journal.</span></p></li><li dir="ltr"><p dir="ltr"><span>Authors are able to enter into separate, additional contractual arrangements for the non-exclusive distribution of the journal's published version of the work (e.g., post it to an institutional repository or publish it in a book), with an acknowledgement of its initial publication in this journal.</span></p></li><li><span id="docs-internal-guid-8f94c84b-7fff-69c4-f607-f9f9f548d798"><span>Authors are permitted and encouraged to post their work online (e.g., in institutional repositories or on their website) prior to and during the submission process, as it can lead to productive exchanges, as well as earlier and greater citation of published work (See </span><a href="http://opcit.eprints.org/oacitation-biblio.html"><span>The Effect of Open Access</span></a><span>).</span></span></li></ol> The reflexive model of social behavior under informational influence https://tacs.ipt.kpi.ua/article/view/294225 <p>This paper proposes a mathematical model of the reflexive interaction of some society groups that can act as passive or active agents of influence. The behavior of a set of active agents aimed at imposing a certain behavior on other groups of society that differ in their response to information influence is studied. It was taken into account that passive agents turn into active ones under the influence. In analyzing the information influence of active agents on passive ones, the internal currency was chosen as the main factor. As a result of the numerical experiment is the changes in the model over time are graphically shown, in particular, discrete and general influence views and efficiency of a given information influence are obtained.</p> Dmytro Horbachov Ivan Tereshchenko Copyright (c) 2024 Dmytro Horbachov, Ivan Tereshchenko 2024-12-16 2024-12-16 6 1 10.20535/tacs.2664-29132024.1.294225 Application of Large Language Models for Assessing Parameters and Possible Scenarios of Cyberattacks on Information and Communication Systems https://tacs.ipt.kpi.ua/article/view/315242 <p>This paper explores the use of large language models (LLMs) to evaluate parameters and identify potential hostile penetration scenarios in corporate networks, considering logical and probabilistic relationships between network nodes. The developed methodology is based on analyzing the network structure, which includes components such as the Firewall, Mail Server, Web Server, administrator and client workstations, application server, and database server. The probabilities of transitions between these nodes during adversarial attacks are determined using a swarm of virtual experts and two sets of prompts aimed at different LLMs. Among the results obtained through the swarm approach are average transition probabilities, which enable modeling the most likely attack paths from both external and internal network origins. Based on logical-probabilistic analysis, penetration scenarios are ranked according to probabilities, execution time, and resource minimization required by attackers. The proposed methodology facilitates rapid response to threats and ensures an adequate level of cybersecurity by focusing on the most probable and dangerous attack scenarios.</p> Lesia Alekseichuk Dmitry Lande Oleksii Novikov Copyright (c) 2024 Lesia Alekseichuk, Dmitry Lande, Oleksii Novikov 2024-12-16 2024-12-16 6 1 10.20535/tacs.2664-29132024.1.315242 An Example of of fuzzy ontology usage for risk assessment and attack impact https://tacs.ipt.kpi.ua/article/view/312677 <p class="AbstractText" style="margin: 0cm -2.6pt .0001pt 0cm;"><span lang="EN-US" style="font-size: 11.0pt;">The article discusses the use of fuzzy ontology for assessing risks and impacts of attacks in the field of information security. Fuzzy ontology, which is a formalized way of representing knowledge, offers effective solutions for processing complex and informal processes. The article substantiates the significance of fuzzy logic in structural analysis and presents an example of how new types of attacks influence the ontology. Key findings include the identification of risks associated with attacks through the application of fuzzy sets and entropy theory. The discussion highlights how these methods can enhance threat response and risk management in information systems.