In the current conditions of global digitalisation, information technologies penetrate deeply into all spheres of life, ensuring a rapid growth in the volume of data generated by users in the online space every day. Social networks, instant messengers, forums, blogs and news sites have become not only platforms for the exchange of opinions, but also channels through which destructive information can be disseminated. Publications with signs of extremism, propaganda of violence or terrorist calls pose a particular threat. Several factors complicate the problem of detecting such messages. First, the total amount of digital content is so large that manual analysis of all messages is technically impossible. Second, attackers often use euphemisms, substitution of words with synonyms, grammatical distortions, sarcasm, or even code vocabulary to hide the true meaning. Thirdly, messages can be published in different languages, which requires multilingual support from the analysis system.

In view of the above, there is an urgent need to create intelligent information systems that are capable of carrying out automatic monitoring and classification of texts, detecting those that contain explicit or implicit calls for terrorist actions. Such systems should use modern achievements in computational linguistics, artificial intelligence, machine learning, and semantic analysis. In this context, the object of research is textual information published in an open digital environment, such as comments on social networks, forum posts, or messages in messengers. The subject of the study is methods for automated detection of terrorist content in texts, in particular those based on transformer models, natural language processing algorithms, and classification approaches in machine learning.

For the formal structuring of the logic of building the future system and determining the criteria for its effectiveness, the general goal has been formulated, which is as follows: the creation of an adaptive intelligent system for the automatic detection of texts with calls for terrorist actions with a high level of accuracy, flexibility and explainability of the decisions made. This goal is quite general, so the goal tree method is used to specify it. The goal tree allows you to decompose a complex goal into components (aspects), each of which is further detailed in the form of sub-goals, requirements or quality criteria. It allows us not only to describe the system in a structured way but also to evaluate it in the process of implementation. The tree of goals for detecting terrorist calls has the central vertices:

Text analysis → Accuracy of classification →Completeness of classification → → Display of results → Explanatory results .

At the first level of the tree, two main aspects of the general objective are defined, which are text analysis and display of results. Text analysis involves achieving criteria such as accuracy and completeness of classification, that is, how correctly the system determines the class of the message and whether it misses potentially dangerous texts. The display of results should provide explainability, i.e. the ability of the model to form a rationale for its decision that is understandable to the user, for example, based on highlighted trigger words or semantic patterns. In the report, this tree is presented in the form of a structured flowchart, which clearly demonstrates the relationship between the goal, aspects and criteria for achieving it.

To achieve this goal, several alternative options for building a system are considered: a rulebased approach based on filtering by keywords; classic ML classifiers, for example, based on SVM or Naive Bayes; deep learning with transformers, including BERT; and a hybrid system that combines vocabulary processing with deep classification. Each of these options has its own advantages and disadvantages. The rule-based system is easy to implement, but easy to bypass. Classical machine learning approaches provide a more accurate classification, but require manual selection of features and a high-quality dataset. Transformer models demonstrate the highest accuracy and ability to take into account the context, but require significant computing resources. In turn, the hybrid architecture allows you to combine the advantages of all approaches - the speed of rule-based filtering and the depth of analysis of models based on BERT.

Taking into account the advantages and limitations, it was decided to implement a hybrid system that is able to scale effectively, provides high accuracy and explainability, and also allows you to adapt to changes in the style of writing terrorist content. Thus, the system analysis made it possible to formulate a justified goal of creating a system, to detail its components using a tree of goals, as well as to determine the most effective approach to its implementation, based on the conditions of the task and the limitations of real application.

After the system analysis and the definition of the general goal of the project – the creation of an adaptive intelligent system for detecting terrorist calls in text content – the next critical stage is to specify its functioning. This stage involves detailing the internal logic of the system, formalising its modules, data processing sequences, and determining the points of interaction between components and external actors. Within the chosen hybrid architecture, the system must combine efficient rule-based pre-filtering with high-precision depth analysis based on transformer neural models. The primary process of detecting terrorist appeals:

User → Entertext → Analyze message →View explanation →[ Moderator ]→ → Analyze the presence of a call detection error → thˇe results of th analysis →

→[ If necessary retraining ]→ Display th result →User

After formalising the general architecture of the information system and presenting its logic in the form of data flow diagrams (DFDs), it is expedient and necessary to further complicate and detail the functional structure in the form of a hierarchy of processes (or functions and tasks). This step allows you to present the system as a set of interconnected functional components placed in the form of a tree according to the principles of decomposition: from the highest level (general function) to basic elementary actions that are implemented in the code at the level of individual modules or functions. It is this structural model that underlies the system approach to the design of complex information systems and is widely used both in scientific research and in practical software engineering.

A process hierarchy is a logical structure that allows an engineer, analyst or developer to visualise a complete picture of the functional content of the system, dividing it into subsystems, functional blocks, and then into specific tasks. Building such a hierarchy is not only a formality, but also serves as a basis for determining the logic of code implementation, distributing responsibilities between components, planning testing, justifying resource requirements, and assessing the complexity of the project as a whole.

At the heart of the construction of the hierarchy of processes of the terrorist call detection system is the primary function - the automated detection of messages that contain potentially dangerous calls for violence, terrorism or extremist activities. This function is key in the system and covers the entire life cycle of text processing - from the moment of its introduction to the final solution, as well as the accompanying procedures for explaining, logging and adapting the system in the face of changes.

At the first level of the hierarchy, this general function is divided into five main processes: primary text processing, rule-based filtering, deep semantic classification, the formation of an explanation of the classification decision and the storage of the results in the system storage. In addition, a separate branch dedicated to feedback from the user and moderator stands out, which allows you to improve the model through interactive retraining.

Each of these processes is revealed in more detail at the next level. For example, the primary text processing module performs operations such as clearing text from HTML markup and unnecessary characters, tokenisation (splitting into words), normalisation (lowercase), deleting stop words (pronouns, prepositions, etc.), and lemmatisation or stemming (reducing words to the main form). This process is critically important, since the accuracy of further semantic processing depends on its quality.

The rule-based filtering process implements the first rapid detection of potentially dangerous content by matching it with a database of trigger words, regular expressions, or patterns. Its purpose is to weed out clearly safe messages and transmit really suspicious texts for deeper analysis. Next, the semantic classification module uses a transformer model (for example, BERT), which is able to take into account both the meaning of individual words and the context of the entire message. As a result, the model forms a probabilistic decision - how likely it is that a given message contains a terrorist call.

