Development Of A Method For Detecting Deviations In The Nature Of Traffic From The Elements Of The Communication Network Oleksandr Laptiev 1, Nataliia Lukova-Chuiko 2, Serhii Laptiev 3, Tetiana Laptieva 4, Vitaliy Savchenko 2, Serhii Yevseiev 3 1234 Taras Shevchenko National University of Kyiv, 24 Bogdana Gavrilishina str., Kyiv, 04116,Ukraine, 2 State University of Telecommunications, 7 Solomenska str., Kyiv, 03110, Ukraine 3 Simon Kuznets Kharkiv National University of Economics, 9-А Nauky ave., Kharkiv, 61166,Ukraine, Abstract The article presents an analysis that showed the lack of scientific and methodological apparatus, universal devices or automated software packages to ensure the prompt implementation of traffic analysis and information transfer to automated systems or relevant specialists. A new developed method is proposed to ensure the prompt implementation of traffic analysis and information about situations that are suspicious and require further detailed analysis by automated systems or relevant specialists. The developed method allows to carry out operative (real-time) informing of responsible specialists, or transfer of necessary data to the automated complex, about deviation of character of traffic from network elements (separate telephone numbers, number capacities, trunk groups, etc.) which is fixed in primary data. Deviations, the nature of traffic from the elements of network parameters are measured from the usual traffic of the telephone network relative to these elements. This method has a methodology that takes into account practical recommendations for constant coefficients, calculations. These coefficients are selected by calculation and empirical. This reduces the response of the system using the developed technique to the deviation of the communication parameters. Keywords 1 traffic deviation, coefficient, model, telecommunication networks, primary data, communication. 1. Introduction 57% more than the figure obtained in CFCA studies three years ago [1]. Violations on telecommunications networks are actions of According to the latest research by the World subscribers, telecommunications operators or third Association for the Control of Telecommunication parties that are aimed at obtaining Network Violations (CFCA), in 2017 the losses telecommunications services at a lower rate or from violations in the telecommunications industry without payment. CFCA experts count about 200 amounted to 74.4-90 billion. This is approximately types of violations on telecommunications III International Scientific And Practical Conference “Information Security And Information Technologies”, September 13–19, 2021, Odesa, Ukraine EMAIL: alaptev64@ukr.net (A. 1); lukova@ukr.net (A. 2); salaptiev@gmail.com (A. 3); savitan@ukr.net (A. 4); tetiana1986@ukr.net (A. 5); serhii.yevseiev@hneu.net (A. 6) ORCID: 0000-0002-4194-402X (A. 1); 0000-0003-3224-4061 (A. 2); 0000-0002-7291-1829 (A. 3); 0000-0002-3014-131X (A. 4); 0000-0002-5223-9078 (A. 5); 0000-0003-1647-6444 (A. 6) © 2021 Copyright for this paper by its authors. Use permitted under Creative Commons License Attribution 4.0 International (CC BY 4.0). CEUR Workshop Proceedings (CEUR-WS.org) networks. The most common violations by standard was being developed, only fixed line subscribers are third-party connection to the operators had access to the SS7 network, so subscriber line in order to receive free telematics security was not a priority. Today, the signaling services «900», the implementation of long-term network is no longer as isolated, so an attacker, international calls, the organization of who in one way or another gained access to it, has unauthorized negotiation points [2, 3]. It is a the opportunity to exploit security vulnerabilities violation on the part of third parties to use in order to listen to voice calls, read SMS, steal hardware and software to obtain international money from accounts, bypass billing systems or traffic from the Internet and complete it on a public affect the operation of the mobile network. telecommunications network under the guise of. However, no real protection is offered. local, which leads to interference in the work of In [11-14] the development of mobile communications, substitution of call information. communication over the last decade is considered. On the part of operators, the most common is the It is noted that there has been huge progress in the unauthorized, without relevant agreements, field of wireless communications and especially in termination of incoming long-distance and the field of 4G cellular networks. However, it will international traffic to the public network under the