№ 2 (72)

The purpose of the study: to develop and experimentally validate a semantic clustering technique for security incidents based on the DBSCAN algorithm for automatically detecting correlations in the event stream of Security Operations Centers.
Research methods: systems analysis, natural language processing, vector text representation, density clustering, machine learning on large-scale language models, a full-scale experiment.
Results obtained: an analysis of the state-of-the-art for digital monitoring of computer and network security at Security Operations Centers revealed that the key reasons for the high difficulty in detecting correlations between security incidents are the variability of data presentation formats and the concealment of key artifacts in unstructured text descriptions. The technique for semantic clustering of cybersecurity incidents based on the DBSCAN density clustering algorithm was developed for the automatic detection of correlations in the Security Operations Center event stream. The technique is implemented as a two-loop data processing pipeline, in which the first loop evaluates the semantic similarity of incidents using the cosine proximity metric of vector embeddings of text descriptions generated by a large language model, and the second loop evaluates the intersection of formal artifacts extracted from text summaries without semantic interpretation. An experimental evaluation and validation of the techniques was conducted on a real set of security incidents, demonstrating high completeness of detection of related attack chains (corresponding to 86.7% of incidents) with robust filtering of noise summaries.
Scientific novelty: the proposed technique for semantic clustering of security incidents in the Security Operations Center event stream differs from known ones by using a large language model for converting text summaries into vector embeddings with their storage in a vector database, the matrix of pairwise cosine distances for assessing the semantic similarity between incidents, the density clustering algorithm for identifying clusters on a set of incidents and semantic interpretation
of the detected clusters through a qualitative analysis of their content.
Contribution: Igor Kotenko and Igor Saenko – a general concept for semantic clustering of cybersecurity incidents in the Security Operations Centers using large language models; Igor Kotenko and Oleg Lauta – a description of the technique stages and the methods implementing them; Alexander Kurakin – implementation of the proposed technique on real data; Igor Kotenko and Igor Saenko – a theoretical justification for the proposed technique.
Keywords: cybersecurity, machine learning, threat detection, data vectorization, natural language processing, security operations center.

1. Lotfi I., Mandar M. Review of Detection and Prevention Techniques for Cyberattacks in SOCs: State of the Art and Future Challenges // 2025 International Conference on Circuit, Systems and Communication (ICCSC). 2025. Pp. 1–6. DOI: 10.1109/ICCSC66714.2025.11135218.
2. Tokarev M. V., Abramov E. S., Tokareva N. N. Metodika ispol'zovaniya rezul'tatov poiska i analitiki kiberugroz dlya povy'sheniya e'ffektivnosti raboty' analitikov SOC // Sovremennaya pedagogika i nauchny'e issledovaniya v obrazovatel'noj organizacii vy'sshego obrazovaniya. Materialy' Vserossijskoj nauchno-metodicheskoj konferencii. 2024. S. 271–281. EDN: HCVIHX.
3. Habibzadeh A., Feyzi F., Ebrahimi Atani R. Large Language Models for Security Operations Centers: A Comprehensive Survey // arXiv:2509.10858 [cs.CR]. 2025. DOI: 10.48550/arXiv.2509.10858.
4. Kotenko I. V., Xmy'rov S. S. Analiz modelej i metodik, ispol'zuemy'x dlya atribucii narushitelej kiberbezopasnosti pri realizacii celevy'x atak // Voprosy' kiberbezopasnosti. 2022. № 4(50). S. 52–79. DOI: 10.21681/2311-3456-2022-4-52-79.
5. Kotenko I. V., Levshun D. A. Metody' intellektual'nogo analiza sistemny'x soby'tij dlya obnaruzheniya mnogoshagovy'x kiberatak: ispol'zovanie baz znanij // Iskusstvenny'j intellekt i prinyatie reshenij, 2023, № 2. S. 3–14. DOI: 10.14357/20718594230201.
6. Kotenko I., Gaifulina D., Zelichenok I. Systematic Literature Review of Security Event Correlation Methods // IEEE Access, 2022, Vol. 10. P. 43387–43420. Print ISSN: 2169-3536. Online ISSN: 2169-3536. DOI: 10.1109/ACCESS.2022.3168976
7. Karelova O. L., Droby'shev A. V. SOC kak instrument povy'sheniya urovnya kiberbezopasnosti organizacii // Zhurnal vy'sokix gumanitarny'x texnologij. 2023. № 1(1). S. 17–23. EDN: IKZWWI.
8. Sharma A., Thapliyal S., Wazid M., Mishra A. K., Kumar P., Giri D. A Secure Mechanism for Password Hash Value Generator with the Security Analysis of Various Hashing Algorithms // 2024 4th International Conference on Computer, Communication, Control & Information Technology (C3IT). 2024. Pp. 1–6. DOI: 10.1109/C3IT60531.2024.10829444.
9. Kotenko I. V., Levshun D. A. Metody' intellektual'nogo analiza sistemny'x soby'tij dlya obnaruzheniya mnogoshagovy'x kiberatak: ispol'zovanie metodov mashinnogo obucheniya // Iskusstvenny'j intellekt i prinyatie reshenij, 2023, № 3. S. 3–16. DOI: 10.14357/20718594230301.
10. Xudxejr A. R. M., Zargaryan E. V., Zargaryan Yu. A. Modeli mashinnogo obucheniya i glubokogo obucheniya dlya e'lektronnoj informacionnoj bezopasnosti v mobil'ny'x setyax // Izvestiya YuFU. Texnicheskie nauki. 2022. № 3(227). S. 211–222. DOI: 10.18522/2311-3103-2022-3-211-222
11. Bezzateev S. V., Elina T. N., Krasnikov N. S. Issledovanie metodov mashinnogo obucheniya dlya obespecheniya informacionnoj bezopasnosti
v roznichny'x torgovy'x operaciyax // Problemy' informacionnoj bezopasnosti. Komp'yuterny'e sistemy'. 2022. № 3. S. 155–166. DOI: 10.48612/jisp/kdh3-g5ak-bv4v.
12. Maruthi P. B., Bilas P. Comparative Analysis of K-means and Hierarchical Clustering in Bigdata Environment // 2022 6th International Conference on Computation System and Information Technology for Sustainable Solutions (CSITSS). 2022. Pp. 1–6. DOI: 10.1109/CSITSS57437.2022.10026370.
13. Levshun D., Kotenko I. A survey on artificial intelligence techniques for security correlation: models, challenges, and opportunities // Artificial Intelligence Review, Springer. 2023. Vol.56, No 8. August 2023. P. 8547–8590. https://doi.org/10.1007/s10462-022-10381-4.
14. Li Q., Ma Y., Wu Y. Utilize DBN and DBSCAN to detect selective forwarding attacks in event-driven wireless sensors networks // Engineering Applications of Artificial Intelligence. 2023. Vol. 126, Part D. Article 107122. DOI: 10.1016/j.engappai.2023.107122.
15. Kotilingala S. Leveraging large language models for enhanced threat detection in security operations centers // World Journal of Advanced Engineering Technology and Sciences. 2025. Vol. 15, No. 1. Pp. 579–591. DOI: 10.30574/wjaets.2025.15.1.0241.
16. Tehranipoor M., Zamiri Azar K., Asadizanjani N., Rahman F., Mardani Kamali H., Farahmandi F. Large Language Models for SoC Security // Hardware Security. Springer, Cham. 2024. Pp. 255–299. DOI: 10.1007/978 3 031-58687-3_6.
17. Xu H., Wang Sh., Li N., Wang K., Zhao Y., Chen K., Yu T., Liu Y., Wang H. Large Language Models for Cyber Security: A Systematic Literature Review // arXiv:2405.04760 [cs.CR]. 2024. DOI: 10.48550/arXiv.2405.04760.
18. Kotenko I. V., Abramenko G. T. Ispol'zovanie bol'shix yazy'kovy'x modelej dlya poiska ugroz kiberbezopasnosti na osnove metodov glubokogo obucheniya: analiz sovremenny'x issledovanij // Pravovaya informatika, 2024. № 3. S. 32–42. DOI: 10.24682/1994-1404-2024-3-32-42.
19. Kotenko I. V., Abramenko G. T. Ob''yasnimaya interpretaciya incidentov na osnove bol'shoj yazy'kovoj modeli i metoda generacii s dopolnennoj vy'borkoj // Voprosy' kiberbezopasnosti. 2025. № 5(69). S. 58–67. DOI: 10.21681/2311-3456-2025-5-58-67.
20. Lee Y.-C., Chien W.-C., Chang, Y.-C. FedDB: A Federated Learning Approach Using DBSCAN for DDoS Attack Detection // Applied Sciences. 2024. Vol. 14. Article 10236. DOI: 10.3390/app142210236.
21. Lanfermann F., Rios T., Menzel S. Large Language Model-assisted Clustering and Concept Identification of Engineering Design Data // 2024 IEEE Conference on Artificial Intelligence (CAI). 2024. Pp. 788–795. DOI: 10.1109/CAI59869.2024.00150.
22. Miller J., Nicholls R. Using Large Language Models in Cluster Analysis in the Social Sciences // IEEE Transactions on Technology and Society. 2025. Pp. 1–13. DOI: 10.1109/TTS.2025.3611984.
23. Ma X., Keung J., Yang Zh., Yu X., Li Y., Zhang H. CASMS: Combining clustering with attention semantic model for identifying security bug reports // Information and Software Technology. 2022. Vol. 147. Article 106906. DOI: 10.1016/j.infsof.2022.106906.
24. Alahmari A., Jamal A., Elazhary H. Comparative Study of Common Density-based Clustering Algorithms // 2021 National Computing Colleges Conference (NCCC). 2021. Pp. 1–6, DOI: 10.1109/NCCC49330.2021.9428832.
25. Larin A. I., Vovik A. G., Tryapicyn A. D. Formalizaciya nestrukturirovannoj tekstovoj informacii na osnove vektornogo predstavleniya slov // Innovacionnoe razvitie: potencial nauki i sovremennogo obrazovaniya: monografiya. 2021. S. 212–223. EDN: HGYJAJ.
26. Khan M. K., Sarker S., Ahmed S. M., Khan M. H. A. K-Cosine-Means Clustering Algorithm // 2021 International Conference on Electronics Communications and Information Technology (ICECIT). 2021. Pp. 1–4. DOI: 10.1109/ICECIT54077.2021.9641480.
27. Abbes F., Mnasri S., Val T. k-Nearest Neighbor Algorithm to Classify IoT Localization Data: A Case Study on LocURa4IoT Datasets // 2024 13th IFIP/IEEE International Conference on Performance Evaluation and Modeling in Wired and Wireless Networks (PEMWN). 2024. Pp. 1–6. DOI: 10.23919/PEMWN62766.2024.10737551.

Purpose of the study: is to propose a formalized approach to the certification procedure of text models of artificial intelligence,
allowing to quantify the safety of such models and their applicability in specific subject areas.
Research method: description of the certification procedure in the language of mathematical statistics and discrete mathematics.
Result: three approaches to assessing the quality of text models of artificial intelligence are presented. The first approach is based on calculating the confidence interval, in which with a given probability there is a share of correct answers.
The second approach is based on comparing the model's answers with the answers from a verified set of questions and answers. The third approach is based on a combination of the first two approaches.
Scientific novelty: consists in the development of a mathematical models of the certification procedure, the security of textual AI models by the criterion of error admissibility.
Keywords: mathematical model of certification, safety, applicability, subject area, verified set of questions and answers.

1. Namiot, D. E. Doverenny'e platformy' iskusstvennogo intellekta / D. E. Namiot, E. A. Il'yushin, O. G. Pilipenko // International Journal of Open Information Technologies. – 2022. – T. 10, № 7. – S. 119–127. – EDN DFIXNZ.
2. Garbuk, S. V. Osobennosti primeneniya ponyatiya «doverie» v oblasti iskusstvennogo intellekta / S. V. Garbuk // Iskusstvenny'j intellekt i prinyatie reshenij. – 2020. – № 3. – S. 15–21. – DOI 10.14357/20718594200302. – EDN QLQEKM.
3. Azhmuxamedov, I. M. Dostovernost' kak servis informacionnoj bezopasnosti v cifrovoj srede / I. M. Azhmuxamedov, A. V. Xajtul // Prikaspijskij zhurnal: upravlenie i vy'sokie texnologii. – 2023. – № 4(64). – S. 26–35. – EDN FCZLUO.
4. Markov, A. S. O sertifikacii sistem iskusstvennogo intellekta po trebovaniyam bezopasnosti informacii / A. S. Markov // Kibernetika i informacionnaya bezopasnost' «KIB-2024»: Sbornik nauchny'x trudov Vtoroj Vserossijskoj nauchno-texnicheskoj konferencii, Moskva, 22–23 oktyabrya 2024 goda. – Moskva: Nacional'ny'j issledovatel'skij yaderny'j universitet «MIFI», 2024. – S. 18–21. – EDN SBNLVE.
5. Ugleva, A. V. Indeks «e'tichnosti» sistem iskusstvennogo intellekta v medicine:ot teorii k praktike / A. V. Ugleva, V. A. Shilova, E. A. Karpova // E'ticheskaya my'sl'. – 2024. – T. 24, № 1. – S. 144–159. – DOI 10.21146/2074-4870-2024-24-1-144-159. – EDN DUYXGQ.
6. Elizarov, M. V. E'tika primeneniya iskusstvennogo intellekta v sfere upravleniya personalom: vzglyad Immanuila Kanta / M. V. Elizarov // Tendencii razvitiya nauki i obrazovaniya. – 2025. – № 122-1. – S. 107–109. – EDN BLCMVC.
7. Ivanov A. A., Petrov B. B. Parirovanie riskov potrebitelyami kak faktor povy'sheniya doveriya k sistemam iskusstvennogo intellekta // Iskusstvenny'j intellekt i prinyatie reshenij. — 2025. — № 3. — S. 45–58.
8. Beloshapkina A. A. Pravovoe regulirovanie iskusstvennogo intellekta v Rossii i za rubezhom // Vestnik magistratury'. 2022. № 10-3 (133). – URL: https://cyberleninka.ru/article/n/pravovoe-regulirovanie-iskusstvennogo-intellekta-v-rossii-i-za-rubezhom (data obrashheniya: 12.08.2025).
9. Perspektivny'e napravleniya primeneniya texnologij iskusstvennogo intellekta pri zashhite informacii / R. V. Meshheryakov, S. Yu. Mel'nikov, V. A. Peresy'pkin, A. A. Xorev // Voprosy' kiberbezopasnosti. – 2024. – № 4(62). – S. 2–12. – DOI 10.21681/2311-3456-2024-4-02-12. – EDN GJWQWP.
10. Namiot, D. E. Ob ocenke doveriya k sistemam Iskusstvennogo intellekta / D. E. Namiot, E. A. Il'yushin // International Journal of Open Information Technologies. – 2025. – T. 13, № 3. – S. 75–90. – EDN LRWXGR.