</span></p> Oleh Kozlenko Copyright (c) 2024 Oleh Kozlenko 2024-12-16 2024-12-16 6 1 10.20535/tacs.2664-29132024.1.312677 Price Impact for Different Market Models in Cryptocurrency Trading https://tacs.ipt.kpi.ua/article/view/311513 <p>Price impact in cryptocurrency trading plays a crucial role in understanding market dynamics and liquidity. The study presents a detailed mathematical analysis of price impact across three different market models: constant sum, constant product, and order book. Each model provides a unique perspective on how asset prices are influenced by trade execution, market depth, and available liquidity. By examining these models, the analysis highlights the relationship between trade volume and price changes, offering important insights into how large transactions affect the stability and behavior of prices in various liquidity environments. The results are relevant for traders and investors aiming to optimize their strategies in volatile markets, as well as for regulators seeking to mitigate the systemic risks posed by large-scale trades in the cryptocurrency space.</p> Matvii Tulupov Copyright (c) 2024 Matvii Tulupov 2024-12-16 2024-12-16 6 1 10.20535/tacs.2664-29132024.1.311513 AN Algorithm for Analyzing the Ethereum Network Blockchain to Detect Illegal Activities https://tacs.ipt.kpi.ua/article/view/316600 <p>This work is devoted to the research of the blockchain network, in particular, aimed at detecting illegal activity in the Ethereum network using forensic methods. The paper describes the concepts and basic vulnerabilities related to the Ethereum network and the integration of graph analysis to develop an algorithm that scrutinizes Ethereum's transaction structure for illegal activities, including money laundering. In addition, the study includes an analysis of the very structure of Ethereum and the blockchain, which allows insight into the identification and analysis of various aspects of their functioning. The research results are used for the software implementation of the study and improvement of the security level of the blockchain network, including the creation of advanced software solutions for network analysis and protection of the integrity of the blockchain ecosystem. This integrated methodology aims to protect the integrity of blockchain ecosystems.</p> Esmira Abdullaieva Leonid Galchynsky Copyright (c) 2024 Esmira Abdullaieva, Leonid Galchynsky 2024-12-16 2024-12-16 6 1 10.20535/tacs.2664-29132024.1.316600 Toffoli gate implementation method based on Margolus gate on four or more qubits https://tacs.ipt.kpi.ua/article/view/306056 <p>This paper considers the method of building the Toffoli Gate based on the Margolus Gate on four or more qubits. In the first part of the considered method, the modification of the Margolus gate on four or more qubits is suggested. In the second part of the method, the modification of the Margolus gate is transformed into the modification of the Toffoli gate implementation using step-by-step phase rotation compensations. The phase rotation compensation for an N-qubit quantum circuit can be performed with N successive steps, where at each step the gates with phase rotation pi/2^(s-1) are added, where s is the step number, starting from one. The compensation phase requires 2 two-qubit gates and 2N-1 one-qubit gates.</p> Andrii Tereshchenko Valeriy Zadiraka Copyright (c) 2024 Andrii Tereshchenko, Valeriy Zadiraka 2024-12-16 2024-12-16 6 1 10.20535/tacs.2664-29132024.1.306056 The Modification of Post-Quantum AJPS-1 Cryptosystem by Changing the Metric https://tacs.ipt.kpi.ua/article/view/299589 <p>This paper considers the AJPS-1 post-quantum cryptosystem.<br>A feature of this cryptosystem is the use of arithmetic modulo Mersenne number, in particular, the AJPS cryptosystem uses relations for the Hamming weight of integers modulo Mersenne number.<br>To create a modification of this cryptosystem by changing the metric, relations of the OSD metric for integers modulo Mersenne number were obtained.<br>The paper describes the constructed modification of the AJPS-1 cryptosystem with a changed metric and analyses its advantages compared to the AJPS-1 cryptosystem.<br>This modification allows to increase the variance of the decryption parameter, which improves the resistance of the cryptosystem to ciphertext-only (known ciphertext) attacks aimed at determining the private key.