Bulletin of V.N. Karazin Kharkiv National University, series «Mathematical modeling. Information technology. Automated control systems»

Intelligent information technology to support changeability in software life cycle processes of cyber-physical systems

2025-11-07T13:30:09+00:00

Actuality. The development of software for cyber-physical systems (CPS) should take into account the specific features of their construction and operation, which supposes to support a changeability of project assets and system solutions at all main stages of their life cycle (LC). Solving these problems is impossible without the usage of intellectual methods and tools, and therefore the topic of this study is the actual scientific and technical task.

Goal. The aim of this work is to develop the intelligent information technology (IIT) that provides end-to-end support for the changeability of project assets in all major phases of the LC CFS, which finally has to improve the quality indicators of critically important development and maintenance processes of such systems.

Research methods. Based on a critical analysis and methodological generalization of some previously obtained scientific and practical results, the structural and functional scheme of IIT has been developed, which integrates some knowledge-oriented model-technological tools, which allows to ensure support for the properties of variability, adaptability, configuration and adjustability of design solutions and software components of the CFS at their LC stages such as domain engineering, architectural design, code construction, and maintenance of their software components.

Results. Using the examples of Smart home systems and mobile augmented reality systems development, some essential features of the CFS’s construction and operation have been studied, and the methodological basis for a knowledge-oriented software development of such systems has been formed. The generalized IIT scheme in IDEF0 notation has been proposed, its main functional blocks have been defined, software experiments have been conducted, and quantitative metrics are calculated, that shows the total increase in the quality indicators of software development and maintenance processes by approx. 22,4%.

Conclusions. The presented studies confirmed the feasibility of using knowledge-oriented models, methods and tools for the development and maintenance of CFS software, and the possibility to design the end-to-end intelligent information technology, which supports the properties of changeability of project assets and system solutions at the main phases of the LC CFS, that, in turn, allows to significantly processes quality improving in creation of such systems.

XAI Optimization for Low-Latency Neural-Based Intrusion Detection Systems in Network Environments

2025-11-03T09:42:51+00:00

Relevance. In contemporary network environments, deep learning-based intrusion detection systems (IDS) provide significant improvements in detecting complex and evolving cyber threats. However, their practical deployment in real-time applications is severely limited by computational complexity, latency, and a lack of interpretability, commonly referred to as the "black-box" problem. Integrating eXplainable Artificial Intelligence (XAI) methods into IDS is crucial for enhancing the transparency, trustworthiness, and operational effectiveness of security systems. Goal. The aim of this research is to explore and optimize XAI methods to achieve low-latency, explainable neural-based intrusion detection systems suitable for real-time network traffic analysis, thus balancing interpretability with computational efficiency and detection accuracy. Research methods. The study conducted a systematic review and comparative analysis of existing deep learning (DL) models (CNN, LSTM, GRU, Autoencoders, CNN-LSTM hybrids) and prominent XAI techniques (SHAP, LIME, Integrated Gradients, DeepLIFT, Grad-CAM, Anchors). Optimization strategies were proposed, including hardware acceleration, lightweight gradient-based attribution methods, hybrid architectures, and selective explanation strategies. Empirical validation was performed on standard datasets (CICIDS2017, NSL-KDD, UNSW-NB15). The results. The analysis revealed that gradient-based attribution methods (DeepLIFT, Integrated Gradients) are optimal for real-time IDS due to minimal latency and high fidelity. Hybrid explainable-by-design frameworks, specifically CNN-LSTM models enhanced with attention mechanisms (ELAI framework), demonstrated significant performance gains with detection accuracy exceeding 98% and inference times below 10 ms. Optimized methods notably improved zero-day attack detection rates up to 91.6%. Conclusions. The research successfully demonstrated practical methods for integrating explainability into real-time neural-based IDS, significantly enhancing both detection performance and decision transparency. Future research should focus on standardizing evaluation metrics, refining attention-based models, and extending these optimization approaches to other cybersecurity applications.