Purpose of the study: to obtain synthetic data sets that are close to real ones in terms of the distributions of individual features, their support regions and inter-feature dependencies, and to confirm this proximity by means of a consistent system of metrics and visualizations on a representative panel of applications.
Methods of research: a diffusion model for tabular data, TabDDPM, adapted to tabular features is employed, together with stepwise preprocessing of the raw data (logarithmic transformation of heavy-tailed attributes, outlier clipping, quantile normalization to the range [−1, 1]). The hyperparameters are tuned automatically using the QP-MSE criterion with the Optuna software library. The quality of generation is assessed by a set of statistical metrics and visual methods.
Results of the study: it is shown that for traffic of Android applications the TabDDPM model produces synthetic data sets that are statistically close to real data in terms of univariate distributions and joint feature behavior. The univariate distributions of key attributes exhibit stable agreement in the position of the modes and in the main mass of the probability distribution. t-SNE projections confirm the overlap between clusters of real and model-generated points, the absence of substantial
systematic shifts in central quantiles, and the preservation of distribution tails, including in regions corresponding to rare operating regimes of the applications. It is demonstrated that stable generation quality is achieved already at a volume of about 1.5–2.5 thousand sessions per application, which is sufficient for constructing training sets, stress-test scenarios and tuning intrusion-detection thresholds under practical conditions of scarce labeled traffic.
Scientific novelty: for the first time, a comprehensive analysis of the quality of the TabDDPM diffusion model in generating tabular features of Android application network traffic is carried out using a coordinated set of metrics. The study demonstrates the possibility of forming controllable synthetic data sets that preserve characteristic traffic patterns and are suitable for modeling zero-day scenarios, stress testing and calibration of detector thresholds.
Keywords: information security, generative models, machine learning, model hyperparameters, t-SNE, boxplot, zero-day attacks, intrusion detection systems.

1. Buslaev, A. V., Parinov, A., Khvedchenya, E., Iglovikov, V. I., & Kalinin, A. A. (2018). Albumentations: fast and flexible image augmentations. ArXiv, abs/1809.06839.
2. Pan, S. J., & Yang, Q. (2010). A Survey on Transfer Learning. IEEE Transactions on Knowledge and Data Engineering, 22, 1345–1359.
3. Bengesi, S., El-Sayed, H., Sarker, M., Houkpati, Y., Irungu, J., & Oladunni, T. (2023). Advancements in Generative AI: A Comprehensive Review of GANs, GPT, Autoencoders, Diffusion Model, and Transformers. IEEE Access, 12, 69812–69837.
4. Harshvardhan, G., Gourisaria, M. K., Pandey, M., & Rautaray, S. S. (2020). A comprehensive survey and analysis of generative models in machine learning. Comput. Sci. Rev., 38, 100285.
5. Cao, H., Tan, C., Gao, Z., Xu, Y., Chen, G., Heng, P., & Li, S. Z. (2022). A Survey on Generative Diffusion Models. IEEE Transactions on Knowledge and Data Engineering, 36, 2814–2830.
6. Goodfellow, I.J., Pouget-Abadie, J., Mirza, M., Xu, B., Warde-Farley, D., Ozair, S., Courville, A. C., & Bengio, Y. (2014). Generative Adversarial Nets. Neural Information Processing Systems.
7. Kotelnikov, A., Baranchuk, D., Rubachev, I., & Babenko, A. (2022). TabDDPM: Modelling Tabular Data with Diffusion Models. ArXiv, abs/2209.15421.
8. Ho, J., Jain, A., & Abbeel, P. (2020). Denoising Diffusion Probabilistic Models. ArXiv, abs/2006.11239.
9. Sheluhin, O. I., & Matorin, F. A. (2024). Reducing the Dimensionality of Data Arrays Using Multi-Layer Autoencoders in the Task of Classifying Mobile Applications. Proceedings of Telecommunication Universities.
10. Sheluhin, O. I., Matorin, F. A., & Vanyushina, A. V. (2024). Evaluation of the properties of multilayer autoencoders in the task of detecting and classifying mobile applications. H&ES Research.
11. Maaten, L. V., & Hinton, G. E. (2008). Visualizing Data using t-SNE. Journal of Machine Learning Research, 9, 2579–2605.
12. Policar, P. G., Stražar, M., & Zupan, B. (2019). openTSNE: a modular Python library for t-SNE dimensionality reduction and embedding.bioRxiv.
13. Arbelaitz, O., Gurrutxaga, I., Muguerza, J., Pérez, J. M, & Perona, I. (2013). An extensive comparative study of cluster validity indices. Pattern Recognit., 46, 243–256.
14. Fan, H., Su, H., & Guibas, L. J. (2016). A Point Set Generation Network for 3D Object Reconstruction from a Single Image. 2017 IEEE Conference on Computer Vision and Pattern Recognition (CVPR), 2463–2471.
15. Dimitrova, D. S., Kaishev, V. K., & Tan, S. (2020). Computing the Kolmogorov-Smirnov Distribution When the Underlying CDF is Purely Discrete, Mixed, or Continuous. J. Stat. Softw., 95.
16. Peyré, G., & Cuturi, M. (2018). Computational Optimal Transport. Found. Trends Mach. Learn., 11, 355–607.
17. Naeem, M. F., Oh, S., Uh, Y., Choi, Y., & Yoo, J. (2020). Reliable Fidelity and Diversity Metrics for Generative Models. International Conference on Machine Learning.
18. Jin, K., Cheng, X., Yang, J., & Shen, K. (2021). Differentially Private Correlation Alignment for Domain Adaptation. International Joint Conference on Artificial Intelligence.
19. Bongiorno, C., & Challet, D. (2020). Covariance matrix filtering with bootstrapped hierarchies. PLoS ONE, 16.

The purpose of the study: to improve the quality of anomaly detection in blockchain logistics systems based on methods of topological data analysis and graph neural networks.
Research methods: combination of algebraic topology and graph neural networks within the framework of a hybrid node classification model. The approach was verified by semi-synthetic modeling of cyclic and cluster attacks on logistics network transactions.
Research results: The article reveals the issues related to the impact of anomalies in blockchain logistics systems on supply chains and the efficiency of cargo flows. The need for a progressive approach for timely detection and management of anomalies in real time through the integration of such technologies as machine learning and big data analysis is noted. registers, their advantages and disadvantages are noted. A hybrid approach to detecting anomalies in the blockchain has been developed, which implements joint processing of transactional data using graph neural networks and algebraic topology methods.
Scientific novelty: in contrast to the well-known methods based on local aggregation of features, the hybrid approach makes it possible to identify global structural anomalies, ensuring the completeness of detection of complex schemes of fictitious turnover.
Keywords: distributed ledger, transaction graph, persistent diagram, persistent homology, hybrid feature vector, cyclic falsification, cluster collusion, temporal violations.

1. Pogrebinskaya M. N. Kvantovo-fraktal'ny'j metod analiza blokchejn-tranzakcij dlya obnaruzheniya skry'toj protivozakonnoj aktivnosti // Pravo i gosudarstvo: teoriya i praktika. 2025. № 4. S. 472–474. DOI: 10.47643/1815-1337_2025_4_472.
2. Jinglin Li, Yihang Zhang, Chun Yang BlockDetective: A GCN-based student–teacher framework for blockchain anomaly detection // IET Blockchain. 2023. Volume 3, Issue 4. DOI: 10.1049/blc2.12044.
3. Vasavi Chithanuru, Mangayarkarasi Ramaiah An anomaly detection on blockchain infrastructure using artificial intelligence techniques: Challenges and future directions – A review // Concurrency and Computation: Practice and Experience. 2023. Volume 35, Issue 22. DOI: 10.1002/cpe.7724.
4. Vladimirkin A. A. Anomalii v kriptovalyutny'x tranzakciyax i metody' mashinnogo obucheniya dlya ix vy'yavleniya // Vestnik Ul'yanovskogo gosudarstvennogo texnicheskogo universiteta. 2025. № 1(109). S. 40–43. DOI: 10.61527/1684-7016-2025-1-40-43.
5. Utakaeva I. X. Sistem za schet kombinacii grafovy'x baz danny'x i neizmenyaemy'x zhurnalov blokchejna // Kuznechno-shtampovochnoe proizvodstvo. Obrabotka materialov davleniem. 2025. № 4. S. 199–208. EDN: UOWQIX.
6. Shiyang Chen, Yang Liu, Qun Zhang, Zhouhang Shao, Zewei Wang Multi-Distance Spatial-Temporal Graph Neural Network for Anomaly Detection in Blockchain Transactions // Advanced Intelligent Systems. 2025. Volume 7, Issue 8. DOI: 10.1002/aisy.202400898.
7. Haoyang Tan, Qiang Zhang, Mingxian Li, Xinxing Liu, Lei Hu Design and Optimization of a Blockchain-Enabled Decentralized Security Framework for Anomaly Detection in VANETs // Transactions on Emerging Telecommunications Technologies. 2025. Volume 36, Issue 10. DOI: /10.1002/ett.70275.
8. Popova M. V. Primenenie iskusstvennogo intellekta dlya optimizacii smart-kontraktov v blokchejn-sistemax s ispol'zovaniem teorii grafov // Akademicheskij issledovatel'skij zhurnal. 2023. T. 1. № 1. S. 46–59. DOI: 10.25726/z8249-0282-8436-n.
9. Shipra Ravi Kumar, Mukta Goyal Design of an Iterative Method for Blockchain Optimization Incorporating DeepMiner and AnoBlock // Security and Privacy. 2024. Volume 8, Issue 1. DOI: 10.1002/spy2.492.
10. Kouros Zanbouri, Mehdi Darbandi, Mohammad Nassr, Arash Heidari, Nima Jafari Navimipour, Senay Yalcın A GSO-based multi-objective technique for performance optimization of blockchain-based industrial Internet of things // International Journal of Communication Systems. 2024. Volume 37, Issue 15. DOI: 10.1002/dac.5886.
11. Bushmelev A. S., Kalinin M. O., Krundy'shev V. M. Verifikaciya tranzakcij v blokchejn-sistemax, osnovannaya na primenenii konsorciumorientirovanny'x pravil // Metody' i texnicheskie sredstva obespecheniya bezopasnosti informacii. 2025. № 34. S. 189–190. EDN: DDQKYI.
12. Gorshkov E. A. Primenenie rollapov s nulevy'mi znaniyami v blokchejn-texnologii dlya optimizacii obrabotki tranzakcij s cifrovy'mi aktivami // Aktual'ny'e problemy' sovremennosti: nauka i obshhestvo. 2025. № 2(42). S. 3–7. EDN: VOAJKT.
13. Zejia Jing, Ali Parizad, Saifur Rahman Blockchain-Based Energy Trading Employing Hyperledger and Anomaly Detection Algorithms // Smart Cyber-Physical Power Systems: Fundamental Concepts, Challenges, and Solutions. 2025. Volume 1. DOI: 10.1002/9781394191529.ch27.
14. Kevin Martin, Mohamed Rahouti, Moussa Ayyash, Izzat Alsmadi Anomaly detection in blockchain using network representation and machine learning // Security and Privacy. 2021. Volume 5, Issue 2. DOI: 10.1002/spy2.192.
15. Yusuf Muhammad Tukur, Dhavalkumar Thakker, Irfan-Ullah Awan Edge-based blockchain enabled anomaly detection for insider attack prevention in Internet of Things // Transactions on Emerging Telecommunications Technologies. 2020. Volume 32, Issue 6. DOI: /10.1002/ett.4158.
16. Makarenko E. N., Klejmenkin D. V. Issledovanie mexanizmov shifrovaniya, autentifikacii i privatnosti v kontekste blokchejn-texnologij // Dnevnik nauki. 2023. № 10(82). EDN: YPHWRA.
17. Goryachkin B. S., Soloxov I. R. Podbor algoritma konsensusa dlya logisticheskogo blokchejna // Sovremennaya nauka: aktual'ny'e problemy' teorii i praktiki. Seriya: Estestvenny'e i texnicheskie nauki. 2023. № 4-2. S. 65–70. DOI: 10.37882/2223-2966.2023.04-2.07.
18. Gheyath Mustafa Zebari, Nasser Al Musalhi A Comprehensive Review of Integrating AI and Blockchain Security: Innovations, Challenges, and Future Directions // Security and Privacy. 2025. Volume 8, Issue 5. DOI: 10.1002/spy2.70094.
19. Jianhuan Mao, Mengxiao Zhu, Yi Sun, Lei Li, Haogang Zhu Transaction Spatio-Temporal Distribution for Permissioned Blockchain Performance Profiling // Concurrency and Computation: Practice and Experience. 2025. Volume 37, Issue 27-28. DOI: 10.1002/cpe.70316.
20. Pomogalova A. V., Donskov E. A., Elagin V. S. Model' integracii adaptivnogo algoritma vy'bora i smeny' konsensusa blokchejna pri granichny'x znacheniyax pokazatelej seti // E'lektrosvyaz'. 2024. № 12-2. S. 16–24. DOI: 10.34832/ELSV.2024.61.12.003.