</p> Dariya Yadukha Copyright (c) 2024 Dariya Yadukha 2024-12-16 2024-12-16 6 1 10.20535/tacs.2664-29132024.1.299589 On the cryptosystems based on two Eulerian transformations defined over the commutative rings Z2s, s>1 https://tacs.ipt.kpi.ua/article/view/317960 <p>We suggest the family of ciphers sEn, n = 2, 3, ... with the space of plaintexts (Z<em>2^s)^n, s &gt; 1, such that the encryption map is the composition of kinds G = G1 A1 G2 A2, where Ai are the affine transformations from AGLn(Z</em>2^s) preserving the variety (Z*2^s)^n.&nbsp;Eulerian endomorphisms Gi, i = 1, 2, of K[x1, x2, ..., xn] move xi to the monomial term M x1^d(1) x2^d(2) ... xn^d(n), M in Z<em>2^s, and act on (Z</em>2^s)^n as bijective transformations. The cipher is converted to a protocol-supported cryptosystem. Protocols of Noncommutative Cryptography implemented on the platform of Eulerian endomorphisms are used for the delivery of Gi and Ai from Alice to Bob.&nbsp;One can use twisted Diffie-Hellman protocols, which security rests on the complexity of the Conjugacy Power problem, or the hidden tame homomorphism protocol, which security rests on the word decomposition problem. Instead of delivering Gi, Alice and Bob can elaborate these transformations via the inverse twisted Diffie-Hellman protocol, implemented on the platform of tame Eulerian transformations of (Z*2^s)^n.&nbsp;The cost of a single protocol is O(n^3), and the cost of computing the reimage of the used nonlinear map is O(n^2). So, the verification of nt, t ≥ 1, signatures takes time O(nt + 2). Instead of the inverse twisted Diffie-Hellman protocol, correspondents can use the inverse hidden tame homomorphism protocol, which rests on the complexity of word decomposition for tame Eulerian transformations.&nbsp;We use natural bijections between Z<em>2^s and Z2^(s-1), Z</em>2^s and finite field F2^(s-1), and Z<em>2^s and Boolean ring B(s-1) of order 2^(s-1) to modify the family of ciphers or cryptosystems via the change of AGLn(Z</em>2^s) for AGLn(K), where K is one of the rings Z2^(s-1), F2^(s-1), or B(s-1).&nbsp;New ciphers are defined via the multiplication of two different commutative rings Z2^s and K. This does not allow treating them as stream ciphers of multivariate cryptography and using corresponding cryptanalytic techniques. An adversary is not able to use known cryptanalytical methods such as linearization attacks.&nbsp;We discuss the option of changing the elements of AGLn(Z<em>2^s) or AGLn(K) for nonlinear multivariate transformations F of (Z</em>2^s)^n or K^n with a symmetric trapdoor accelerator T, i.e., a piece of information such that the knowledge of T allows computing the value F(p) for an arbitrarily chosen p in P in time O(n^2) and solving the equation of the form F(x) = c for each c in C in time O(n^2).</p> Vasyl Ustymenko Copyright (c) 2024 Vasyl Ustymenko 2024-12-16 2024-12-16 6 1 10.20535/tacs.2664-29132024.1.317960 The methods of decreasing FP in Anomaly based Intrusion Prevent System by using of complex information about information system https://tacs.ipt.kpi.ua/article/view/296412 <p>The main aim of this work is to optimize the efficiency of intrusion detection using complex analysis of indicators in information system by reducing the number of false positives, as well as the development of a universal technique for such optimization. Using laboratory environment with installed SIEMs Wazuh and Splunk we test the proposed optimization methods and proposed newly methodic for decreasing rating false/positive for some intrusion detecting systems.</p> Anton Kudin Olga Grigorieva Svitlana Nosok Copyright (c) 2024 Anton Kudin, Olga Grigorieva, Svitlana Nosok 2024-12-16 2024-12-16 6 1 10.20535/tacs.2664-29132024.1.296412 Modeling psychological operation spread with epidemiologic and pharmacokinetic approaches https://tacs.ipt.kpi.ua/article/view/312577 <p class="AbstractText" style="margin: 0cm -2.6pt .0001pt 0cm;"><span lang="EN-US" style="font-size: 11.0pt;">Psychological operations (PsyOps) have become an increasingly important aspect of modern warfare and political maneuvering, shaping target populations’ perceptions, emotions, and behaviors. Understanding the mechanisms by which these operations function and impact target populations is crucial for developing effective countermeasures. This paper proposes a model for the spread of such content based on epidemiological and pharmacokinetic approaches. By drawing analogies between the spread of PsyOps and the diffusion of pathogens or chemicals, we develop mathematical models to describe the dynamics of PsyOps dissemination. The model considers factors such as initial conditions, strength and persistence of a PsyOp, susceptibility, and interconnectedness of the target population. Solutions to the proposed equations are provided, offering insights into the potential spread and control of PsyOps.