МЕТОДИ ТА ЗАСОБИ ВИЯВЛЕННЯ КІБЕРІНЦИДЕНТІВ НА МОБІЛЬНИХ КІНЦЕВИХ ПРИСТРОЯХ У ВІДОМЧИХ ІНФОРМАЦІЙНО-КОМУНІКАЦІЙНИХ СИСТЕМАХ

Vitalii Fesokha; Ihor Subach; Kristina Stepanenko

doi:10.28925/2663-4023.2026.33.1265

Authors

Vitalii Fesokha Kruty Heroes Military Institute of Telecommunications and Information Technologies https://orcid.org/0000-0001-6612-1970
Ihor Subach Institute of Special Communications and Information Protection National Technical University of Ukraine “Igor Sikorsky Kyiv Polytechnic Institute” https://orcid.org/0000-0002-9344-713X
Kristina Stepanenko Kruty Heroes Military Institute of Telecommunications and Information Technologies https://orcid.org/0000-0002-0647-0623

DOI:

https://doi.org/10.28925/2663-4023.2026.33.1265

Keywords:

cyber incident, mobile endpoint devices, information and communication systems, specialized software, cyber protection

Abstract

In the context of the current scientific task of improving the level of cyber protection of mobile endpoint devices (MEDs) in departmental information and communication systems (DICSs), an analysis of existing approaches to detecting cyber incidents on MEDs was carried out. It is shown that the vast majority of these approaches are focused on identifying individual indicators of device compromise without taking into account the device’s role in the functioning of the information and communication system (ICS). The analysis of approaches to detecting malicious activity and the methods used for their implementation was conducted according to the levels at which cyber incidents manifest themselves: the mobile application level, the operating system and device level, the level of user behavior and usage context, the level of network interaction, the level of access to ICS services, and the level of impact on ICS functioning. For each level, characteristic manifestations of cyber incidents, sources of indicators, evaluation criteria, and the most suitable detection approaches were identified. A separate comparison of the functional capabilities of modern classes of tools for detecting cyber incidents on MEDs was also carried out. It was established that none of the considered approaches or classes of tools, when used separately, provides full coverage of all levels at which cyber incidents on MEDs manifest themselves in DICSs. The feasibility of developing an architecture for multilevel detection of cyber incidents on MEDs in DICSs is substantiated. This architecture ensures the formation of a structured description of the current state of an MED in the context of its interaction with the ICS through bidirectional data exchange between the MED and the ICS regarding the state of the cyber incident manifestation levels, analysis of the structure of interaction sessions between specialized client software and the DICS, identification of invariants in the development of cyberattack techniques in mobile threat taxonomies, and exchange of detection experience between MEDs through the ICS.

Downloads

Download data is not yet available.

References

State Service of Special Communications and Information Protection of Ukraine. (2024). Russian cyber operations: New targets, tools, and groups. Analysis of hacker attacks against Ukraine in the second half of 2023. https://cip.gov.ua/ua/news/kiberoperaciyi-rf-novi-cili-instrumenti-ta-grupi-analitika-khakerskikh-atak-proti-ukrayini-za-2-pivrichchya-2023-roku

State Service of Special Communications and Information Protection of Ukraine. (2025). Russian cyber operations: Attack automation, espionage against the defense sector, and new tactics. Analysis for the second half of 2024. https://cip.gov.ua/ua/news/russian-cyber-operations-attack-automation-espionage-against-defense-sector-and-new-tactics-analysis-for-the-second-half-of-2024

Dahiya, A., Singh, S., & Shrivastava, G. (2023). Android malware analysis and detection: A systematic review. Expert Systems. https://doi.org/10.1111/exsy.13488

Manzil, H. H. R., & Naik, S. M. (2023). Detection approaches for Android malware: Taxonomy and review analysis. Expert Systems with Applications, 122255. https://doi.org/10.1016/j.eswa.2023.122255

Kim, Y.-K., et al. (2022). A systematic literature review on mobile malware detection methods. Communications in Computer and Information Science, 263-288. https://doi.org/10.1007/978-981-16-9576-6_19

Senanayake, J., Kalutarage, H., & Al-Kadri, M. O. (2021). Android mobile malware detection using machine learning: A systematic review. Electronics, 10(13), 1606. https://doi.org/10.3390/electronics10131606

Sharma, T., & Rattan, D. (2021). Malicious application detection in Android: A systematic literature review. Computer Science Review, 40, 100373. https://doi.org/10.1016/j.cosrev.2021.100373

Liu, Y., et al. (2022). Deep learning for Android malware defenses: A systematic literature review. ACM Computing Surveys. https://doi.org/10.1145/3544968

Chowdhury, N.-U.-R., et al. (2024). Android malware detection using machine learning: A review. In Lecture Notes in Networks and Systems (pp. 507-522). Springer. https://doi.org/10.1007/978-3-031-47715-7_35

