I rmation security at the network level is critical to the reliability of enterprises and government information systems. The growing complexity of network topologies, threat dynamics, and scaling of digital services makes traditional routing and filtering methods ineffective. Most classical approaches do not consider the context of interaction, changes in the threat landscape, and the need for dynamic incident response. Modern information security standards (ISO/IEC 15408, 27033, NIST SP 800-207) emphasize the importance of proactive traffic management and context-sensitive access control in a constantly changing environment. Adapting network traffic routing policies to information security requirements using risk-based metrics, behavioral indicators, and automated solutions becomes particularly relevant. This study aims to substantiate the theoretical and applied foundations for building an adaptive traffic routing policy that provides dynamic flow control, considering the level of threats, criticality of resources, and network characteristics. A formalized mathematical model is proposed to achieve this goal, and algorithms and architecture of an automated system that implements the principles of ZTA and digital resilience in real-time are developed.

Adapting network traffic routing to information security requirements is a key task in protecting information systems, driven by complex architectures, growing threats, and the need for proactive network-level security. Modern approaches combine classical routing with dynamic traffic management, machine learning, and risk-based methods.

Studies by Sert and Yazici [ 1 ] and Touati [ 2 ] show that fuzzy logic and genetic algorithms enable dynamic routing adaptation, efficient load balancing, and improved resilience under uncertainty critical for secure communication channels. Al-Karaki and Kamal [ 3 ] provide a foundational review of routing methods, while ISO/IEC 27033 and NIST SP 800-207 [ 4, 5 ] highlight the role of contextand trust-based dynamic access control. Overall, adaptive routing enhances attack resilience, reduces data leakage risks, and supports proactive cyber defense in modern communication systems.

The work is based on formal methods of set theory, combinatorial analysis, and mathematical optimization, which are applied to the problems of modeling communication structures in networks in the context of information security. These methods allow for formalizing the set of possible data transmission routes, modeling the relationships between nodes and communication channels about security constraints, and finding optimal solutions by specified criteria. Particular attention is paid to constructing mathematical models that provide dynamic adaptation of traffic routes, considering changes in the topology structure, interaction context, and risk level. This approach contributes to the formation of attack-resistant routing policies in complex information systems.

The study examines modern approaches to building secure information networks, emphasizing adapting network traffic routing policies to meet information security requirements. Due to the increasing complexity of network topologies, the dynamics of digital services, and the scaling of cyber threats, traditional perimeter-oriented security tools are proving ineffective. The basic logic of classic firewalls, static access control lists, and traffic filtering cannot provide timely detection and blocking of attacks that exploit system vulnerabilities or configuration errors [ 1, 2, 4, 6, 7 ]. That is why there is a need to implement intelligent traffic management based on risk-based criteria. Risk-based criteria should be understood as indicators that consider the likelihood of threats, the level of potential damage to information resources, and the criticality of the objects to which traffic is directed. This approach allows you to adapt routing and filtering rules in real-time, focusing not only on formal parameters but also on the context of the threat environment.

The author analyzes the typical stages of network attacks, including: identifying network entry points, scanning security systems, exploiting vulnerabilities, accessing internal network segments, searching for and compromising target information, and deleting digital traces [6]. This sequential chain forms a model of attacker behavior that must be considered when developing a modern routing system. At the same time, it has been established that most successful attacks are associated with insufficient network policy flexibility, low contextual filtering level, and lack of centralized control over data flows.

The paper proposes the concept of proactive network protection, which is implemented by adapting the routing policy based on current threats. A key element of this concept is the automated formation of traffic routes in such a way as to minimize access to potentially vulnerable services from the external or internal environment [8 13]. We propose an architectural solution that integrates mathematical modeling, behavioral analytics, traffic telemetry (via protocols such as NetFlow/sFlow), and standardized security requirements by ISO/IEC 27033, 15408, and NIST SP 800-207 [ 4, 5 ]. Figure 1 shows an activity diagram that illustrates the stages of operation of a dynamic network traffic routing control system, considering the risks and current state of network security. To implement the proposed approach, a mathematical routing model has been developed that considers the set of valid routes, risk weights, trust in traffic sources and destinations, and the criticality of information resources [ 3 ]. The built model allows for automated decision-making regarding changing the route in real-time depending on changes in the security context [14]. Thus, the network becomes an adaptive environment that can independently respond to threats, localize potentially dangerous connections, and prevent intrusions even before their active phase [15]. Figure 2 shows the sequence of interaction between the main components of the adaptive traffic routing system, including the telemetry module, risk assessor, policy manager, and router, which provide dynamic traffic redirection based on the current level of threats.