Purpose of the study: analysis of the evolution of artificial intelligence risk management paradigm from reactive incident response to proactive end-to-end management throughout the full AI system lifecycle with adaptation of international frameworks to the Russian regulatory environment.
Methods of research: systematization of AI lifecycle phases according to ISO/IEC 42001:2023 and NIST AI RMF standards; comparative analysis of leading frameworks (NIST AI RMF, MITRE ATLAS, ISO/IEC 42001); development of an integral risk assessment model across three dimensions (technical criticality, social impact, regulatory exposure); case study of proactive practices implementation in Russian financial and healthcare organizations.
Results: an original risk assessment model for AI is proposed, combining technical criticality (scale 1–5), social impact (scale and reversibility of consequences), and regulatory exposure (compliance with «high-risk» AI criteria under EU AI Act and draft «Russian AI Act»). For the first time, non-human identity (NHI) management is substantiated as a strategic component of end-to-end AI risk management with a maturity metric scale (levels 0–3) linking NHI management practices to requirements of GOST R 57580.4-2024 and Bank of Russia Instruction No. 6119-U. Pilot implementation in a Russian
bank demonstrated a 79 % reduction in bias incident detection time (from 14 to 3 days) and a 62 % decrease in post-deployment model rollbacks. Mechanisms for adapting international frameworks to Russian requirements for personal data processing and AI infrastructure localization have been developed.
Scientific novelty: for the first time, an integral three-dimensional risk assessment model for AI is proposed, taking into account multi-domain risk exposure; NHI management is substantiated as a central element of AI systems' attack surface with a threat taxonomy linked to lifecycle phases; a maturity metric scale for NHI management is developed, ensuring compliance with Russian regulatory requirements.
Keywords: lifecycle, proactive security, non-human identities, risk management framework, generative models, adversarial attacks, information security.

1. Barabanov A. V., Markov A. S., Cirlov V. L. Informacionnaya bezopasnost' iskusstvennogo intellekta: ugrozy i metody zashchity // Voprosy
kiberbezopasnosti. 2024. № 4(60). S. 45–62. DOI: 10.21681/2311-3456-2024-4-45-62.
2. Grigor'ev S. G., Kuznecov S. D. Upravlenie riskami generativnyh modelej iskusstvennogo intellekta v finansovoj sfere // Bezopasnost'
informacionnyh tehnologij. 2024. T. 31, № 2. S. 112–127. DOI: 10.26583/bit.2024.2.08.
3. Petrov A. A., Sidorov V. V. Adaptaciya mezhdunarodnyh standartov upravleniya riskami II k rossijskoj pravovoj sisteme // Problemy
informacionnoj bezopasnosti. Komp'yuternye sistemy. 2025. № 1. S. 78–94. DOI: 10.26583/pibs.2025.1.06.
4. Fedorov A. V., Kuznecov S. D. Riski primeneniya generativnyh modelej v finansovoj sfere: ocenka i mery protivodejstviya // Bezopasnost'
informacionnyh tehnologij. 2025. № 2. S. 45–59. DOI: 10.26583/bit.2025.2.04.
5. Smirnov D. V., Ivanov P. S. Taksonomiya ugroz bezopasnosti bol'shih yazykovyh modelej // Voprosy kiberbezopasnosti. 2024. № 5(61).
S. 88–105. DOI: 10.21681/2311-3456-2024-5-88-105.
6. Kozlov A. N., Vasil'ev R. K. Upravlenie nechelovecheskimi identichnostyami v raspredelennyh IT-infrastrukturah // Informacionnye
tehnologii i bezopasnost'. 2024. T. 16, № 3. S. 67–82. DOI: 10.34641/its.2024.3.05.
7. Vasil'ev I. O., Petrov M. S. Ehticheskie aspekty primeneniya II v gosudarstvennom upravlenii: rossijskij kontekst // Gosudarstvennoe
upravlenie. Ehlektronnyj vestnik. 2024. № 89. S. 156–173. DOI: 10.21681/guve.2024.89.156.
8. Lebedev K. V., Novikov D. A. Metody obnaruzheniya adversarial'nyh atak na nejronnye seti // Prikladnaya diskretnaya matematika.
2023. № 62. S. 102–118. DOI: 10.17223/2226308X/62/8.
9. Sokolov A. V., Morozov A. A. Trebovaniya k zashchite personal'nyh dannyh pri ispol'zovanii tehnologij II // Zashchita informacii. Insajd. 2024. № 4. S. 23–37. DOI: 10.34641/zi.2024.4.03.
10. Zaharov V. V., Semenov A. A. Analiz ugroz bezopasnosti mashinnogo obucheniya v kriticheskoj infrastrukture // Voprosy kiberbezopasnosti. 2023. № 6(58). S. 112–129. DOI: 10.21681/2311-3456-2023-6-112-129.
11. Haritonov A. S., Belyaev S. V. Principy «bezopasnosti po zamyslu» pri razrabotke II-sistem // Informacionno-izmeritel'nye i upravlyayushchie sistemy. 2025. T. 23, № 1. S. 89–104. DOI: 10.34641/iius.2025.1.07.
12. Stepanov P. V., Kozlov S. M. Regulyatornye podhody k upravleniyu riskami II: sravnitel'nyj analiz ES, SSHA i Rossii // Pravo i bezopasnost' cifrovoj sredy. 2024. № 3. S. 45–63. DOI: 10.34641/law.2024.3.04.
13. Raji I. D., Smart A., White R. N., Mitchell M. Closing the AI Accountability Gap: Defining an End-to-End Framework for Internal Algorithmic Auditing // Proceedings of the 2020 Conference on Fairness, Accountability, and Transparency. 2020. P. 33–44. DOI: 10.1145/3351095.3372873.
14. Mitchell M., Wu S., Zaldivar A., Hutchinson B., Martin L., Veitch V., Denton E. Model Cards for Model Reporting // Proceedings of the Conference on Fairness, Accountability, and Transparency. 2019. P. 220–229. DOI: 10.1145/3287560.3287596.
15. Mack A. Proactive AI Security Posture Management for Non-Human Identities // Journal of Cybersecurity and Privacy. 2025. Vol. 5, № 1. P. 112–129. DOI: 10.3390/jcp5010008.
16. Thapar A. Proactive Risk Management in AI Systems: A Framework for Continuous Governance // NTT DATA Technical Review. 2025. Vol. 23, № 2. P. 34–49. DOI: 10.5281/zenodo.10456789.
17. Rajput A., Chen T., Liu Y., Zhang H., Li B., Wang Y. Jailbreaking Black Box Large Language Models in Twenty Queries // Proceedings of the IEEE/CVF Conference on Computer Vision and Pattern Recognition. 2024. P. 18945–18955. DOI: 10.1109/CVPR52729.2024.01845.
18. Chen R., Zhang Y., Wang D., Liu Y., Li J. Adversarial Training for Large Language Models: A Survey // ACM Computing Surveys. 2025. Vol. 57, № 4. Article 78. P. 1–36. DOI: 10.1145/3643845.
19. Brundage M., Avin S., Clark J., Toner H., Eckersley P., Filar B., Garfinkel S. The Malicious Use of Artificial Intelligence: Forecasting, Prevention, and Mitigation // AI & Society. 2022. Vol. 37, № 4. P. 1131–1164. DOI: 10.1007/s00146-021-01275-4.
20. Zhang Y., Chen R., Liu Q., Wang D. Security and Privacy Challenges of Large Language Models: A Comprehensive Survey // IEEE Transactions on Dependable and Secure Computing. 2024. Vol. 21, № 5. P. 3421 3440. DOI: 10.1109/TDSC.2024.3387651.
21. Kumar A., Nygard K., Sengupta S. Adversarial Machine Learning in Cybersecurity: Taxonomy, Challenges and Future Directions // Computers & Security. 2023. Vol. 134. P. 103456. DOI: 10.1016/j.cose.2023.103456.
22. Li L., Wang Y., Liu Q., Zhang Z. Non-Human Identity Management in Cloud-Native Environments: Threats and Countermeasures // Journal of Information Security and Applications. 2024. Vol. 78. P. 103642. DOI: 10.1016/j.jisa.2024.103642.
23. Wang X., Li J., Chen H., Liu Y. AI Supply Chain Security: Risks, Frameworks, and Best Practices // IEEE Security & Privacy. 2024. Vol. 22, № 3. P. 68–75. DOI: 10.1109/MSEC.2024.3367891.
24. Johnson J., Smith K., Williams R. Risk Governance for AI Systems: Integrating Technical and Organizational Controls // International Journal of Information Security. 2023. Vol. 22, № 6. P. 1245–1263. DOI: 10.1007/s10207-023-00658-9.
25. Garcia F., Martinez P., Rodriguez A. Lifecycle Risk Assessment Framework for AI in Critical Infrastructure // Reliability Engineering & System Safety. 2024. Vol. 245. P. 109218. DOI: 10.1016/j.ress.2024.109218.
26. Anderson R., Moore T., Shackleford B. Proactive Security Posture Management for AI-Driven Systems // ACM Transactions on Privacy and Security. 2025. Vol. 28, № 1. P. 1–28. DOI: 10.1145/3689123.

The purpose of the study is to formalize the task of assessing the criticality of accounts in a heterogeneous corporate information system by building a mathematical model of the access control system with subsequent verification of the approach based on a comparative analysis of machine learning models for Active Directory data.
Research methods: ensemble methods of machine learning (Random Forest, XGBoost, LightGBM), Bayesian optimization for hyperparameter tuning, t-SNE dimensionality reduction algorithm for feature visualization.
Results of the study: a comprehensive analysis of the problem was carried out, a mathematical model describing the systems of differentiation and management of rights, access in heterogeneous corporate IS was built. A comparative analysis of the application of various machine learning approaches to the problem of determining the criticality of accounts by Active Directory parameters was carried out. the result was XGBoost with an accuracy of 83% and a weighted F1 measure of 0.84. All models demonstrated high accuracy in detecting High critical records (≥90 %), but the Medium classification remains problematic (F1 measure 0.56–0.69) due to the proximity of features to the Low class, confirmed by t-SNE imaging. A program has been created that allows you to determine the criticality of accounts using Active Directory attributes. 
Scientific novelty: for the first time, the task of assessing the criticality of accounts is formalized taking into account their role not only in Active Directory, but also in related access control systems (IAM, SSO, DLP). A new formal apparatus
for describing the corporate access control system is proposed, which allows quantifying the integral risk associated with each account. Which complies with the principles of Identity-Driven Security.
Keywords: access control, security attributes, Active Directory, Random Forest, XGBoost, ensemble methods.

1. Rao K. R. Role recommender-RBAC: optimizing user-role assignments in RBAC / K. R. Rao, A. Nayak, I. G. Ray [et al.] // Computer Communications. – 2021, Vol. 166. – P. 140–153. DOI: 10.1016/j.comcom.2020.12.006.
2. Nasiruzzaman M. The evolution of zero trust architecture (ZTA) from concept to implementation / M. Nasiruzzaman, M. Ali, I. Salam, M. H. Miraz // 29th International Conference on Information Technology (IT), Zabljak, Montenegro, 19-22 February 2025. – pp. 1–8. DOI: 10.1109/IT64745.2025.10930254.
3. Ahmadi S. Autonomous identity-based threat segmentation in zero trust architectures // Cyber Security and Applications. December 2025, Vol.3, No. 100106. DOI: 10.48550/arXiv.2501.06281.
4. Tyler Schroder, Sohee Kim Park Securing sideways: Thwarting Lateral Movement by Implementing Active Directory Tiering / T. Schroder, S. Kim Park. DOI: 10.48550/arXiv.2508.11812, 2025.
5. Kalwani S. Identity access management, identity governance administration, privileged access management differences, tools and applications // International Journal of multidisciplinary research and growth evaluation. – 2025, Vol. 6, No. 2. – P. 1832–1839. DOI: 10.48550/ arXiv.2508.11812.
6. Gambo M. Zero trust architecture: a systematic literature review / M. L. Gambo, A. Almulhem // Journal of Network and Systems Management, vol. 34, no 25, 2026. DOI: 10.1007/s10922-025-09998-x.
7. Vasil'ev V. I. Raspredelennaya sistema obnaruzheniya setevyh atak na osnove federativnogo transfernogo obucheniya / V. I. Vasil'ev, A. M. Vul'fin, V. M. Kartak [i dr.] // Voprosy kiberbezopasnosti. – 2024, № 6(64). – S. 117–129. DOI: 10.21681/2311–3456–2024–6–117–129.
8. Chastikova V. A. Osobennosti ispol'zovaniya metodov obrabotki estestvennogo yazyka v zadachah fil'tracii spama / V. A. Chastikova, K. V. Kozachek // XII mezhdunarodnaya nauchno–prakticheskaya konferenciya molodyh uchenyh, posvyashchennaya 61–oj godovshchine poleta Yu. A. Gagarina v kosmos: Sbornik nauchnyh statej. - Krasnodar, 12–13 aprelya 2022 goda. – S. 265–270.
9. Balaev V. A. Chto takoe single sign-on? / V. A. Balaev, V. S. Gridchin, N. A. Chaplygin // Innovacionnaya traektoriya razvitiya sovremennoj nauki: stanovlenie, razvitie, prognozy: sbornik statej VI Mezhdunarodnoj nauchno-prakticheskoj konferencii, Petrozavodsk, 17 iyunya 2021 goda. – S. 95–98.
10. Demidova A. Yu. Tehnologiya single sign on: instrumenty centralizovannoj autentifikacii dlya funkcional'noj sistemy servisov / A. Yu. Demidova, A. V. Zhukov // Inzhenernyj vestnik Dona. – 2020, № 3(63) – s. 10.
11. Medvedeva S. A. Sovremennye sredstva obespecheniya bezopasnosti / S. A. Medvedeva, A. N. Semenec // Vestnik obrazovatel'nogo konsorciuma Srednerusskij universitet. Informacionnye tehnologii. – 2020, № 1(15). – S. 19–21.
12. Chastikova V. A. Preodolenie deficita dannyh dlya ocenki kritichnosti uchetnyh zapisej active Directory: metod sinteticheskoj generacii s postobrabotkoj / V. A. Chastikova, K. V. Kozachek // Sbornik trudov H mezhdunarodnoj yubilejnoj nauchno-prakticheskoj konferencii «Distancionnye obrazovatel'nye tehnologii», Yalta, 16–18 sentyabrya 2025 goda. – S. 491–493.
13. Li W. Magnifier: detecting network access via lightweight traffic-based fingerprints/ W. Li, Q. Wang, H. Bao, X.-Y. Zhang, L. Ying, Z. Li. // IEEE Transactions on Information Forensics and Security. – 2025, Vol. 20, pp. 7542–7557. DOI: 10.1109/TIFS.2025.3587621.
14. Fuentes J. Cybersecurity threat detection based on a UEBA framework using deep autoencoders / J. Fuentes, I. Ortega-Fernandez, N. M. Villanueva, M. Sestelo // AIMS Mathematics, 2025, 10(10): 23496–23517. DOI: 10.3934/math.20251043.
15. Wang A. X. Blending is all you need: data–centric ensemble synthetic data / A. X. Wang, C. R. Simpson, B. P. Nguyen // Information Sciences, February 2025. – Vol. 691, No. 121610. DOI: 10.1016/j.ins.2024.121610.
16. Kochergin S. V. Kiberbezopasnost' smart-setej: sravnenie podhodov mashinnogo obucheniya dlya obnaruzheniya anomalij / S. V. Kochergin, S. V. Artemova, A. A. Bakaev [i dr.] // Russian Technological Journal. – 2024. – T. 12, № 6. – S. 7–19. – DOI: 10.32362/2500-316X-2024-12-6-7-19.