No less important is the function of explaining the classification. It allows the user or moderator to understand why the system made such a decision. Explanations can be formed through visualisation of the importance of individual tokens (attention mechanisms), comparison with patterns, and the use of interpreted machine learning methods such as LIME or SHAP.

The process ends with logging and saving the results. The system records each analysed text along with the classification result, date,probability, explanation, and other metadata. It allows you to save history for analytics, quality control, training new models, and reporting.

A separate branch of the hierarchy is a feedback block, which allows users to report erroneous classifications. In case of accumulation of a sufficient number of complaints or the emergence of new types of disinformation, the system may be retrained. This process is performed by a

In today's information environment, the role of open digital platforms - such as social networks, instant messengers, forums and news feeds - has increased significantly. These tools play an essential role in the dissemination of knowledge, community organisation and communication, but at the same time pose a significant threat as channels for the spread of radical ideologies, disinformation campaigns and, in particular, calls for terrorist actions. In the context of globalisation, hybrid wars and the growing activity of hostile information influences, the problem of detecting terrorist calls in open sources has become highly relevant. Significant volumes of text messages, multilingualism, the use of disguised language, sarcasm, or encryption of threats in metaphors create additional difficulties for manual monitoring and require automation of analysis processes.

Against the backdrop of a growing threat, there is a need to create an intelligent information system capable of automatically analysing textual content and determining whether it contains potential signs of terrorist calls. Such a system should provide support for decision-making based on natural language processing algorithms, semantic analysis, machine learning, and explainable classification. Its implementation will allow a timely response to dangerous publications, reduce the workload on analysts, and also contribute to improving security in the digital space.

The purpose of the system is to detect dangerous textual content that may contain terrorist appeals through comprehensive linguistic and semantic analysis. The system should be integrated into the interfaces of online platforms, use modern deep learning models (including transformers such as BERT), explain its decisions to users and moderators, and learn based on feedback. It can be used in security services, content moderation centres, analytical institutions, and IT companies engaged in cyber defence.

Upon input, the system receives text messages in plain text format, as well as, if necessary, accompanying metadata - language, source, and date of creation. The initial data are the result of the classification (whether there is a terrorist call in the text), the explanation of this result, the level of probability, the audit log files and the classification database. It is possible to transfer the result to the moderator for confirmation, as well as to initiate retraining of the model based on user complaints.

The intelligent component of the system is based on a combination of rule-based filtering (based on dictionaries, patterns, and regular expressions) and deep semantic analysis. The latter is implemented using the BERT model and trained on the corresponding case of dangerous and safe messages. Additionally, a classification explanation module is built in, which uses attention mechanisms or external tools for interpreting models (for example, SHAP or LIME), which allows you to understand why the model made a particular decision.

The system implements a number of business processes: text input, pre-processing, rule-based filtering, deepclassification, explanation generation, logging of results, and feedback processing. In case of an erroneous classification, the user can mark the message as incorrectly recognised, which is automatically transmitted to the moderator. Once the error is confirmed, the case is added to a new training sample to retrain the model. This mechanism ensures the adaptability of the system to new challenges, linguistic patterns and manipulative techniques.

From a technical point of view, the system is designed as a client-server architecture with a REST API for integration into third-party services. On the server side, computing modules are implemented: classifier, filter, explainer, database and logging module. The user interface provides the ability to enter messages, view results, and provide feedback. The architecture allows scaling, horizontal expansion, classification history preservation, and analytics.

The expected effects of the implementation of such a system are: reducing the human burden on moderation, increasing the efficiency of threat detection, reducing the number of erroneous decisions, increasing user trust in digital platforms, and integrating analytical information into the work of law enforcement agencies or cyber defence organisations. Thus, the development and implementation of this system is justified from the point of view of social benefit, technical feasibility and strategic importance in the conditions of information warfare.

Taking into account the results of the system analysis, the requirements for the system are defined: the ability to work with unstructured text, ensuring high accuracy of classification, the availability of explanations of solutions, the ability to preserve history and support for retraining. On this basis, a conceptual model has been formed that combines modules of linguistic processing, neural network classification, interpretation, logging and administration, which together form a single adaptive, scalable and secure information system.

In today's digital environment, where a significant part of communications is carried out through text messages on social networks, instant messengers, forums and news feeds, the issue of information security is becoming especially relevant. One of the most dangerous forms of threats is the spread of calls for terrorist actions, which can have direct or veiled wording, be formulated in the form of hints, metaphors or code phrases, which makes it much more difficult to detect them by traditional methods. The growth of information traffic, multilingual content and limited human resources necessitate the creation of automated systems capable of effectively detecting such messages in real time.

The primary function of the intelligent information system under development is to detect terrorist calls in the text environment. Such a system should analyse the text, identify potentially dangerous content, classify messages according to the level of risk, generate explanations of the results of the analysis and provide the possibility of adaptation based on feedback. To implement this functionality, it is necessary to choose appropriate methods of knowledge presentation, logical inference, decision-making algorithms and proper software tools.

2. Rule-based filtering. A dictionary-template approach is used:

E (T )={⃗e1 , ⃗e2 , … , ⃗en }, ⃗ei∈ Rd.

R (T )={1 , if ∃ wi∈ T : wi∈ Dt e rr o r

0 , ot h erwise where Dt e rr o r is a set of key trigger words/patterns. This module performs fast pre-screening. 3. Deep classification (BERT + Softmax). The CLS vector from the BERT is fed to the full-bonded layer:

In decision support systems (DSS) focused on the analysis of text content, a special role is played by the way knowledge is presented, since it forms the basis for further data processing, logical inference and generation of decisions. The presentation of knowledge in such systems can be implemented by various methods - from simple dictionary structures to complex models of semantics representation, depending on the level of complexity of the task, the volume of input data and the required degree of flexibility and adaptability.

Within the framework of this project, a combined approach to knowledge presentation has been chosen, which combines rule-based methods (rules built on the basis of keywords, phrases, and regular expressions) and statistical representation of information implemented using deep learning models, in particular, transformers. The rule-based approach allows you to provide a basic level of filtering based on predefined trigger tokens, patterns, or patterns that characterise terrorist calls in an explicit form. At the same time, it is limited in detecting complex, veiled or atypical wording that is actively used to bypass filters. To overcome these limitations, the system uses knowledge representation based on semantic vectors obtained using the pre-trained transformer model BERT (Bidirectional Encoder Representations from Transformers). In this approach, each message is encoded as a multidimensional vector representation that preserves the contextual meaning of the words in the sentence. This form of knowledge presentation allows you to identify semantic connections and hidden dependencies between words, as well as recognise synonymy, sarcasm, irony, and other forms of manipulative presentation. Thus, the chosen strategy of knowledge presentation combines explicit (declarative) knowledge in the form of rules and implicit (procedural) knowledge in the form of weighted connections in a neural network. It allows you to implement an adaptive system that is capable not only of accurate recognition of known patterns of terrorist rhetoric, but also of detecting new dangerous trends in the text environment based on contextual analysis. This hybrid approach to knowledge presentation provides flexibility, scalability, and high-quality classification while maintaining explainability for the end user.