As part of the development of an adaptive traffic routing policy by information security requirements, a formalized approach is proposed that takes into account both the network topology and security priorities based on modern international standards, in particular ISO/IEC 15408 (common criteria), 27033, and NIST SP 800-207 [ 4, 7 ]. This approach allows for the dynamic redirection of network traffic based on the risks, vulnerabilities of communication channels, the level of trust, and the criticality of information resources [6].

The model is based on key parameter sets. The set of access channels to information resources that are potentially vulnerable to security is denoted as S = (S1, S2, Sp). Network nodes through which traffic is transmitted to protected objects are represented by the set N = (n1, n2, nk). For each channel Si, a security factor X = (X1, X2, Xp) is determined, which is a discrete normalized value (for example, on a scale from 1 to 10) and reflects the current level of security determined based on behavioral analysis, identified vulnerabilities, and the presence of active threats [16]. The model also takes into account the set of current threats M = (M1, M2, Mp), potentially implemented through the appropriate channels, and the set NP = (NP1, NP2, NPk), which contains routing priorities formed based on non-functional characteristics of routes (e.g., delay, throughput, or topological proximity), without taking into account security factors [9, 10, 17]. The constraints in the form of the maximum allowable risk level are set through the set K = (K1, K2, Kr), which includes all the essential network security requirements classified according to ISO/IEC 15408.

For each channel Si, a matrix of security requirements is constructed, in which information resources Rk, are placed in the columns, and requirements are placed in the rows Kj. The element of the matrix Wijk represents the weight of the importance of a particular requirement Kj to the resource Rk, available through the channel Si and is set by an expert on a scale from 0 to 10. The integral security factor of each channel Si is calculated by the formula:

r m X i =  Wijk , (1)

j=1k=1 where Xi is the total security assessment of the channel, Wijk is the weight of the security requirement Kj to the resource Rk, r is the number of security requirements, m is the number of information resources served by the channel Si. To include a channel in the list of acceptable routes, the condition Xi Li i [1,p], must be met, i.e., the actual security of the channel must be at least as high as the established threshold level [ 3, 8 ].

The final routing priority is formed using a combined metric:

Pi = NPi + Xi, (2) where Pi is the integral priority of the route through the channel Si, NPi is the initial (technical) priority of the route, Xi is the safety factor, [ 0,1 ] is the weighting factor that determines which component is dominant. For example, = 0.4 and = 0.6 if safety is given preference.

Figure 3 shows a data flow diagram that reflects the sequence of information processing in the adaptive traffic routing system. The key input data is traffic telemetry, information about threats and security requirements, as well as the stages of calculating channel security coefficients Xi, checking their compliance with the boundary values Li and forming the integrated route priority Pi are presented [18, 19]. Traffic telemetry means a set of automatically collected real-time network flow parameters, including volume, delay, packet transmission frequency, protocol types, and anomaly frequency. These are used to analyze the network status and decide its protection. As a result, the system selects the most secure routing channel.

The proposed model generates an adaptive routing policy that dynamically considers the risk context, traffic characteristics, and security constraints [ 4, 5 ]. Unlike static schemes, the approach increases resistance to attacks, isolates vulnerable channels, and routes traffic through the most secure routes, focusing on the topology and the current security state, which aligns with the principles of ZTA [7] and cyber resilience. The formalized model considers the network topology, criticality of nodes, security thresholds, and routing priorities [ 1, 5 ], based on the oriented structure of links and the calculation of security factors for each channel.

The limit value of the safety factor Li for each channel Ci is determined as the sum of the values of the elements of the constraint matrix formed based on the requirements of ISO/IEC 15408 standards and expert risk assessment [12]:

r m Li =  Wimjkax , j=1k=1 (3) where Wimjkax is the maximum criticality weight of the requirement Kj for the resource Rk through the channel Ci, r is the number of security requirements, m is the number of information resources the channel serves.

