ФОРМУВАННЯ ЦІЛЬОВОГО ЦИФРОВОГО ПРОФІЛЮ БЕЗПЕКИ МЕРЕЖ ЕЛЕКТРОННИХ КОМУНІКАЦІЙ В УМОВАХ ГІБРИДНИХ КІБЕРАТАК: РИЗИКОРІЄНТОВАНИЙ ТА БАГАТОКРИТЕРІАЛЬНИЙ ПІДХІД: DOI: 10.31673/2409-7292.2026.011184

Д. І. Прокопович-Ткаченко; А. В. Єжихін; В. Г. Бушков; О. В. Черкаський; Д. О. Черкаський

doi:10.31673/2409-7292.2026.011184

Authors

Д. І. Прокопович-Ткаченко, (Prokopovych-Tkachenko D.I.) University of Customs and Finance, Dnipro, Ukraine https://orcid.org/0000-0002-6590-3898
А. В. Єжихін, (Ezhikhin A.V.) University of Customs and Finance, Dnipro, Ukraine https://orcid.org/0009-0004-6161-9744
В. Г. Бушков, (Bushkov V.H.) State University of Trade and Economics, Kyiv, Ukraine http://orcid.org/0009-0005-5097-2689
О. В. Черкаський, (Cherkasky O.V.) State University of Information and Communication Technologies, Kyiv, Ukraine https://orcid.org/0009-0006-3105-5217
Д. О. Черкаський, (Cherkasky D.O.) Dnipro Polytechnic National University, Dnipro, Ukraine https://orcid.org/0009-0003-8516-6252

DOI:

https://doi.org/10.31673/2409-7292.2026.011184

Abstract

The article develops the concept of a target digital security profile for electronic communications networks as a
formalized set of requirements, controls, configuration parameters, and observability metrics that ensure the achievement of a
given level of cyber protection in the context of hybrid cyberattacks. The relevance is due to the gap between the formal
implementation of minimum requirements and the need for evidence-based risk management for access services, transport
segments, and application platforms with incomplete and heterogeneous telemetry data. The goal is a methodology that
combines risk assessment, multi-criteria prioritization of measures, and parameterization of technical settings for the detection
and response cycle in the cybersecurity operations center. An algorithm is proposed: determining system boundaries and traffic
and data classification; threat modeling taking into account the vulnerabilities of the Secure Sockets Layer protocol and the
Simple Network Management Protocol in attacks on embedded software; mapping controls to standards; portfolio selection;
determining sufficiency metrics and the evidence base. To improve the detection quality, the transformation of packet dumps
and firmware samples into byte images and an ensemble of deep models were used: a convolutional neural network combined
with a long-term short-term memory network for incident classification and an autoencoder combined with a long-term shortterm memory network for anomaly detection; event correlation was performed in the security information and event
management system. Experiments showed an increase in the agreed accuracy and completeness metrics by 7–12 percent and a
reduction in incident localization time due to segmentation, micro-authorization, and zero-trust architecture principles. The
practical value lies in the reproducible formation of a cyber defense roadmap and rapid profile verification during changes in
architecture and supply chains. This simplifies change management and auditing of operator networks.
Keywords: digital security profile, electronic communications networks, hybrid cyberattacks, intrusion detection
system, security information and event management system, zero-trust architecture, Secure Sockets Layer protocol, Simple
Network Management Protocol, embedded software security, deep learning, multi-criteria optimization.