In the context of the development of an intelligent system for detecting terrorist calls, logical inference mechanisms are a critical component that ensures that an informed decision is made based on the input data provided. They determine precisely how the system transforms the incoming text information into a classification result - that is, in response to the question of whether the message contains dangerous content.

Within the framework of the proposed hybrid architecture, two main types of logical inference are used: rule-based inference and machine learning-based inference. Each of the approaches plays a specific role in the overall structure of the treatment.

Deductive inference is implemented through a set of formalised rules based on keywords, phrases, contextual patterns, and regular expressions. For example, the presence in the text of phrases such as "blow up", "call to arms", "explosives", and "eliminate" can unambiguously identify the message as potentially dangerous. The system scans the incoming text for compliance with these rules and, if triggered, generates a warning about a possible terrorist call. This level of logic is fast and effective at detecting obvious threats, but vulnerable to workarounds or veiled statements.

Inductive logical inference, in turn, is implemented using a deep neural network based on the BERT model, which has been trained on a labelled corpus of texts. During training, the model automatically forms internal rules (based on context analysis, grammar, and semantics), which it subsequently applies to classify new messages. In the process of inference, the model compares the context of the message with previously learned patterns and makes decisions with the appropriate level of probability. In contrast to rigid rules, this approach allows the model to identify non-trivial forms of threat expression, including sarcasm, euphemisms, ambiguity, and metaphors.

Special attention should be paid to explainability mechanisms, which are implemented through additional tools such as SHAP (SHapley Additive exPlanations) or LIME (Local Interpretable Model-agnostic Explanations). They allow the user or moderator to understand which words or phrases influenced the classification decision. Not only does this increase the credibility of the system, but it also allows you to identify false positives or algorithm abuses.

In general, the combination of formal (deductive) and educational (inductive) inference, complemented by explanation modules, allows for high flexibility, adaptability and efficiency in detecting terrorist calls. This approach meets the requirements of modern cybersecurity and is resistant to language transformations, stylistic variations, and bypass communication techniques.

In the terrorist call detection system, one of the key components is practical decision-making algorithms that ensure accurate recognition of dangerous content in text messages. Taking into account the complexity of the subject area, the ambiguity of natural language, linguistic manipulations and a large amount of input data, it was decided to implement a two-level classification architecture that combines rule-based filtering with deep semantic analysis based on transformer models, in particular BERT.

Rule-based filtering plays the role of the initial stage of message processing. This mechanism is based on predefined dictionaries, lists of dangerous words, triggers, phrases and patterns that are considered typical of terrorist rhetoric or calls for violence. In addition, regular expressions are used to identify non-standard or disguised constructs. The main advantages of this approach are its speed, transparency, and ease of configuration, scaled by updating the rule base without the need for a complete retraining of the system. However, rule-based filtering is not able to effectively work with atypical or veiled expressions, does not understand the context and does not distinguish the meaning of phrases depending on the situation. Because of this, the rule-based module acts as a primary filter, which either immediately filters out clearly threatening messages or passes them to the next level of processing.

Deep classification is implemented using the BERT model – an advanced architecture based on attention mechanisms. It allows the model to "read" text simultaneously in both directions, forming an understanding of the context of words. In particular, messages that contain veiled calls for violence, metaphorical threats, sarcasm or manipulative rhetorical devices. This approach allows the model not only to recognise obvious cases, but also to identify hidden signs of danger that are not always noticeable even to humans.

The choice of BERT among other machine learning architectures was due to its high performance in a wide range of NLP tasks, including classification, question answering, sentiment analysis, and identification of named entities. In addition, transformers work better with long texts than classic models such as LSTM or CNN. They are independent of word order and are capable of establishing remote dependencies between words. It is critical in detecting terrorist calls, as threats can be vague, implicitly formulated, or hidden in complex syntactic constructs.

Special attention is paid to the possibility of explaining the results of the classification. It is an essential requirement, not only from an ethical point of view, but also to increase the credibility of the system, especially if its results are to be used in security services or in administrative decisionmaking. The system implements two main approaches to explainability: attention-visualisation and the use of SHAP. The attention mechanism built into BERT allows for the highlighting of the words or phrases that have most influenced the model's decision, thus visualising the decisionmaking process. SHAP, in turn, proposes a local explanation method that is based on game theory and allows you to calculate the contribution of each feature (in this case, a word) to the final result. It enables analysts and moderators to better understand why a particular message is classified as unsafe, and it also makes it easier to identify false positives or new linguistic patterns.

Thus, the set of algorithms - rule-based filtering and transformer classification - provides a high level of accuracy, contextual understanding and transparency. This approach makes it possible to combine the speed and simplicity of classical methods with the intellectual depth and flexibility of modern deep models. It is critically important in an environment where system decisions can have real consequences for public security and human rights.

In the development of a system for automatic detection of terrorist calls in text content, the choice of implementation tools plays a key role, since they determine the performance, scalability, flexibility and convenience of further maintenance of the software. Python was chosen as the primary programming language, and it is the de facto standard in the fields of natural language processing (NLP) and artificial intelligence (AI). Python provides a robust ecosystem of libraries, syntax simplicity, a broad community, and the ability to quickly integrate with other platforms. In addition, this language is ideal for experimental prototyping, which is essential in the process of exploring new models and methods. The key libraries for implementing NLP and machine learning modules are HuggingFace Transformers, SpaCy, and Scikit-learn. HuggingFace's Transformers library provides access to state-of-the-art pre-trained models, including BERT, RoBERTa, DistilBERT, GPT, and more. It allows you to easily implement deep learning models, change configurations, train them on your own dataset, and integrate them with other system components. It is this library that is used to implement the main module of deep classification, which detects terrorist calls based on contextual analysis.

The SpaCy library is used for text preprocessing. It provides fast and efficient tokenisation, lemmatisation, definition of parts of speech, and Named Entity Recognition. It allows you to build a lightweight yet robust word processing pipeline before passing it to the classifier. SpaCy integrates well with other libraries and also allows you to create your own processing components for specific languages or domains.