Research of the procedure for converting text into sql based on large language models (LLM) through cross-domaine semantic analysis

2025-11-03T10:00:14+00:00

Theme of work. Research on the Text-to-SQL conversion procedure based on Large Language Models (LLM) through Cross-Domain Semantic Analysis. Purpose of work. To enhance the accuracy and adaptability of Text-to-SQL conversion using Large Language Models (LLM) through cross-domain semantic analysis, enabling reliable query interpretation across various domains and database structures. Methods of research. Comparative analysis, experimental evaluation, cross-domain semantic testing. Results. The research demonstrates that optimized prompt engineering and fine-tuning significantly improve the accuracy and cross-domain adaptability of Large Language Models for Text-to-SQL conversion. Conclusions. This study confirms that Large Language Models (LLMs) can effectively enhance the Text-to-SQL conversion process when optimized with targeted prompt engineering and fine-tuning. Cross-domain semantic analysis proved essential for enabling LLMs to handle varied database structures and domain-specific terminology, improving versatility and accuracy. The findings highlight the potential of LLMs to make SQL query generation more accessible to non-technical users, promoting broader application of AI in database management. Future work may focus on further refining these models to reduce computational costs and increase processing efficiency.

Analysis of software for the implementation of OSINT in the field of information security

2025-11-03T10:16:31+00:00

Relevance. The global modern cyberspace is characterized by a rapid increase in risks and threats to important information of government agencies, business and society. In such circumstances, open source intelligence (OSINT) is gaining importance as a tool for monitoring the information space, identifying potential threats and ensuring information security. OSINT software allows you to effectively collect, analyze and interpret data from open sources, including social networks, public databases and web resources. This facilitates timely response to cyber threats, identification of vulnerabilities and decision-making to protect information systems and critical infrastructure of the state's information relations entities.

Objective. To analyze the characteristics and capabilities of modern specialized software with a view to their effective use as open source intelligence (OSINT) tools in the context of identifying potential threats and ensuring information security of subjects of information relations.

Research methods. In the process of writing this article, the author used the methods of technical analysis, comparative and descriptive approach, systematization and classification to study the functionality of OSINT tools, to predict their effectiveness and development prospects.

Results. Based on the analysis, the key characteristics of software solutions such as Maltego, TheHarvester, Shodan, ZoomEye, LeakIX, Sublist3r and SubFinder are identified, their suitability for monitoring the information space, identifying risks and vulnerabilities, as well as timely response to eliminate negative consequences are assessed. Recommendations for the optimal use of these tools on modern computers are proposed, taking into account the requirements for hardware, security and process automation.

Consideration of the applied aspects of OSINT use makes it possible to formulate practical recommendations for cybersecurity professionals. The analysis makes it possible to integrate the results into training programs for information security specialists. It has been established that the effectiveness of OSINT largely depends on the level of user training and his/her ability to interpret the information received. The material reviewed demonstrates the prospects for using machine learning to automate data collection and filtering processes. The author emphasizes the need to continuously update the knowledge bases and algorithms used in OSINT. The results of the study can be used to create integrated solutions to ensure the cyber resilience of organizations.

Conclusions. Open source intelligence (OSINT) is based on the collection, systematization and analysis of data from publicly available sources, such as social networks, websites, public databases and media. The basis of OSINT software is the use of automated tools that allow you to efficiently process large amounts of information, detect connections between data, and identify potential threats to information security. Tools such as Maltego, TheHarvester, Shodan, ZoomEye, LeakIX, Sublist3r, and SubFinder provide tasks ranging from passive data collection to active analysis of network infrastructure, which allows identifying vulnerabilities, monitoring cyberspace, and supporting timely decision-making in the field of information security and information protection.

The author classifies OSINT software by functional purpose, allocating three main categories: tools for detection, extraction and aggregation of data. A comparative analysis of such tools as Maltego, TheHarvester, Shodan, ZoomEye, LeakIX, Sublist3r and SubFinder is proposed, with the definition of their key characteristics, including compatibility with operating systems, methods of information collection, process automation and security level, which helps to choose the optimal tool for solving the problems of monitoring cyberspace and countering information threats.

Promising directions for further development of OSINT software in the field of cybersecurity of the State are presented.

