Central bank digital currencies are a third form of currency, alongside cash and electronic money. As of 2026, 86% of the world's 65 leading central banks were involved in researching the introduction of their own digital currencies. However, central banks use different circulation architectures when developing digital currencies. This article describes these architectures and compares their information security using modeling. The scientific novelty lies in the creation of a mathematical model of a central bank digital currency platform with different architectures and a comparison of their characteristics. The research methods used in this article include analysis, synthesis of data from various sources, induction, and modeling. The result of this article is a model of a central bank digital currency platform and a quantitative assessment of the level of information security. The objective of the article is to quantitatively evaluate the key security indicators of a hybrid architecture and a fully permitted architecture under real-world cyberattack profiles.

Keywords: centralized architecture, central banks, information security, modeling, digital ruble, hybrid architecture

The paper considers an approach to choosing a tool for investigating vulnerabilities in the Active Directory directory service, which contains information of primary value to intruders, making it possible to determine the best point of entry into the system and develop the optimal strategy and tactics to implement the most effective and fastest attack. As part of this work, an analysis of possible directory service threats has been carried out and a classification of attacks on Active Directory has been provided. The classification of tools used to obtain useful information from Active Directory is given. The possibilities of Cobalt Strike as a tool for threat emulation and post-operational tasks based on a hidden agent and an updated database of attacking scripts are considered. The analysis of the practical implementation of cyber attacks using the tool Cobalt Strike over the past few years has been carried out. The methodology of such cyber attacks has been studied and detailed step by step.

Keywords: information security, cyberattack, attack scenarios, threat analysis, directory service, Active Directory, Cobalt Strike

This paper examines an approach to comprehensively ensuring the security of mobile devices, which are the primary tools for communication, banking, and the use of medical services containing passwords, documents, and correspondence. Mobile device security is examined at several levels. Protection levels for mobile platforms, applications, telecom operators, and the user level are highlighted. An analysis of attacks on mobile devices is conducted, and the vectors of the most common attack types are identified. A comparative analysis of iOS and Android mobile platforms was conducted, highlighting their strengths and weaknesses. The main areas of mobile device security implemented by telecom operators were analyzed. Several successful attacks on mobile banking systems were analyzed, and a classification of the main threats to mobile banking was provided.

Keywords: mobile device protection, cyberattack, attack vector, Android, iOS, application protection methods, mobile banking systems

This paper considers a modification of the (m, m) visual cryptography scheme using quasi-orthogonal matrices. The use of Mersenne matrices with two-level values {a, -b} is proposed. The scenario of partial key compromise is investigated, where a potential attacker knows the structure of the key matrix but lacks information about its specific level values {a, -b}. Numerical modeling of the restoration process for grayscale secret images using Mersenne matrices of a fixed order and structure with different sets of level parameters has been conducted. It is shown that even with extremely small deviations of the level values from the true ones, the restoration of a visually distinguishable image becomes impossible. The obtained results confirm that the use of Mersenne matrices expands the key space compared to the earlier (m, m) scheme using Hadamard matrices and provides an additional layer of protection in visual cryptography tasks.

Keywords: Image with a secret, Hadamard matrices, Mersenne matrices, matrix multiplication

The paper addresses the problem of automated detection of destructive verbal impacts in user-generated content of digital platforms as an element of information security assurance. A method for context-semantic identification of aggressive and discriminatory statements based on the RuBERT transformer model fine-tuned on a specialized annotated corpus of Russian-language messages is proposed. The procedures of data preparation, training of a binary classifier, and probabilistic interpretation of the results are described. Experimental evaluation confirms the effectiveness and robustness of the method with respect to lexical variability and context-dependent forms of verbal aggression, as well as the possibility of its integration into automated systems for monitoring and protection of the information space.

Keywords: information security, destructive content, verbal aggression, automatic moderation, context-semantic analysis, transformer model, RuBERT, binary classification, machine learning, natural language processing, monitoring system, intelligent filtering

The article is devoted to the current problems of information security in software development. The main purpose of the research is to increase the level of security in software development by implementing security tools and DevSecOps practices. The main threats to information security that arise at each stage of software development, from planning to product operation, are considered. The analysis of the main tools used to ensure the overall security of the developed software such as Jenkins, SonarQube, Zed Attack Proxy, Osquery, Trivy, Docker is carried out. The proposed methodology makes it possible to integrate security measures into the development process, minimize the human factor, reduce the response time to vulnerabilities, and ensure information security control throughout the software lifecycle.