The set of routing priorities for nodes NP = (NP1, NP2, NPk) is formed based on expert evaluation and considers delays, throughput, reliability, and topological proximity to critical resources. Each ni N node is assigned a routing priority NP(ni), which reflects its importance in the overall network structure. This priority is determined independently of information security requirements and is formed based on a matrix of node relationships.

To model the real network structure, we use the oriented link model G = (N, D), where N is a set of nodes, and D N × N is a set of ordered links between them. The ordering of d = (ni, nj) pair is determined according to priorities: the node with the highest NP(ni) value is considered as the source of the communication direction. Thus, a directed routing structure is created, in which nodes correspond to routers, directed connections to communication channels, and priorities define the topological route in the network. If there are no start or end points in such a structure (nodes without incoming or outgoing connections), artificial elements, a conditional source S, and a conditional receiver T are introduced, which are connected to the corresponding nodes via auxiliary channels. As a result, a specialized directed network structure is formed, which serves as a modeling environment for routing analysis.

The next step is to calculate the maximum safe flow using the modified Ford-Fulkerson algorithm, a classical method of flow theory in networks used to find the maximum possible flow from source to sink in a directed network with finite bandwidth. The sink is the final destination node to which the information flow from the source arrives. The idea of the algorithm is to gradually increase the flow along the so-called permissible (unexhausted) paths in the network until the limit is reached, beyond which further increase becomes impossible. In the context of information security, the algorithm is modified to take into account channel security constraints: the optimal flows f = (x, y) for each connection (x, y) D are interpreted as security coefficients of the corresponding communication channels, which allows us to estimate the probability of their safe use in the routing process:

Xi = (x, y), Ci (x, y), (4) where Xi values must satisfy the conditions Xi Li, i [1, p], i.e., not exceed the security limits set for each channel.

The optimization function determines the best secure routing configuration according to maximizing the security coefficients on all channels. Let O(n) denote the set of all channels leading to the node n. Then the channel with the maximum security factor is selected for each node: *

Cn= argCmi∈Oi n(n) Xi , (5) where C*n is the channel with the highest security to access the node n.

If the risk profile changes (e.g., an increase in attacks or new vulnerabilities), the system recalculates Xi and Pi, adapting routes in real-time:

Xi(t) = f (ThreatLeveli(t), Anomaliesi(t), Vulnerabilitiesi(t)). (6) This allows us to dynamically adapt routing to the context of threats, which is the basis of ZTA and the principles of digital resilience. Therefore, the risk deficit formula looks like this: Xi =max {0, i

L – Xi }.

Li (7)

The above formula determines the relative security deficit for the channel Si. If Xi (the actual security level) is less than Li (the threshold level), then Ri reflects the degree of failure to reach this threshold, which can be used to adjust the routing parameters further.

Normalization of safety requirements weights [12]:

W~ijk = , (8)

Wijk max {Wijk | ∀i , j , k }

The above expression is used to estimate the maximum throughput of a network (for example, in a simulated network), where f(S, u) denotes the flow along the arcs (S, u) coming from the source S. The calculation of Fmax helps determine how efficiently the network can handle traffic in the context of security. Route sustainability metric:

This metric defines route resilience as the ratio of the actual security level Xi to the threshold value Li for the weakest link in the route. Values close to 1 indicate a high level of security, while lower values indicate potential vulnerabilities. The formula helps to i network path and apply measures to improve security. As a result, priority routing through the most secure channels is implemented, which minimizes the overload of vulnerable routes, ensures a balance between performance and security, and compliance with information security policies even in a distributed or hybrid environment [ 2, 3, 13, 18 ]. The built model supports contextsensitive routing, considering Quality of Service (QoS), predicted risks, threat structure, and resource criticality, ensuring the implementation of ZTA in the face of dynamic network activity [7]. In distributed networks, each node may have several alternative routes (access channels) to transmit traffic to protected information resources. To increase the efficiency of security-aware routing, these channels must be prioritized to reflect their integrated security. The security factors Xi are converted into route priorities by the principle: the higher the Xi, the higher the priority of the channel Ci for choosing a secure route [20]. Let us denote PR = (PR1, PR2, PRn) the set of access channel priorities, X0 the ordered (in ascending order) set of security coefficients

