Bulletin of V.N. Karazin Kharkiv National University, series «Mathematical modeling. Information technology. Automated control systems»

Application of Exploratory Data Analysis for Investigating Factors Influencing Sleep Quality

2026-05-20T11:37:02+00:00

Relevance. The research of the multifactorial nature of sleep quality requires the analysis of large datasets, which is impossible without the use of exploratory data analysis (EDA) methods to identify hidden patterns. In this regard, the development of approaches for the intelligent analysis of factors influencing sleep is a relevant scientific and technical task. Goal. To examine and identify the relationships between physiological, behavioral, and environmental factors and sleep quality using exploratory data analysis methods. Research methods. The research was based on exploratory data analysis (EDA) methods, primarily aimed at examining the presence of correlations between sleep quality and variables such as sleep duration, stress level, and physical activity. The subsequent construction of a heatmap was necessary to identify latent relationships and to extract the most relevant features. In addition, a linear regression model, a decision tree model, and a logistic regression model were employed to investigate the factors influencing human sleep quality. The results. The results obtained using the developed software application with a graphical user interface for analyzing factors influencing human sleep quality are presented. The software application enables data loading, exploratory data analysis, model construction, and result visualization in a user-friendly format. It supports the application of both classification and regression algorithms, allowing it to be adapted to a wide range of analytical tasks. An analysis of the obtained results was conducted, and models with the highest accuracy, adaptability to complex relationships, and interpretability were identified. Conclusions. The obtained results confirm the versatility of decision tree methods for the analysis of sleep-related factors. Their accuracy and algorithmic transparency make this approach optimal for modeling complex interrelationships within the scope of the study. Overall, the analysis of factors influencing sleep using EDA methods enables the transformation of complex data into meaningful analytical models, which represents a relevant task for digital medicine.

Autonomous orchestrated incident response system based on SIEM

2026-05-20T11:50:38+00:00

Relevance. Modern information systems generate security events from various sources, including operating system and service logs, network sensors, vulnerability scanners, and other monitoring tools. In such conditions, SIEM enables the centralized collection, indexing, and correlation of telemetry; however, the transition from analytical results to practical response often remains insufficiently formalized. This leads to delays, dependence on manual actions, difficulties in ensuring the repeatability of procedures, and the absence of a unified mechanism for confirming executed response actions. An additional challenge is the provision of secure autonomous access to endpoints during an incident, when both manual confirmation of SSH connections and insecure trust on first use are unacceptable. In this context, the development of an architectural bridge between SIEM analytics and an orchestration system is highly relevant, as it can ensure controlled, repeatable, and auditable incident response regardless of the original source of events.

Goal. The purpose of this work is to substantiate and experimentally validate an architectural approach to autonomous orchestrated incident response, in which the results of SIEM analytics are transformed into a structured incident record and then used to initiate response procedures in an orchestration system. To achieve this goal, the detector is described in a declarative form, the incident record is standardized, repeated triggering is controlled through a unique incident key and a re-execution lockout interval, target assets are aligned with inventory data, execution results are logged, and secure access to endpoints based on SSH Host CA is implemented. The scenario of detecting and responding to an SSH brute-force attack was chosen as a demonstration case.

Results. As a result of the study, an architectural approach that combines SIEM analytics with the automated execution of response actions on target assets was developed and experimentally validated. It was shown that the result of an analytical query in a SIEM can be consistently transformed into an incident record, used to construct a unique incident key, verify re-execution policies, align the target asset with the inventory, and transfer parameters to a playbook. The implemented prototype confirmed the technical feasibility of building a complete cycle from event detection in the SIEM to the execution of a response procedure on an endpoint and the recording of the result in a structured log. It was also confirmed that the use of SSH Host CA makes it possible to provide secure autonomous access to endpoints without manual confirmation during an incident. The obtained results further demonstrated that the proposed architecture can be scaled to other response scenarios provided that the detection rules and execution procedures are adapted accordingly.