A Systematic Review on Workload Change Detection in Distributed Databases

2025-11-03T11:09:41+00:00

Distributed Databases became essential part of a large part of nowadays software. It has numerous of advantages including scalability, fault tolerance, high availability, and improved performance. It solves a lot of problems of centralized databases but can also suffer with challenges. One of them is skewed access. Workload in distributed DBMS often changes, such fluctuations can cause ineffective operation of the system. Imagine access to one row of database became 10 times more frequent, or complex requests start operating with the data highly distributed geographically. Such behavior shows that initial data distribution cannot be always efficient enough. And to address this problem adoptive design technics were invented. In this article we review the common steps of adoptive technics and concentrate attention at workload detection and hot data identification.

The purpose of the article is to introduce adoptive design approach of distributed database management systems, review and analyze existing technics and theirs steps, especially workload change detection and hot data identification. The final goal is to compare theses technics and lead out their main concerns.

As a result of this work some existing approaches were analyzed and highlighted their common parts alongside with differences, presented their main issues.

After reviewing all technics, we can see that current solutions cannot give precise results without creating much overhead to the system. Also, there is no approach to giving up-to-date information about hot data without creating overhead. Overhead in such situations is a major issue. In skewed access patterns distributed nodes can become very busy with processing queries and additional computations can lead to worse overall system performance then without adoptive design or even to node outage. So, search for solutions, that give precise and up-to-date results without significant overhead is a big field of future researches.

Security of medical cyber-physical systems

2025-11-03T10:37:36+00:00

Relevance. Medical cyber-physical systems (CPS), including IoMT devices for real-time monitoring, diagnostics, and therapy, have become integral to healthcare digitalization. The convergence of operational technology with traditional IT expands attack surfaces, making hospitals and telemedicine infrastructures attractive targets for cyber adversaries. Hybrid warfare further amplifies risks, as cyberattacks on medical networks may cause not only data breaches but also direct harm to patients and disruption of critical care.

Purpose. The research aims to classify and analyze the main types of threats and vulnerabilities affecting medical CPS in hybrid conflict environments, summarize existing protection strategies, and propose a framework for enhancing their cyber resilience through regulatory, organizational, and technological measures.

Research Methods. The study applies the PRISMA methodology to review publications indexed in Scopus, IEEE Xplore, and PubMed. Comparative and analytical methods were used to synthesize findings from recent incidents, including the WannaCry ransomware attack on the NHS, the SingHealth breach in Singapore, and other high-impact cases targeting healthcare data.

Results. The analysis revealed a dominance of ransomware, DDoS, and IoMT exploitation via insecure communication protocols and legacy software. Weak authentication, insufficient network segmentation, and human factor vulnerabilities remain key issues. Among effective countermeasures are multi-factor authentication, blockchain-based data integrity control, end-to-end encryption, and Cybersecurity Mesh Architecture (CSMA). The study highlights the importance of applying quantum-resistant cryptography and AI-driven adaptive defense systems capable of autonomous detection and response in dynamic threat environments.

Conclusions. Despite advances in medical device security, the resilience of CPS in hybrid threat contexts remains insufficient. Ensuring security-by-design, strengthening compliance with international cybersecurity standards (such as ISO/IEC 80001 and IEC 62443), and developing specialized cybersecurity training for medical personnel are critical steps. The integration of AI-based situational awareness, regulatory harmonization, and public-private cooperation will significantly enhance the sustainability and trustworthiness of digital healthcare ecosystems.

Using fractal analysis in neural network optimization algorithms in medical diagnostics

2025-11-03T10:46:21+00:00

Relevance. The development of optimization methods for neural networks in medical tasks is limited by data noisiness and imbalance, which complicates the application of classical algorithms. The use of fractal analysis makes it possible to create new approaches for improving the robustness, stability, and accuracy of models.

Goal. To improve the convergence and stability of training deep neural networks in medical diagnostics through a new optimization algorithm based on fractal self-similarity.