Purpose of the study development of a modeling method and threat model for a system hybrid adaptive security control for intelligent water transport systems (IWTS) of critical information infrastructure (CII).
Methods of the study: representation of critical information infrastructure (CII) objects as integrated automated corporate management and technological control systems (IACMaTCS); systemic analysis security threats IACMaTCS; application of hybrid intelligence for risk assessment and security management IWTS objects.
Results: a systemic analysis of the security threats to IWTS was conducted. The basic configuration of the IWTS and the digital model of the IACMaTCS of a typical IWTS object are presented. Examples of computer attacks are given that cause violations of information security and the functioning of subsystems of the global navigation satellite system, the automatic identification system, radar surveillance, technical vision of autonomous (unmanned) and semi-autonomous vessels, and coastal control centers for unmanned vessels of the IWTS. A cascade threat modeling method and a corresponding threat model for the security of IWTS objects have been developed and integrated into a hybrid adaptive security management system for IWTS objects.
Scientific novelty: the proposed solutions provide a transition from linear models to models of hybrid adaptive security management for IWTS objects for the automated search and implementation of the most effective scenarios.
Practical relevance: the authors' proposed solutions allow for more rapid and comprehensive identification of security threats relevant to specific of IWTS objects, and for make decisions about the need to take protective measures or the lack of need to respond to an imaginary threat based on a comprehensive risk analysis. The developed method and model are highly general and can be used in modeling security threats to intelligent transportation systems across various modes of transport.
Keywords: automated corporate management system; automated technological control system; hybrid intelligence; integrated automated corporate management and technological control system; critical information infrastructure; fuzzy logic; hybrid management system; risk management; digital inequality.

1. Ivanenko, V. G., & Ivanova, N. D. (2024). Otsenka riskov informatsionnoi bezopasnosti avtomatizirovannykh sistem upravleniya
tekhnologicheskim protsessom [Risk assessment of information security for automated process control systems]. Cybersecurity Issues,
1(59), 116–123. DOI 10.21681/2311-3456-2024-1-116-123.
2. Gurina, L. A. (2022). Assessment of cyber resilience of operational dispatch control system of EPS. Cybersecurity Issues, 3(48), 18–26. DOI 10.21681/2311-3456-2022-3-23-31.
3. Gurina, L. A. (2022). Increasing cyber resilience of SCADA and WAMS in the event of cyber attac ks on the information and communication subsystem of the electric power system. Cybersecurity Issues, 2(48), 23–31. DOI 10.21681/2311-3456-2022-2-18-26.
4. Kolosok, I. N., & Gurina, L. A. (2021). Assessment of cyber resilience indices of information collection and processing systems in electric power systems based on semi-markov models. Cybersecurity Issues, 6(46), 2–11. DOI 10.21681/2311-3456-2021-6-2-11.
5. Mikhalevich, I. F. (2025). Problems of Creating a Trusted Environment for Development and Implementation of Intelligent Water Transport Systems. Dependability, Vol. 25, No. 2, 39–47. DOI 10.21683/1729-2646-2025-25-2-39-47.
6. Bochkov, M. V., & Vasinev, D. A. (2025). Method assessment of critical information infrastructure security on the basis of semi-natural
and simulation modeling tools. Cybersecurity Issues, 4(68), 17–29. DOI 10.21681/2311-3456-2025-4-17-29.
7. Lapsar, A. P., Lapsar, A. P., Nazaryan, S. A., & Vladimirova, A. I. (2022). Ensuring the resistance of critical information infrastructure objects to advanced persistent threats. Cybersecurity Issues, 2(48), 39–51. DOI 10.21681/2311-3456-2022-2-39-51.
8. Natashova, K. V., Sokolov, S. S., Nyrkov, A. P. & et al. (2020). On the issue of categorization of objects of critical information infrastructure of seaports. IT security. Vol. 27, No. 2, 35–46. DOI 10.26583/bit.2020.1.03.
9. Vasinev, D. A., & Bochkov, M. V. (2024). A Method for Assessing the Security of Critical Information Infrastructure. Cybersecurity Issues, 1(59), 108–115. DOI 10.21681/2311-3456-2024-1-108-115.
10. Baranov, L. A., Ivanova, N. D., & Mikhalevich, I. F. (2025). Modeling and Risk Assessment of Security of Intelligent Water Transport Systems. Transport automation research, Vol. 11., No. 1, 7–15. DOI 10.20295/2412-9186-2025-11-01-7-15.
11. Baranov, L. A., Ivanova, N. D., & Mikhalevich, I. F. (2025). Digital Testbed for Security Analysis of Critical Information Infrastructure Objects of Intelligent Water Transport Systems. Dependability, Vol. 25, No. 3, 50–59. DOI 10.21683/1729-2646-2025-25-3-50-59.
12. Oruc, A., Kavallieratos, G., Gkioulos, V., & Katsikas, S. (2025). Perspectives on the cybersecurity of the integrated navigation system. Journal of Marine Science and Engineering, 13, 1087, 1–32. DOI 10.3390/jmse13061087.
13. Soner, O., Kayisoglu, G., Bolat, P., & Tam, K. (2024). Risk sensitivity analysis of AIS cyber security through maritime cyber regulatory frameworks. Applied Ocean Research, 142, 1–30. 103855. DOI 10.1016/j.apor.2023.103855.
14. Longo, G., Russo, E., Armando, A., & Merlo, A. (2023). Attacking (and defending) the maritime radar system. IEEE Transactions on Information Forensics and Security, 3575–3589. DOI 10.1109/TIFS.2023.3282132.
15. Jin, Z., Ji, X., Cheng, Y., Yang, B., & et al. (2023). PLA-LiDAR: Physical laser attacks against LiDAR-based 3D object detection in autonomous vehicle. 2023 IEEE Symposium on Security and Privacy (SP), 1822–1839. DOI 10.1109/SP46215.2023.10179458.
16. Bendiab, G., Hameurlaine, F., Germanos, G., & et al. (2023). Autonomous vehicles security: Challenges and solutions using blockchain and artificial intelligence. IEEE Transactions on Intelligent Transportation Systems, 24(14), 1–24. DOI 10.1109/TITS.2023.3236274.
17. Islam, T., Sheakh, M. A., Jui, A. N., Sharif, O., & Hasan, M. Z. (2023). A review of cyber attacks on sensors and perception systems in autonomous vehicle. Journal of Economy and Technology, 1(9), 242–258. DOI 10.1016/j.ject.2024.01.002.
18. Cabral, C. J., Roxo, T., Proença, R., & Inácio, P. (2023). How deep learning sees the world: A survey on adversarial attacks & defenses. IEEE Access, 12, 1–24. DOI 10.1109/ACCESS.2024.3395118.
19. Spravil, J., Hemminghaus, C., Rechenberg, M., & et al. (2023). Detecting maritime GPS spoofing attacks based on NMEA sentence integrity monitoring. Journal of Marine Science and Engineering, 11(5), 1–22. DOI 10.3390/jmse11050928.
20. Tran, K., Keene, S., Fretheim, E., & Tsikerdekis, M. (2021). Marine network protocols and security risks. Journal of Cybersecurity and Privacy, 1(2), 239–251. DOI 10.3390/jcp1020013.

Aim of the study: The aim of the study is to overcome the methodological limitation of classical resilience assessment approaches based on the stationary availability factor, by developing a new model and metrics for the predictive evaluation of resilience of individual critical information infrastructure (CII) elements under targeted cyber threat impact.
Research methods: a combination of methods was employed: heuristic methods (formulation of the survivability function concept), extrapolation of reliability theory methods to non-ergodic processes, expert assessments (for threat parameterization), comparative analysis (of classical and proposed metrics), analytical methods of differential calculus (derivation and analysis of the survivability function expression), and model verification and validation techniques (analysis of limiting regimes, logical consistency checks).
Results obtained: a mathematical model of a CII element's resilience was developed in the form of the function r(t) = Kg ⋅ φ(t). This model integrates the stationary availability coefficient Kg (characterizing background reliability) and the introduced survivability function φ(t) (modeling the state dynamics during an attack). For the case of a single impact, its analytical expression was derived. Based on the model, a set of predictive resilience metrics is proposed and justified:
the minimum φm and average φ(t) values of the survivability function over the impact interval, and the survivability coefficient (Kzh) characterizing the proportion of the high-risk period. The model's adequacy was confirmed through verification on limiting regimes and checks for logical consistency.
Scientific novelty: The novelty lies in the methodological shift from retrospective reliability assessment based on failure statistics to proactive scenario-based forecasting of cyber resilience. For the first time, a formal separation of the overall resilience of a CII element into a stationary component (background operational reliability) and a dynamic component (survivability under a targeted attack) is proposed. The survivability function φ(t) is introduced as a tool for modeling the non-ergodic processes of cyberattacks, parameterized based on scenario analysis rather than retrospective statistics.
Practical significance: The proposed model and metrics provide a quantitative basis for risk-oriented cybersecurity audit planning for CII. They enable: prioritization of elements for in-depth inspection, justification of requirements for Mean Time to Recovery (MTTR), planning of pre-emptive protective measures, and management of «high-risk windows». The model is applicable for assessing individual critical CII elements (servers, communication channels, firewalls, etc.), facilitating
the transition from the concept of static security to the practice of managing cyber resilience based on predictive assessments.
Keywords: availability coefficient, survivability function, resilience function, critical information infrastructure, cyber threats, resilience assessment, predictive metrics.

