ІНТЕЛЕКТУАЛЬНІ ПІДХОДИ ДО ВИЯВЛЕННЯ ТА РЕАГУВАННЯ НА ГІБРИДНІ КІБЕРАТАКИ У СУЧАСНИХ МЕРЕЖАХ ЕЛЕКТРОННИХ КОМУНІКАЦІЙ: DOI: 10.31673/2412-4338.2025.038725

Марина Валентинівна Петченко; Олександр Валерійович Черкаський; Давид Олександрович Черкаський; Данило Олександрович Переметчик; Назар Станіславович Зубченко

Authors

Марина Валентинівна Петченко, (Maryna Petchenko) State University of Information and Communication Technologies, Kyiv https://orcid.org/0000-0003-1104-5717
Олександр Валерійович Черкаський, (Oleksandr Cherkaskyi) University of Customs and Finance, Dnipro https://orcid.org/0009-0006-3105-5217
Давид Олександрович Черкаський, (David Cherkaskyi) University of Customs and Finance, Dnipro https://orcid.org/0009-0003-8516-6252
Данило Олександрович Переметчик, (Danylo Peremetchyk) University of Customs and Finance, Dnipro https://orcid.org/0009-0006-1978-5858
Назар Станіславович Зубченко, (Nazar Zubchenko) University of Customs and Finance, Dnipro https://orcid.org/0009-0000-9973-7624

Abstract

The publication proposes an integrated methodology for modeling electronic communication networks under hybrid cyberattacks, where adversaries combine classical network techniques with dynamic code generation powered by artificial intelligence. A motivating example is the case of PromptLock—an experimental AI-driven ransomware that interacts with a locally deployed language model and generates cross-platform Lua scripts in real time. The aim of the work is to develop a reproducible scheme for assessing risks and performance of detection/response tools in heterogeneous segments (Windows, Linux, macOS), given vulnerabilities of SSL/TLS and SNMP protocols in firmware of network equipment and end devices. Two aligned lines of analysis are proposed: (1) a discriminative one, combining convolutional neural networks with long short-term memory (CNN+LSTM) for traffic streams and logs (SIEM), and (2) a generative one, where an autoencoder with long short-term memory (AE+LSTM) models normality and deviations, including through Byte2Image representations of binary artifacts. The methodology integrates Zero Trust architecture, plausible firmware attack scenarios, temporal-event risk models, and optimization of weighted cost functions. Simulation results demonstrate improvements of 6–11% in F1-score and reduction of average detection time by 23–37% due to network segmentation and behavioral detectors. Limitations, reproducibility, replicability, and prospects of multimodal models in SOC are discussed. Experimental data were formed from log events enriched with MITRE ATT&CK tactics; a communication network was modeled with segmentation into radio access, core, and application gateways. A risk index for response prioritization and an adaptive thresholding method in SIEM are proposed. Byte2Image enhances resolution between PromptLock-like activity and legitimate updates.

Keywords: hybrid cyberattacks, network modeling, IDS, SIEM, Zero Trust, SSL/TLS, SNMP, firmware attacks, CNN+LSTM, AE+LSTM, Byte2Image

INTELLECTUAL APPROACHES TO DETECTION AND RESPONSE TO HYBRID CYBERATTACKS IN MODERN ELECTRONIC COMMUNICATION NETWORKS

DOI: 10.31673/2412-4338.2025.038725

Authors

Abstract

Downloads

Published

Issue

Section

Developed By

Language

Make a Submission