</span></p> Yuliia Nakonechna Bohdan Savchuk Anna Kovalova Copyright (c) 2024 Yuliia Nakonechna, Bohdan Savchuk, Anna Kovalova 2024-12-16 2024-12-16 6 1 10.20535/tacs.2664-29132024.1.312577 Modern methods for protecting and storing data in computer systems to ensure their fault tolerance https://tacs.ipt.kpi.ua/article/view/315086 <p>The study's relevance stems from the fact that, in today’s world, where digital technologies permeate all areas of life and cyber threats continuously adapt, traditional methods of identifying critical vulnerabilities that rely on internal data often lag behind the evolution of these threats, leaving computer systems critically vulnerable. Ensuring the fault tolerance of computer systems is essential for stability and protection against such threats.</p> <p>The research methodology includes analyzing modern approaches to ensuring fault tolerance in relation to both hardware and software, utilizing cybersecurity models, redundancy, and data integrity at both the routing and system levels. Reliability was evaluated through theoretical analysis and application of existing technologies, as well as analysis of available system failure statistics based on open data sources.</p> <p>The main goal of the research was to develop recommendations and practical solutions to enhance the fault tolerance of computer systems through the integration of software and hardware protection methods based on an analysis of existing solutions. The task was to ensure system resilience to hardware-software failures before, during, and after their occurrence, thereby minimizing downtime of the hardware-software complex and data loss.</p> <p>The research demonstrated that a comprehensive approach provides the best protection, with the ability to identify issues before they arise. This includes component redundancy of both software and hardware types and the implementation of diagnostic and predictive failure systems. Systems equipped with modern anomaly detection methods can respond much faster to potential threats and minimize losses, while hardware systems with active monitoring and automatic switchover to backup components ensure continuity of processes in the event of critical technical failure.</p> <p>Future technologies, such as using artificial intelligence to analyze system state and predict potential failures, will significantly increase the efficiency and protection of hardware-software systems. However, they currently face compatibility challenges when combined with both legacy and new equipment, limiting their widespread adoption. The results of the research show that systems utilizing a hybrid monitoring approach, combining software and hardware protection, better adapt to changing operating conditions and demonstrate higher fault tolerance.</p> Alina Yanko Copyright (c) 2024 Alina Yanko 2024-12-16 2024-12-16 6 1 10.20535/tacs.2664-29132024.1.315086 Probabilities estimating for attacks on supply chain for critical infrastructure facilities https://tacs.ipt.kpi.ua/article/view/307939 <p style="font-weight: 400;">The different types of supply chain for critical infrastructure facilities of industrial sector were analyzed. Also, the main types of attacks in supply chain were considered.</p> <p style="font-weight: 400;">The character of resource dependencies was analysed and representation of supply chain in form of hierarchical oriented graph, with division into levels, was considered. The algorithm of taking into account of attack probabilities for objects, which giveresources for functioning of some endpoint object of supply chain was developed basing on dynamic programming principles. Calculation complexity of proposed algorithm was estimated, and it confirmed its effectiveness for practical situations. For thetarget area of use the proposed approach gives better calculation complexity in compare existing solutions.&nbsp;</p> Iryna Styopochkina Oleksandr Rybak Mykola Ilin Copyright (c) 2024 Iryna Styopochkina, Oleksandr Rybak, Mykola Ilin 2024-12-16 2024-12-16 6 1 10.20535/tacs.2664-29132024.1.307939