Keywords: secure software development, software lifecycle, threats, secure development tools, information security

The article examines the characteristics of insider threats, analyzes typical insider motivations, and identifies the main technical vectors used to carry out attacks, including unauthorized data copying, the use of cloud services, instant messengers, and remote access mechanisms. Particular attention is paid to the role of access control systems in preventing personal data leaks, as well as to contemporary scientific and practical approaches to countering insider activity. It is demonstrated that effective minimization of the risks associated with insider incidents is achievable only through a comprehensive combination of organizational, technical, and legal measures, along with systematic enhancement of personnel awareness in the field of information security.

Keywords: insider threats, personal data leakage, access control, dynamic access control, behavioral analysis

The article is devoted to a comparative analysis of classical interpreted machine learning algorithms for detecting phishing URLs. The introduction substantiates the relevance of the problem, notes the evolution of threats and the lack of research evaluating not only accuracy, but also practical criteria for performance and explainability of models. The literature review systematizes modern approaches: methods of URL feature analysis, semantic text analysis, and traditional non-ML solutions, and highlights a gap in the comprehensive evaluation of algorithms. The methodology describes the stages of working with a public dataset: data preprocessing, including removing constant features and scaling, and choosing three algorithms for comparison — logistic regression, decision tree, and random forest. The results section presents comparative quality metrics (Accuracy, Precision, Recall, F1-Score), error matrix analysis, training time measurements and predictions, as well as model interpretation through the importance of features, where the key indicators of phishing are the short age of the domain and signs of obfuscation. The discussion of the results includes comparing the effectiveness of Random Forest with neural network approaches from other studies, confirming the high accuracy of ensemble methods, and formulating practical recommendations for choosing an algorithm depending on the use case (prototyping, industrial deployment). In conclusion, the practical value and interpretability of classical methods are emphasized, as well as the limitations and prospects of creating hybrid systems.

Keywords: phishing, cybersecurity, information security, machine learning, Random Forest, detection of phishing attacks

This article analyzes the impact of artificial intelligence (AI) and machine learning technologies on the development and transformation of cyberthreats and the creation of highly effective cyberdefense systems. Key trends in AI evolution are discussed, including data-, model-, application-, and human-centric approaches, and their role in shaping both defensive and offensive capabilities. It is shown that attackers actively use AI to automate reconnaissance, personalize attacks, evade detection systems, and conduct complex multi-stage cyberattacks. The main types of impact on machine learning systems are analyzed: data manipulation, adversarial examples, attacks on models and their infrastructure. Modern defense methods that improve model robustness, data security, and the resilience of AI systems are presented. The idea of ​​​​the need to integrate intelligent approaches at all levels of the cyberdefense architecture and develop trusted, interpretable, and resilient machine learning models to counter new classes of threats is put forward.

Keywords: artificial intelligence, cybersecurity, cyberattack, machine learning, innovation, security, information, protection

The article discusses the problem of feature selection when training machine learning (ML) models in the task of identifying fake (phishing) websites. As a solution, a set of key metrics is proposed: efficiency, reliability, fault tolerance, and retrieval speed. Efficiency measures impact of feature to prediction accuracy. Reliability measures how well feature distinct phishing from legitimate. Fault tolerance score measures empirical probability of feature to be valid and fulfilled. And retrieval speed is logarithmic time of feature extraction. This approach allows for the ranking of features into categories and their subsequent selection for training machine learning models, depending on the specific domain and constraints. In this article, 82 features was measured, and 6 fully-connected neural networks was trained to evaluate the effectiveness of metrics. Experiments has shown that proposed approach can increase the accuracy of models by 1-3%, precision by 0.03, and significantly reduce overall extraction time and so improve response rate.

