COMPREHENSIVE MODEL FOR SELECTING ANTIVIRUS SOFTWARE FOR CRITICAL INFRASTRUCTURE FACILITIES
DOI:
https://doi.org/10.28925/2663-4023.2025.29.929Keywords:
comprehensive model, antivirus software, critical infrastructure, cybersecurity, multi-criteria analysis, decision-making, knowledge base, information securityAbstract
The rapid growth of cyber attacks on critical infrastructure against the backdrop of rapid development of information technology highlights the urgent need for effective protection mechanisms. This study examines the problem of choosing the best antivirus software, which is complicated by the increasing complexity of decision-making and the limitations of current approaches. The article presents a detailed, comprehensive mathematical model designed to automate the process of selecting antivirus software. This model uses multi-criteria analysis and expert assessments to ensure flexibility and objectivity. It evaluates technical characteristics such as detection probability, false positive rate, performance, system load, response time, and database update frequency, as well as operational risks and the Common Vulnerability Scoring System (CVSS). The methodology uses geometric mean aggregation of expert opinions and checks their consistency to reduce subjectivity and increase reliability. Two methods of incorporating the risk factor into the overall assessment were tested, allowing adaptation to different strategic goals. Experimental results confirmed the effectiveness of the model in determining optimal antivirus solutions for mission-critical information systems. The model effectively processes expert data and creates organised information for decision-making. Further research could expand the model's knowledge base, improve decision-making algorithms for new cyber threats, and adapt it for wider application in information security.
Downloads
References
CERT-UA. (б.д.). CERT-UA минулого року опрацювала 4315 кіберінцидентів. https://cip.gov.ua/ua/news/cert-ua-minulogo-roku-opracyuvala-4315-kiberincidentiv
Ekşi, G. E., Tekinerdoğan, B., & Catal, C. (2022). Software security management in critical infrastructures: A systematic literature review. Turkish Journal of Electrical Engineering and Computer Sciences, 30(4), 1142–1161. https://doi.org/10.55730/1300-0632.3841
Okeke, K., & Omojola, S. (2025). Enhancing cybersecurity measures in critical infrastructure: Challenges and innovations for resilience. Journal of Scientific Research and Reports, 31(2), 474–484. https://doi.org/10.9734/jsrr/2025/v31i22868
Lubis, M., Safitra, M. F., Fakhrurroja, H., & Muttaqin, A. N. (2025). Guarding our vital systems: A metric for critical infrastructure cyber resilience. Sensors, 25(15), 4545. https://doi.org/10.3390/s25154545
ДСТУ ISO/IEC 27001:2023. (2023). Інформаційні технології. Методи захисту. Системи управління інформаційною безпекою. Вимоги. https://online.budstandart.com/ua/catalog/doc-page.html?id_doc=104398
ДСТУ ISO/IEC 27002:2023. (2023). Інформаційні технології. Методи захисту. Система управління інформаційною безпекою. Кодекс практики. https://online.budstandart.com/ua/catalog/doc-page.html?id_doc=104399
Верховна Рада України. (2024). Закон України “Про критичну інфраструктуру” від 17 листопада 2021 року № 1882-IX (в редакції від 21.09.2024). https://zakon.rada.gov.ua/laws/show/1882-20#Text
Lu, M. T., & Guimaraes, T. (2007). A guide to selecting expert systems applications. Journal of Information Systems Management, 6(2), 8–15. https://doi.org/10.1080/07399018908960138
Mukhoid, O. V., Kostornoi, O. S., & Shyfrin, D. M. (2018). Selection of the optimal software for designing expert systems. Journal of Engineering Sciences, 5(2), E10–E15. https://doi.org/10.21272/jes.2018.5(2).e3
Madanchian, M., & Taherdoost, H. (2025). Applications of multi-criteria decision making in information systems for strategic and operational decisions. Computers, 14(6), 208. https://doi.org/10.3390/computers14060208
Krisper, M., Dobaj, J., & Macher, G. (2020). Assessing risk estimations for cyber-security using expert judgment. In M. Yilmaz, P. Clarke, J. Niemann, & R. Messnarz (Eds.), Systems, software and services process improvement – 27th European Conference, EuroSPI 2020, Proceedings (pp. 120–134). Communications in Computer and Information Science (Vol. 1251). Springer. https://doi.org/10.1007/978-3-030-56441-4_9
Buchyk, C., Kondratenko, S., & Pysarchuk, O. (2006). Systemy pidtrymky pryiniattia rishen. Zhytomyr: ZhVIRE.
Published
How to Cite
Issue
Section
License
Copyright (c) 2025 Сергій Бучик, Максим Маєвський
This work is licensed under a Creative Commons Attribution-NonCommercial-ShareAlike 4.0 International License.