X0=(X10 , X20 , …, X0n), where X10≤ X20≤⋯≤ X0n .. (15)

Each channel Ci with a security factor value of Xi is assigned a position in the ordered set X0, which corresponds to its relative security among other channels. This lets you formalize the priority route selection, guaranteeing traffic is routed through the most secure network segments. Then the priority of the channel Ci, designated as PRi, is determined by its Xi index in the ordered set X0:

PRi = index(Xi, X0). (16)

Thus, each channel receives an ordinal priority, according to which a route selection strategy is formed first of all, channels with the highest level of security are selected. The formula determines the rank (position) of the security factor Xi in the ordered list X0, which reflects the relative security of the channel among others. As a result, each channel is assigned a unique priority, which allows the routing system to select the most secure paths for traffic transmission automatically.

For further processing and comparison of priorities in different nodes or contexts, it is crucial to ensure that priority values are normalized:

~PRi =maxP(RPi R) ,∀ i ∈ [1, n], (17) ~ where PRi is the normalized value of the channel priority Ci, max(PR) is the maximum value in the priority set. The formula ensures that the priorities are normalized to a unified scale in the range [ 0,1 ], which allows for a fair comparison of channels from different nodes. Normalization is essential for context-dependent analysis and decision-making in distributed networks with dynamically changing conditions. For the node nj, the optimal channel C*j is selected as the one with the maximum normalized priority: ~ C*j =arg max PRi ,

Ci∈ O(nj) (18) where O(nj) is the set of access channels to the node nj. The formula allows you to choose the best route to the node, taking into account the normalized channel priorities. The channel with the highest priority guarantees an optimal balance between security and QoS, which is critical for adaptive routing in a changing threat environment.

The security of a route to a particular node can be assessed through an integral metric based on the average value of security factors across all channels in the route:

X(avj)g=|O(1nj )| Ci ∈∑O(nj) Xi , (19) where C*j is the average security factor of the route to the node nj, |O(nj)| is the number of access l level of security to a particular node based on the average security factor of the channels leading to it. A higher average indicates a more reliable and secure route, which is an important criterion when choosing the direction of traffic in critical network segments. Taking into account the risk deficit Ri, which has already been described, the updated priority value can be adjusted using the following formula:

PRi(t+1)=~PRi – δ∙ Ri , (20) where [ 0,1 ] is the parameter of risk influence on the final priority, the formula allows you to dynamically reduce the priority of routes with a high level of risk by adjusting their weight in the decision-making process. Thus, more risky channels automatically lose their preference when choosing routes, increasing the networ

The risk factor for a channel can be formalized as:

This formula determines the degree of discrepancy between the actual security level of the channel Xi and its regulatory threshold Li. If the level of security is less than the threshold, the coefficient Ri will be greater than zero, indicating a potential risk of using this channel. If the requirements of Xi Li are met, the risk is considered absent. This indicator automatically deprioritizes routes that do not meet security standards and can be integrated into dynamic routing policy adaptation.

Evaluation of route efficiency taking into account the criticality of the resource:

Xi ∙CRi Eff i =

Ldi +1 .

This metric allows you to quantify the effectiveness of the route in terms of information security and performance. Xi [ 0,1 ] is the channel security level Ci, CRi [ 0,1 ] is the criticality of the resource served through the channel (determined by experts or based on data categories), Ldi is the current load on the channel (in terms of traffic). The formula considers that high security and resource criticality increase route efficiency, while congestion reduces it. This gives automatic priority to less congested but secure channels, leading to essential information objects.

Route sensitivity index to attacks:

SI i =

Vulni ∙ (1 – Xi ) .