take several years to fully switch to 4G systems, guise of local. Abuses lead to loss of revenue, and work has already begun on 5G technologies subscriber complaints and disruption of and their problems. Network security issues are not telecommunications networks. addressed. The fight against abuse on telecommunications In [15,16] it is said that the effective work of networks is largely based on the analysis of data on employees is one of the main conditions for the services and data contained in payment systems company's success. Uncontrolled access of with subscribers and operators [4, 5-7]. Detection employees to the Internet can be a serious obstacle of suspicious actions of subscribers and their to this. Without proper control, an average of up to analysis is the main principle of modern systems of a third of working time can be spent visiting non- protection against violations (Fraud Management work-related resources. That is why it is important System, FMS). The key criteria for FMS efficiency to set up Internet traffic control and use a traffic are speed of operation, flexibility of debugging counter. Protection and proper control over mobile algorithms that provide incident detection and telephone communication has not been properly analysis, and the availability of standardized considered and described [17]. interfaces for integration with billing platforms and Thus, the most critical for the operator are: the Customer Relationship Management System violation of the routing of long-distance and (CRM). international calls, detection of subscriber numbers on outgoing local traffic, activity of operators on 1.1 Literature analysis and problem incoming local traffic, similar to the operation of gateways to complete incoming long-distance and statement international traffic, detection of changes in activity of subscriber numbers, which may be A significant number of publications are evidence of third-party connection to the devoted to the task of ensuring the prompt subscriber line or actions of the subscriber that implementation of the analysis of communication potentially lead to complaints, non-payment for traffic. services and debt write-off. Automated analysis of Thus, in [8] considers the analysis of data on services must be operational. communication traffic with different technical From the analysis of modern literature it can be parameters, which unites only one thing - they can concluded that there are almost no universal only show and (at best) store panoramas of signals devices or automated software to ensure the rapid in the communication network. They do not solve implementation of traffic analysis and information the problem of communication traffic analysis at transmission by automated systems or relevant all. specialists. Therefore, the topic of developing a The article [9,10] presents the results of the method designed to ensure the rapid study of SS7 network security. The Signaling implementation of traffic analysis and information System 7 standard is used to exchange service about situations that are suspicious and require information between network devices in further detailed analysis by automated systems or telecommunications networks. At the time this relevant specialists, the method of informing responsible professionals is relevant and very • volumes of outgoing traffic to fixed local important. numbers (including frequently used numbers); Thus, the development of a method designed to • volumes of outgoing traffic to fixed numbers ensure the prompt implementation of traffic in other cities (including frequently used numbers); analysis and information about situations that are • volumes of outgoing traffic to fixed numbers suspicious and require further detailed analysis by in other countries (including frequently used automated systems or relevant specialists, the numbers); method of informing responsible professionals is • number range of the operator; very relevant. • average number of connections over time; • average amount of traffic over time; 2. The material and methods • average connection duration; • number of unique numbers; The operation of violation detection • characteristic directions. mechanisms is based on the processing of records The most critical for the Customer in terms of of network-registered CDR events (Call Detail reducing revenue loss are: violation of the routing Record). The anti-fraud system looks for non- of long-distance and international calls, detection compliance with certain conditions or non- of subscriber numbers on outgoing local traffic, compliance with a given pattern, the characteristics activity of operators on