Joshi, P., et al. (2016). Protego: A passive intrusion detection system for Android smartphones. In 2016 International Conference on Computing, Analytics and Security Trends (CAST). IEEE. https://doi.org/10.1109/CAST.2016.7914972

Faruki, P., et al. (2015). Android security: A survey of issues, malware penetration, and defenses. IEEE Communications Surveys & Tutorials, 17(2), 998-1022. https://doi.org/10.1109/COMST.2014.2386139

Al Hwaitat, A. K., et al. (2024). Overview of mobile attack detection and prevention techniques using machine learning. International Journal of Interactive Mobile Technologies, 18(10), 125-157. https://doi.org/10.3991/ijim.v18i10.46485

Shabtai, A., Kanonov, U., & Elovici, Y. (2010). Intrusion detection for mobile devices using the knowledge-based temporal abstraction method. Journal of Systems and Software, 83(8), 1524-1537. https://doi.org/10.1016/j.jss.2010.03.046

Arp, D., et al. (2014). Drebin: Effective and explainable detection of Android malware in your pocket. In Network and Distributed System Security Symposium (NDSS 2014). https://doi.org/10.14722/ndss.2014.23247

Mariconti, E., et al. (2017). MaMaDroid: Detecting Android malware by building Markov chains of behavioral models. In Network and Distributed System Security Symposium (NDSS 2017). https://doi.org/10.14722/ndss.2017.23353

Sun, M., et al. (2017). Monet: A user-oriented behavior-based malware variants detection system for Android. IEEE Transactions on Information Forensics and Security, 12(5), 1103-1112. https://doi.org/10.1109/TIFS.2016.2646641

de Wit, S. P., Bucur, D., & van der Ham, J. (2021). Dynamic detection of mobile malware using smartphone data and machine learning. Digital Threats: Research and Practice. https://doi.org/10.1145/3484246

Subach, I., Fesokha, V., & Fesokha, N. (2017). Analysis of existing intrusion prevention solutions in information and telecommunication networks. Information Technology and Security, 5. https://ela.kpi.ua/server/api/core/bitstreams/39ab1c66-105d-4a53-a344-f300752e6be0/content

Fesokha, V. V., Kysylenko, D. Y., & Nesterov, O. M. (2023). Analysis of the capability of existing antivirus protection systems and the methods underlying them to detect new malware in military information systems. Systems and Technologies of Communications, Informatization and Cybersecurity, 3. https://journal.viti.edu.ua/index.php/cicst/article/view/49

Souppaya, M., & Scarfone, K. (2013). Guidelines for managing the security of mobile devices in the enterprise (NIST SP 800-124 Rev. 1). National Institute of Standards and Technology. https://doi.org/10.6028/NIST.SP.800-124r1

Rose, S., et al. (2020). Zero trust architecture (NIST SP 800-207). National Institute of Standards and Technology. https://doi.org/10.6028/NIST.SP.800-207

Scarfone, K. A., & Mell, P. M. (2007). Guide to intrusion detection and prevention systems (IDPS) (NIST SP 800-94). National Institute of Standards and Technology. https://doi.org/10.6028/NIST.SP.800-94

Franklin, J. M., et al. (2020). Mobile device security: Corporate-owned personally-enabled (COPE) (NIST SP 1800-21). National Institute of Standards and Technology. https://doi.org/10.6028/NIST.SP.1800-21

Subach, I., Mogylevych, D., Mykytiuk, A., Kubrak, V., & Fesokha, V. (2022). Models of fuzzy identification of cyber incidents in information and communication systems by intelligent SIEM systems. In Proceedings of the XXII International Scientific and Practical Conference “Information Technologies and Security (ITS-2022)” (pp. 151-160). CEUR Workshop Proceedings. https://ceur-ws.org/Vol-3503/paper14.pdf

Alshamrani, A., et al. (2019). A survey on advanced persistent threats: Techniques, solutions, challenges, and research opportunities. IEEE Communications Surveys & Tutorials, 21(2), 1851-1877. https://doi.org/10.1109/COMST.2019.2891891

Fesokha, V., Subach, I., & Kopych, D. (2026). Concept of cyber incident detection in a SIEM system based on the integration of fuzzy hypergraph structures and generative artificial intelligence models. Telecommunication and Information Technologies, 1, 15-22. https://tit.duikt.edu.ua/telecommunication/article/view/2694/2575

METHODS AND MEANS OF DETECTION OF CYBER INCIDENTS ON MOBILE TERMINAL DEVICES IN WELL-KNOWN INFORMATION AND COMMUNICATION SYSTEMS

Authors

DOI:

Keywords:

Abstract

Downloads

References

Downloads

Published

How to Cite

Issue

Section

License

Most read articles by the same author(s)

index

Language

Make a Submission

counter

Information

Developed By

Current Issue