References
1. Opricovic S., Tzeng G.-H. Compromise solution by MCDM methods: A comparative analysis of VIKOR and
TOPSIS // European Journal of Operational Research. 2004. Т. 156, № 2. P. 445–455. DOI: https://doi.org/10.1016
/S0377-2217(03)00020-1.
2. Brans J. P., Vincke Ph. Note—A Preference Ranking Organisation Method // Management Science. 1985. Т.
31, № 6. P. 647–656. DOI: https://doi.org/10.1287/mnsc.31.6.647.
3. Hwang C.-L., Yoon K. Multiple Attribute Decision Making: Methods and Applications A State-of-the-Art
Survey. Berlin; Heidelberg: Springer, 1981. 269 p. DOI: https://doi.org/10.1007/978-3-642-48318-9.
4. Pearl J. Probabilistic Reasoning in Intelligent Systems: Networks of Plausible Inference. San Mateo, CA:
Morgan Kaufmann, 1988. 552 p. DOI: https://doi.org/10.1016/C2009-0-27609-4.
5. Shostack A. Threat Modeling: Designing for Security. Hoboken, NJ: John Wiley & Sons, 2014. 624 p. DOI:
https://doi.org/10.5555/2829295.
6. Joint Task Force Transformation Initiative. Guide for Conducting Risk Assessments (NIST Special Publication
800-30 Revision 1) [Електронний ресурс]. Gaithersburg, MD: National Institute of Standards and Technology, 2012.
95 p. DOI: https://doi.org/10.6028/NIST.SP.800-30r1.
7. National Institute of Standards and Technology. The NIST Cybersecurity Framework (CSF) 2.0 (NIST
Cybersecurity White Paper 29) [Електронний ресурс]. Gaithersburg, MD: NIST, 2024. 32 p. DOI:
https://doi.org/10.6028/NIST.CSWP.29.
8. Rose S., Borchert O., Mitchell S., Connelly S. Zero Trust Architecture (NIST Special Publication 800-207)
[Електронний ресурс]. Gaithersburg, MD: National Institute of Standards and Technology, 2020. 59 p. DOI:
https://doi.org/10.6028/NIST.SP.800-207.
9. Joint Task Force. Security and Privacy Controls for Information Systems and Organizations (NIST Special
Publication 800-53, Revision 5) [Електронний ресурс]. Gaithersburg, MD: National Institute of Standards and
Technology, 2020. 492 p. DOI: https://doi.org/10.6028/NIST.SP.800-53r5.
10. Cichonski P., Millar T., Grance T., Scarfone K. Computer Security Incident Handling Guide (NIST Special
Publication 800-61, Revision 2) [Електронний ресурс]. — Gaithersburg, MD: National Institute of Standards and
Technology, 2012. 79 p. DOI: https://doi.org/10.6028/NIST.SP.800-61r2.
11. Schmidt M. Information security risk management terminology and key concepts // Risk Management. 2023.
Т. 25, № 1. P. 1–23. DOI: https://doi.org/10.1057/s41283-022-00108-8.
12. Al-Dosari K., Fetais N. Risk-management framework and information-security systems for small and medium
enterprises (SMEs): A meta-analysis approach // Electronics. 2023. Т. 12, № 17. Art. 3629. DOI:
https://doi.org/10.3390/electronics12173629.
13. Lubis M., Luthfi M. I., Saedudin R. R., Muttaqin A. N., Lubis A. R. The Integration of ISO 27005 and NIST
SP 800-30 for Security Operation Center (SOC) Framework Effectiveness in the Non-Bank Financial Industry //
Computers. 2026. Т. 15, № 1. Art. 60. DOI: https://doi.org/10.3390/computers15010060.
14. Stefani E., Costa I., Gaspar M. A., Goes R. d. S., Monteiro R. C., Petrili B. R., Pereira A. d. P. Information
Security Risk Framework for Digital Transformation Technologies // Systems. 2025. Т. 13, № 1. Art. 37. DOI:
https://doi.org/10.3390/systems13010037.
15. Barlybayev A., Sharipbay A., Shakhmetova G., Zhumadillayeva A. Development of a Flexible Information
Security Risk Model Using Machine Learning Methods and Ontologies // Applied Sciences. 2024. Т. 14, № 21. Art. 9858.
DOI: https://doi.org/10.3390/app14219858.
16. Islam S., Basheer N., Papastergiou S., Silvestri S. Intelligent dynamic cybersecurity risk management
framework with explainability and interpretability of AI models for enhancing security and resilience of digital
infrastructure // Journal of Reliable Intelligent Environments. 2025. Т. 11. Art. 12. DOI: https://doi.org/10.1007/s40860-
025-00253-3.
17. Yang M. Information Security Risk Management Model for Big Data // Advances in Multimedia. 2022. Art.
ID 3383251. DOI: https://doi.org/10.1155/2022/3383251.