Keywords: feature evaluation method, machine learning model, identification of phishing websites, metric, efficiency, reliability, fault tolerance, and retrieval speed

This paper discusses a method for countering Sybil attacks in distributed systems based on the analysis of electromagnetic power maps of the temporal characteristics of network traffic. The key hypothesis is that multiple Sybil identifiers controlled by a single attacker node exhibit statistically significant correlation in their network activity patterns, which can be identified using a correlogram. A method for detecting Sybil attacks in wireless networks is proposed based on the analysis of correlograms of electromagnetic signal power maps. The method exploits the statistical properties of power profiles arising from the correlation of network activity of Sybil nodes controlled by a single attacker. A protection system architecture has been developed, including modules for network activity monitoring, correlogram calculation, clustering, and anomaly detection. A set of 10 correlogram parameters is introduced for attack identification, including profile variance, randomness and periodicity coefficients, spectral density, and correlation characteristics. Experimental testing on a millimeter-wave radar station demonstrated detection accuracy ranging from 83.2% to 97.4%. To improve the method's effectiveness, the use of deep neural networks after accumulating a sufficient amount of data is proposed. The proposed method enables the identification and denial of compromised identifiers, increasing the resilience of P2P networks, blockchain systems, and distributed ledgers.

Keywords: Sybil attack, distributed systems security, correlogram, network traffic analysis, time series, autocorrelation, anomaly detection

The article is devoted to the method of formalizing indicators of compromise (IoC) using a Bayesian approach to classify and rank them based on probabilistic inference. The problem of detecting malicious indicators from a large volume of data found in various sources of threat information is critically important for assessing modern cybersecurity systems. Traditional heuristic approaches, based on simple aggregation or expert evaluation of IoCs, do not provide sufficient formalization and further ranking of their reliability regarding their association with a particular malicious campaign due to the incompleteness and uncertainty of the information received from various sources.

Keywords: indicators of compromise (IoC), Bayesian inference, cyber threats, probabilistic models, malicious activity analysis, threat intelligence, IoC classification, multi-source analysis

The article analyzes the main types of distributed denial-of-service attacks and explores classical and innovative methods of protecting web servers from threats, including packet filtering, intrusion detection and prevention systems, and load balancing architectures. Based on the research results, significant limitations of traditional approaches have been identified, such as low adaptability to new threats, high false positive rates, and inability to effectively counter modern multi-factor attacks. The paper highlights the potential of using artificial intelligence and neural networks to analyze network traffic and detect complex patterns of anomalies.

Keywords: web server protection, distributed attack, denial of service, traffic filtering, packet filtering, intrusion detection system

This article presents a systematic review of methods for ensuring the trustworthiness and authenticity of devices in the Internet of Things (IoT) ecosystem. Key vulnerabilities, architectural features, and resource constraints of IoT systems that determine the choice of security mechanisms are analyzed. Cryptographic solutions, dynamic trust models, access control approaches, and authentication protocols for industrial and distributed environments are considered. A comparative analysis of methods identifies relevant research gaps and identifies promising areas for developing comprehensive, adaptive security systems for heterogeneous IoT infrastructures.

Keywords: Internet of Things system, security, reliability, authenticity, devices, methods

The article presents a systematic study of information flows in the "application-DBMS" link and proposes a comprehensive model of protection against SQL injections based on multi-level analysis. The system analysis considers the full cycle of query processing, which allows overcoming the fragmentation of existing approaches. The limitations of existing methods based on signature analysis, machine learning, and syntax validation are analyzed. To improve the reliability and accuracy of detection, a new combined method is proposed that integrates static syntax analysis of abstract syntax trees (AST) of queries with dynamic behavioral analysis of sessions. A key feature of the syntax module is the application of the Jaccard coefficient to assess the structural similarity of paths in the AST, which ensures the efficient detection of polymorphic injections. The behavioral module analyzes the temporal and statistical patterns of the query sequence, which allows.

Keywords: SQL injections, system analysis, machine learning, parsing, abstract syntax tree, behavioral analysis, Jaccard coefficient, polymorphic attacks, time-based attacks

Decentralized parametric insurance represents a promising innovation in the decentralized finance industry, offering automated and transparent payments based on verifiable external data. However, this dependence on external data supplied by oracles creates a critical vulnerability. The complexity of smart contracts can lead to unforeseen consequences, as demonstrated by attacks using flash credit: an instant loan that must be repaid as part of the same blockchain transaction. These attacks have become one of the most destructive vectors of economic attacks, allowing attackers to manipulate price oracles and initiate fraudulent insurance payments. Existing defense mechanisms, such as time-weighted average price oracles, are passive and not always sufficient to prevent such attacks. This article presents an original model of preventive protection. The author formalizes an attack on oracles using flash credit as a game-theoretic model with three participants: an attacker, a Protocol, and an Arbitrageur, where the latter is an automatic trading program implemented in a smart contract. Using a mathematical framework based on the invariant of an automatic market maker, the author determines the exact "window of vulnerability" - the economic conditions under which an attack is beneficial for an attacker and unprofitable for market arbitrageurs. Based on this analysis, the architecture of "SC-Guard" is proposed — a system of smart contracts with preventive protection against attacks using flash credit. Such a system monitors transactions not yet included in the blocks in real time for threats and dynamically changes economic incentives, subsidizing the Arbitrageur to neutralize attacks before they are executed. Instead of passively resisting manipulation, a system architecture is proposed that actively makes flash credit attacks economically unprofitable, providing a higher level of security for decentralized parametric insurance protocols.