1. Anishchenko A. V. Sistemnaya inzheneriya v problemah nacional'noj bezopasnosti / A. V. Anishchenko, V. B. Artem'ev, M. K. Bondareva [i dr.] // Bezopasnost' Rossii. Pravovye, social'no-ehkonomicheskie i nauchno-tehnicheskie aspekty. Tematicheskij blok «Nacional'naya bezopasnost'». – Moskva: Znanie, 2025. – 898 s.
2. Gnedenko B. V. Matematicheskie metody v teorii nadezhnosti / B. V. Gnedenko, Yu. K. Belyaev, A. D. Solov'ev. – M. : Nauka, 1965. – 524 s.
3. Sicignano M. Risk assessment for cyber resilience of critical infrastructures: Methods, governance, and standards / M. Sicignano, V. Di Sarno, L. Carnevali, A. Rullo // Applied Sciences. – 2024. – Vol. 14, No. 24. – Art. 11807. – DOI: 10.3390/app142411807.
4. Alhidaifi S. M. Cyber resilience quantification: A probabilistic estimation model for IT infrastructure / S. M. Alhidaifi, M. R. Asghar, I. S. Ansari // Reliability Engineering & System Safety. – 2026. – Vol. 265, Part B. – Art. 111473. – DOI: 10.1016/j.ress.2025.111473.
5. Yamin M. M. A systematic literature review of cyber resilience / M. M. Yamin, B. Katt // ACM Computing Surveys. – 2024. – Vol. 56, No. 8. – Art. 183. – DOI: 10.1145/3649218.
6. Sepúlveda Estay D. A. A systematic review of cyber-resilience assessment frameworks / D. A. Sepúlveda Estay, R. Sahay, M. B. Barfod, C. D. Jensen // Computers & Security. – 2020. – Vol. 97. – Art. 101996. – DOI: 10.1016/j.cose.2020.101996.
7. Carías J. F. Cyber resilience progression model / J. F. Carías, S. Arrizabalaga, L. Labaka, J. Hernantes // Applied Sciences. – 2020. – Vol. 10, No. 21. – Art. 7393. – DOI: 10.3390/app10217393.
8. Carías J. F. Cyber resilience self-assessment tool (CR-SAT) for SMEs / J. F. Carías, S. Arrizabalaga, L. Labaka, J. Hernantes // IEEE Access. – 2021. – Vol. 9. – P. 77912–77930. – DOI: 10.1109/ACCESS.2021.3085530.
9. Segovia-Ferreira M. A. Survey on Cyber-Resilience Approaches for Cyber-Physical Systems / M. Segovia-Ferreira, J. Rubio-Hernan, A. R. Cavalli, J. Garcia-Alfaro // ACM Computing Surveys. – 2024. – Vol. 56, No. 8. – Art. 202. – DOI: 10.1145/3652953.
10. Rehak D. Complex approach to assessing resilience of critical infrastructure elements / D. Rehak, P. Senovsky, M. Hromada, T. Lovecek // International Journal of Critical Infrastructure Protection. – 2019. – Vol. 25. – P. 125–138. – DOI: 10.1016/j.ijcip.2019.03.003.
11. Petrenko S. Cyber Resilience / S. Petrenko. – Gistrup : River Publishers, 2019. – 200 p. – DOI: 10.1201/9781003337775.
12. Deng H. Performance in the Cloud: A Ten-Year Retrospective Look / H. Deng, Q. Liu, J. Wu, Z. Wu, X. Lin // Proceedings of the ACM on Measurement and Analysis of Computing Systems. – 2024. – Vol. 8, Art. No.: 1, R. 1–25. – DOI: 10.1145/3703159.
13. Yazov Yu. K. Ob opredelenii ponyatiya «kiberbezopasnost'» i svyazannyh s nim terminov / Yu. K. Yazov // Voprosy kiberbezopasnosti. – 2025. – № 1(65). – S. 2–6. – DOI: 10.21681/2311-3456-2025-1-2-6.
14. Voevodin V. A. Genezis ponyatiya strukturnoj ustojchivosti informacionnoj infrastruktury avtomatizirovannoj sistemy upravleniya proizvodstvennymi processami k vozdejstviyu celenapravlennyh ugroz informacionnoj bezopasnosti / V. A. Voevodin // Vestnik Voronezhskogo instituta FSIN Rossii. – 2023. – № 2. – S. 30–41.
15. Antonov S. G. Metodika instrumental'no-raschetnoj ocenki ustojchivosti ob"ektov kriticheskoj informacionnoj infrastruktury pri informacionno-tehnicheskih vozdejstviyah / S. G. Antonov, I. I. Anciferov, S. M. Klimov // Nadezhnost'. – 2020. – T. 20, № 4. – S. 35–41. – DOI: 10.21683/1729-2646-2020-20-4-35-41.
16. Zaharchenko R. I. Metodika ocenki ustojchivosti funkcionirovaniya ob"ektov kriticheskoj informacionnoj infrastruktury, funkcioniruyushchej v kiberprostranstve / R. I. Zaharchenko, I. D. Korolev // Naukoemkie tehnologii v kosmicheskih issledovaniyah Zemli. – 2018. – T. 10, № 2. – S. 52–61. – DOI: 10.24411/2409-5419-2018-10041.
17. Voevodin V. A. Matematicheskaya model' ocenivaniya ustojchivosti funkcionirovaniya ehlementa informacionnoj infrastruktury avtomatizirovannoj sistemy upravleniya, podverzhennoj vozdejstviyu ugroz informacionnoj bezopasnosti / V. A. Voevodin // Informacionnye tehnologii. – 2024. – T. 30, № 1. – S. 23 31. – DOI: 10.17587/it.30.23-31.
18. Voevodin V. A. Model' ocenki funkcional'noj ustojchivosti ehlementov informacionnoj infrastruktury dlya uslovij vozdejstviya mnozhestva komp'yuternyh atak / V. A. Voevodin // Informatika i avtomatizaciya. – 2023. – T. 22, № 3. – S. 691–715. – DOI: 10.15622/ia.22.3.8.

Purpose of the Study: this study investigates the robustness of contemporary large language models when employed as decision engines for security-critical authorization requests involving account and permission modification operations associated with the MITRE ATT&CK T1098 technique. The primary objective is to evaluate the stability and reliability of binary allow/deny authorization decisions under systematically designed prompt perturbations.
Methods of Research: an experimental ethical authorization assistant was developed to query several open large language models using a curated collection of security-sensitive account-manipulation scenarios. A controlled perturbation framework introduces temporal, structural, contextual, and cognitive-load variations into prompts while preserving the semantic equivalence of the underlying action. The experimental pipeline automatically records structured responses and evaluates robustness using metrics including decision flip rate, justification entropy, semantic variability, self-consistency, and composite fragility indices.
Results: the experimental evaluation demonstrates substantial robustness limitations in contemporary open large language models when they are deployed as authorization oracles for account-manipulation scenarios corresponding to MITRE ATT&CK technique T1098. Across extensive perturbation-based test sets, minor variations in prompt formulation, contextual framing, dialogue history, or temporal parameters frequently produce contradictory authorization outcomes for identical underlying actions. Quantitative analysis reveals elevated decision flip rates and considerable variability in the textual justifications generated by the models. Under perturbation conditions, the reasoning patterns of the models exhibit notable drift and occasionally contradict previously articulated authorization rules, particularly when prompts introduce complex policy descriptions or increased cognitive load. When the results are analysed across attack-aligned operational zones, scenarios involving cloud credential management and SSH or device access demonstrate the highest levels of instability, whereas policy definition and registration scenarios exhibit comparatively lower, although still significant,
fragility. Non-parametric statistical analysis confirms statistically significant differences in robustness across both evaluated models and operational zones. Overall, the results indicate that none of the examined models currently satisfy the reliability requirements necessary for fully autonomous authorization decision-making in security-critical account management environments, suggesting that such systems should be restricted to advisory roles supported by strict safeguards and human oversight.
Scientific Novelty: this study conceptualizes large language models as operational authorization decision engines responsible for evaluating concrete account-manipulation requests rather than merely serving as analytical or advisory tools. It proposes a perturbation-based robustness evaluation framework specifically tailored to security-sensitive authorization scenarios aligned with MITRE & ATTACK operations. The results provide systematic empirical evidence that current models exhibit intrinsic fragility when applied as standalone decision mechanisms within access-control infrastructures.
Keywords: prompt perturbation testing; access-control reliability; decision consistency analysis; cybersecurity automation risks; AI-assisted security governance; credential abuse detection; policy-compliance evaluation; human-in-the-loop security; adversarial prompt sensitivity.

1. Xu, H., Wang, S., Li, N., Wang, K., Zhao, Y., Chen, K., Yu, T., Liu, Y., & Wang, H. (2024). Large Language Models for Cyber Security: A Systematic Literature Review. ACM Transactions on Software Engineering and Methodology. https://doi.org/10.1145/3769676.
2. Salem, A., Azzam, S., Emam, O., & Abohany, A. (2024). Advancing cybersecurity: a comprehensive review of AI-driven detection techniques. Journal of Big Data, 11, 1–38. https://doi.org/10.1186/s40537-024-00957-y.
3. Motlagh, F., Hajizadeh, M., Majd, M., Najafi, P., Cheng, F., & Meinel, C. (2024). Large Language Models in Cybersecurity: State-of-the-Art, 98–110. https://doi.org/10.48550/arxiv.2402.00891.
4. Jaiswal, A. (2025). Adaptive cumulative entropy threshold: a novel approach to DDoS attack detection in IoT devices and smart homes systems. Voprosy kiberbezopasnosti, 69, 162–171. DOI: 10.21681/2311-3456-2025-5-162-171.
5. Qu, C., Dai, S., Wei, X., Cai, H., Wang, S., Yin, D., Xu, J., & Wen, J. (2024). Tool learning with large language models: a survey. Frontiers of Computer Science, 19. https://doi.org/10.1007/s11704-024-40678-2.
6. Mennella, C., Maniscalco, U., De Pietro, G., & Esposito, M. (2024). Ethical and regulatory challenges of AI technologies in healthcare: A narrative review. Heliyon, 10. https://doi.org/10.1016/j.heliyon.2024.e26297.
7. Rafique, S., Abdallah, A., Musa, N., & Murugan, T. (2024). Machine Learning and Deep Learning Techniques for Internet of Things Network Anomaly Detection – Current Research Trends. Sensors (Basel, Switzerland), 24. https://doi.org/10.3390/s24061968.
8. Khalid, A., Owoh, N., Uthmani, O., Ashawa, M., Osamor, J., & Adejoh, J. (2024). Enhancing Credit Card Fraud Detection: An Ensemble Machine Learning Approach. Big Data Cogn. Comput., 8, 6. https://doi.org/10.3390/bdcc8010006.
9. Fan, W., Ding, Y., Ning, L., Wang, S., Li, H., Yin, D., Chua, T., & Li, Q. (2024). A Survey on RAG Meeting LLMs: Towards Retrieval-Augmented Large Language Models. Proceedings of the 30th ACM SIGKDD Conference on Knowledge Discovery and Data Mining. https://doi.org/10.1145/3637528.3671470.
10. Kayikci, S., & Khoshgoftaar, T. (2024). Blockchain meets machine learning: a survey. Journal of Big Data, 11, 1–29. https://doi.org/10.1186/s40537-023-00852-y.
11. Lin, Z., Guan, S., Zhang, W., Zhang, H., Li, Y., & Zhang, H. (2024). Towards trustworthy LLMs: a review on debiasing and dehallucinating in large language models. Artificial Intelligence Review, 57. https://doi.org/10.1007/s10462-024-10896-y.
12. Ferrag, M., Alwahedi, F., Battah, A., Cherif, B., Mechri, A., Tihanyi, N., Bisztray, T., & Debbah, M. (2024). Generative AI in Cybersecurity: A Comprehensive Review of LLM Applications and Vulnerabilities. 1–52. https://doi.org/10.48550/arXiv.2405.12750.
13. Mian, Z., Deng, X., Dong, X., Tian, Y., Cao, T., Chen, K., & Jaber, T. (2024). A literature review of fault diagnosis based on ensemble learning. Eng. Appl. Artif. Intell., 127, 107357. https://doi.org/10.1016/j.engappai.2023.107357.
14. Malatji, M., & Tolah, A. (2024). Artificial intelligence (AI) cybersecurity dimensions: a comprehensive framework for understanding adversarial and offensive AI. AI and Ethics, 1–28. https://doi.org/10.1007/s43681-024-00427-4.
15. Mersha, M., Lam, K., Wood, J., AlShami, A., & Kalita, J. (2024). Explainable artificial intelligence: A survey of needs, techniques, applications, and future direction. Neurocomputing, 599, 128111. https://doi.org/10.1016/j.neucom.2024.128111.
16. Jaiswal, A. & Alireza, N. A. K. (2024). Deep Comparison Analysis: Statistical Methods and Deep Learning for Network Anomaly Detection.
International Journal of Computer Science and Information Security, Vol. 22. 10.5281/zenodo.14051106.
17. Zhang, Z., Dai, Q., Bo, X., C., Li, R., Chen, X., Zhu, J., Dong, Z., & Wen, J. (2024). A Survey on the Memory Mechanism of Large Language Model-based Agents. ACM Transactions on Information Systems, 43, 1–47. https://doi.org/10.1145/3748302.
18. Katsoulakis, E., Wang, Q., Wu, H., Shahriyari, L., Fletcher, R., Liu, J., Achenie, L., Liu, H., Jackson, P., Xiao, Y., Syeda-Mahmood, T., Tuli, R., & Deng, J. (2024). Digital twins for health: a scoping review. NPJ Digital Medicine, 7. https://doi.org/10.1038/s41746-024-01073 0.
19. Jaiswal, A. (2025). Evaluating RAG System Models Robustness to Hybrid Homoglyph and Emoji-Based Next-Generation Adversarial Prompt Injection. Information Processes, 25, 807–820.

The purpose of this article: development of a mechanism for detecting malicious packaged .NET applications in user mode based on the analysis of method names registered by the CLR (Common Language Runtime) provider in the Windows event tracing system.
Research method: synthesis of the Event Tracing for Windows (ETW) telemetry mechanism based on the connectivity of masking and packaging techniques with observed execution parameters, and evaluation of modern malware.NET campaigns based on a set of behavioral markers of packers.
Result: new approach is formulated to identify the packaging of executable code by evaluating the similarity lexical of names .NET methods in real-time using the cosine distance method. To implement the new approach, a threat model for malicious software in Windows has been developed based on the regulatory framework of the FSTEC of the Russian Federation, which includes: OS components, information security threats, tactics and techniques, threat scenarios in terms of controlled execution and the impact of the triad of confidentiality, integrity and accessibility. The final threat model includes 112 lines with scenarios for components with their corresponding threats, tactics, techniques, and influence. A new mechanism for detecting malicious software in Windows based on ETW telemetry is proposed, which includes a method and algorithm for determining the packaging of malicious code based on the cosine distance in the embedding space of method names. The method includes the following steps: ETW event collection; filtering; vectorization; feature extraction;
model selection, training, and cosine distance calculation; file classification. To implement the last stages, a classification algorithm based on the Skip-gram model of the Word2Vec method is proposed, where the vector representation of the method name is calculated using the average of the input and output embeddings of its tokens, and the final file classification is based on an analysis of the totality of the proposed features and the threshold value of the cosine distance determined
experimentally on special datasets.
Scientific novelty: new approach to detecting malicious software in Windows by evaluating the similarity lexical of names .NET methods in real-time using the cosine distance method.
Practical value: it consists in the ability to detect previously unknown packaged ones .NET malware without relying on signature databases and without interfering with the operating system kernel.
Keywords: threat model, behavioral marker, lexical of names .NET methods, cosine distance, embedding, vectorization, classification.