Conclusions. The obtained results confirm that the integration of SIEM analytics with an orchestration system makes it possible to implement a controlled framework for autonomous incident response. The result of SIEM analytics is transformed into an incident record, which is then used to control repeated executions, align the target asset with the inventory, and initiate a response scenario. Practical validation based on the SSH brute-force case confirmed the technical feasibility of this approach: a complete cycle was implemented, from event detection to response execution and the recording of its result in the log. The proposed architecture is suitable for responding to incidents identified from various event sources, provided that their results are aggregated and correlated in the SIEM. The use of SSH Host CA ensures secure autonomous access to endpoints without manual confirmation during an incident. Further development of this work should be associated with the software implementation of the bridge module, the expansion of the response scenario library, and the transfer of response logs back to the SIEM for further analysis.

A Mathematical Model of Automatic Verification of Formalized Proofs and a Conservative Presentation Interface over Lean

2026-05-20T12:00:31+00:00

Assessment of the impact of photorealistic textures on the accuracy of computer vision models using synthetic datasets

2026-05-20T12:11:31+00:00

Relevance. The current development of computer vision faces the problem of high cost and labor intensity of collecting real annotated data. The use of synthetic data generated in graphics engines is an effective alternative, but the main obstacle remains the “domain gap,” which reduces the accuracy of models on real images.

The goal of this work is to quantitatively assess the impact of the photorealistic texture of the target object on the detection efficiency of YOLO models when transitioning from simulation to reality (Sim2Real).

The research methodology is based on a controlled experiment in the Unity environment, where two identical synthetic datasets were generated, differing only in the type of 3D model texture: highly detailed photorealistic (“Textured”) and monochrome white (“White”). The models were trained based on the YOLOv11s architecture using a transfer learning strategy and a two-step fine-tuning process. The results were validated on an independent set of exclusively real photographs.

Results. Both models, trained on two datasets (“Textured” and “White”), achieved almost identical accuracy on synthetic validation data (mAP@0.5 ≈ 0.995). However, on real photos, the “Textured” model demonstrated 11.6 times higher mAP@0.5 compared to the “White” model. The recall for the textured model was 10.3 times higher than for the model that relied solely on geometric shape.

Conclusions. Photorealistic texture is a critical factor for successful Sim2Real transfer. It ensures the formation of universal low-level features in the early layers of the neural network, which are necessary for recognizing objects in a real environment. High-quality texturing of 3D assets should be considered a strategic priority rather than an auxiliary stage of visualization.

Modular JavaScript library for ensuring web interface accessibility in accordance with WCAG 2.2

2026-05-20T12:23:45+00:00

Relevance. Web accessibility has become a critical aspect of modern web development, considering the needs of more than 1.3 billion people with disabilities worldwide. Despite the existence of WCAG standards, the vast majority of websites remain inaccessible, highlighting the demand for comprehensive yet easy-to-integrate tools that address key accessibility challenges.

Purpose. The main goal is to develop a modular JavaScript library that provides comprehensive web interface accessibility enhancements in accordance with WCAG 2.2, while maintaining simplicity of integration and high performance.

Research Methods. The research applied a user-centered iterative development methodology with step-by-step validation of features through scripted evaluation, comparative testing with existing solutions, and the implementation of a browser extension for practical verification.

Results. A modular JavaScript library was developed consisting of seven independent components (dark mode, high contrast, keyboard navigation, text scaling, focus enhancement, dyslexia support, double-click protection), each addressing specific WCAG 2.2 success criteria. The effectiveness of the components was demonstrated through measurable improvements: enhanced contrast ratios (from 3.8:1 to 21:1), a 25% reduction in keystrokes for navigation, increased focus visibility (contrast improvement from 1 to 6.5), and full compliance with dyslexia readability parameters. Real-time interaction and dynamic content adaptation further improve user experience.

Conclusions. The proposed solution bridges the gap between fragmented accessibility tools by offering a unified approach with a high level of modularity. The library has demonstrated practical feasibility through a browser extension and is ready for integration into existing web projects. The proposed architecture provides a robust foundation for future research and development in the field of digital accessibility.