To implement auxiliary classical machine learning algorithms, in particular, rule-based filters or basic classifiers, the system uses the Scikit-learn library. It provides modules for building SVM, Naive Bayes, decision trees, clustering, data normalisation, and model quality assessment. In our case, Scikit-learn is also helpful in analysing results, cross-validating, constructing accuracy, completeness, and F1 measure metrics.

Flask or Streamlit is used to implement the user interface and provide interactive interaction with the system. Flask is a classic web framework that allows you to build a REST API used as an entry point for integration with other web services or platforms. It is an ideal choice for a serverside implementation that needs to be scalable and independent. Streamlit, on the other hand, allows you to quickly prototype a user interface without in-depth knowledge of web development. Streamlit efficiently implements input fields, buttons, graphs, explainability visualisation (for example, highlighting essential words) and adjusting model parameters.

When comparing TensorFlow and PyTorch – the two main deep learning frameworks – PyTorch was preferred. The main reasons for this choice are better support in the Transformers library, more developer-friendly syntax, dynamic compute graphics (which makes it easier to debug models), a broad community, and stable integration with HuggingFace. PyTorch provides more flexibility when experimenting, in particular when working with custom loss functions or non-standard architectures. While TensorFlow has powerful tools for productive use of models in production, such as TensorFlow Serving or TensorFlow Lite, it is less convenient in the R&D phase.

Thus, the selected tools - Python, HuggingFace Transformers, SpaCy, Scikit-learn, Flask/Streamlit and PyTorch - provide an optimal balance between performance, flexibility, ease of implementation, and support for explainable AI. They make it possible to implement all the functionality of the system - from text processing and deep analysis to output of results and interactive feedback - with a high level of control over the process, rapid prototyping and scalability.

In the field of automatic detection of terrorist calls in text content, a number of approaches have been proposed in recent years, each of which has its own advantages and limitations. Among the most common, rule-based systems, models based on convolutional neural networks (CNN) and recurrent neural networks (LSTM) are worth mentioning. Each of these methods deserves attention, but their comparative analysis allows us to clearly justify the choice of a hybrid model that combines rule-based filtering with transformer deep classification.

The rule-based approach is based on predefined rules, keyword lists, regular expressions, and linguistic patterns. Its main advantages are ease of implementation, transparency, and explainability. Such systems quickly respond to new rules and easily adapt to the requirements of moderators. At the same time, their main disadvantage is low flexibility: rule-based methods are not able to detect synonymy, sarcasm, grammatical variations, slang, encryption or contextual ambiguities. In addition, they do not scale when working with large amounts of text or with multilingual content. These shortcomings make rule-based systems insufficient as an independent solution in security tasks.

Another class of models - CNN (Convolutional Neural Networks) - although it has demonstrated high efficiency in computer vision tasks, has certain limitations in the field of NLP. CNN models can capture local patterns and phrases well, but they cannot model long-term dependencies in text. It is especially critical for the tasks of classifying terrorist calls, which are often disguised in complex syntactic constructions or stretched over several sentences. Compared to transformers, CNN models lose flexibility in processing context and explaining decisions.

LSTM (Long Short-Term Memory) is a type of recurrent neural network that has long been the standard in sequential word processing tasks. LSTMs work well with sequential language structures and are able to model a certain amount of context, making them better than CNNs for longer pieces of text. However, LSTMs are slower to learn, less scalable, have a complex architecture, and, importantly, are inferior to modern transformers in accuracy and stability of results. In addition, LSTMs do not have a natural explanation mechanism, which makes them difficult to use in sensitive areas related to safety.

The hybrid model chosen in the work combines the strengths of all these approaches. Rulebased filtering serves as the first protective layer, allowing you to quickly filter obviously dangerous content using linguistic templates. This approach also allows the user to configure rules manually in response to new threats. The second layer, Deep Classification Based on the Transformer Model (BERT), provides accurate and contextually sensitive text analysis, including the ability to detect veiled calls, synonymy, and multilingualism. This approach also supports explainability through attention mechanisms, which allows you to explain why a particular decision was made, which is critical in automated moderation tasks.

Thus, the hybrid model combines the advantages of both worlds: the transparency and simplicity of the rule-based approach with the power and contextual sensitivity of transformers. Such a symbiosis allows you to achieve high accuracy, scalability, adaptability to new threats and reliability, which is especially important in information security.

We will describe in more detail the main stages of our pipeline for detecting terrorist calls in social networks. At the same time, we will compare the features of each of the stages for the analysis of English-language (T = I call to take up arms and fig h t ) and Ukrainianlanguage (T =Закликаю взяти зброю і боротися) texts to identify terrorist calls.

Stage 1. Presentation of the text. The purpose of this stage is to formalise the T text message in the form of mathematical objects (vectors, matrices) suitable for further processing by machine learning algorithms.

1.1. Tokenisation (individual tokens / WordPiece). Let the incoming text of the message: T = I call to take up arms and fig h t (engl.) and T =Закликаю взяти зброю і боротися (ukr.).

Then, after the classic tokenisation (whitespace/word), we get a set of words (tokens): T → {w1 , … , w8 }={I , call , ¿ , take , up , arms ,∧, fig h t }. (engl.)

and T ={w1 , w2 , w3 , w4 , w5 } (ukr.), where w1=Закликаю, w2=взяти, w3= зброю, w4=і, w5=боротися.

In the BERT style, subword (WordPiece) is often used, for example:

\text{"arms"} \to [\text{"arm"},\ \text{"##s"}],\quad \text{"fight"} \to [\text{"fight"}].

Then the token sequence can get a little longer; Let's denote the number of tokens as N . 1.2. Normalisation and lemmatisation / stemming. Each word is reduced to a basic form (lemma):

L (T )={l1 , … , lm }={I , call , ¿ , take , up , arm ,∧, fig h t }. (engl.) (here "arms" → "arm"). Frequent operations: lowercasing (all lowercase letters), punctuation removal, apostrophe normalisation, etc.

L (T )={l1 , l2 , l3 , l4 , l5 }, (ukr.) where l1= закликати, l2=взяти, l3= зброя, l4=і, l5=боротися.