incoming local traffic, of the subscriber's behavior. When the detection similar to the operation of gateways to complete module finds one of the anomalies, it generates a incoming long-distance and international traffic in warning message. the activity of subscriber numbers, which may be Typical conditional checks for FMS systems evidence of third-party connection to the include: subscriber line or actions of the subscriber that 1. Non-existent numbering (calling party potentially lead to complaints, non-payment for number «A») services and debt write-off. Automated analysis of 2. Verification of authorization, temporary data on services must be operational. Thus, at this blocking of number «A» stage it is important to develop a method designed 3. Correspondence to the set template to analyze traffic and inform about situations that 4. Checking the «black and white lists» are suspicious and require further detailed analysis 5. Frequently repeated subscriber numbers «A» by automated systems or relevant specialists. or «B» The main tasks in developing the method will 6. Check the connection duration be: 7. Verification of suspicious calls from «A» 1. Debugging the elements of the subscribers for inclusion in the list of «B» telecommunications network. Automatic or with subscribers who most often receive calls from the participation of the operator abroad. 2. Providing automatic analysis, data 8. Changes in the intensity of signal and classification, search for deviations of behavior of information load. elements of a telecommunication network from a The search for a given template is based on usual profile. traffic patterns that are created for each 3. Creation of an detection algorithm based on telecommunications operator. The difference the features of violations that create a dynamic between the existing signal and information traffic over time impact on the network, causing and the template indicates a possible violation. An anomalous phenomena. additional use of templates is to compile a profile 4. Development of a graphical display of of the subscriber (telecommunications operator) of changes in quantitative characteristics over a the attacker and search for compliance with such a period of time. profile among existing subscribers 5. Estimation of conformity of parameters of (telecommunications operators). Profiles can anomalies (non-existent number, big duration of a contain such characteristics as: call, etc.) to the values characteristic of this type. • activity during the day; 6. Assessment of anomalies on the degree of • activity in the evening; probability of violation to determine the priority of • activity at night; response. • volumes of outgoing traffic to mobile phones; 7. Development of information on the detection of deviations and events. 8. Development of a user-friendly operator practical results, these values can be changed by interface. the operator. In addition, the use of some profile Block detection scheme, which is based on the parameters and anomaly calculations may be characteristics of violations, it is possible to impossible or impractical, and others may need to present in Figure 1. be added. Traffic will be estimated as the average daily number of seconds of connections: t (2) Qt  (1  k )Qt t  kT , 86400 if t  86400 And 86400 (3) Qt  (1  k )Qt t  kT , t if t  86400 where: T is the duration of connections in seconds; Δt - time between the ends (beginnings) of the previous and new call in seconds. Figure 1: Block diagram of detection of estimates The following types of traffic are provided for of profile anomalies for detection of violations analysis: - local outgoing To assess the quantitative characteristics of the - long distance outgoing object and the dynamics of changes over time, it is - international outgoing proposed to use the method of exponential - input averages with different smoothing coefficients: We suggest estimating the intensity of the call flow as the average daily number of connection 1 , (1) attempts: 1 , t  86400 (4) where: Q is the exponential average value; q - new dimension; And k is the smoothing coefficient; Δt - interval between measurements; 86400 (5) Qt  (1  k )Qt t  kT , if t  86400 The formula uses a constant interval of t measurements. The profile correction for each call is complex, because in this case the smoothing where: factor is a complex exponential function of the T is the duration of connections in seconds; measurement interval. However, the features of the Δt - time by the ends (beginnings) of the parameters allow the use of simpler formulas. previous and new call in seconds. The optimal number of average values and