THEORETICAL APPROACH TO THE APPLICATION OF MACHINE LEARNING METHODS FOR ASSESSING THE RISKS OF CRITICAL INFRASTRUCTURE FACILITIES

Authors

DOI:

https://doi.org/10.18372/2310-5461.69.20945

Keywords:

risk, cybersecurty, critical infrastructure, civil aviation, ICT, OT, machine learning, SOC, IEC 62443, NIS2, CVE

Abstract

The relevance of this study is driven by the growing cyber threat landscape affecting critical infrastructure amid the convergence of information technology and operational technology and the expansion of attack surfaces through cloud services, remote access, and supply chains. In civil aviation, these challenges are particularly sensitive because disruptions in information and communication systems may affect flight regularity, ground operations, passenger services, and the resilience of airport engineering infrastructure.

The problem addressed in the paper is the limited effectiveness of purely reactive risk management, insufficient visibility in technological networks, and the difficulty of timely incident prioritization. The purpose of the article is to substantiate an intellectualized cyber risk assessment approach based on machine learning to improve detection timeliness and response effectiveness while aligning with NIS2 and CER requirements and sector-specific guidance. The proposed solution is a process-oriented model in which machine learning is integrated with ISO IEC 27005, NIST SP 800-30, and the zone-and-conduit principles of IEC 62443. The paper summarizes key threat vectors relevant to critical infrastructure and aviation, including remote access compromise, supply chain attacks, and exploitation of known vulnerabilities with mitigation prioritization guided by the KEV catalog.

A hybrid machine learning strategy is justified by combining classification, regression, clustering, and anomaly detection, along with a feature engineering approach that leverages security logs, vulnerability indicators, OT telemetry, and asset criticality context for airports and airlines. The main result is a concept of a multi-layer risk assessment architecture covering data collection and normalization, feature generation, controlled model lifecycle management, and integration of risk outputs with SOC processes and the risk register. The conclusions demonstrate that the approach provides a reproducible and auditable basis for risk-driven response prioritization in civil aviation information and communication systems and outlines directions for further enhancement through richer feature sets and analytical modules.

Author Biographies

Anna Ilienko, State University "Kyiv Aviation Institute", Kyiv, Ukraine

Candidate of Technical Sciences, Associate Professor

Serhii Ilienko, State University "Kyiv Aviation Institute", Kyiv, Ukraine

Candidate of Technical Sciences, Associate Professor

Valentyna Teliushchenko, State University "Kyiv Aviation Institute", Kyiv, Ukraine

Postgraduate

References

ENISA. ENISA Threat Landscape 2024 (July 2023 – June 2024). URL: https://securitydelta.nl/media/com_hsd/report/690/document/ENISA-Threat-Landscape-2024.pdf (access data 25.01.2026)

ENISA. ENISA Threat Landscape 2023. URL: https://www.enisa.europa.eu/sites/default/files/publications/ENISA%20Threat%20Landscape%202023.pdf (access data 25.01.2026)

ENISA. Threat Landscape — overview page (ETL 2024 briefing). URL: https://www.enisa.europa.eu/publications/enisa-threat-landscape-2024 (access data 25.01.2026)

MITRE. ATT&CK® for ICS Matrix. URL: https://attack.mitre.org/matrices/ics/ (access data 25.01.2026)

Dragos. OT Cybersecurity Year in Review (огляд звіту за 2024 рік). URL: https://www.dragos.com/ot-cybersecurity-year-in-review (access data 25.01.2026)

Dragos. 2025 OT Cybersecurity Year in Review — PDF. URL: https://pkcert.gov.pk/uploads/2025/02/Dragos-2025-OT-Cybersecurity-Report-A-Year-in-Review.pdf (access data 25.01.2026)

FBI/IC3. Russian Military Cyber Actors Target U.S. and Global Networks (CSA, 05.09.2024). URL: https://www.ic3.gov/CSA/2024/240905.pdf (access data 25.01.2026)

State Cyber Protection Centre (SCPC, Держспецзв’язку). Annual Report 2024. URL: https://scpc.gov.ua/api/files/4560c0ba-c6c0-4935-b48d-0232dd659df3 (access data 28.01.2026)

Держспецзв’язку / CERT-UA. Аналітика CERT-UA (огляд тенденцій, 30.09.2025). URL: https://cip.gov.ua/ua/filter?tagId=68851 (access data 28.01.2026)