Pi

This metric determines the relative susceptibility of a Ci channel to attacks based on three key parameters Vulni [ 0,1 ] is the degree of vulnerability of the channel (determined based on known common vulnerabilities, exposures, etc.), Xi is the level of security (the lower the level of security, the greater the risk), Pi is the priority of the route in the system (the higher the priority, the more critical the channel). The formula shows that a channel with high vulnerability, low security, and (21) (22) (23) high priority is the most dangerous, as the likelihood of compromise is higher and the consequences are more significant. This index allows you to identify critical routing nodes that should be heavily protected or restricted. The metric of adaptive route weight depends on the risk:

Wiadapt =γ∙ Xi +(1 – γ)∙(1 – Ri ). (24)

The metric combines the level of channel security Xi and the inverse of risk Ri, which characterizes the current threat environment. The [ 0,1 ] parameter regulates the balance between channel trust Xi and contextual risk assessment (1 Ri). The lower the risk Ri, the greater the share of security in th

rent security situation. The likelihood of privacy violations on the route:

The formula allows us to estimate the probability of privacy compromise on channel Ci by comparing the actual level of its security Xi with the regulatory threshold Li. If Xi < Li, then the value of Pconf(i) increases, indicating an increased risk of information leakage. Thus, the formula allows you to identify critical channels where the current protection does not meet the established requirements and requires additional security enhancements. Confidence factor in the route: Pconf (i )=1 –

Xi .

Li Trust i = n ∑ X j ∙ NPj j=1

Xi ∙ NPi .

The expression defines the relative confidence in the route i, which is calculated as the quotient between the product of the security level Xi and the initial (technical) priority NPi to the total sum of the corresponding products for all routes. In other words, Trusti shows how reliable the route i is compared to other alternatives, taking into account not only its security but also its importance in terms of network topology. This coefficient can be used to rank routes or make decisions in routing systems that prioritize security and efficiency. A metric of dynamic traffic redistribution:

T(nie)w=T(ciu)rr ∙(1 – maxR(iR) ). (27) This formula describes the change (decrease) in the volume of traffic passing through channel i 1 – depending on the risk Ri associated with it. Here, T(ciu)rr is the current load on the channel, Ri is the risk index for this route (takes into account vulnerabilities, anomalies, and attack activity), and max(R) is the highest risk index among all channels used for normalization. If Ri is low (the channel

Ri is safe), then the max (R) multiplier is close to 1, meaning that the traffic does not change. If Ri is high, the multiplier decreases, and less traffic is transmitted through the channel [6, 15, 19]. Thus, the formula implements a dynamic mechanism for redistributing traffic: the higher the risk, the less busy the channel becomes. This ensures a balance between system performance and information security. The risk of data leakage along the route:

Leaki = Xi ∙ Q1oSi . (28)

The formula indicates that weak security and poor QoS increase the threat. Lower values of Xi (security factor) and QoSi lead to a higher risk of data breaches. Such a metric can be used by security to rank routes when processing critical information flows.

Penalty function for violating the threshold:

Penalty i ={0 , if Xi ≥ Li }.

λ∙ (Li – Xi ), if Xi <Li (25) (26) (29)

The formula determines the fine amount for non-compliance with the standard level of channel security. If the actual level of security Xi is sufficient (not lower than the threshold value Li), no fine is charged. If the level of protection is lower than the regulatory threshold, the fine is calculated in proportion to the security deficit, taking into account the sensitivity factor . This allows you to quantify the degree of security breach and use this value to optimize the route policy.

A general metric of system security [16]:

p Stotal =∑ Xi ∙ ωi .

i=1 (30)

The formula determines the overall network security rating based on individual protections and channel weights (importance, load, etc.). The value Xi represents the security level of an individual channel, and the coefficient i represents its weight in the overall system structure. Thus, the more important and better protected a channel is, the more it affects the overall security level of the network. The proposed formulas make it possible to form an adaptive, risk-based routing policy that takes into account the balance between performance, threats, and trust and is based on cybersecurity standards. Such a model operates on topological characteristics and the dynamic security context vulnerabilities, risk metrics, and resource criticality [6, 16, 20]. This ensures traffic redirection through the most secure channels, isolation of vulnerable areas, and proactive response to threats, which is the basis for implementing ZTA and digital resilience policies.

