DISTRIBUTED INFORMATION SYSTEMS AS CYBER DEFENSE OBJECTS AND THEIR SECURITY THREATS

DOI: 10.31673/2412-4338.2026.019012

Authors

Abstract

The article examines distributed information systems (hereinafter referred to as DIS) as complex cyber-defense objects operating under conditions of targeted opposition from a rational adversary. It is proven that the characteristic features of modern DIS include node heterogeneity, state transitions, variable network topology, the absence of a single security perimeter, and the potential for cascading propagation of cyber incidents. It is substantiated that these properties significantly complicate the application of classical static methods in the tasks of risk assessment and the selection of information security tools for DIS. An analysis of modern types of attacks on DIS has been performed. The generalization of statistical data for 2024–2025 demonstrates a trend toward increasing intensity and complexity of attacks on cloud-based, corporate, and critical DIS (or CIS).

It is shown that most existing methods for selecting DIS security tools fail to account for the attacker's strategic behavior and the defender's resource constraints. Based on the analysis of literature sources, the scientific problem of the optimal selection of security tools for distributed information systems is formulated as an integrated game-optimization task.

The expediency of using the game theory apparatus in combination with multi-criteria optimization methods for modeling the interaction between the defender and the adversary is substantiated. In our opinion, the proposed conceptual approach will allow for accounting for the architectural specifics of DIS, its state transformations, and the strategic aspects of cyber confrontation. Ultimately, all the aforementioned factors will create a foundation for increasing decision-making efficiency in cyber defense systems. The results of the current analytical study confirmed the need to synthesize a hybrid method for the optimal selection of DIS security tools. Such a method should combine the game theory apparatus for modeling opposition to a rational adversary and multi-criteria optimization methods for choosing the configuration of security tools under limited resource conditions.

Keywords: distributed information systems; cyber defense; information security tools; analysis of previous research; game models; multi-criteria optimization; strategic confrontation; cyber threats.

References

  1. Dodonov, O. H., Nykyforov, O. V., Putiatin, V. H., Dodonov, V. O., Kutsenko, S. A., & Hermaniuk, A. P. (2024). Territorial-distributed information computer systems in a unified information space: Basic concepts and definitions. Data Registration, Storage and Processing, 26(1), 89–112. 
  2. Barabash, O., Makarchuk, A., & Salanda, I. (2024). Study of the probabilistic indicator of functional stability of distributed information systems. Measuring and Computing Devices in Technological Processes, 1, 45–50. 
  3. Lienkov, S., Dzhulii, V., Muliar, I., Lienkov, Ye., & Koltsov, R. (2025). Evaluation of the effectiveness of confidential information protection systems in distributed information systems. Cybersecurity: Education, Science, Technique, 1(29), 628–644. 
  4. Heryak, Yu., & Berko, A. (2024). A system of criteria for assessing data quality in distributed information systems. Information Systems and Networks, 16, 191–202. 
  5. Bozhko, V. I., & Okhrimenko, O. H. (2006). Methodology for evaluating the functional stability of the structure of distributed information systems of critical application. Radioelectronic and Computer Systems, 7, 68–71. 
  6. Romaniv, R. S., & Bandurka, O. I. (2024). Methods for ensuring the functional stability of distributed information systems for monitoring vehicle movement using blockchain technology. Information Technologies and Automation 2024, 221. 
  7. Palko, D. V., & Myrutenko, L. V. (n.d.). Method for constructing a profile of key cybersecurity risk factors of modern distributed information systems. Ukrainian Information Security Research Journal, 26(2), 236–252. 
  8. Ziegler, K. (1979). A distributed information system study. IBM Systems Journal, 18(3), 374–401. 
  9. Björk, B. C. (2007). A model of scientific communication of a global distributed information system. 
  10. Pleskach, V., Pleskach, M., & Zelikovska, O. (2019). Information security management system in distributed information systems. In 2019 IEEE International Conference on Advanced Trends in Information Theory (ATIT) (pp. 300–303). IEEE. 
  11. Kim, D., & Solomon, M. G. (2013). Fundamentals of information systems security. Jones & Bartlett. 
  12. Mitra, S., & Ransbotham, S. (2012). The effects of information disclosure policy on the diffusion of security attacks. In Proceedings of the International Conference on Information Systems (ICIS 2012)
  13. Riskhan, B., Safuan, H. A. J., Hussain, K., Elnour, A. A. H., Abdelmaboud, A., Khan, F., & Kundi, M. (2023). An adaptive distributed denial-of-service attack prevention technique in a distributed environment. Sensors, 23(14), 6574. 
  14. Cybersecurity and Infrastructure Security Agency (CISA), Federal Bureau of Investigation (FBI), & Multi-State Information Sharing and Analysis Center (MS-ISAC). (2024). CISA, FBI, and MS-ISAC release update to joint guidance on distributed denial-of-service techniques
  15. Abouzakhar, N. S., & Manson, G. A. (2002). An intelligent approach to prevent distributed systems attacks. Information Management & Computer Security, 10(5), 203–209. 
  16. Reddy, R. P. (2024). A survey of distributed denial-of-service (DDoS) attack mitigation techniques. International Journal of Computer Trends and Technology, 72(12), 69–77. 
  17. Mahjabin, T., Xiao, Y., Sun, G., & Jiang, W. (2017). A survey of distributed denial-of-service attack, prevention, and mitigation techniques. International Journal of Distributed Sensor Networks, 13(12), 1550147717741463. 
  18. Microsoft Corporation. (2025). Microsoft digital defense report 2025: Understanding the threat landscape
  19. Check Point Research. (2025). The state of global cyber security 2025: Annual report. Check Point Software Technologies Ltd. 
  20. Cloud Security Alliance. (2025). Top threats to cloud computing: Deep dive 2025
  21. Cloudflare. (2025). DDoS threat report for 2025 Q1: Trends and insights
  22. IBM Security. (2025). Cost of a data breach report 2025. IBM Corporation. 
  23. KELA Research. (2025). Ransomware in critical infrastructure: 2025 global analysis
  24. UK Department for Business, Innovation & Skills. (2012). 10 steps to cyber security: Executive companion
  25. MWR InfoSecurity. (2013). Mobile devices: Guide for implementers
  26. European Union Agency for Cybersecurity (ENISA). (2012). Consumerization of IT: Risk mitigation strategies
  27. Osadchyi, V. V. (2018). Modern trends in informatics and cybernetics. In Information technologies in education, science and technology: Proceedings of the IV International scientific and practical conference (pp. 221–224). 
  28. Olalere, M., Abdullah, M. T., Mahmod, R., & Abdullah, A. (2015). A review of bring your own device on security issues. SAGE Open, 5(2), 2158244015580372. 
  29. Yevseyeva, I., Basto-Fernandes, V., Emmerich, M., & Van Moorsel, A. (2015). Selecting optimal subset of security controls. Procedia Computer Science, 64, 1035–1042. 
  30. Diéguez, M., Cares, C., Cachero, C., & Hochstetter, J. (2023). MASISCo—Methodological approach for the selection of information security controls. Applied Sciences, 13(2), 1094. 
  31. Yaskevych, Yu. (2025). Game-theoretic optimization model for selecting protection means for distributed information systems. Cybersecurity: Education, Science, Technique, 2(30), 715–726. https://doi.org/10.28925/2663-4023.2025.30.913 

Downloads

Published

2026-04-01

Issue

No. 1 (2026)

Section

Articles