18. Kure H. I., Islam S., Mouratidis H. An integrated cyber security risk management framework and risk
predication for the critical infrastructure protection // Neural Computing & Applications. 2022. Т. 34. P. 15241–15271.
DOI: https://doi.org/10.1007/s00521-022-06959-2.
19. Kure H. I., Islam S., Ghazanfar M., Raza A., Pasha M. Asset criticality and risk prediction for an effective
cybersecurity risk management of cyber-physical system // Neural Computing & Applications. 2022. Т. 34. P. 493–514.
DOI: https://doi.org/10.1007/s00521-021-06400-0.
20. Bialas A. Risk Management in Critical Infrastructure—Foundation for Its Sustainable Work // Sustainability.
2016. Т. 8, № 3. Art. 240. DOI: https://doi.org/10.3390/su8030240.
21. Cremer F., Sheehan B., Fortmann M., Kia A. N., Mullins M., Murphy F., Materne S. Cyber risk and
cybersecurity: a systematic review of data availability // The Geneva Papers on Risk and Insurance – Issues and Practice.
2022. Т. 47, № 3. P. 698–736. DOI: https://doi.org/10.1057/s41288-022-00266-6.
22. Ulya A., Karima A., Sukiman T. S. A., Zulfia A., Rahmawati R. Information Security Risk Analysis Using
ISO 31000:2018 and ISO 27001:2022 // Brilliance: Research of Artificial Intelligence. 2025. Т. 5, № 2. DOI:
https://doi.org/10.47709/brilliance.v5i2.6564.
23. Shahidpoorfalah B., Hosseini Androod S., Kabir G. Risk Assessment of Digital Technologies in Sustainable
Supply Chain Management: A Fuzzy VIKOR Method // Engineering Proceedings. 2024. Т. 76, № 1. Art. 20. DOI:
https://doi.org/10.3390/engproc2024076020.
24. Santos-Olmo A., Sánchez L. E., Rosado D. G., Serrano M. A., Blanco C., Mouratidis H., Fernández-Medina
E. Towards an integrated risk analysis security framework according to a systematic analysis of existing proposals //
Frontiers of Computer Science. 2024. Т. 18, № 3. Art. 183808. DOI: https://doi.org/10.1007/s11704-023-1582-6.
25. Rana A., Gupta S., Gupta B. A comprehensive framework for quantitative risk assessment of organizational
networks using FAIR-modified attack trees // Frontiers in Computer Science. 2024. Т. 6. Art. 1304288. DOI:
https://doi.org/10.3389/fcomp.2024.1304288.
26. Zaburko J., Szulżyk-Cieplak J. Information security risk assessment using the AHP method // IOP Conference
Series: Materials Science and Engineering. 2019. Т. 710, № 1. Art. 012036. DOI: https://doi.org/10.1088/1757-
899X/710/1/012036.
27. Ayatollahi H., Shagerdi G. Information Security Risk Assessment in Hospitals // The Open Medical
Informatics Journal. 2017. Т. 11. P. 37–43. DOI: https://doi.org/10.2174/1874431101711010037.
28. Yang L., Zou K., Gao K., Jiang Z. A fuzzy DRBFNN-based information security risk assessment method in
improving the efficiency of urban development // Mathematical Biosciences and Engineering. 2022. Т. 19, № 12. P.
14232–14250. DOI: https://doi.org/10.3390/mbe.2022662.
29. Kerimkhulle S., Dildebayeva Z., Tokhmetov A., Amirova A., Tussupov J., Makhazhanova U., Adalbek A.,
Taberkhan R., Zakirova A., Salykbayeva A. Fuzzy Logic and Its Application in the Assessment of Information Security
Risk of Industrial Internet of Things // Symmetry. 2023. Т. 15, № 10. Art. 1958. DOI: https://doi.org/10.3390/
sym15101958.
30. Asfha A. E., Vaish A. Information Security Risk Assessment in Industry Information System Based on Fuzzy
Set Theory and Artificial Neural Network // Informatics and Automation. 2024. Т. 23, № 2. P. 542–571. DOI:
https://doi.org/10.15622/ia.23.2.9.
31.National Institute of Standards and Technology. Artificial Intelligence Risk Management Framework (AI RMF
1.0) (NIST AI 100-1) [Електронний ресурс]. Gaithersburg, MD: National Institute of Standards and Technology, 2023.
DOI: https://doi.org/10.6028/NIST.AI.100-1.

FORMATION OF A TARGETED DIGITAL SECURITY PROFILE OF ELECTRONIC COMMUNICATIONS NETWORKS IN THE CONTEXT OF HYBRID CYBERATTACKS: A RISKBASED AND MULTI-CRITERIA APPROACH

DOI: 10.31673/2409-7292.2026.011184

Authors

DOI:

Abstract

Downloads

Published

Issue

Section

Developed By

Language