1.3. Vectorization (Bag-of-Words/BoW and TF-IDF). Let the corpus have N documents and a large vocabulary base with M words (lemmas). Let's build a TF-IDF vector for a T document: ⃗v (T )=(tfidf (l1 , T ) , tfidf (l2 , T ) , … , tfidf (lM , T ))∈ R M, where TF-IDF is calculated as:

tfidf (li , T )=tf (li , T )⋅ idf (li), tf (li , T )= documents where li – occurs.

Small numerical English example. Suppose:

f li ,T ∑ f l j ,T j , idf (li)=log N .

1+nli (9) (10) f li ,T – is the number of occurrences of the word li in the text of T , nli – is the number of  case N =10,000 documents;  The word "arms" (lemma "arm") occurs in narm=50 documents;  The word "fight" occurs innfig ht=200 documents;  In our message, the total number of tokens is ¿ 8, and each of the lems appears 1 time (frequency f =1).

Then And for fight: tf ( arm , T )= 1 =0.125 , idf ( arm )=log 10000 ≈ log (196.08) ≈ 5.28, 8 1+50

tfidf ( arm , T )=0.125⋅ 5.28 ≈ 0.66. tf ( fight , T )=0.125 , idf ( fight )=log 10000 ≈ log ( 49.75) ≈ 3.91,

1+200 tfidf ( fight , T ) ≈ 0.125⋅ 3.91 ≈ 0.489.

Other words that are frequently encountered (I, to, and) will have small idf and correspondingly small TF-IDFs.

Ukrainian-speaking example. If there are N =1000 documents in our corpus, the word "зброя" occurs in 20 of them (nзброя=20), and in our text it appears 1 time, then: 1.4. Word Embeddings (BERT).

1.4.1 Tokens → vectors. In deep models such as BERT, each word/token is wi mapped to a context vector:

⃗ei=f ( wi)∈ Rd, ⃗ei=BERT ( wi∣ context T )∈ Rd , d type=768. where d is the dimension of the space (for example, d =768 in BERT).

So, for the entire T message/text, we have a matrix:

E (T )=[ e2 ]∈ Rn×d.

⃗e⊤1 ⃗⊤ ... ⃗e⊤n (11) (12) 1.4.2 CLS token and pooling. BERT adds a custom token [ CLS] to the beginning; its vector ⃗eCLS – is often used as a representation of the entire sentence: ⃗sCLS=⃗eCLS∈ Rd. Alternatively, you can do mean-pooling by tokens:

1 n (13) ⃗smean= n ∑i=1 ⃗ei.

1.4.3 Small Numerical Illustrative English Example. Let's assume d =3, for clarity, and we have eight tokens. Contextual vectors:

E (T )=

This matrix is fed into the further classification module. Thus, at the stage of presenting the text of the message, the following steps are taken:

1.5 Subword and OOV (out-of-vocabulary). If a word is broken down into a subword (e.g. an unusual slang word), the embedding of each subword is calculated, then they are aggregated (concat/mean/attention-pooling). Formally, if the token w → subwords {s1 , … , sk } with embeddings ⃗uj, then ⃗ew= 1.6 Additional features (feature engineering). For classic models, numerical features are added: 

Message length len ( T )=n,  Number of trigger words coun t trig (T )=∑ 1 [ li∈ Dtri g ],

i  Part of speech (POS) in the form of one-hot vectors,  N-grams (bigrams): for example, "take up" and "up arms" → can be represented as binary features.

Let's denote the vector of additional features as ⃗faux∈ R p. Then the final input to the light classifier can be

Tokenization T → {w1 , … , wn }; Lemmatization wi → li; Vectorisation (TF-IDF or embeddings); Feature matrix E (T )∈ Rn×d.

⃗x=[ ⃗s ; ⃗faux ]∈ Rd+ p, where [⋅ ;⋅ ] – concatenation. 1.7 Final formalisation of the presentation:           (14) (15) Tokenisation: T → {wi }in=1.

Lemmatization: wi → li.

TF-IDF vector: ⃗v (T )∈ RM (for classical models).

Contextual embeddings: E (T )∈ Rn×d, sentence → ⃗s∈ Rd (CLS or pooling).

Additional features: ⃗faux.

The final vector for the classifier is⃗:x=[ ⃗s ; ⃗v (T ) ; ⃗faux ].

The developed software is a comprehensive system based on deep semantic recognition of text messages, followed by their classification according to the level of danger. All functionality is implemented on the basis of a modular structure, where each component plays a specific role, but at the same time organically interacts with other elements of the system. The entire cycle of message processing begins from the moment the user receives the text, which comes through the integrated Telegram interface.

Next, the processing logic chain is activated: the input text is passed to the clean-up module, where pre-normalisation is performed - HTML elements, punctuation marks, redundant spaces are removed, and all characters are reduced to lower case.

After that, the text is passed to a tokeniser, which transforms it into a sequence of numbers that serve as input to the neural network. These vectors arrive in a model of the type BERT, which has been previously trained on a classification problem with two classes - "sarcastic" and "terrorist" messages. The model performs a forward pass by calculating logits and probability vectors. Based on the highest value among the probabilities, the system decides which class the text belongs to. The forecast is formed in the form of a text conclusion sent back to the user via Telegram.

All intermediate steps are implemented in the form of functions and subroutines. In addition to the main classification, the logic of event logging is provided, which makes it possible to keep records of requests, store statistics of classification results, and record possible exceptions or anomalous situations. If necessary, each module can be tested separately because it does not depend on the internal implementation of other parts of the system. All functions included in the program work synchronously and sequentially, transferring data between modules in the form of simple objects or dictionaries. It makes it easy to debug the process, scale the solution to cloud computing platforms, or embed it in more complex information systems with cybersecurity needs. 6)

The description of the created software tool meets the requirements of GOST 19.402-78 "Program Description" and ISO/IEC 26514:2008 "Systems and software engineering - Requirements for designers and developers of user documentation". As part of this work, intelligent software has been developed for the automatic detection of messages of a terrorist nature. It is based on the BERT transformer model integrated into the Telegram bot, which allows for real-time semantic analysis of texts. The tool is focused on being used as a separate service or as part of larger monitoring systems.

Installing the software requires Python version 3.10 or higher, as well as the installation of appropriate libraries, including transformers, torch, scikit-learn, pandas, telegram, asyncio, and nest_asyncio. To use the Telegram interface, you must have a Telegram account and a generated Bot API access token. Optionally, it is recommended to use a system with CUDA support if you plan to process large amounts of text. Installation is done by creating a project directory, installing dependencies via pip install -r requirements.txt, adding a token to the TOKEN variable or to a secrets.json file, and checking for the presence of a saved model in the directory (e.g. saved_model123). After that, the software is run through the main script or the Jupyter interactive environment, after which the bot begins processing messages.