Keywords: decentralized finance, parametric insurance, flash loans, oracle attacks, game theory, smart contract security, maximum extractable value, preemptive defense.

This research paper addresses the growing challenge of sophisticated, multi-stage cyberattacks that bypass traditional security measures like firewalls and intrusion detection systems. The study proposes a novel formal approach to model attacker behavior and analyze attack vectors, with a specific focus on estimating the total time required to execute an attack scenario. The core of the methodology is an extension of Labelled Transition Systems (LTS) into a Time-Labelled Transition System (TLTS). This model introduces a time function that assigns a delay to each event, enabling the calculation of the execution time for different attack paths. A formal language, utilizing sequence and choice operators, is developed for the compact description of complex attack scenarios. The paper formulates precise rules for generating all possible paths from a given attack vector and provides a method for calculating their total number. The practical application of the formalism is demonstrated through two detailed case studies: an attack leveraging a malicious mobile application and the compromise of an IoT video surveillance system. For each, the attack vector is presented both graphically and in the proposed notation, and all possible execution paths are explicitly derived. The concluded approach provides a valuable foundation for proactive security assessment, allowing for the formalization of attack surfaces and the estimation of implementation timeframes, which can be instrumental in developing enhanced defense mechanisms. Future work will involve modeling more complex scenarios incorporating active countermeasures.

Keywords: attack modeling, information security, transition system, time delay, formal language, attack scenario, attack trajectory, attack vector, cybersecurity, vulnerability analysis, information protection, attacker behavior

An analytical review of relevant scientific publications in the field of detecting abnormal user activity when working with information systems is conducted. Behavioral analysis in combination with machine and deep learning algorithms opens up new opportunities for early detection of insider threats.
Methods for improving the effectiveness of countering insiders in information systems are analyzed by building an adequate model of the abnormal behavioral profile of users of the customer relationship management system.
The article substantiates the feasibility of an approach to detecting insiders in a computer network based on the use of machine learning methods and big data processing, which allows for the consideration of a variety of parameters that are not directly related to each other, as well as the automation of this process.

Keywords: information systems, information security, insider, abnormal activity, behavioral profile, cluster neighborhood

The paper examines the key features of deepfakes and approaches to their recognition using computer vision and machine learning methods. In the course of the study, the signs of deepfake detection were identified and analyzed. Based on priorities, the features that ensure high recognition accuracy were identified and a conclusion was drawn about the significance of each feature.

Keywords: generative artificial intelligence, disinformation, deepfake, deepfake detector, cybersecurity, fraud, recognition features, analysis, recognition vectors, machine learning, model

The article discusses modern methods for protecting bank customers' personal information based on differential anonymization of data using trusted neural networks. It provides an overview of the regulatory framework, analyzes technological approaches and describes a developed multi-level anonymization model that combines cryptographic and machine learning techniques. Special attention is paid to balancing between preserving data utility and minimizing the risk of customer identity disclosure.

Keywords: differential anonymization, trusted neural network, personal data, banking technologies, information security, cybersecurity

The purpose of the research is to develop a solution that allows optimizing the number and functionality of information security specialists involved in ensuring the information security of an automated system in a secure execution of the organization. The methods used in the article include a description and analysis of various governing documents, professional standards and regulations of the Russian Federation, and a number of scientific author's works that disclose the requirements for the functionality and qualifications of information security specialists. As a result of the work carried out, significant shortcomings were identified in the current regulatory and methodological documents describing the labor actions of personnel ensuring the protection of the facility's information, and a tendency to reduce the number of positions and simultaneously expand the functionality of the remaining employees. The need to comply with the qualification requirements for the reliable functioning of an automated system in a secure design and the exclusion of the "human" factor in information security incidents is emphasized. A new, optimal organizational structure of the department responsible for monitoring the protection of information circulating in an automated system is proposed, and the job responsibilities and areas of responsibility of the automated system administrator and the information security administrator are specified in detail. The solution presented in this paper can be used for daily information security in any automated system for various organizations. It emphasizes the importance of improving the skills and unifying the competencies of information security workers to ensure their interchangeability and reduce the risks associated with lack of control if highly specialized employees are excluded, which will increase the stability and effectiveness of the information security system at the enterprise.