An Entropy Leakage Algebra for IEEE 754 Floating-Point Cryptographic Computations

2026-05-20T14:52:33+00:00

Relevance. Floating-point arithmetic is not neutral ground for cryptography. The IEEE 754 standard leaves enough room for hardware and compilers to vary—in rounding, in FMA contraction, in subnormal handling—that the same program can produce measurably different intermediate distributions depending on where it runs. This nondeterminism is invisible to the programmer yet can shift probability mass in secret-dependent distributions, creating entropy leakage risks unaccounted for by conventional security models.

Objective. To develop a rigorous compositional framework—the Entropy Leakage Algebra (ELA)—for bounding the min-entropy loss induced by IEEE 754 floating-point arithmetic across arbitrarily complex cryptographic pipelines.

Methods. The ELA is a commutative semiring whose elements are symbolic leakage expressions. Two operations—⊕ for sequential composition and ⊗ for parallel branching—reflect the structure of floating-point pipeline execution. Four generator families grounded in IEEE 754 semantics (directed rounding γρ, FMA contraction γf, flush-to-zero γz, and expression reordering γr) are defined and proved sound via min-entropy bounds.

Results. The semiring axioms are proved. A unique Sum-of-Maxima Normal Form (SMNF) is established, computable in O(|e|²). The domination order on elements is shown to be decidable in polynomial time, enabling automated platform comparison. Three case studies—an ML-KEM NTT pipeline (8.6 vs. 8.3 bits empirical), an RSA Montgomery ladder (12.7 bits exact match), and a neural-network key-derivation function (4.8 vs. 4.75 bits)—validate algebraic bounds against empirical measurements with agreement within 4%.

Conclusions. The ELA provides a mechanizable certification path for entropy safety of floating-point cryptographic implementations. The SMNF analysis identifies flush-to-zero subnormal handling (γz) as the dominant vulnerability across all studied pipelines, a structural result that would otherwise require separate empirical measurement campaigns.

Mathematical modeling of tumor growth dynamics for personalized therapy selection

2026-05-20T15:05:02+00:00

Purpose of the work: to analyze current approaches to mathematical modeling of tumor growth and prediction of their dynamics using classical deterministic models and machine learning methods, as well as to determine the prospects for their use in modern mathematical oncology and personalized antitumor therapy.

Research methods: analysis and systematization of modern scientific publications on mathematical oncology; use of mathematical modeling methods for tumor growth (exponential, logistic, Gompertz and Bertalanffy models); statistical analysis of clinical data; application of machine learning methods for regression analysis and prediction of tumor growth dynamics based on longitudinal MRI data from the open LUMIERE dataset.

As a result of the study, a review and comparative analysis of classical mathematical models of tumor growth and their modifications used to describe the biological processes of proliferation and restriction of tumor tissue growth was performed. Preliminary processing and analysis of clinical and imaging data, including the volumes of various tumor components, was carried out. Individual tumor growth trajectories were modeled using regression models and ensemble machine learning methods, in particular Random Forest. It was shown that machine learning methods provide more stable and accurate predictions of complex tumor growth dynamics compared to classical models in the case of high data variability.

Conclusions: Combining classical mathematical models of tumor growth with modern machine learning methods is a promising direction for the development of mathematical oncology. This approach improves the accuracy of predicting individual tumor dynamics and creates a basis for developing personalized treatment strategies. The results obtained indicate the feasibility of further use of hybrid models in research on precision medicine and personalized antitumor therapy.

The impact of GNN architecture on the robustness of edge routes in scenarios of single node types

2026-05-20T15:14:54+00:00

The paper considers the problem of intelligent routing (path finding) in software-defined networks (SDN) using graph neural networks in order to increase the efficiency of network resource use and adapt to dynamic changes in the network state (for example, channel congestion or delays).