The user interface is implemented in the form of a text chat. The software does not have a graphical interface in the usual sense - windows, menus or buttons - but it supports full-fledged interaction through Telegram. The user sends a message that goes through two levels of analysis: 1) superficial rule-based analysis for keywords and 2) in-depth semantic analysis through the BERT model. If trigger terms are detected, the "terroristic" class is immediately returned. If there are none, the message is classified using a neural network, resulting in a text category (sarcasm or terroristic) returned to the user. All requests and responses are logged.

The typical usage scenario is as follows. The user enters a message into the chatbot, which is instantly processed: tokenisation, heuristic comparison, and contextual interpretation through the model are performed, and a response is returned. In this way, the user can check any text for potential terrorist threats, including hidden or sarcastic hints. This functionality can be especially relevant for administrators of public channels, journalists, moderators, or information security services.

Among the possible errors that the system can return, the most common are the lack of connection to the Telegram API, the incorrectly specified path to the model, the lack of the necessary libraries or the wrong access token. All these problems can be fixed by checking the connection, establishing dependencies with pip, or fixing the configuration files. In case of difficulties, reinstalling all modules and restarting the service usually helps.

Since the project is educational, official technical support is not provided. However, flexible modification is provided. For example, model weights and tokeniser are stored in a separate folder and can be reused without the need for retraining. You can also adapt the rule-based dictionary to new terms, train the model with specific examples, or integrate additional confidence threshold control mechanisms.

In general, the software tool is modular, logically connected and covers the whole cycle: from text input to classification return. This approach allows you to ensure compatibility between components, ease of maintenance, and the ability to scale to more complex information security scenarios. 7)

User instructions for the information system for detecting terrorist appeals This software tool allows you to automatically analyse text messages and classify them according to the characteristics of terrorist or sarcastic content. The main interaction environment is the Telegram messenger. The system works on the basis of the BERT model trained on the corresponding corpus of texts. User Requirements: 1. Basic Telegram skills 2. Availability of an Internet connection

For local launch: knowledge of Python, transformers, torch, python-telegram-bot, and nest_asyncio libraries installed.

Installation and Launch (for a developer or system administrator): pip install torch transformers python-telegram-bot nest_asyncio

1)

Input Block "Input data" with a detailed description of the case (sources, volume, balance of classes). Add a table: number of messages, average length, % of terrorists, etc. Here in Fig. 8, we can see how our categories are distributed, such as terrorist and sarcastic messages, and it is necessary to parse the dataset in such a way that everything is equal, so that the model shows everything as accurately as possible.

Here we see how our messages are distributed by word length. It is also beneficial for model research. Boxplot Message Length by Class clearly separates the median: for class 0, it lies at ~7 words, while for class 1, it is only ~3–4 words. The model also uses this factor as an indirect signal short, aggressive statements are more likely to be dangerous. The dataset was assembled independently, using real and synthetic messages from public sources. First, about eight thousand texts were collected from open Telegram channels, as well as from forums and Twitter, where sarcastic or radical statements are often found. To ensure anonymity and ethical use, all messages have been cleared of personal data, user IDs, emojis, garbage symbols, and links.

At the initial stage, duplicates were removed using a normalised hash - lower case, punctuation was removed, and MD5 was calculated. It made it possible to weed out about a thousand duplicate lines. Next, a rule-based filter was used, which contained a dictionary of more than 200 key trigger words. If such a trigger occurred in the text, the message was previously marked as potentially terrorist; otherwise, it was sarcastic. It yielded an initial class ratio of approximately 30:70. However, to ensure quality, 1,200 random examples from each class were selected and manually checked. Some of the sarcastic jokes with words like "explosion" have been corrected, because they had no real terrorist meaning. Instead, some disguised radical messages with no explicit vocabulary were transferred to the "terroristic" class. After that, the balance was manually equalised to get 2,000 messages in each category.

At the final stage, the standard normalisation was performed: I moved all texts to lower case, removed unnecessary spaces, and replaced obscene language with a special tag <obscene>. For further analysis, a length field has also been added, which contains the number of words in the message. It made it easy to build statistics on the length of texts and understand the distribution of content.

Once the data is prepared, the dataset is divided into training, validation, and test samples in an 80/10/10 ratio using train_test_split and the stratify parameter to maintain an even distribution of classes. In addition to this, light synonymous argumentation is applied for sarcastic messages, replacing some words with synonyms via WordNet to train the model to better recognise different forms of expression of sarcasm.

At the final stage, it was checked that none of the texts in the test set intersected with the training set - for this, I used hashing again. All texts were saved in CSV and XLSX formats, and catalogued in the datasets/v1/ directory with an accompanying JSON file, which indicates the date of formation, sources and scripts for cleaning.

Thus, a full-fledged balanced dataset was prepared, which formed the basis for further stages analysis, graphing, training of the BERT model, and testing in the Telegram bot environment. 2)

Analysis of the word stops volume influence on the text processing time The graph shows how the average preprocessing time of a single message changes depending on the size of the stop word dictionary. Within our corpus, even increasing the list to 60 words adds only a few tenths of a millisecond - that is, the impact remains minuscule compared to a whole passage through BERT. Reading: The slowest measurement (≈ 0.003 ms) is 1.3 times longer than non-stop word processing, but the difference is far below human tangibility.

Thus, we can draw a practical conclusion: expanding the stop dictionary to several dozen words does not harm performance, but it gives the best semantic "noise protection". Suppose you switch to hundreds and thousands of stop words (which can happen in multilingual projects). In that case, the increase in processing time will remain insignificant compared to the neural network stage because BERT and tokenisation are the most expensive.

Within the framework of the implemented system, the text message goes through several successive processing steps before being transmitted to the BERT model for classification. The main goal of this process is to prepare raw data into a format suitable for deep neural network analysis, eliminating noise and preserving key semantic signals.

The first step is text cleaning, which includes removing extra spaces, punctuation, special characters, HTML tags (if any), and case normalisation (all characters are lowercase). This approach avoids the variability of the form of writing words, which does not carry a meaningful load.

Next, the removal of stop words is applied - the most common words of speech (for example, "and", "this", "there", "but"), which have a low discriminative ability in classification. It has been experimentally proven that increasing the stop word dictionary to 60 does not have a critical impact on performance, but significantly improves the signal-to-noise ratio in the text.