Keywords: information security, administrator, staffing, functionality of information security personnel, automated system in a secure design

The article discusses current threats and vulnerabilities of telephone subscribers in the context of mass digitalization, the development of artificial intelligence and machine learning technologies, and their use in fraudulent scenarios. The study analyzes the main vulnerability factors and provides statistical data on telephone fraud incidents in Russia and abroad. Special attention is given to the phenomena of trust in authority, insufficient digital literacy, and the use of voice synthesis and deepfake technologies for social engineering attacks.

Keywords: social engineering, fraud, vishing, deepfake, artificial intelligence, digital literacy, information security

Electrocardiogram (ECG)-based biometric authentication systems offer intrinsic resistance to spoofing due to their physiological uniqueness. However, their performance in dynamic real-world settings, such as wearable devices or stress-induced conditions, is often compromised by noise, electrode displacement, and intra-subject variability. This study proposes a novel hybrid framework that enhances robustness, ensuring high authentication accuracy and reliability in adverse conditions, through integrated wavelet-based signal processing for noise suppression and a deep-learning classifier for adaptive feature recognition. The system employs preprocessing, QRS complex detection, distance–deviation modeling, a statistical comparison method that quantifies morphological similarity between ECG templates by analyzing amplitude and shape deviations and an averaging-threshold mechanism, combined with a feedforward Multi-Layer Perceptron (MLP) neural network for classification. The MLP is trained on extracted ECG features to capture complex nonlinear relationships between waveform morphology and user identity, ensuring adaptability to variable signal conditions. Experimental validation on the ECG-ID dataset achieved 98.8% accuracy, 95% sensitivity, an Area Under the Curve (AUC) of 0.98, and a low false acceptance rate, outperforming typical wearable ECG authentication systems that report accuracies between 90% and 95%. With an average processing time of 8 seconds, the proposed method supports near real-time biometric verification suitable for healthcare information systems, telehealth platforms, and IoT-based access control. These findings establish a scalable, adaptive, and noise-resilient foundation for next-generation physiological biometric authentication in real-world environments

Keywords: electrocardiogram biometrics, wavelet decomposition, QRS complex detection, feedforward neural network, deep learning classification, noise-resilient authentication, biometric security

Information technologies have become increasingly used in various fields, be it document management or payment systems. One of the most popular and promising technologies is cryptocurrency. Since they require ensuring the security and reliability of data in the system, most of them use blockchain and complex cryptographic protocols, such as zero-knowledge proof protocols (ZKP). Therefore, an important aspect for achieving the security of these systems is verification, since it can be used to assess the system's resistance to various attacks, as well as its compliance with security requirements. This paper will consider both the concept of verification itself and the methods for its implementation. A comparison of methods for identifying a proof suitable for zero-knowledge protocols is also carried out. And as a result, a conclusion is made that an integrated approach to verification is needed, since choosing only one method cannot cover all potential vulnerabilities. In this regard, it is necessary to apply various verification methods at various stages of system design.

Keywords: cryptocurrency, blockchain, verification, formal method, static analysis, dynamic method, zero-knowledge proof protocol

The article provides a reasonable definition of an intelligent digital twin of an information security protection object and identifies the main stages of its development. The article also develops set-theoretic models of the protection object and the intelligent digital twin, which allow for the identification of their identical components and distinctive features that determine the mechanism for countering threats. Based on the provisions of the conflict theory, the relationship between the protected object and the threat was identified in the absence of an intelligent digital twin, as well as in the presence of an intelligent digital twin in the system of protecting the object from information security threats. The obtained macro-dynamic models of the considered situations allow us to justify the feasibility of implementing a mechanism for protecting the object from information security threats based on the use of its intelligent digital twin and to assess the overall effect of its application.

Keywords: information security, object of protection, intelligent digital twin, threat, set-theoretic model, conflict theory, macrodynamic model