To support adaptive routing policy, security profiling based on the ISO/IEC 15408 standard is used [ 4, 5 ]. The so-called network security packages are formed, reflecting the current requirements for protecting channels in a distributed network. For each node of the system, a set of critical information objects I = {I1, I2, In}, is considered to be where access is provided. For each of them, the current security requirements K = {K1, K2, Kt} are determined by ISO/IEC 15408 standards. As a result, a set of security packages P = {P1, P2, Pg} and a matrix of boundary values M = {M1, M2, Mg} for each channel is formed, and U = {U1, U2, Um} is a set of network nodes (routers), A = {AU1, AU2, AUm} is a set of connections between nodes, SP (Security Profile) is a general profile of information security requirements. In general, this model allows: the assessment of the level of channel security in a distributed network, forms adaptive security profiles, automates the selection of the optimal route, taking into account both performance and information security, to respond to dynamic changes in the threat environment in real-time [12]. Thus, the routing decision-making system receives a formalized logic that allows combining access policies, security criteria, and risk-based restrictions in a single structure of routed traffic management. This meets the modern requirements for building cyber-resistant information and communication systems and the ZTA policy.

The algorithm for generating security packets formalizes determining the current requirements for protecting information resources in the network based on traffic flow management. This approach makes it possible to create a flexible and adaptive routing policy that meets modern information security standards (in particular, ISO/IEC 15408, 27033, NIST SP 800-207) [ 4, 5 ] and takes into account both threats and criticality of resources in distributed network infrastructures. The essence of the algorithm is to select relevant security requirements for each access channel based on an analysis of potential risks and the type of resources accessed. For this purpose, a network channel security profile is formed as a package of security requirements.

Figure 4a shows a sequence of actions that includes network profile formation, asset identification and protection requirements, channel assessment, and security policy updates. This ensures flexible and adaptive routing management with information security in mind.

The scheme of forming the modeling structure is presented in Figure 4b as a flowchart showing a sequential algorithm for building the network topology for further security analysis. The process involves collecting topological information, identifying nodes and communication channels, setting connection directions according to routing priorities, and, if necessary, adding a conditional source and receiver. After the integrity check, the structure is prepared to calculate security factors. a b

The flowchart formalizes creating a functional model of the routing environment, which is the basis for building a secure, adaptive traffic management system. Such a system automatically selects optimal routes based on the level of threats, channel status, and access policies, dynamically responds to changes in the network, and maintains the integrity, confidentiality, and availability of traffic by information security requirements. Figure 5 shows a data flow diagram that reflects the logic of transforming the security factors of communication channels Xi into route priorities PRi. The input data comes from the router as a request to the security factor database.

Next, the Xi values are sorted in descending order in the priority assignment module, after which each channel is assigned a positional priority. The resulting PRi values are recorded in the priority database and returned to the router to decide on the selection of the safest routes. This decision is the automated comparison of available routes based on the assigned priorities, where the router selects channels with the highest security factors that meet the specified access policies, bandwidth requirements, and current network status. This ensures traffic is routed through the least risky routes, minimizing the likelihood of data being intercepted, lost, or modified. The diagram emphasizes the importance of a formalized mechanism for calculating priorities in adaptive routing systems, taking into account the level of channel security, which is especially important in ZTA.

Considering information security requirements, the adaptive routing policy for network traffic is implemented through dynamic routing protocols of the third level of the ISO/OSI open systems interaction model. Such protocols include, in particular, Open Shortest Path First, Intermediate System to Intermediate System, and Border Gateway Protocol ver. 4 (BGP v4). The main idea of the proposed approach is to use the attributes of routes (length, weight, cost) to change the direction of traffic by the level of risk and security of network channels. In this way, routing is provided not only based on the technical characteristics of the network but also taking into account the calculated security factors, which allows for priority routing through the most secure channels. To automate this approach, we propose creating an automated system for building a traffic flow management policy that implements the whole cycle from data collection and model building to generating configuration code for routers. This system is structured in interconnected modules, each performing separate functions, providing scalability, speed, and adaptation to changes in the network environment.