1. Markov A. S., Antipov I. S., Arustamyan S. S., Magakelova N. A. Sravnitel'ny'j analiz i vy'bor staticheskix analizatorov bezopasnosti koda // Voprosy kiberbezopasnosti. 2024. № 5(63). S. 79-88. DOI 10.21681/2311-3456-2024-5-79-88.
2. Anne Hennig, Maxime Veit, Leoni Schmidt-Enke, Fabian Neusser, Dominik Herrmann, Peter Mayer, «I believe it’s incredibly difficult to fight against this flood of spam»: Towards enhancing strategies for creating effective vulnerability notifications, Computers & Security, 2025, 104682. DOI 10.1016/j.cose.2025.104682.
3. Daniel Gibert, Nikolaos Totosis, Constantinos Patsakis, Quan Le, Giulio Zizzo, Assessing the impact of packing on static machine
learning-based malware detection and classification systems, Computers & Security, Volume 156, 2025, 104495. DOI 10.1016/j.cose.2025.104495.
4. Tino Jungebloud, Nhung H. Nguyen, Dan Dongseong Kim, Armin Zimmermann, Model-based structural and behavioral cybersecurity risk assessment in system designs, Computers & Security, Volume 157, 2025, 104543. DOI 10.1016/j.cose.2025.104543.
5. Tieming Chen, Qijie Song, Tiantian Zhu, Xuebo Qiu, Zhiling Zhu, Mingqi Lv, Kellect: A Kernel-based efficient and lossless event log collector for windows security, Computers & Security, Volume 150, 2025, 104203. DOI 10.1016/j.cose.2024.104203.
6. Markus Wurzenberger, Georg Höld, Max Landauer, Florian Skopik, Analysis of statistical properties of variables in log data for advanced anomaly detection in cyber security, Computers & Security, Volume 137, 2024, 103631. DOI 10.1016/j.cose.2023.103631.
7. Jagsir Singh, Jaswinder Singh, A survey on machine learning-based malware detection in executable files, Journal of Systems Architecture, Volume 112, 2021, 101861. DOI 10.1016/j.sysarc.2020.101861.
8. Abdulbasit A. Darem, A Novel Framework for Windows Malware Detection Using a Deep Learning Approach, Computers, Materials and Continua, Volume 72, Issue 1, 2022, 461–479. DOI 10.32604/cmc.2022.023566.
9. Korneev N. V., Dikiy A. B. Pattern dlya obespecheniya bezopasnosti informacionnoj infrastruktury' pri migracii obrazov virtual'ny'x mashin // Voprosy kiberbezopasnosti. 2025. № 2(66). S. 29–40. DOI 10.21681/2311-3456-2025-2-29-40.
10. Korneev N. V., Lazorin D. S. Pattern dlya obespecheniya bezopasnosti veb-prilozheniya pri ugroze XSS atak v oblachnoj infrastrukture // Voprosy kiberbezopasnosti. 2024. № 6(64). S. 76–84. DOI 10.21681/2311-3456-2024-6-76-84.
11. Buhang Zhai, Oluwatobi Noah Akande, Saurabh Agarwal, Wooguil Pak, Security risk assessment of internet of things health devices using DREAD and STRIDE models, Ain Shams Engineering Journal, Volume 16, Issue 11, 2025, 103721. DOI 10.1016/j.asej.2025.103721.
12. Rory Flynn, Oluwafemi Olukoya, Using approximate matching and machine learning to uncover malicious activity in logs, Computers & Security, Volume 151, 2025, 104312. DOI 10.1016/j.cose.2025.104312.
13. Hossein Abroshan, AI to protect AI: A modular pipeline for detecting label-flipping poisoning attacks, Machine Learning with Applications, Volume 22, 2025, 100768. DOI 10.1016/j.mlwa.2025.100768.
14. Wenjie Wang, Zihan Deng, Yinxing Xue, Yun Xu, CCStokener: Fast yet accurate code clone detection with semantic token, Journal of Systems and Software, Volume 199, 2023, 111618. DOI 10.1016/j.jss.2023.111618.
15. Bhubharv Mohan Sharma, Aruna Malik, Automated Threat Attack Categorisation into Cloud Service Models, Procedia Computer Science, Volume 259, 2025, 1883–1892. DOI 10.1016/j.procs.2025.04.144.
16. Arar Al Tawil, Laiali Almazaydeh, Doaa Qawasmeh, Baraah Qawasmeh, Mohammad Alshinwan, Khaled Elleithy, Comparative Analysis of Machine Learning Algorithms for Email Phishing Detection Using TF-IDF, Word2Vec, and BERT, Computers, Materials and Continua, Volume 81, Issue 2, 2024, 3395–3412. DOI 10.32604/cmc.2024.057279.
17. Rahul Yumlembam, Biju Issac, Seibu Mary Jacob, Enhancing Decision-Making in Windows PE Malware Classification During Dataset Shifts with Uncertainty Estimation, Knowledge-Based Systems, 2025, 114723. DOI 10.1016/j.knosys.2025.114723.
18. Zhongyang Deng, Ling Xu, Chao Liu, Luwen Huangfu, Meng Yan, Code semantic enrichment for deep code search, Journal of Systems and Software, Volume 207, 2024, 111856. DOI 10.1016/j.jss.2023.111856.
19. Hongle Liu, Ming Liu, Lansheng Han, Haili Sun, Cai Fu, Ripple2Detect: A semantic similarity learning based framework for insider threat multi-step evidence detection, Computers & Security, Volume 154, 2025, 104387. DOI 10.1016/j.cose.2025.104387.

Purpose of work is to analyze classical, quantum and quantum-inspired optimization methods in relation to the problem of ensuring the stability of blockchain systems, to develop a QUBO model of cumulative risk, taking into account the probabilities of attacks and resource constraints, to adapt the discrete algorithm of simulated dSB bifurcation and its modification HdSB to the problem of ensuring the stability of systems by minimizing risk.
Research methods: comparative analysis of the performance of optimization algorithms on problems of various structures and dimensions, construction of a QUBO risk model with the incorporation of resource constraints through a quadratic penalty function, adaptation of dSB and HdSB algorithms by converting the QUBO formulation into an Ising model and adjusting the evolution parameters.
Results of the study: a strictly defined QUBO formulation of the problem of ensuring the resilience of blockchain systems to a variety of classical and quantum attacks has been formed. In the model, the combined probabilities of various attack scenarios are reduced to a system of linear coefficients reflecting individual risks and quadratic coefficients describing the interactions between vulnerabilities. Resource constraints on the number of simultaneously implemented protective measures are incorporated by means of a quadratic penalty function, which allows us to consider the choice of the optimal configuration of protective measures as a single task of discrete global optimization. The dSB and HdSB algorithms were adapted to the task of minimizing the QUBO function of cumulative risk. The adaptation includes the transformation of binary variables to a spin representation and the determination of the parameters of the evolution of a system of oscillators with nonlinear interactions. A series of computational experiments on synthetic problems modeling the structural properties of vulnerability graphs of real blockchain platforms is presented, confirming the effectiveness of adapted algorithms.
Based on the analysis of the structure of the QUBO risk model, the prospects for further improvement of optimization quality are substantiated by integrating game theory methods for local configuration adjustment after the evolution stage according to the dynamics of simulated bifurcation. It is shown that the QUBO problem can be interpreted as a potential game using Nash equilibrium search procedures using the best response method to systematically improve solutions.
Scientific novelty: for the first time, a specialized QUBO model of cumulative risk has been proposed, adapted to the challenges of ensuring the stability of blockchain systems while taking into account complex interactions between vulnerabilities and limited resources, and a discrete simulated bifurcation algorithm and its modifications have been adapted to solve this problem.
Keywords: blockchain, stability, quantum-inspired algorithms, simulated bifurcation, Ising model, quantum annealing, game theory, stability optimization.

1. Petrenko A. S., Petrenko S. A. Metod ocenivaniya kvantovoj ustojchivosti blokchejn platform // Voprosy kiberbezopasnosti. – 2022. – № 3(49). – S. 3–22. DOI:10.21681/2311-3456-2022-3-3-22.
2. Kiberbezopasnost' cifrovoj industrii. Teoriya i praktika funkcional'noj ustojchivosti k kiberatakam / D. P. Zegzhda, E. B. Aleksandrova, M. O. Kalinin [i dr.]. – Moskva : Nauchno-tehnicheskoe izdatel'stvo «Goryachaya liniya-Telekom», 2021. – 560 s. – ISBN 978-5-9912-
0827-7.
3. Petrenko A. S. Metod analiza kvantovoj ustojchivosti nacional'nyh blokchejn ehkosistem i platform // Zashchita informacii. Insajd. – 2025. – № 2(122). – S. 18–27.
4. Petrenko A. S. Reshenie optimizacionnyh zadach obespecheniya kvantovoj ustojchivosti nacional'nyh blokchejn platform metodom kvantovogo otzhiga // Zashchita informacii. Insajd. – 2025. – № 3(123). – S. 78–90.
5. Zeng Q.-G., Cui X.-P., Liu B., Wang Y., Mosharev P., Yung M.-H. Performance of quantum annealing inspired algorithms for combinatorial optimization problems // Communications Physics. – 2024. – Vol. 7. – Art. 249.
6. Goto H., Endo K., Suzuki M., Sakai Y., Kanao T., Hamakawa Y., et al. High performance combinatorial optimization based on classical mechanics // Science Advances. – 2021. – Vol. 7. – Art. eabe7953.
7. Kanao T., Goto H. Simulated bifurcation assisted by thermal fluctuation // Communications Physics. – 2022. – Vol. 5, no. 1. – Art. 153.
8. Petrenko A. S. Metod postroeniya postkvantovyh algoritmov EHCP s dvumya skrytymi gruppami / A. S. Petrenko // Voprosy kiberbezopasnosti. – 2025. – № 2(58). – S. 52–63. – DOI: 10.21681/2311- 3456-2025-2- 52-63.
9. Moldovyan N. A., Petrenko A. S. Algebraicheskij algoritm EHCP s dvumya skrytymi gruppami / N. A. Moldovyan, A. S. Petrenko // Voprosy kiberbezopasnosti. – 2024. – № 6. – S. 98–107. – DOI: 10.21681/2311-3456-2024-6-98-107.
10. Moldovyan N. A., Petrenko A. S. Tipovye uravneniya verifikacii v algebraicheskih shemah EHCP s dvumya skrytymi gruppami / N. A. Moldovyan, A. S. Petrenko // Voprosy kiberbezopasnosti. – 2025. – № 3(67). – S. 8–20. DOI: 10.21681/2311-3456-2025-3-8-20.

The purpose of the study: to develop a logical inference model for the structural-parametric synthesis of the constructive protection of a distributed registry with a formal proof of the security of the information architecture and a controlled risk level of a quantum threat based on a cluster protection model.
Research methods: object-oriented analysis of complex systems, system analysis, theory of modular cluster networks, graph theory, matrix theory, mathematical logic.
Research result: A logical inference model has been developed for the structural-parametric synthesis of constructive protection with a controlled risk level of a quantum threat based on a formal cluster model of information protection with complete overlap. The synthesis is based on assessments of the architecture's implementation of the declared access policy and criteria for constructive protection. System criteria for optimizing constructive protection for the structural-parametric synthesis of secure architecture are proposed. The criteria for optimizing constructive protection allow us to solve the synthesis problem by formally changing the topology, composition, and weights of vertices and arcs of a cluster multigraph if it has dangerous states that violate the access policy or do not meet the criteria for constructive protection. To assess the applicability of cryptographic information protection tools in the distributed registry architecture, a local parametric criterion for optimizing constructive protection is used, which takes into account the level of quantum threat.
The applicability of criteria for optimizing constructive protection for synthesizing the architecture of an information system with a given level and proving the security of the architecture based on a logical inference model is shown.
Scientific novelty: а new approach to the formal synthesis of a secure information architecture has been developed using criteria for optimizing constructive protection in a logical inference model based on a cluster protection model with complete overlap.
The results were obtained with the financial support of the project «Technologies for countering previously unknown quantum cyber threats», implemented within the framework of the state program of the «Sirius» Federal Territory «Scientific and technological development of the «Sirius» Federal Territory (Agreement No. 23-03 dated September 27, 2024).
Keywords: logical inference model, modular cluster model, quantum threat, constructive protection.

1. Skiba, V. Y., Petrenko, S. A., Gnidko, K. O., Petrenko, A. S. Concept of ensuring the resilience of operation of national digital platforms and blockchain ecosystems under the new quantum threat to security. (2025). Computing, Telecommunication and Control, 2025, Vol. 18, No. 2, Pp. 56–73. DOI: https://doi.org/10.18721/JCSTCS.18205.
2. Maria, V. Larina, Vladimir, Yu. Skiba. Model of a digital platform for analysing resilience to quantum threats. (2025). Pravovaya informatika [Legal informatics]. № 3. P. 12–26. DOI: 10.24412/1994-1404-2025-3-00-02 (Russian Text).
3. Ishchukova, E. A. On the influence of cryptographic stability of hashing functions on the stability of modern blockchain ecosystems
and platforms. (2025). Voprosy Kiberbezopasnosti [Cybersecurity issue]. No 3(67). P. 63–71. DOI: 10.21681/2311-3456-2025-3-63-71 (Russian Text).
4. Petrenko A. S., Petrenko S. A. Basic Algorithms Quantum Cryptanalysis // Вопросы кибербезопасности. 2023. No. 1(53). P. 100–115. DOI: 10.21681/2311-3456-2023-1-100-115.
5. Clark, E. M., Hamburg, O., Peled, D. Verification of software models: Model Checking. // Translated from English/ Edited by Smelyansky, R. Moscow: ICNMO, 2002. 416 p. (Russian Text).
6. Antipov I. S., Arustamyan S. S., Ganichev A. A. Markov A. S. et al. Intelligent Fuzzing Method for Aviation Information Systems as Part of the Secure Software Development Cycle. Russian engineering research. 45, 685–690 (2025). DOI: 10.3103/S1068798X25700728.
7. Kowalski, R. Logic in problem solving: Translated from English. – M.: Nauka, Chief Editor of Physical and Mathematical literature, 1990. – (Prob. arts. intelligence.) – 280 p. (Russian Text).
8. Robinson, A. Introduction to the theory of models and metamathematics of algebra. Translated from English by Volynsky, A. B. Edited by Taimanov, A. D. – M.: Nauka, Chief Editor, Phys. – checkmate. Literature, 1967. – 376 p. (Russian Text).
9. Sundeev P. V. Cluster model of distributed registry protection. Cybersecurity Issues. 2025. № 4(68). pp. 2–8. DOI: 10.21681/2311-3456-2025-4-2-8 (Russian Text).
10. Sundeev, P. V. (2026). The Cluster Model of Information Protection. In: Kovalev, S., Kotenko, I., Sukhanov, A. (eds) Proceedings of the Ninth International Scientific Conference «Intelligent Information Technologies for Industry» (IITI’25), Volume 1. IITI – 2025.
Lecture Notes in Networks and Systems, vol 1762. Springer, Cham. https://doi.org/10.1007/978-3-032-13615-2_33. 
11. Sundeev, P. V. Functional stability of a distributed registry in the context of the emergence of a new quantum threat. (2025). Voprosy Kiberbezopasnosti [Cybersecurity issue]. No 3(67). P. 83–89. DOI: 10.21681/2311-3456-2025-3-83-89 (Russian Text).