The third stage is tokenisation - splitting the text into separate elements (tokens), in accordance with the requirements of the BERT model. To do this, a specialised BertTokenizer is used, which not only performs partitioning but also replaces each token with the corresponding numerical index from the model dictionary. In this case, the sequence length is aligned by adding paddings ([PAD]) or trimming excess tokens to a given maximum value (max_length=128).

After tokenisation, an input tensor is formed, which is passed to the BERT model. At this stage, the model is already able to conduct a deep contextual analysis of the text, taking into account the relationships between words, their order and the general semantics of the message. Such a word processing pipeline allows you to achieve a balance between performance, classification quality, and system adaptability to new data. 4)

Analysis of hyperparameters The analysis of hyperparameters in the developed text classification system plays a key role in achieving high model accuracy and its ability to generalise. Hyperparameters are understood as the external parameters of the model's training, which do not change during the training process, but significantly affect the effectiveness of training, gradient stability and convergence rate.

Within the framework of the implementation, the following primary hyperparameters were analysed:

1. Batch size (batch size) – This parameter determines the number of examples processed simultaneously during one optimisation step. In our implementation, the optimal size turned out to be batch_size=16, which provided stable training on the available GPU configuration without memory overload. Too small a batch can lead to unstable weight updates, while too large a batch can lead to a loss of generalisation ability.

2. Number of epochs (num_epochs) – the model was trained during one epoch (num_epochs=1) due to resource limitations and the desire to test the performance of the prototype. In the future, to achieve better results, it is advisable to increase the number of epochs to 3-5 with early stopping to avoid overtraining. The average loss in training is 0.0795, and the accuracy on validation reaches 1.

3. Initial learning rate – this parameter, lr=2e-5, is chosen as the recommended value for models based on BERT. Too high a value can lead to destructive fluctuations of weights (divergence), and too low - to slow convergence. Support for the learning rate scheduler in the form of a linear decrease made it possible to gradually reduce the pace of learning, which stabilised the optimisation process.

4. Optimiser – the AdamW optimiser was used to update the scales, which has proven itself well in transformer models, since it takes into account the moments of the first and second order and uses decoupled weight decay for regularisation.

5. Maximum length of the input sequence (max_length) – the value max_length=128 was chosen, which is balanced between the coverage of the whole message and performance limitations. The average length of texts in the dataset allowed for the loss of information at this value.

Manual selection of hyperparameters made it possible to achieve the basic stability of the model. In the future, it is advisable to use automated selection using GridSearch, Bayesian Optimisation or Optuna, which will allow you to find the optimal configurations, taking into account the specifics of real text messages in instant messengers.

We can see that values that are too small (1e-6) lead to lower accuracy due to slow learning, while values between 1e-5 and 2e-5 provide the best results. Values that are too high (>3e-5) cause unstable learning and poor quality. This analysis allows you to choose the optimal learning rate to achieve high accuracy. 5)

Description of the control example The description of the control case involves testing the developed software on real or synthetic text data, which is typical for the instant messaging environment, particularly in instant messengers. The main goal is to test the ability of the system to correctly classify text messages into one of two categories - sarcasm (sarcastic) or terrorist content (terroristic) - in accordance with the logic that was laid down during the training of the model. This example is independent of the data used during the training and therefore allows you to evaluate the quality of the generalisation and the real effectiveness of the model. Below is a plate with nine examples of texts that have passed through the system, as well as the classification provided. For each of the messages, a prediction is provided using a trained model integrated into the Telegram bot. All messages were selected taking into account their clear connection with a specific category, so the level of confidence in the classification in each case is 100%. 1 Oh, great, Monday is the best day of the year again! О, чудово, знову найкращий день у році! понеділок 2 Now I know for sure that the government Тепер я точно знаю, що уряд дбає про sarcast cares about us more than anyone else. It's true нас більше за всіх. Правда ж ic 3

We will destroy you all.

Ми знищимо вас усіх. 4 Of course, it was the best idea to call rain on my vacation.

Звісно, це була найкраща ідея - sarcast покликати дощу саме на мою ic відпустку. 5 Everybody, pack your weapons and take them to the streets; it's time to act! Усі зберіть зброю і виходьте на вулиці, terrori час діяти! stic 6 I love it so much when the Internet works now and then. It's so much fun! Я так люблю, коли інтернет працює sarcast через раз. Це так весело! ic 7 Tomorrow we'll attack Завтра ми атакуємо

Analysis of the results of the control example of classification allows you to better understand how the model works, on the basis of which speech signals it makes decisions, and what features of texts become markers of belonging to a particular class for it. All 9 test messages were correctly classified, which indicates the effective operation of the model in real conditions. Below is a detailed analysis of each prediction:

 "Oh, great, Monday is the best day of the year again!" - sarcastic. The model recognised sarcasm by combining positive vocabulary ("wonderful", "best day") with a wellknown negative context - Monday, traditionally associated with the beginning of the working week and hostility.

 "Now I know for sure that the government cares about us more than anyone else. The ironic construction and use of a rhetorical question creates the impression of insincerity, which is a key indicator of sarcasm. The model recognised this pattern through the subtle context of a negative assessment disguised as a positive one.

 "We will destroy you all. No one will be saved." - terroristic. Direct threatening nature and aggressive language ("we will destroy" and "no one will be saved") give precise Verdic t - sarcast ic terrori stic terrori stic terrori stic semantic colouring to the message. The model identified this as potentially dangerous, since it lacks any hint of joke or irony.

 "Of course, it was the best idea to call the rain on my vacation." - sarcastic. The apparent contradiction between the phrase "best idea" and the negative result - rain on vacation - is a typical example of irony.

 "Everybody pack your arms and take to the streets, it's time to act!" - terroristic. Calls to action using the words "weapons", "get out", "time to act" are classic patterns of verbal radicalisation.

 "I love it so much when the Internet works every other time. It's so much fun!" sarcastic. The contrast between the formally positive phrase "I love so much" and negative experiences - problems with the Internet - is a sarcastic marker.

 "Tomorrow we attack, be prepared." - terroristic. The wording "attack", "be ready" has a militaristic connotation and hints at the coordination of terrorist actions. Even in the absence of a direct object of attack, vocabulary and syntax allow the model to classify this message as dangerous.

 "Oh, of course, it's not corruption - it's just a gift from the heart." - sarcastic. The phrase "gift from the heart" is used in an ironic context as a euphemism for corruption.

 "It's time to destroy all institutions of power. They have no right to exist." terroristic. The model classified the message as terrorist due to its aggressive declaration of the destruction of power structures.

