A METHOD FOR ADAPTIVE ESTIMATION OF THE PROBABILITY OF INFORMATION LEAKAGE IN SPECIAL-PURPOSE NETWORKS FOR MACHINE LEARNING
DOI:
https://doi.org/10.28925/2663-4023.2026.33.1242Keywords:
cybersecurity; information leakage; special-purpose networks; countering leaks; threat model; adaptive risk assessment.Abstract
This article presents a formalized model of information leakage in special-purpose networks (SPN) and develops a method for adaptive estimation of the probability of information leakage in such networks. The relevance of the research is driven by the growing number of sophisticated targeted cyber threats, the use of multi-layered attacks and covert data transmission channels, as well as the increasing role of insider threats in modern information and communication systems. It is shown that traditional protection measures, focused primarily on perimeter security, signature-based detection, and static access policies, do not provide an adequate level of protection against information leakage in the context of dynamic changes in the operating environment of SPNs. This paper proposes a formalization of the SPN as a set of nodes, information transmission channels, and risk factors that underlie the occurrence of leaks. The developed method is based on the integration of network, host, and contextual security indicators, the normalization of features, the formation of a risk factor vector, the adaptive updating of weight coefficients, and the determination of an integral risk function, followed by the calculation of the probability of information leakage. A key feature of the method is its ability to be applied in real time, taking into account changes in user behavior, network operating modes, and the current threat level. An example of the practical implementation of the proposed approach is provided, demonstrating the sequence of processing security indicators, risk assessment, and decision-making regarding incident response. The results confirm that applying the proposed method improves the effectiveness of detecting precursors to information leaks, reduces the risk of compromising confidential data, and ensures that the protection system adapts to new types of threats in the context of targeted countermeasures.
Downloads
References
Yuan, S., & Wu, X. (2021). Deep learning for insider threat detection: Review, challenges, and opportunities. Computers & Security, 104, 102221. https://doi.org/10.1016/j.cose.2021.102221
Inayat, U., Farzan, M., Mahmood, S., Zia, M. F., Hussain, S., & Pallonetto, F. (2024). Insider threat mitigation: Systematic literature review. Ain Shams Engineering Journal, 15(12), 103068. https://doi.org/10.1016/j.asej.2024.103068
Kamatchi, K., & Uma, E. (2025). Insights into user behavioral-based insider threat detection: Systematic review. International Journal of Information Security, 24(2). https://doi.org/10.1007/s10207-025-01002-6
Daubner, L., Macak, M., Matulevičius, R., Buhnova, B., Maksović, S., & Pitner, T. (2023). Addressing insider attacks via forensic-ready risk management. Journal of Information Security and Applications, 73, 103433. https://doi.org/10.1016/j.jisa.2023.103433
Mahdavifar, S., Salem, A. H., Victor, P., Razavi, A. H., Garzón, M., Hellberg, N., & Lashkari, A. H. (2021). Lightweight hybrid detection of data exfiltration using DNS based on machine learning. In Proceedings of the 11th International Conference on Communication and Network Security (ICCNS 2021) (pp. 80-86). https://doi.org/10.1145/3507509.3507520
Abualghanam, O., Alazzam, H., Elshqeirat, B., Qatawneh, M., & Almaiah, M. A. (2023). Real-time detection system for data exfiltration over DNS tunneling using machine learning. Electronics, 12(6), 1467. https://doi.org/10.3390/electronics12061467
Zhan, M., Li, Y., Yu, G., Li, B., & Wang, W. (2022). Detecting DNS over HTTPS-based data exfiltration. Computer Networks, 209, 108919. https://doi.org/10.1016/j.comnet.2022.108919
Le, T. D., Le-Dinh, T., & Uwizeyemungu, S. (2025). Cybersecurity analytics for the enterprise environment: A systematic literature review. Electronics, 14(11), 2252. https://doi.org/10.3390/electronics14112252
Shuklin, H. V., & Barabash, O. V. (2018). Mathematical modeling of information security process management in the system of state regulation of stock market cybersecurity. Control, Navigation and Communication Systems, 4(50). https://doi.org/10.26906/SUNZ.2018.4.091
Lande, D., & Danyk, Y. (2025). Dynamic detection and classification of critical attention objects under crisis events. Theoretical and Applied Cybersecurity, 7(3). https://doi.org/10.20535/tacs.2664-29132025.3.347370
Ponochovnyi, P. M., & Pepa, Y. V. (2025). System for implementing server protection considering anomalies in packets. Ukrainian Information Security Research Journal, 26(2). https://doi.org/10.18372/2410-7840.26.20018
Published
How to Cite
Issue
Section
License
Copyright (c) 2026 Герман Шуклін, Ярослав Шавловський, Юрій Пепа, Євгенія Іванченко
This work is licensed under a Creative Commons Attribution-NonCommercial-ShareAlike 4.0 International License.