It is estimated the intensity of the flow of calls: values of smoothing coefficients for each - incoming parameter can be obtained experimentally. To - outgoing begin with, it is assumed to use for each parameter - effective. three values with coefficients k = 0.3; 0.05 and The distribution of traffic by time type is 0.005 with a focus on the daily interval of estimated as the average daily number of seconds measurements. of connections for working time. For all the parameters and coefficients used - working hours - 1st-5th day of the week from below, the values that can be used in the 8-30 to 17-30; development are presented, but when obtaining - non-working hours - 1st-5th day of the week from 0-00 to 8-30 and from 17-30 to 24-00; K 2 t  (1  k ) K 2 t  t  kK 2 norm (8) - 6th-7th day of the week from 0-00 to 24-00. The distribution of traffic by time of day will be where: estimated as the average daily number of seconds Δt - time between the ends (beginnings) of the of connections during the day. previous and next calls in seconds; - daytime from 7-00 to 24-00; K2norm is the normal value; - night time from 0-00 to 7-00. k is the smoothing coefficient, k = 0,05. Signal traffic is estimated as the average Normal values for additional coefficients: number of bytes of signal information per call: K1norm = 100, K2norm = 100. We will evaluate the anomalous behavior of the Qt  (1  k )Qt  t  kB , (6) object by the following method: The anomaly in the behavior of the object is where: assessed by the overall rating, as the average of the B is the number of bytes of signal information identified anomaly, taking into account additional in the call. coefficients. The instability of stable network parameters of the object is estimated by their change from call to ( A) * K1* K 2 (9) call. One characteristic can be used for all Apr  . ( C ) * K1norm * K 2norm parameters. For each call: K1 - constant additional coefficient; K2 - temporary additional coefficient. Qt  LQn1   hi , (7) When creating an object, the field T starts the time of the beginning of the observation, in the where: field K2 - a reduced value to stabilize the hi - increment levels for parameters whose characteristics, in other fields - the default values. values differ in previous and subsequent calls; To determine the anomalies, use the following L is a factor that takes into account outdated method: information L = 0.9. When determining anomalies, the coefficients Other parameter values (if present in the CDR): and parameters common to all objects are used: - access (ISDN, non ISDN) h = 10; C - weighting factor, taking into account the - category of the subscriber calling h = 5; impact of each anomaly on the overall rating; - the presence or absence of signaling m is a parameter that compensates for the high interaction when establishing a connection h = 8; uncertainty in the profiles of low-traffic objects. - invalid localization of the calling subscriber Traffic (A1, A2, A3, A4): (correspondence of the address to the admissible template) h = 200; | Q(0.3)  Q(0.05) - invalid subscriber category that causes h = A(0.3)  C (0.3) * , Q (0.05)  m (10) 100. It is necessary to provide for the possibility of Q(0.05)  Q(0.005) A(0.05)  C (0.05) . expanding and changing similar parameters in the Q(0.05)  m future, as well as the use of different characteristics for different groups of parameters. To determine the anomalies you need to set the Additional coefficients: traffic parameters, set the common for all objects - is a constant additional factor that allows you coefficients and parameters of table 1 and table 2: to reduce or increase the sensitivity to anomalies in the assessment. Can only be changed by the Table 1 operator; Given the weights of anomalies - is a temporary additional factor that reduces С1(0.3) С1(0.05) С2(0.3) С2(0.05) or increases the sensitivity to anomalies in the 1 3 20 60 assessment. It can be changed only by the operator, but then automatically strive for a normal value. After each call, a temporary additional factor is Table 2. determined by: The specified parameters for determining The section by time type will be performed as anomalies follows: m1 m2 m3 m4 Total traffic: 200 100 80 200  QTall (0.3)  k1 (d , h) * Q8(0.3) QTall (0.05)  k2 (d ) * Q8(0.05)  A8(0.3)  C 8(0.3) *  QTall (0.3)  mTall  QTall (0.05)  mTall  (18)    The connection duration will be calculated as follows: Outgoing traffic: k1(d, h), k2(d) - coefficients that take into account the error of exponential averaging (d - day Qtout  Q1  Q2  Q3 ; mtout  m1  m2  m3 (11) of the week, h - hour); The coefficients that take into account the error of exponential averaging are given in table 4 and Outgoing calls table 5.  (QTout (0.3)  mTout ) * (Q5(0.05)  m5 )  (12)  1  Table 4 A5(0.3)  C5(0.3) *  (Q5(0.3)  m5 ) * (QTout (0.05)  mTout )    Error coefficients of exponential averaging d=1,2,3  (QTout(0.05)  mTout) * (Q5(0.005)  m5 )  (13) h k 1 (d,h) h k1(d,h) h k1(d,h) 1 A5(0.05)  C5(0.05) *  (Q5(0.05)  m5 ) * (QTout(0.005)  mTout)    0 1.470 0 1.151 0 0.992 1 1.489 1 1.165 1 1.004 Incoming calls 2 1.507 2 1.180 2 1.017  ( Q 4 ( 0 .3 )  m 4 ) * ( Q 6 ( 0 . 05 )  m 6 )   1 (14) 3 1.527 3 1.195 3 1.030 A 6 ( 0 . 3)  C 6 ( 0 . 3) *  ( Q 6 ( 0 .3 )  m 6 ) * ( Q 4 ( 0 . 05 )  m 4 )    4 1.546 4 1.210 4 1.043 5 1.565 5 1.226 5 1.056  ( Q 4 ( 0 . 05 )  m 4 ) * ( Q 6 ( 0 . 005 )  m 6 )  (15) A 6 ( 0 . 05 )  C 6 ( 0 . 05 ) *   1  ( Q 6 ( 0 . 05 )  m 6 ) * ( Q 4 ( 0 . 005 )  m 4 )  6 1.585 6 1.241 6 1.069 7 1.605 7 1.257 7 1.083 To determine the duration of the connection, you need to specify the traffic parameters, 8 1.626 8 1.273 8 1.097 according to the developed method, the 9 1.529 9 1.216 9 1.056 coefficients common to all objects and the parameters are given in table 3: 10 1.444 10 1.164 10 1.018 Table 3 11 1.369 11 1.117 11 0.984 Connection duration settings are set С5 С5 С6 С6 m5 m6 12 1.302 12 1.075 12 0.952 (0.3) (0.05) (0.3) (0.05) (0.3) (0.05) 13 1.242 13 1.036 13 0.923 3 10 3 10 5 5 14 1.188 14 1.100 14 0.895 According to the developed method, we will 15 1.139 15 0967 15 0.870 determine the effectiveness: Total calls: Table 5  Q7(0.3)  0.45* mNall Q7(0.05)  0.45* mNall  (16) Error coefficients of exponential averaging  A7(0.3)  C7(0.3) *  QNall(0.3)  mNall QNall(0.05)  mNall   d 1 2 3 4   k2(d) 1.031 1.008 0.988 0.970  Q7(0.05)  0.45* mNall Q7(0.005)  0.45 * mNall  (17)   Q (0.05)  k2 (d)*Q8(0.05) QTall (0.005) Q8(0.005)  (19) A7(0.05)  C7(0.05) *  QNall (0.05)  mNall QNall (0.005)  mNall   A8(0.05)  C8(0.05)* Tall      QTall (0.05)  mTall QTall (0.005)  mTall  Where C7 (0.3) = 3 and C10 (0.05) = 10 where С8(0.3)=5 and С8(0.05)=15 The distribution of time of day we calculate by - correlation of events of anomalous objects - the expression: coincidence of unique addresses in records of calls of objects for the last time (2-3 days);  QTall(0.3)  k3(h)*Q9(0.3) QTall(0.05) Q9(0.05)  (20) - compliance of the profile of the object of the  A9(0.3)  C9(0.3) * QTall(0.3)  mTall QTall(0.05)  mTall   known case of violation, the coincidence of   specific for this known case information about the call (direction, addressing) recently;  QTall(0.05) Q9(0.05) QTall(0.05) Q9(0.005)   (21) - inconsistency of the object profile with the A9(0.05)  C9(0.05)* QTall(0.05)  mTall QTall(0.005)  mTall   typical subscriber accounting profile. (It is possible   only if there is access to the subscriber accounting database, not necessarily in the early stages of where: development, but it is necessary to provide for such k3(h) - coefficient that takes into account the a possibility in the future). error of exponential averaging (h - hour); Determining the probability of violation Table 6 The error rate of exponential averaging A (25) P  MAX ( MAX ( Pknown ) Psubbase ) h 0 1 2 3 Aa k3(h) 0.9709 0.9832 0.9956 1.0082 where: A h 8 9 10 11 - the probability of violation, determined A a k3(h) 1.0347 1.0288 1.0230 1.0173 by the anomaly of behavior; a - anomaly at 50% probability. The value of a h 14 15 16 17 can be obtained experimentally. k3(h) 1.0012 0.9960 0.9910 0.9861 First you can use: a = 20; For the developed technique C9 (0.3) = 8; C9 A  Apr   Acor . pr . (26) (0.05) = 24. We will define signal traffic by expressions: where:  Q10(0.3) Q10(0.05)  (22) Acor.pr - anomaly of the object, which has a    A10(0.3)  C10(0.3)*  QNall (0.3)  mNall QNall (0.05)  mNall  correlation in the calls (when checking it is   necessary to exclude coincidence at popular addresses: special services, serial modem pools,  Q10(0.05) Q10(0.005)  (23) etc.), if the correlation is not defined - Acor.pr=0;    A10(0.05)  C10(0.05)*  QNall (0.05)  mNall QNall (0.005)  mNall  Psubbase - the probability of fraud, which is   estimated by the inconsistency of the object profile to the typical profile in accordance with the Coefficient C10 (0.3) = 20, coefficient C10 subscriber accounting. (0.05) = 60 Pknown - the probability of a known type of The stability of the network parameter will be violation (determined for each known type). The determined by the expression method of determining the probability of a known type of violation can also be based on the A W 11 (24) correspondence of characteristic anomalies in the profile of the observed object and the profile of the Not all objects can be further