Methods. The proposed algorithm extends the Adam by introducing fractal modulation of gradient moments through multiscale averaging. Two temporal moments are maintained: a short-term component reflecting local gradient trends and a long-term component that accumulates fractal-smoothed information over multiple scales. The update rule incorporates a fractal coefficient which controls the balance between local adaptability and global stability. This design allows the optimizer to perform gradient corrections in a self-similar manner, analogous to fractional-order dynamics.

Results. Experimental results showed that the FractalMomentAdam optimizer achieves superior performance across several key metrics. The algorithm reached a validation accuracy of 96.44%, exceeding the baseline Adam by 2.5%, while also demonstrating smoother convergence and reduced loss oscillations between epochs. The multiscale fractal smoothing contributed to better noise resistance and more stable training dynamics in the presence of data imbalance. The combination of adaptive moment estimation and fractal modulation effectively enhanced both convergence speed and final model quality.

Conclusions. The research confirms that the fractal approach to optimization provides a robust and efficient alternative to traditional gradient-based methods. By incorporating self-similar structures into moment estimation, FractalMomentAdam enhances the stability, reliability, and adaptability of neural network training in medical tasks. These findings open prospects for further research in the field of adaptive fractal optimizers, including dynamic parameter tuning, hybridization with metaheuristic strategies, and application to broader classes of medical datasets.

Methods of Cyber Espionage and Their Impact on International Security

2025-11-03T10:56:25+00:00

The relevance of this research is determined by the increasing role of cyber espionage as a geopolitical tool and a means of obtaining confidential information. In the context of digitalization, government institutions, international organizations, and corporate entities are becoming key targets of cyberattacks, posing significant threats to national security and global stability.

This article aims to analyze the phenomenon of cyber espionage, particularly its technical, organizational, and social aspects, based on real-world cases. The study focuses on the use of modern attack methods, such as targeted phishing, software vulnerability exploitation, and modular malware deployment. The article seeks to identify common characteristics of cyber espionage campaigns and develop recommendations to counter such threats.

A theoretical methodological approach was used in the study, combining literature review, case analysis of attacks (Red October operation, the attack on the U.S. Office of Personnel Management, the cyberattack on the International Criminal Court, the "Star Blizzard" operation), and a systematic analysis of factors contributing to the success of cyber espionage campaigns.

The study identified key technical methods of attacks, their impact on information security, and the role of the human factor in the success of cyber espionage. Recommendations for strengthening cybersecurity were formulated, encompassing technical, organizational, and international measures.

The findings of this article are of interest to researchers, cybersecurity professionals, and governmental bodies dealing with information protection issues and can be used for developing policies to counteract cyber espionage.

Comparative analysis of YOLOv5 and MobileNetV3 models for real-time image recognition

2025-11-03T11:06:13+00:00

Relevance: With the growing need for fast and accurate real-time object recognition, especially for mobile and embedded systems, the question of choosing the optimal AI models arises. Comparisons of lightweight and high-precision architectures such as YOLOv5 and MobileNetV3 are important for developing efficient computer vision systems and exploring the principles of hybrid model construction.

Purpose: Comparison of the YOLOv5 and MobileNetV3 architectures to analyze the efficiency for real-time object recognition applications, and to confirm that hybrid models can improve the efficiency of these tasks.

Research methods: image preprocessing methods, deep neural network training methods, measurement of accuracy, processing speed, and resource usage; comparative analysis of results to assess model effectiveness.

Results: An experimental study showed that YOLOv5 demonstrates better overall accuracy on the COCO test suite, but requires more computing resources. MobileNetV3, on the other hand, provides faster output and efficient functioning on low-power devices, sacrificing accuracy in part. As such, both models have proven their suitability for real-world applications, and the choice between them depends on the specific balance between speed, accuracy, and platform limitations. Combining these models gives better results in object recognition, although this may increase the size of the model itself and resource consumption.

Conclusions: As a result of the study, the YOLOv5, MobileNetV3 and hybrid models for the object recognition problem were compared. The hybrid model demonstrated better accuracy and balance between processing speed and resource utilization than individual models. This indicates the feasibility of using hybrid approaches to improve the efficiency of computer vision systems in real conditions. Therefore, the hybrid model is a promising direction for further research and practical implementation.