Topicality. Modern software-defined networks (SDN) are faced with increasing traffic volumes and increased quality of service (QoS) requirements. Traditional routing algorithms (e.g. Dijkstra) are static and inefficient in conditions of high load dynamics or sudden topology changes (hardware failures). This leads to channel congestion, increased latency, and packet loss. The use of machine learning methods, in particular graph neural networks (GNN) and reinforcement learning (RL), opens up new opportunities for creating adaptive intelligent agents capable of optimizing routing in real time, which makes this research timely and important for the development of telecommunication systems.

Goal. The aim of the research is to improve the efficiency and reliability of data transmission in SDN networks by developing and comparative analysis of intelligent routing methods. The main focus is on the study of graph neural network architectures (GCN, GAT) and the Q-Learning algorithm to provide adaptive traffic management under conditions of variable load and network node failures.

Research methods. The methodological basis of the work is based on the integrated application of graph theory to formalize the network topology, deep learning methods to process node features, and reinforcement learning algorithms to make routing decisions. Experimental verification of the proposed approaches was carried out by emulating a software-configured network in the Mininet environment under the control of the Ryu controller. The software implementation included the development of models based on convolutional networks (GCN) and attention networks (GAT) using deep learning libraries, as well as the implementation of the Deep Q-Learning agent. The effectiveness of the algorithms was assessed by comparative analysis of key quality of service metrics - throughput, average latency, and packet loss percentage - in scenarios of gradual load growth and emergency topology change due to equipment failure.

The results. The study found that the integration of machine learning methods allows for significant improvements in data transmission parameters compared to the classic Dijkstra algorithm, especially in high traffic conditions, where intelligent agents provide lower latency and connection stability. Critical analysis of fault tolerance revealed significant differences between the studied architectures: the GCN model demonstrated limited adaptability with a routing failure rate of 30%, while the GAT architecture showed better flexibility, generating optimal paths in half of the cases. The highest efficiency was confirmed by the Q-Learning method, which, thanks to dynamic interaction with the environment, ensured the construction of ideal routes in 85% of experiments and minimized packet loss to 5–7% even in critical situations, which proves the superiority of Reinforcement Learning approaches over Supervised Learning methods in adaptive network control tasks.

Application of a precedent analysis paradigm for the purposes of multibase cloud monitoring of DNS traffic

2026-05-20T15:28:19+00:00

Relevance. The increasing complexity of DNS infrastructure and the growing level of threats in the network environment necessitate the development of intelligent DNS traffic monitoring tools capable of providing transparent, adaptive, and well-grounded detection of behavioral anomalies. Particular relevance is associated with the implementation of approaches that enhance the traceability of decision-making logic in artificial intelligence (AI) systems.

Purpose. The purpose of this study is to experimentally investigate a prototype software tool for monitoring the current state of DNS traffic with extensive implementation of AI capabilities, the logic of which is based on the concept of case-based reasoning (CBR) for behavioral DNS traffic anomaly analysis.

Research Methods. The study employs simulation modeling methods, multi-base measurements of DNS query processing time using a system of distributed cloud-based sensor-testers, as well as case-based reasoning algorithms for intelligent post-processing of data. The prototype was implemented as a Python client integrated with the Gemini API, operating on a dataset formed based on the results of previous studies [1–2]. During operation, the system autonomously modifies the anomaly registry by adding new cases based on analytical processing results.

Results. The obtained results demonstrate that the proposed DNS traffic monitoring approach ensures the detection of both previously known anomalies and the localization of previously unidentified irregularities. The feasibility of applying the case-based approach to improve the efficiency of adjusting the parameters of the active Response Policy Zone (RPZ) [3] and to enhance situational awareness of personnel regarding DNS traffic security has been confirmed. At the same time, the experiments revealed a so-called “clustering” effect that may lead to false positive event assessments and, consequently, contradictory interpretations of the observed network events.

Conclusions. The revision of existing constraints and analytical tasks for AI modules, followed by further modeling, confirmed that the introduced modifications significantly reduced the identified “clustering” effect and improved the reliability of anomaly interpretation based on a defined system of indirect (implicit) indicators. The obtained results confirm the feasibility of further developing the case-based reasoning approach in intelligent DNS traffic monitoring systems.