processed, but violating object at the time of detection, as well as only objects with the highest overall anomaly correlations in calls by addresses rating. It is enough to process about 1% of the total. or prefixes. More precisely, the method can be The assessment of the probability of violation, determined only after the accumulation of a in contrast to existing methods, will be determined sufficient number of experimental results. taking into account additional factors. In addition The assessment of the degree of risk of fraud to the high level of anomaly of the object profile, according to the developed methodology will be additional factors that increase the possibility of calculated as follows. detecting fraud in the assessment are: Assessment of the degree of danger is necessary for cases that require priority intervention. They can be considered as the effect of the probability of implementation of traffic analysis for further violation on loss or unearned income: detailed analysis of automated systems. Q(0.3) | Q(0.3)  Q(0.05) | (27) 3. Conclusions Q(0.05) | Q(0.05)  Q(0.005) | (28) The analysis showed the absence of scientific and methodological apparatus, universal devices or Q1 0.3  k2 Q2 0.3  k3 Q3 0.3  automated software packages to ensure the rapid   (29) implementation of traffic analysis and information D  P   L  (Q1 0.05  k2 Q2 0.05    transfer to automated systems or relevant  k3 Q3 0.05)  specialists. Therefore, a method has been developed to ensure the prompt implementation of where k 2 , k3 − coefficients that take into traffic analysis and information about situations account the average difference in tariffs; that are suspicious and require further detailed analysis by automated systems or relevant They will take the values k2 = 15, k3 =250, L =3. specialists. Recommendations for the practical application The developed method allows to carry out of the developed methodology. operative (real-time) informing of responsible The peculiarity of the operation and the specialists, or transfer of necessary data to the distinction of the developed methodology will be automated complex, about deviation of character the following: of traffic from network elements (separate 1. Feature when creating profiles of objects: telephone numbers, number capacities, trunk - For each group of connecting lines and for groups, etc.) which is fixed in primary data. each direction of the channel, describes the list of Deviations, the nature of traffic from the elements valid addresses of the source party, the list of of network parameters are measured from the usual uncontrolled addresses of the source party, lists of traffic of the telephone network relative to these objects that have more than one address in the elements. corresponding list of addresses. The given technique takes into account - If a record of object profile information is not practical recommendations concerning constant found during call processing, it must be generated coefficients, calculations. These coefficients are automatically. selected by calculation and empirical. This reduces 2. Specific profile formation: the response of the System using the developed If there is a loss in the System of call method to the deviation of the communication information for any period, to prevent failures in parameters by 9% compared to existing methods. the formation of information about the profiles of This is a perfectly acceptable result. objects, you must check all objects again, using zero values of traffic at the beginning of the period 4. References and restore information in profiles at the end. For ease of use, the user interfaces and methods of working with them must be identical to the [1] Serhii Yevseiev, Roman Korolyov, Andrii System as a whole. But in addition you need to Tkachov, Oleksandr Laptiev, Ivan Opirskyy, consider the following: Olha Soloviova. Modification of the algorithm 1. The subsystem must contain means of (OFM) S-box, which provides increasing actively informing users about events that need crypto resistance in the post-quantum period. attention, by generating screen messages in the International Journal of Advanced Trends in client part of the system, including at the start of Computer Science and Engineering the client part, if the event occurred and was not (IJATCSE) Volume 9. No. 5, September- covered before. Oktober 2020, pp 8725-8729 2. Provide the ability to graphically display the [2] Valentyn Sobchuk, Volodymyr Pichkur, Oleg characteristics of the profile of objects. Barabash, Oleksandr Laptiev, Kovalchuk Igor, 3. Provide for the possibility of organizing Amina Zidan. Algorithm of control of additional checks, with a slight change in the rules functionally stable manufacturing processes of used in the analysis using the rule editor. Areas of further research. enterprises. 