METHODS AND MODELS OF COUNTERING GROUP CYBER THREATS BASED ON ARTIFICIAL INTELLIGENCE
DOI:
https://doi.org/10.28925/2663-4023.2025.30.998Keywords:
group cyber threats, artificial intelligence, machine learning, deep learning, information security, detection models, adaptive systems, cyberattacks, big data processing, cybersecurity.Abstract
The article addresses the pressing issue of countering group threats in the field of cybersecurity, which are characterized by a high level of organization, complex structures, and targeted execution. With the advancement of digital technologies and the growing dependency of businesses and government institutions on information systems, threats carried out by coordinated groups-such as APTs, botnets, and other cybercriminal organizations-pose an increasing danger. Traditional security approaches have proven ineffective against such attacks, as they often fail to consider the dynamic behavior of threats, their rapid evolution, and adaptability to defensive mechanisms. A method for countering group threats based on artificial intelligence technologies is proposed, specifically leveraging machine learning, deep learning, and big data processing techniques. The developed model architecture enables the detection of signs of coordinated malicious activity, analysis of attacker behavioral patterns, and timely response to potential threats. Special attention is given to the development of adaptive models capable of real-time self-learning and identifying atypical deviations from the normal functioning of an information system. The models are designed with key characteristics of group attacks in mind, including scenarios of distributed attacks, hidden communication between attackers, and the use of encryption and evasion techniques. Experimental studies on the effectiveness of the proposed approach were conducted using test datasets and realistic threat scenarios. The results demonstrated high detection accuracy, a reduction in false positives, and improved response times compared to traditional systems. The findings confirm the feasibility and effectiveness of using intelligent methods to counter complex group threats. The proposed method and models can be integrated into existing cybersecurity monitoring systems to enhance their resilience against modern attacks. The article also outlines prospects for further research, particularly in improving model training methods and scaling to large corporate networks.
Downloads
References
Andrieiev, O. O. (2021). Methods for detecting and countering cyberattacks in corporate networks : Monograph. Kyiv: National Technical University of Ukraine "Igor Sikorsky Kyiv Polytechnic Institute".
Lazarus Alliance. (2023, March 8). What are advanced persistent threats (APT)? https://lazarusalliance.com/uk/what-are-advanced-persistent-threats-apts/
Kozlov, D. S., & Tereshchenko, L. V. (2022). Intelligent information protection systems: Machine learning methods. Information Security, (3), 42–50.
Skopik, F., Settanni, G., & Fiedler, R. (2016). A problem shared is a problem halved: A survey on the dimensions of collective cyber defense through security information sharing. Computers & Security, 60, 154–176. https://doi.org/10.1016/j.cose.2016.03.011
Buczak, A. L., & Guven, E. (2016). A survey of data mining and machine learning methods for cyber security intrusion detection. IEEE Communications Surveys & Tutorials, 18(2), 1153–1176. https://doi.org/10.1109/COMST.2015.2494502
Zvieriev, I. V. (2022). Artificial intelligence as a tool in information security systems. Modern Information Technologies, (2), 28–34.
Sommer, R., & Paxson, V. (2010). Outside the closed world: On using machine learning for network intrusion detection. IEEE Symposium on Security and Privacy, 305–316. https://doi.org/10.1109/SP.2010.25
Sangkatsanee, P., Wattanapongsakorn, N., & Charnsripinyo, C. (2011). Practical real-time intrusion detection using machine learning approaches. Computer Communications, 34(18), 2227–2235. https://doi.org/10.1016/j.comcom.2011.05.009
Kolesnyk, S. P., Ovcharuk, V. M., Parkhomenko, A. P., et al. (2020). Artificial intelligence algorithms for cybersecurity systems : Textbook. Kharkiv: Kharkiv National University of Radio Electronics.
ESET. (n.d.). Protection against botnets: How not to become part of a botnet network. https://www.eset.com/ua/support/information/entsyklopediya-zahroz/zakhyst-vid-botnetiv/
Berman, D. S., Buczak, A. L., Chavis, J. S., & Corbett, C. L. (2019). A survey of deep learning methods for cyber security. Information, 10(4), 122. https://doi.org/10.3390/info10040122
Tang, T. A., Mhamdi, L., McLernon, D., Zaidi, S. A. R., & Ghogho, M. (2016). Deep learning approach for network intrusion detection in software defined networking. 2016 International Conference on Wireless Networks and Mobile Communications (WINCOM), 258–263. IEEE. https://doi.org/10.1109/WINCOM.2016.7777224
Kulish, V., & Pastukh, I. (2023). Modern methods for detecting botnet networks in corporate systems. Information Protection, (1), 63–70.
U.S. Department of Justice. (n.d.). How FIN7 attacked and stole data: Sophisticated social engineering – phishing & calling. https://www.justice.gov/archives/opa/press-release/file/1084361/dl?inline=1
Politecnico di Torino. (2021). Master’s degree program in ICT for Smart Societies (ICT for the Society of the Future). https://webthesis.biblio.polito.it/18007/
Journal of Scientific Papers “Social Development and Security”. (2024). Vol. 14(2). ISSN 2522-9842.
Adnovum. (2025, March 14). Modern cybersecurity strategies: Why traditional solutions fall short. https://www.adnovum.com/blog/modern-cybersecurity-strategies-why-traditional-solutions-fall-short
Zscaler. (n.d.). AI vs. traditional cybersecurity: Which is more effective? https://www.zscaler.com/zpedia/ai-vs-traditional-cybersecurity
ResearchGate. (2019, September). Big data analytics for cyber security. https://www.researchgate.net/publication/335698795_Big_Data_Analytics_for_Cyber_Security
Scarfone, K., & Mell, P. (2007, February). Guide to intrusion detection and prevention systems (IDPS) (NIST Special Publication 800-94). National Institute of Standards and Technology. https://nvlpubs.nist.gov/nistpubs/Legacy/SP/nistspecialpublication800-94.pdf
MITRE Corporation. (n.d.). ATT&CK Matrix for Enterprise. https://attack.mitre.org/
Zhurakovskyi, B., Averichev, I., & Shakhmatov, I. (2023, November 21). Using the latest methods of cluster analysis to identify similar profiles in leading social networks. Information Technology and Implementation (Satellite) Conference Proceedings. https://ceur-ws.org/Vol-3646/Paper_12.pdf
Ponochovny, P. (2024). Low-speed HTTP DDoS attack prevention model for end users. Cybersecurity: Education, Science, Technique, 2(26), 291–304. https://doi.org/10.28925/2663-4023.2024.26.695
Ivanchenko, Y., Rozhenko, A., & Berestyana, T. (2025). Innovative approaches to improving the level of cybersecurity of corporate networks using cloud technologies. Cybersecurity: Education, Science, Technique, 4(28), 656–670. https://doi.org/10.28925/2663-4023.2025.28.858
Published
How to Cite
Issue
Section
License
Copyright (c) 2025 Володимир Шульга, Євгенія Іванченко, Тетяна Берестяна, Олексій Шкурченко
This work is licensed under a Creative Commons Attribution-NonCommercial-ShareAlike 4.0 International License.