РНБО України. Огляд подій у сфері кібербезпеки (січень 2024). URL: https://www.rnbo.gov.ua/files/2024/NATIONAL_CYBER_SCC/Cyber%20digest/Cyber%20digest_Jan_2024_UA.pdf (access data 28.01.2026)

CISA. Cybersecurity Best Practices for Industrial Control Systems (ICS). URL: https://www.cisa.gov/sites/default/files/publications/Cybersecurity_Best_Practices_for_Industrial_Control_Systems.pdf (access data 28.01.2026)

CISA. Primary Mitigations to Reduce Cyber Threats to Operational Technology. URL: https://www.cisa.gov/resources-tools/resources/primary-mitigations-reduce-cyber-threats-operational-technology (access data 28.01.2026)

CISA. Foundations for OT Cybersecurity: Asset Inventory Guidance URL: https://www.cisa.gov/resources-tools/resources/foundations-ot-cybersecurity-asset-inventory-guidance-owners-and-operators (access data 01.02.2026)

ENISA. ENISA Threat Landscape 2025. URL: https://www.enisa.europa.eu/publications/enisa-threat-landscape-2025. (access data 01.02.2026)

CISA. Known Exploited Vulnerabilities (KEV) Catalog. URL: https://www.cisa.gov/known-exploited-vulnerabilities-catalog (access data 01.02.2026)

CISA. Advisory: Threat Actors Exploit Multiple Vulnerabilities in Ivanti Connect Secure and Policy Secure URL: https://www.cisa.gov/news-events/cybersecurity-advisories/aa24-060b (access data 01.02.2026)

CISA. Emergency Directive ED 24-01 щодо Ivanti URL: https://www.cisa.gov/news-events/directives/ed-24-01-mitigate-ivanti-connect-secure-and-ivanti-policy-secure-vulnerabilities (access data 01.02.2026)

CISA. Cross-Sector Cybersecurity Performance Goals (оглядова сторінка). URL: https://www.cisa.gov/cross-sector-cybersecurity-performance-goals (access data 01.02.2026)

GAO. Critical Infrastructure: Ransomware Impacts (GAO-24-106221, 30.01.2024). URL: https://www.gao.gov/assets/gao-24-106221.pdf

CISA. StopRansomware — Black Basta URL: https://www.cisa.gov/news-events/cybersecurity-advisories/aa24-131a (access data 01.02.2026)

DNI/CTIIC. Worldwide Ransomware Attacks as of June 2024 URL: https://www.dni.gov/files/CTIIC/documents/products/Worldwide_Ransomware_Attacks_as_of_June_2024_Consistent_With_Previous_Year_Sep2024.pdf (access data 01.02.2026)

SANS Institute. The 2024 State of ICS/OT Cybersecurity URL: https://www.sans.org/white-papers/sans-2024-state-ics-ot-cybersecurity (access data 01.02.2026)

IEC. IEC 62443-2-1:2024 — Security program requirements for IACS asset owners (офіційна сторінка). URL: https://webstore.iec.ch/en/publication/62883 (access data 01.02.2026)

IEC. IEC 62443-3-3:2013 — System security requirements and security levels (офіційна сторінка). URL: https://webstore.iec.ch/en/publication/7033 (access data 01.02.2026)

ISA/ISAGCA. ISA/IEC 62443 Series of Standards — огляд. URL: https://www.isa.org/standards-and-publications/isa-standards/isa-iec-62443-series-of-standards (access data 05.02.2026)

ISO/IEC 27005:2022 — Information security, cybersecurity and privacy protection — Guidance on managing information security risks. Geneva: ISO/IEC, 2022. URL: https://www.iso.org/standard/80585.html (access data 05.02.2026)

IEC 62443-3-2:2020 — Security for industrial automation and control systems — Part 3-2: Security risk assessment for system design. Geneva: IEC, 2020. URL: https://webstore.iec.ch/en/publication/30727 (access data 05.02.2026)

NIST. SP 800-30 Rev.1: Guide for Conducting Risk Assessments. Gaithersburg, MD: NIST, 2012. URL: https://csrc.nist.gov/pubs/sp/800/30/r1/final (access data 05.02.2026)