2020 IEEE 2nd International Further research should be aimed at improving Conference on Advanced Trends in the software for automated software, in order to Information Theory (IEEE ATIT 2020) enable automated recognition and operational Conference Proceedings Kyiv, Ukraine, Systems of Navigation and Motion Control November 25-27. pp.206 –211. (MSNMC) – Ukraine, Kyiv, 16 October 2018. [3] Vitalii Savchenko, Oleksandr Laptiev, рр. 94 – 97. Oleksandr Kolos, Rostyslav Lisnevskyi, [11] S. Toliupa, N. Lukova-Chuiko, O. Oksiuk. Viktoriia Ivannikova, Ivan Ablazov. Hidden Choice of Reasonable Variant of Signal and Transmitter Localization Accuracy Model Code Constructions for Multirays Radio Based on Multi-Position Range Measurement. Channels. Second International Scientific- 2020 IEEE 2nd International Conference on Practical Conference Problems of Advanced Trends in Information Theory Infocommunications. Science and (IEEE ATIT 2020) Conference Proceedings Technology. IEEE PIC S&T 2015. pp. 269 – Kyiv, Ukraine, November 25-27. pp.246 –251 271. [4] Serhii Yevseiev, Oleksandr Laptiev, Sergii [12] N.Lukova-Chuiko, I. Ruban, V. Martovytskyi Lazarenko, Anna Korchenko, Іryna Manzhul. Designing a monitoring model for cluster Modeling the protection of personal data from supercomputers. Eastern-European Journal of trust and the amount of information on social Enterprise Technologies.- № 6(2) . 2016. networks. Number 1 (2021), «EUREKA: P.32-37. Physics and Engineering» pp.24–31. [13] N. Lukova-Chuiko, I. Ruban, V. [5] Milov O., Yevseiev S. Milevskyi S. Martovytskyi. Approach to Classifying the Ivanchenko Y., Nesterov O., Puchkov O., State of a Network Based on Statistical Yarovyi A., Salii A., , Tiurin V., Timochko O. Parameters for Detecting Anomalies in the Development the model of the antagonistic Information Structure of a Computing agent’s behavior under a cyber-conflict. System.Cybernetics and Systems AnalysisV. Eastern European Journal of Advanced 54. № 2. pp. 142 – 150. 2018. Technologies. Kharkiv. 2019. 4/9 (100). pp. 6– [14] N.Lukova-Chuiko, I. Ruban, H. Khudov, O. 19 Makoveichuk, I. Khizhnyak. Method For [6] S. Korotin, Y. Kravchenko, O. Starkova, K. Determining Elements of Urban Herasymenko, R. Mykolaichuk, “Analytical Infrastructure Objects Based On The Results determination of the parameters of the self- From Air Monitoring.Eastern-European tuning circuit of the traffic control system on Journal of Enterprise Technologies. – № 4/9 the limit of vibrational stability”, International (100). – 2019. – P. 52 – 61. Scientific-Practical Conference Problems of [15] N. Lukova-Chuiko, I Ruban, V. Infocommunications Science and Technology, Martovytskyi, A. Kovalenko. Identification in PIC S&T`2019 – Proceedings, pp. 471–476. Informative Systems on the Basis of Users' [7] Y. Kravchenko, O. Leshchenko, N. Dakhno, Behaviour. 2019 IEEE 8th International O. Trush, O. Makhovych “Evaluating the Conference on Advanced Optoelectronics and effectiveness of cloud services”, IEEE Lasers (CAOL), Sozopol. Bulgaria. pp. 574- International Conference on Advanced Trends 577. 2019. in Information Theory, ATIT`2019 – [16] N. Lukova-Chuiko, V. Saiko, V. Proceedings, pp.120–124. Nakonechnyi, T. Narytnyk, M. Brailovskyi. [8] A.M.Samoilenko, V.G.Samoilenko, Terahertz Range Interconnecting Line For V.V.Sobchuk. On periodic solutions of the LEO-System. 2020 IEEE 15th International equation of a nonlinear oscillator with pulse Conference on Advanced Trends in influence Ukrainian Mathematical Journal, Radioelectronics, Telecommunications and 1999 (51), 6 Springer New York – Р. 926-933 Computer Engineering (TCSET), Lviv- [9] V. Sobchuk et al .Approximate Homogenized Slavske, Ukraine, pp. 425-429. 2020. Synthesis for Distributed Optimal Control [17] Oleksandr Laptiev, Vitalii Savchenko, Andrii Problem with Superposition Type Cost Pravdyvyi, Ivan Ablazov, Rostyslav Functional. Statistics Opt. Inform. Comput., Lisnevskyi, Oleksandr Kolos, Viktor Vol. 6, June 2018, pp 233–239. Hudyma. Method of Detecting Radio Signals [10] O. Barabash, N. Dakhno, H. Shevchenko, V. using Means of Covert by Obtaining Sobchuk. Integro-Differential Models of Information on the basis of Random Signals Decision Support Systems for Controlling Model. International Journal of Unmanned Aerial Vehicles on the Basis of Communication Networks and Information Modified Gradient Method. IEEE 5th Security (IJCNIS), Vol. 13, No. 1, 2021. International Conference on Methods and рр.48-54.