As a result, the accuracy of the classification is explained not only by the number of known lexemes but also by the model's ability to contextually analyse linguistic inversions, rhetorical figures,and general intonation. It proves the superiority of deep transformer models of the BERT type in solving problems of computational linguistics related to the recognition of emotional or aggressive overtones. 7)

This software must be added as a bot to the Telegram messenger by name (@contrter_bot), after which it should be added to your Telegram. After that, you need to click on the button ("Start") and enter any message to which the system should respond (Terroristic) or (Sarcastic). It is worth noting that the model is trained to recognise not only superficial signals in the form of individual words, but also complex speech constructions - irony, rhetorical questions, syntactic inversions. It confirms its ability for deep semantic analysis, which is especially valuable in security tasks where language can mask the true intention of the author. In addition to the algorithmic part, the control example confirmed the effectiveness of the Telegram interface, which allows you to interact with the system conveniently. It makes the developed software suitable for real implementation as an auxiliary tool in online communication monitoring or moderation systems.

In the process of implementing the system of automatic detection of terrorist calls in text messages, a series of experiments were carried out in order to check the efficiency, accuracy and stability of the developed software. One of the key aspects that allows you to evaluate the quality of the system's performance is the collection of statistics on its performance. The collection of such data makes it possible not only to analyse the behaviour of the system in different situations, but also to identify bottlenecks or potential points of productivity growth. To obtain objective results, a real trained model based on the BERT architecture was used, implemented using the Transformers library from HuggingFace, which allows for highly accurate predictions based on the semantic analysis of the text.

During testing, 100 random messages were submitted to the system, which were conditionally classified as neutral or potentially dangerous (terrorist or sarcastic). All incoming messages went through the same processing chain: text cleaning, tokenisation, transfer to the neural model, receiving logs, and calculating the final class. For each prediction, the metrics of the processing time, the prediction class, the value of logits, and the objective correctness of the result, if it was known in advance, were additionally recorded. The collected data makes it possible to form a clear picture of the average performance of the system and its sensitivity to different types of messages, as well as estimate the percentage of errors, false positives, and false negative responses. A thorough analysis of these statistics is necessary to confirm the suitability of the model for practical use, as well as its subsequent adaptation and possible scaling to other sources of text (in particular, Telegram, Twitter, forums, news commentaries, etc.).

The purpose of the statistical analysis is to quantify the effectiveness, reliability, and overall performance of the developed Telegram bot, which classifies text messages as sarcastic or terrorist content. Particular attention is paid to key indicators that allow us to conclude the suitability of software for use in real conditions. One of the main aspects of the study is the response time of the system, that is, the interval between the moment the message arrives and the moment when the user receives the classification result. This option is critical in the context of interactive interaction.

Another important criterion is the stability of the bot's functioning, which assumes uninterrupted operation for a long time, as well as the absence of failures, critical errors, or freezes even under significant load. In addition, the analysis covers the accuracy of the model, which is an indicator of its ability to correctly determine whether a message belongs to the appropriate category. This metric reflects the quality of machine learning and the effectiveness of the BERTbased approach used.

The study also takes into account the number of messages that the system is able to process per unit of time. This parameter is essential in terms of scaling the system and evaluating its performance when working with a large number of requests. The analysis is expected to establish an average response time within a few seconds, confirm stable operation for at least half an hour of continuous load, identify a high level of classification accuracy, and demonstrate the ability to process a significant number of messages without loss of quality or speed. All these factors together allow you to get a holistic picture of the real characteristics and potential of the system for further improvement or implementation in practical projects.

This project used both standard Python tools and specialised libraries to collect and analyse data. The main tools for capturing statistical indicators were variables within training cycles, logging through print, and the tqdm library for visualising the process. To measure the accuracy of the classification and generate the classification report, the classification_report function from sklearn.metrics was used. It made it possible to accurately assess the performance of the model on the validation kit.

The response time was recorded implicitly by observing the interval between the receipt of a message to the Telegram bot and the generation of a response displayed in the console via print. Direct integration with the Telegram API (through the python-telegram-bot library) made it possible to track each incoming request and instantly record the fact of the response, which served as a token of stability and performance of the system.

Launch conditions included a local Jupyter Notebook environment running on a laptop with Anaconda installed and CUDA support (if you have a graphics card). All tests were run locally, with no cloud or server deployment. The use of nest_asyncio ensured compatibility between the Telegram bot's asynchronous calls and the Jupyter environment.

The testing period was approximately one hour of active interaction with the bot in the process of debugging and observing the results. In total, more than 100 manual messages were tested, which made it possible to evaluate the behaviour of the system on a large amount of input data and in various contexts.

Thus, the methodology for collecting statistics was based on a combination of automated monitoring (via PyTorch, HuggingFace Transformers, and Telegram API) and manual control of the results through Jupyter Notebook, which provided a flexible, detailed and reliable approach to analysing the system.

Within the framework of the study, a number of key metrics were recorded and analysed, which allowed the quality and efficiency of the developed message classification system to be assessed. One of the essential characteristics was the speed of processing one message. By using the optimised BERT model and pre-moving it to the GPU (with CUDA), the average processing time for a single text ranged from 0.4 to 0.6 seconds, which is an acceptable result for real-time tasks given the complexity of the depth model.

As for our model, the quality metrics turned out to be too high; there were sure signs of overtraining.

As for the total volume of interactions with the system, more than 100 messages of various content and length were processed during the testing period. It made it possible not only to check the correctness of the Telegram bot, but also to assess the stability of the response in a wide range of input options, including sarcasm, irony, harsh statements, ordinary phrases, etc.

The percentage of correct classifications was estimated by comparing the predicted labels with the expected ones. For the validation sample, the accuracy was more than 94%, which is confirmed by the classification report. The model copes exceptionally well with typically formulated terrorist calls, where its accuracy is close to 97%. At the same time, more complex cases related to the sarcastic context remain more ambiguous, although even there the level of correct decisions is kept at more than 90%.

The performance of the model remained stable even with intense interaction. Not a single crash, freeze or critical error was recorded during the entire test period. The system responded to each message at a predictable speed. The load on the system remained low due to the efficient use of computing resources, the correct formatting of input data, and the preliminary storage of the trained model in the local environment.

Thus, the analysis of the measured metrics allows us to conclude about the high stability, accuracy, and speed of the proposed system, which is a prerequisite for its further use in real scenarios of automatic text monitoring. 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 # Average Message Processing Time 1 Minimal processing time