The data preprocessing module is responsible for entering and saving network parameters via a web interface. Next, the modeling structure is formed, a directed model of node and channel connections by ISO/IEC 15408, which allows you to analyze the security of routes in various scenarios. The module for calculating security factors determines the channel security level, considering the criticality of resources, security requirements, and behavioral analysis of traffic. The results are transferred to the module to generate technical specifications, which generate router settings (for example, BGP) in the appropriate format. A separate monitoring module detects changes in the state of the network, new vulnerabilities, attacks, and topology, and initiates routing policy updates without user intervention. This ensures that the system constantly adapts to the current level of threats.

The diagram (Figure for adapting the routing policy to information security requirements. The system includes modules for processing user requests (web interface), calculating security coefficients (security coefficients computation), generating a routing policy, interacting with the software-defined networking controller, router configuration database, and router cluster, as well as a monitoring subsystem and integration with the security information and event management system. The model reflects the data exchange between components in the face of dynamic threat changes, allowing for contextsensitive, flexible, and cyber-resilient traffic routing [ 4, 5 ].

To ensure the cyber resilience of an information system, it is critical to minimize its response time to changes in the network environment. This parameter should be less than the period of route information update, which reduces the likelihood of network compromise due to a delayed response. The response time can be evaluated using standard diagnostic utilities (ping, time) by analyzing the moment the response appears after a new route is added to the routing table.

A command script is used to initiate the calculation of channel security coefficients and propagation of changes is recorded using the command interface of the equipment (in particular, Cisco or Juniper), which provides control over the updating of routing parameters.

The possibility of parallel execution of individual system modules is checked using system scalability and high load conditions. The proposed system is tested in a simulation environment built based on Cisco 7500 and Juniper M20 routers using the BGP v4 protocol. It is advisable to use Sun Microsystems Enterprise 220R as a server platform with the Sun Solaris 8 operating system. The test results confirm the possibility of effective operation of the system in real-time and demonstrate its adaptability to changes in the threat environment.

Figure 7 shows a deployment diagram that models the physical environment of the adaptive traffic routing system with respect to information security requirements.

The system is implemented on a Sun Microsystems Enterprise 220R server running Sun Solaris 8, where the main software modules calculate security factors and generate routing policies. The deployed policies are transferred to Cisco 7500 and Juniper M20 routers, which implement traffic management via BGP v4. A separate monitoring module measures system response time and controls parallel execution of processes dynamic threat environment.

The test results obtained during simulation and pilot deployment demonstrate that the system ensures stable real-time operation and promptly adapts to changes in the threat environment. During testing, the system consistently maintained secure and efficient routing, automatically modular design allowed it to respond predictably to dynamic security conditions without noticeable degradation in network service quality. The proposed architecture integrates formalized mathematical modeling, risk-based prioritization, and standards compliance, ensuring a balanced combination of security and performance in diverse network conditions. To summarize, the system allows you to form an adaptive routing policy based on the current level of risk, the degree of criticality of information resources, and security priorities. The built architecture fully complies with the requirements of modern international standards such as ISO/IEC 15408, 27033, and NIST SP 800-207. It supports the key principles of ZTA, ensuring a high level of security and cyber resilience of distributed information systems.

The study proposes a formalized model for adapting network traffic routing to information security requirements, integrating risk-based metrics, trust parameters, behavioral characteristics, and standards (ISO/IEC 15408, 27033; NIST SP 800-207). Mathematical models account for technical parameters, threats, resource criticality, and risk dynamics, enabling automatic updates of routing priorities based on security factors. New metrics (risk deficit, route stability, attack sensitivity, integral efficiency) and a modified Ford Fulkerson algorithm support secure flow construction. The adaptive routing system combines topology, risk-oriented metrics, behavioral parameters, and contextual constraints, forming routing priorities by access channel security level. It integrates telemetry, risk assessment, traffic analytics, and dynamic routing protocols, enhancing resilience against real-time threats, isolating vulnerabilities, and supporting Zero Trust Architecture. Applicable in critical state and corporate systems, the approach unites proactive cybersecurity, flexible traffic management, and standardized security models into an integrated next-generation routing solution that meets international protection standards and minimizes data leakage or modification risks. Future research could integrate quantum networking to enhance the adaptive -resistant security, and edge compatibility.

Additionally, scalability for large-scale networks, cross-domain interoperability, advanced persistent threats resilience, and real-world validation could ensure broader applicability and robustness.

Authors have not employed any Generative AI tools.