Purpose of the study: develop and evaluate an algorithm for synchronizing stations in a quantum key distribution system with an untrusted intermediate node.
Methods of research: probability distribution, statistical analysis, Gaussian distribution.
Results: the importance of high-precision synchronization is substantiated, an autonomous optical signal search algorithm is proposed and analyzed, and simulation results are presented. The issue of autonomous synchronization of two remote stations in a quantum key distribution system is considered. The station connection scheme is a topology with an untrusted intermediate node. An algorithm for synchronizing stations with an untrusted intermediate node is proposed, which does not require an additional optical communication channel. A unique feature of the algorithm is that the stations
independently determine the distance to the beam splitter in the untrusted node with an accuracy of tens of picoseconds. Simulation modeling of the developed algorithm is conducted, and the results are presented. This paper describes the operating principle of the MDI quantum key distribution protocol within a mixed-topology quantum network and proposes a scheme for interaction between several legitimate users of the quantum network and a single untrusted node.
Scientific novelty: an algorithm for synchronizing optical signals in quantum networks for MDI-QKD is proposed, characterized by its autonomous implementation. Simulation results for the algorithm are presented, and data are obtained that improve the efficiency of engineering calculations when designing a synchronization system.
Keywords: security, synchronization, quantum distribution, MDI, optical pulse.

1. Lo H. K., Curty M., Qi B. Measurement-device-independent quantum key distribution // Physical review letters. – 2012. – Т. 108. – №. 13. – С. 130503.
2. Kulik S. P., Molotkov S. N. Kvantovye seti: raspredelenie klyuchej cherez nedoverennye uzly //Voprosy kiberbezopasnosti. – 2025. – №. (67). – S. 90–98.
3. Ponosova, I. Zhluktova, D. Ruzhitskaya, D. Trefilov, A. Huang, A. Wolf, V. Kamynin, V. Tsvetkov, and V. Makarov, Pulsed laser attack at 1061 nm potentially compromises quantum key distribution, Appl. Phys. Lett. 127, 194002 (2025).
4. Lo H.-K. et al. «Measurement-device-independent quantum key distribution» // Physical Review Letters, 2012.
5. Xu F. et al. «Experimental measurement-device-independent quantum key distribution» // Physical Review Letters, 2013.
6. Tang Y.-L. et al. «Field test of measurement-device-independent quantum key distribution» // IEEE Photonics Journal, 2014.
7. Comandar L. C. et al. «Measurement-device-independent quantum key distribution with polarized photons» // Optics Express, 2015.
8. Yin H.-L. et al. «Measurement-device-independent quantum key distribution over 404 km optical fiber» // Physical Review Letters, 2016.
9. Zhou Y.-H. et al. «Security of measurement-device-independent quantum key distribution with imperfect phase randomization» // Physical Review A, 2017.
10. Chen L. et al. «Precision synchronization requirements for MDI QKD networks» // Nature Photonics, 2023.
11. Wang H. et al. «Hybrid synchronization scheme for metropolitan quantum networks» // Physical Review Applied, 2024.
12. Kumar S. et al. «Machine learning approaches for phase drift prediction in QKD systems» // Quantum Science and Technology, 2023.
13. Rodriguez A. et al. «Adaptive synchronization using neural networks for long-distance MDI QKD» // Optics Express, 2024.
14. Schröder T. et al. «Quantum-limited synchronization using entangled photon pairs» // Physical Review Letters, 2023.
15. Cochran R., Gauthier D., Qubit-based clock synchronization for QKD systems using a Bayesian approach, Entropy. 23 (8) (2021) 988.
16. Pat. 2840296 Ros. Federaciya. Sposob i sistema kvantovo-kriptograficheskoj peredachi informacii / Makarov V. A., Lajdsalu A. V., Saarepere S. M., Ejver R. E. ; zayavitel i patentoobladatel AO «Avangrad». – № 2016149583/28(071383) ; zayavl. 15.12.2016 ; opubl. 29.11.2022, Byul. № 34. – 1 s.
17. Pat. 2834620 Ros. Federaciya. Sposob i sistema zashishennoj kvantovoj svyazi / Makarov V. A., Lajdsalu A. V., Saarepere S. M., Ejver R. E.; patentoobladatel AO «Avangard». – № 2016149582; zayavl. 15.12.2016; opubl. 21.10.2022, Byul. № 30. – 1 s.
18. Pat. 2834882 Ros. Federaciya. Sposob i sistema kvantovo-kriptograficheskoj peredachi informacii / Makarov V. A., Lajdsalu A. V., Saarepere S. M., Ejver R. E.; patentoobladatel AO «Avangard». – № 2016149584; zayavl. 15.12.2016; opubl. 25.10.2022, Byul. № 30. – 1 s.
19. Rudavin N. V. et al. Synchronization protocol for MDI-QKD systems //Nauchno-tehnicheskie vedomosti Sankt-Peterburgskogo gosudarstvennogo olitehnicheskogo universiteta. Fiziko-matematicheskie nauki. – 2022. – T. 15. – №. S3. 2. – S. 56–60.
20. A. Pljonkin, K. Rumyantsev, P. K. Singh. Synchronization in quantum key distribution systems. Cryptography. – 2017. – Vol. 1, No. 3. – P. 1–9. – DOI 10.3390/cryptography1030018.
21. Galyardi R. M., Karp Sh. Opticheskaya svyaz / Per. s angl., pod red. A. G. Sheremeteva. − M.: Svyaz. 1978. – 424 s.
22. Pljonkin, A. P. Eksperimentalnaya sinhronizaciya sistemy kvantovoj svyazi. Doklady Tomskogo gosudarstvennogo universiteta sistem upravleniya i radioelektroniki. – 2024. – T. 27, № 3. – S. 37–41. – DOI: 10.21293/1818-0442-2024-27-3-37-41.
23. W. Gao, R. Venkatesan and C. Li, «A Pulse Shape Design Method for Ultra-Wideband Communications», 2007 IEEE Wireless Communications and Networking Conference, Hong Kong, China, 2007, pp. 2800–2805, doi: 10.1109/WCNC.2007.520.

The purpose of the study is to develop and experimentally test a two-stage method for classifying potentially dangerous objects in video monitoring systems, which reduces network traffic and increases privacy by processing a video stream at the edge device and transmitting only a compact representation of the frame to the server.
Research methods: the proposed architecture divides the computation into two stages: (1) the frame features are extracted on the edge device by a pre-trained ResNet-18 convolutional network with a remote final classifier and the formation of a one-dimensional 512-dimensional feature vector; (2) A finite binary classification is performed on the server by a fully connected neural network for each target. Transfer training and freezing of feature extractor weights were used, training and
evaluation were carried out on three applied datasets («Fire», «People», «Weapon») from publicly available sources (Kaggle / Google).
Results of the study: a two-stage method of video analytics has been developed, in which the computationally «heavy» part (feature extraction) is transferred to the edge device, and the final classification is performed on the server by light fully connected models. This approach can significantly reduce the amount of data transferred: instead of a video stream, a vector of 512 floating-point numbers is sent to the server, which corresponds to the order of ~2 kB per frame, and thereby reduces the network load and sensitivity information sent compared to the transmission of the original image. Experiments on three practical threat detection tasks showed high quality values: F-measures of 0.97 for «fire», 0.91 for «human» and 0.99 for «weapon» were obtained, while error matrices demonstrate a low proportion of false positives. In addition, the operational
advantages of the architecture are noted: the ability to reduce server power due to the low computational complexity of the second stage, the independence of the software on the edge device from frequent updates, and Scalability – adding a new recognition object is achieved by training and deploying a new server-side fully cohesive model according to a template.
Scientific novelty: an applied rethinking of the two-stage classification scheme (the first stage is the extraction of an informative representation, the second is the training of the classifier on its outputs) is proposed in the «edge-server» setting for video monitoring systems, where the second stage is implemented by a set of specialized fully connected models for objects, and only compact features are transmitted to the communication channel instead of frames/video.
Keywords: embedded GPU platforms, artificial intelligence, object classification, machine learning, multi-stage classification, neural network, edge computing, security systems.

1. Shkurat D. E., Matveev A. V. Problemy obnaruzheniya pozhara po videoizobrazheniyu: obzor issledovanij // Prirodnye i tehnogennye riski (fiziko-matematicheskie i prikladnye aspekty). 2025. № 2. S. 59–73. DOI: 10.61260/2307-7476-2025-2-59-73.
2. Two-stage deep learning approach to the classification of fine-art paintings / Sandoval C., Pirogova E., Lech M. // IEEE Access. 2019. V. 7. P. 41770–41781. DOI: 10.1109/ACCESP.2019.2907986.
3. Razvitie metodov predvaritel'noj obrabotki izobrazhenij dlya programmnoj kompensacii anomalij refrakcii glaz nablyudatelya / Al'-Kazir N. B., Yarykina M. S., Nikolaev D. P. [i dr.] // Sensornye sistemy. 2024. T. 38. № 3. S. 31-50. DOI: 10.31857/S0235009224030027.
4. Sovmestnoe povyshenie razresheniya i klassifikaciya fragmentov tkani dlya polnoslajdovyh gistologicheskih izobrazhenij / Sun Ch., Hvostikov A. V., Krylov A. S. [i dr.] // Programmirovanie. 2024. № 3. S. 75–82. DOI: 10.31857/S0132347424030086.
5. Moshchenskij M. R., Tezin A. M. Realizaciya kriptograficheskoj hesh-funkcii na osnove glubokoj nejronnoj seti // Informacionnye tehnologii obespecheniya kompleksnoj bezopasnosti v cifrovom obshchestve: sb. mater. VI vseros. molodezhn. NPK s mezhdunar. uchastiem (19–20 maya 2023 g.). Ufa: UUNT, 2023. S. 100–104.
6. Kotenko I. V. Iskusstvennyj intellekt dlya kiberbezopasnosti: novaya stadiya protivoborstva v kiberprostranstve // Iskusstvennyj intellekt i prinyatie reshenij. 2024. № 1. S. 3–19. DOI: 10.14357/20718594240101.
7. Kirillov R. B., Kalinin M. O. Vyyavlenie iskazhayushchih dannyh v sistemah obnaruzheniya vtorzhenij, ispol'zuyushchih vychislitel'nye modeli mashinnogo obucheniya // Problemy informacionnoj bezopasnosti. Komp'yuternye sistemy. 2025. № 1(63). S. 59–68. DOI: 10.48612/jisp/2741-bb1k-hf3x.
8. Ichetovkin E. A. Issledovanie ustojchivosti sistem obnaruzheniya vtorzhenij s komponentami mashinnogo obucheniya k sostyazatel'nym atakam // Vestnik Astrahanskogo gosudarstvennogo tehnicheskogo universiteta. Seriya: Upravlenie, vychislitel'naya tehnika i informatika. 2025. № 2. S. 76–87. DOI: 10.24143/2072-9502-2025-2-76-87.
9. Kotenko I. V., Ichetovkin E. A. Metodika zashchity sistem obnaruzheniya vtorzhenij ot sostyazatel'nyh atak na osnove shumopodavlyayushchih avtoehnkoderov // Pravovaya informatika. 2025. № 1. S. 110–120. DOI: 10.24412/1994-1404-2025-1-110-120.
10. Attacks against machine learning systems: Analysis and GAN-based approach to protection / Kotenko I., Saenko I., Lauta O., Vasiliev N. [et al.] // Intelligent Information Technologies for Industry (IITI 2023). Lecture Notes in Networks and Systems. 2023. V. 777. P. 49–59. DOI: 10.1007/978-3-031-43792-2_5.

The purpose of the study is to increase the objectivity of the assessment of risk parameters for significant critical information infrastructure (CII) facilities and the validity of their protective measures by expanding the number of parametric risk models for various conditions of their processing, expanding the range of tasks to be solved and using technologies for analyzing risk aggregates.
Methodology of the work: in the course of the research, the author used system analysis to describe the mechanism of modeling information security at CII facilities, risk theory and its applications in the field of information security, algebra logic to describe the conditions and constraints under which risk models are used.
Results: the existing mechanisms for the protection of significant CII facilities, implemented in the regulatory and methodological documents of the FSTEC, determine the possibility of using risk parameters in the creation of threat models only as an assessment of possible damage. In reality, the application of risk theory in applications to information security of CII makes it possible to increase the validity of the parameters of the threat model, the adoption of protective measures
and the expansion of the range of tasks to be solved when building a CII protection system. The paper discusses new approaches to assessing security risks for significant CII facilities, which make it possible to increase the objectivity of the assessment of risk parameters and the validity of their protective measures. Trends in the development of technological trends in modeling threats and risks of information security in 2026 are determined.
Scope of application of the results: significant objects of critical information infrastructure.
Keywords: critical information infrastructure, CII, parametric risk model, risk aggregate, risk processing tasks.