NIST. Artificial Intelligence Risk Management Framework (AI RMF 1.0). Gaithersburg, MD: NIST, 2023. URL: https://nvlpubs.nist.gov/nistpubs/ai/nist.ai.100-1.pdf (access data 05.02.2026)

Regulation (EU) 2024/1689 of the European Parliament and of the Council of 13 June 2024 laying down harmonised rules on artificial intelligence (Artificial Intelligence Act). Official Journal of the European Union, L 2024/1689, URL: https://eur-lex.europa.eu/eli/reg/2024/1689/oj/eng (access data 05.02.2026)

IEC 31010:2019 — Risk management — Risk assessment techniques. Geneva: ISO/IEC, 2019. URL: https://www.iso.org/standard/72140.html (access data 05.02.2026)

ENISA. Securing Machine Learning Algorithms. Athens: European Union Agency for Cybersecurity, 2021. URL: https://www.enisa.europa.eu/publications/securing-machine-learning-algorithms (access data 05.02.2026)

NCSC-UK; CISA та ін. Guidelines for Secure AI System Development. 2023 (оновлення 2024). URL: https://www.ncsc.gov.uk/files/Guidelines-for-secure-AI-system-development.pdf (access data 05.02.2026)

MITRE. ATLAS — Adversarial Threat Landscape for Artificial-Intelligence Systems (офіційний сайт). URL: https://atlas.mitre.org/ (access data 05.02.2026)

Ільєнко А.В., Телющенко В. А., Дубчак О. А. Сучасні кіберзагрози критичної інфраструктури України та світу // Кібербезпека: освіта, наука, техніка. 2025. Т. 3, № 27. С. 150–164. https://doi.org/10.28925/2663-4023.2023.27.719

Анна Ільєнко, Валентина Телющенко. Методи оцінювання ризиків кіберзагроз у критичній інфраструктурі: тез доп., VIII міжнародна науково-практична конференція: Проблеми кібербезпеки інформаційно-комунікаційних систем (PCSICS), м. Київ, 21 квітня 2025 року. К.: ВПЦ «Київський університет», 2025. С. 52-53.

Телющенко В. А., Ільєнко А.В. Перспективи інтеграції машинного навчання для системи оцінки ризиків критичної інфраструктури // Проблеми кібербезпеки інформаційно-комунікаційних систем: VIII міжнар. наук.-практ. конф., 11 квітня 2025 р. Київ, 2025. С. 52–53.

Ільєнко А. В., Телющенко В. А. Методика ранжування підходів до оцінки кіберризиків в інформаційно-комунікаційних системах цивільної авіації // Резильєнтність динамічних систем : матеріали ІІІ наук.-практ. конф. Ін-ту проблем моделювання в енергетиці ім. Г. Є. Пухова НАН України (Київ, 06 листопада 2025 р.). Київ : ІПМЕ ім. Г. Є. Пухова НАН України, 2025. С. 124–127.

Ільєнко А. В., Телющенко В. А. Методи оцінювання ризиків кіберзагрозв інформаційно-комунікаційних системах об’єктів цивільної авіації. (2025). Безпека інформаційних систем і технологій, 2(10), 5-15.

Downloads

Published

2026-04-27

How to Cite

Ilienko, A., Ilienko, S., Teliushchenko, V., & Maliarenko, S. (2026). THEORETICAL APPROACH TO THE APPLICATION OF MACHINE LEARNING METHODS FOR ASSESSING THE RISKS OF CRITICAL INFRASTRUCTURE FACILITIES. Science-Based Technologies, 69(1), 35–47. https://doi.org/10.18372/2310-5461.69.20945

Issue

Vol. 69 No. 1 (2026)

Section

Information technology, cybersecurity

License

Copyright (c) 2026 А Ільєнко

Creative Commons License

This work is licensed under a Creative Commons Attribution 4.0 International License.

The scientific journal adheres to the principles of Open Access and provides free, immediate, and permanent access to all published materials without financial, technical, or legal barriers for readers.

All articles are published in Open Access under the Creative Commons Attribution 4.0 International (CC BY 4.0) license.

Copyright

Authors who publish their works in the journal:

  • retain the copyright to their publications;

  • grant the journal the right of first publication of the article;

  • agree to the distribution of their materials under the CC BY 4.0 license;

  • have the right to reuse, archive, and distribute their works (including in institutional and subject repositories), provided that proper reference is made to the original publication in the journal.