1. Vasil'ev V. I., Vul'fin A. M., Kuchkarova N. V. Avtomatizaciya analiza uyazvimostej programmnogo obespecheniya na osnove tehnologii Text Mining // Voprosy kiberbezopasnosti. – 2020. – №. 4(38). – S. 22–31.
2. Kirillova A. D. Ocenka riskov informacionnoj bezopasnosti ASU TP promyshlennyh ob"ektov metodami kognitivnogo modelirovaniya // Sistemnaya inzheneriya i informacionnye tehnologii. – 2023. – T. 5. – №. 4(13). – S. 77–93.
3. Barybina A. Z. Modelirovanie ugroz informacionnoj bezopasnosti scenarnym podhodom //Estestvenno-gumanitarnye issledovaniya. – 2022. – №. 4(42). – S. 35–44.
4. Mashkina I. V., Urazaeva A. M. Metod razrabotki bazy znanij scenariev ugroz dlya sistemy reagirovaniya na incidenty (irp) // Izvestiya Yuzhnogo federal'nogo universiteta. Tehnicheskie nauki. – 2024. – №. 5(241). – S. 79–88.
5. Minzov A. S. i dr. Cifrovye dvojniki v sistemah upravleniya // Voprosy kiberbezopasnosti. – 2024. – №. 2(60). – S. 29–35. DOI: 10.21681/2311-33456-2024-2-29-35
6. Minzov A. S., Cheremisina E. N., Tokareva N. A., Bobyleva S. V. Modelirovanie riskov informacionnoj bezopasnosti v cifrovoj ehkonomike: monografiya / Pod redakciej A. S. Minzova. – M.: KURS, 2021. – 112 s.: il.
7. Minzov A. S., Pasova M. A. Metody vosstanovleniya nepreryvnosti biznesa v sisteme menedzhmenta informacionnoj bezopasnosti // Cifrovaya transformaciya: tendencii i perspektivy. – 2022. – S. 284–289.
8. Shashkin A. I., Ledenev M. Yu., Shishov M. M. O nekotoryh metodah resheniya zadach nechetkogo linejnogo programmirovaniya // Vestnik Voronezhskogo gosudarstvennogo universiteta. Seriya: Sistemnyj analiz i informacionnye tehnologii. – 2023. – №. 4. – S. 43–57.
9. Metodicheskij dokument. Metodika ocenki ugroz bezopasnosti informacii (utv. FSTEHK Rossii 05.02.2021). 
10. Maršálek K. COBIT 2019 Contribution to Digital Literacy // IDIMT-2023: New Challenges for ICT and Management. – 2023.
11. Kesuma M. et al. Design of Information Technology (IT) Governance Using Framework Cobit 2019 Subdomain APO01 (Case Study: Instidla) // J. Teknol. Komput. dan Sist. Inf. – 2022. – T. 5. – №. 3. – S. 157–162.
12. Fadya M., Utama D. N. Towards Secure Information Systems: Developing and Implementing an Information Security Evaluation Model Using NIST CSF and COBIT 2019 // TEM Journal. – 2025. – T. 14. – №. 1. – S. 182.
13. Bal'zhanova B. M., Velikanova L. O. Osnovnye zadachi sozdaniya otkazoustojchivyh sistem // Sovremennye strategii i cifrovye transformacii ustojchivogo razvitiya obshchestva, obrazovaniya i nauki. – 2023. – S. 199–202.
14. Kotenko I. V., Abramenko G. T. Ob'yasnimaya interpretaciya incidentov na osnove bol'shoj yazykovoj modeli i metoda generacii s dopolnennoj vyborkoj // Voprosy kiberbezopasnosti. – 2025. – №. 5. – S. 58–67. DOI: 10.21681/2311-33456-2025-5-58-67.
15. Namiot D. E., Il'yushin E. A. O kiberbezopasnosti II-agentov // International Journal of Open Information Technologies. 2025. № 9. URL: https://cyberleninka.ru/article/n/o-kiberbezopasnosti-ii-agentov (data obrashcheniya: 02.02.2026).
16. Andronchik G. V. Optimizaciya biznes-processov s pomoshch'yu LLM // Universum: tehnicheskie nauki. 2025. № 5(134). URL: https://cyberleninka.ru/article/n/optimizatsiya-biznes-protsessov-s-pomoschyu-llm (data obrashcheniya: 02.02.2026).
17. Meitarice S. et al. Risk Management Analysis of Information Security in an Academic Information System at a Public University in Indonesia: Implementation of ISO/IEC 27005: 2018 Standard and ISO/IEC 27001: 2013 Security Controls // Journal of Information Technology and Cyber Security. – 2024. – T. 2. – №. 2. – S. 81–90.
18. Putra A. P., Soewito B. Integrated methodology for information security risk management using ISO 27005: 2018 and NIST SP 800-30 for insurance sector // International Journal of Advanced Computer Science and Applications. – 2023. – T. 14. – №. 4.
19. Borgest N. M. Ponyatie «mnozhestvo» v teorii i praktike proektirovaniya // Ontologiya proektirovaniya. 2023. T. 13. № 3. C. 306–332. DOI: 10.18287/2223-9537-2023-13-3-306-332.
20. Chastikova V. A., Bahtin A. S., Merkulov P. A. Razrabotka metodiki integracii bol'shih yazykovyh modelej v processy centra monitoringa informacionnoj bezopasnosti // Izvestiya Yuzhnogo federal'nogo universiteta. Tehnicheskie nauki. – 2025. №. 4(246). – S. 57–69.

Objective: to analyze the legal aspects of information and cybersecurity of the corporate sector of the economy in the context of modern features of cybercrime in the field of ICT and digital technologies.
Research methods: comparative legal analysis of the current national and international legislation in the field of cybersecurity and the practice of its application, as well as conceptual systematic research of the legal aspects of cybersecurity.
Result: the formation of the current paradigm of cybersecurity in the corporate sector both in the national economy and on a global scale, which is largely determined by the new paradigm of cybercrime, which combines the features of organized and economic crime with the use of modern computer equipment, software and other technical means in digital cyberspace, is stated. It is concluded that the rapid development of information technologies led to the formation
of a new type of crime outside the framework of the traditional understanding of crime in the field of information technology.
In this regard, it is extremely necessary to improve the entire array of legislation in the areas of application of information and digital technologies.
Keywords: information technology, cybercrime, AI agents, national security, digital law, cyberspace, corporate business models, corporate legal relations.

1. Bessonov A. A. Izuchenie prestupnoj deyatel'nosti s ispol'zovaniem iskusstvennogo intellekta: monografiya / Moskovskaya akademiya Sledstvennogo komiteta Rossijskoj Federacii. Moskva: INFRA-M, 2025. 432 s.
2. V. Dryukov: v 2025 godu intensivnost' kiberatak uvelichilas' vdvoe, RIA novosti, 22 dekabrya 2025. URL: https://ria.ru/20251222/kiberataka-2063011525.html.
3. Karchiya A. A. Pravovye aspekty regulirovaniya informacionnoj sredy// Pravovaya informatika, 2025. S. 19–31.
4. Karchiya A. A., Makarenko G. I. Pravovye aspekty sovremennoj kiberbezopasnosti i protivodejstviya kiberprestupnosti // Voprosy kiberbezopasnosti. 2023. № 1(53). S. 28–44.
5. Krasikov D. Trendy rynka bol'shih dannyh: prognoz na 2026 god ot ehksperta K2Teh.RBK, fevral' 2026.URL: https://companies.rbc.ru/news/NcqZFsIkvs/trendyi-ryinka-bolshih-dannyih-prognoz-na-2026-god-ot-eksperta-k2teh/.
6. Mezhdunarodnaya informacionnaya bezopasnost': podhody Rossii /otv. red. A. V. Krutskih, E. S. Zinov'eva. Moskva, 2021. URL:https://mgimo.ru /upload/iblock/ 047/1fgupojoj7ka0tw75bw19li4bmurfse/Doklad%20russkij.pdf.
7. Kucherin G., Sharma S., Berdnikov V. PassiveNeuron: slozhnaya kampaniya atak na servery krupnejshih organizacij, SecureList by Kaspersky, 21 oktyabrya 2025. URL: https://securelist.ru/passiveneuron-campaign-with-apt-implants-and-cobalt-strike/113810/.
8. Rossinskaya E. R., Semikalenova A. I. Informacionno-komp'yuternye kriminalisticheskie modeli komp'yuternyh prestuplenij kak ehlementy kriminalisticheskih metodik (na primere «kibershantazha»)// Vestnik Tomskogo gosudarstvennogo universiteta. Pravo. 2021. № 42. S. 68–80.
9. Teoriya informacionno-komp'yuternogo obespecheniya kriminalisticheskoj deyatel'nosti: monografiya /pod red. E. R. Rossinskoj. – Moskva: Prospekt, 2022.
10. Trendy atak v 2026 godu. Positive Technologies, 26 yanvarya 2026.URL: https://ptsecurity.com/research/ analytics/trendy-atak-v-2026-godu/#id1.
11. Global Risks Report 2024, WEF 2025, r. 18. URL: https://trendsunplugged.io/wp-content/uploads/ 2024/01/The-Global-Risks-Report-2024.pdf.
12. Guidelines for Digital Forensics First Responders, INTERPOL,2021. URL: https://archive.org/details/interpol-guidelines_to_digital_forensics_first_responders_2021-20250402_174339.
13. The Top Strategic Technology Trends for 2026. Gartner, 2025 / URL: https://www.gartner.com/en/ newsroom/ press-releases/2025-
10-20-gartner-identifies-the-top-strategic-technology-trends-for-2026.
14. Marr. B. The 7 Cyber Security Trends Of 2026 That Everyone Must Be Ready For. Forbes, URL: https://www.forbes.com/sites/bernardmarr/2025/09/26/the-7-biggest-cyber-security-trends-of-2026-that-everyone-must-be-ready-for/.
15. Russo Spena, T., Bifulco F. Tregua, M., D’Auria A. Digital Business Models/ Digital Transformation in the Cultural Heritage Sector. Contributions to Management Science. Springer, 2021. https://doi.org/10.1007/978-3-030-63376-9_3.
16. Täuscher K. Rothe N. Optimal distinctiveness in platform markets: Leveraging complementors as legitimacy buffers // Strategic Management Journal, 2021. 42(2), pp. 435–461.
17. The World’s Third-Largest Economy Has Bad Intentions and It’s Only Getting Bigger. Bloomberg, April 2024. URL: https://cybersecurityventures.com/the-worlds-third-largest-economy-has-bad-intentions-and-its-only-getting-bigger/.
18. United Nations Global Principles for Information Integrity. Recommendations for Multi-Stakeholder Action. URL: https://www.un.org/sites/un2.un.org/files/un-global-principles-for-information-integrity-en.pdf.

1. Дорофеев, А. В. О первой Российской профессиональной сертификации в области кибербезопасности «Сертифицированный специалист по кибербезопасности» // Вопросы кибербезопасности. – 2025. – № 1(65). – С. 147–149. – DOI 10.21681/2311-3456-2025-1-147-149.
2. Марков А. С., Цирлов В. Л. Безопасность доступа: подготовка к CISSP // Вопросы кибербезопасности. 2015. № 2(10). С. 60–68.
3. Дорофеев А. В. Изменения в CISSP: что нового и интересного? // Вопросы кибербезопасности. – 2016. – № 1(14). – С. 75–76.
4. Марков А. С., Цирлов В. Л. Основы криптографии: подготовка к CISSP // Вопросы кибербезопасности. 2015. № 1(9). С. 65–73.
5. Барабанов А. В. Подготовка к сдаче CISSP: модели информационной безопасности // Вопросы кибербезопасности. 2014. № 5(8). С. 59–67.
6. Дорофеев А. В. Подготовка к CISSP: телекоммуникации и сетевая безопасность // Вопросы кибербезопасности. 2014. № 4(7). С. 69–74.
7. Дорофеев А. В. Статус CISSP: как получить и не потерять? // Вопросы кибербезопасности. 2013. № 1(1). С.65–68.
8. Грызунов В. В. Формальный фреймворк для OSINT-нарушителя и защитника // Информационно-управляющие системы. – 2025. – № 5(138). – С. 22–34. – DOI: 10.31799/1684-8853-2025-5-22-34.
9. Мередит Д. OSINT. Руководство по сбору и анализу открытой информации в интернете. – Астана: Спринт Бук, 2026. – 224 с.
10. Bazzell M., Edison J. OSINT Techniques: Resources for Uncovering Online Information. – 11th Ed. – IntelTechniques,- 2024. – 590 p.
URL: https://inteltechniques.com/book1.html.
11. Дорофеев А. В., Марков А. С. Структурированный мониторинг открытых персональных данных в сети интернет // Мониторинг правоприменения. – 2016. – № 1(18). – С. 41–53.
12. Артюхин М. OSINT по-русски. Выбираем мощные и бесплатные сервисы для пробива и конкурентной разведки. Хакер, 2021. URL: https://xakep.ru/2021/06/01/osint-services/.
13. Карев А. Shodan: самый страшный поисковик интернета // Системный администратор. – 2018. – № 9(190). – С. 34–39. – URL: https://samag.ru/archive/article/3714
14. Боевой OSINT. Разбираем современные методы сетевой разведки. / Soxoj // Хакер, 2019 – https://xakep.ru/2019/09/06/realosint/.
15. Мещеряков Р. В., Исхаков С. Ю. Исследование индикаторов компрометации для средств защиты информационных и киберфизических систем // Вопросы кибербезопасности. – 2022. – № 5(51). – С. 82–99. – DOI: 10.21681/2311-3456-2022-5-82-99.
16. Kali Linux. Тестирование на проникновение и безопасность. 4-е изд. / Шива П. и др. – СПб.: Питер, 2021. 448 с.
17. Райан М. Современный скрапинг веб-сайтов с помощью Python. СПб.: Питер, 2021 – 336 с.
18. Доронин А. И. Бизнес-разведка 2.2 + OSINT. – 7-е изд. – М.: ДМК Пресс, 2024. – 504 с.
19. Scarfone K., Souppaya M., Cody A., Orebaugh A. Technical Guide to Information Security Testing and Assessment. Recommendations of the National Institute of Standards and Technology. – NIST Special Publication 800-115, 2008. – 80 p.
20. Возможности применения технологий разведки киберугроз по открытым источникам на примере фреймворка MITRE ATT&CK / А. М. Садыков и др. // Вестник Поволжского государственного технологического университета. Серия: Радиотехнические и инфокоммуникационные системы. – 2025. – № 1(65). – С. 55–69. – DOI 10.25686/2306-2819.2025.1.55.
21. S. Shafee, A. Bessani, P. M. Ferreira Evaluation of LLM-based chatbots for OSINT-based Cyber Threat Awareness // Expert Systems with Applications. – 2025. – Vol. 261. – P. 125509. – DOI 10.1016/j.eswa.2024.125509.