DEVELOPMENT OF A MULTI-LOOP SECURITY SYSTEM OF INFORMATION INTERACTIONS IN SOCIO-CYBERPHYSICAL SYSTEMS

perform adequate control actions for physical assets in many contexts. However, adaptation and evolution actions must be evaluated before implementation in the control system to ensure fault tolerance while minimizing risks. Therefore, the design of socio-cyber-physical systems must ensure not only reliable autonomy, but also operational fault tolerance and safety. The proposed approach is based on the integration of targeted (mixed) threats based on the synthesis of technical cyber threats with social engineering methods. This approach allows forming a dynamic security model based on the analysis of the interaction of various agents in socio-cyberphysical systems, which makes it possible to increase the level of counteraction to targeted (mixed) cyber threats. The results of modeling are based on the proposed classification of threats using social engineering methods, which allows cyber-attackers to ensure the probability of implementing targeted threats up to 95–98 %. The proposed classification of threats based on social engineering methods will allow forming an additional parameter for the objectivity of target threats, taking into account their integration and synergy. At the same time, the presented model will make it possible to timely provide knowledge about the possibility of implementing a targeted attack and timely take preventive countermeasures. This approach will improve the set of protection measures, as well as promptly create an increase in the level of resistance of the company's personnel (organization, enterprise, etc.) to threats of


Introduction
Development of Cyber-Physical Systems (CPS) is a challenging task in critical applications such as avionics, automotive, etc.This task is getting increasingly challenging as CPS become more complex: indeed, CPS currently consist of a large number of components and subsystems of heterogeneous nature and different levels of criticality.Additionally, non-functional aspects or perspectives such as time, memory, power consumption, reliability, temperature, and security are as important as functionality.
There are many analysis methods and tools for validating CPS, but their underlying model is always specific to a single viewpoint, and there is currently limited support for semantically linking viewpoints.In practice, the assumptions that analysis of a particular viewpoint makes about other viewpoints remain largely implicit, and when they are explicit, they are handled largely manually.The current design process overly restricts the set of possible system designs and there is a need for methods and tools to formally link viewpoint-specific models and corresponding analysis results [1,2].
In particular, the works that evolve from CPS to incorporate human aspects can be divided into two main computing paradigms, namely the Cyber-Physical-Human System (CPHS) and the Cyber-Physical-Social System (CPSS).According to the state of the art, both computing paradigms define the interaction space in which people and CPS objects live together [1][2][3].It can also be seen that CPHS and CPSS are used interchangeably by researchers focused on the presence of humans and their interactions with machines in the overall socio-technical system.Despite the roughly equivalent use of the two acronyms, "social" has a broader meaning.The term "social" reflects emotional and cognitive characteristics.It also conveys the socio-technical principles that govern human behavior in a context that must eventually be transferred to machines.
Based on this conceptual distinction between human and social, CPHS and CPSS are distinguished by the way they take into account social factors, especially those related to machines.Therefore, aiming at better human-machine synergy, systems should be designed with a social aspect in mind, like CPSS.Especially when developing industrial systems that involve close collaboration between humans and CPS; taking into account social aspects provides a better interaction experience and increases employee efficiency [4].Thus, human-machine interaction can rise to a more cognitive level in which machines can adapt their behavior by identifying situations, understanding and reasoning about human needs in context [5].However, in Industry 4.0, human-centered computing paradigms do not yet have a strong system foundation.Consequently, they often fail to fully connect social aspects in CPS [6].
Similar to traditional computing, a new computing paradigm called cyber-physical-social computing or physical-cyber-social computing [7] has emerged and has attracted worldwide attention in recent years, which focuses on research into the digital fusion between people, computers and things.In fact, this paradigm originates in the development of cyber-physical systems (CPS) and cyber-social systems (CSS) technologies.Additionally, social characteristics and interaction are being introduced into CPS due to the growing number of human-centered computing.The corresponding computing systems are called cyber-physical-social systems (CPSS) [8].
The key technologies for CPSS development are closely related to transdisciplinary technologies spanning CPS and CSS.Unfortunately, designing CPSS is challenging.First, CPSS are quite complex systems due to network heterogeneity, software and hardware complexity, and lack effective design approaches to systematically address these issues in a unified manner.Secondly, the social part in CPSS has not yet been given due attention; there are no feasible approaches to unified modeling of cyberspace, physical and social space.Finally, the security issue has not been sufficiently researched because CPSS are still in their infancy.
Thus, an effective, safety-critical design of the elements of the security system for the interaction of continuous business processes in CPSS is an urgent task.The solution requires the development of a security model based on an analysis of the interaction of continuous business processes in CPSS, taking into account the multi-loop arrangement of infrastructure elements and the variety of technologies used to build CPSS.

Literature review and problem statement
Cyber-Physical Systems (CPS) are complex distributed systems driven or controlled by computer algorithms and performing computational procedures in their distributed closed-loop environment.The term "cybernetic systems" appeared around 2006 when it was proposed by Helen Gill at the National Science Foundation in the United States [9].
Access networks with sensors and actuators are controlled and managed through the computing nodes of the cyber-physical system.They are typically developed using model-based approaches for large structures.They are pre-programmed for specific situations based on a set of rules and regulated by a traditional feedback control loop [10].CPS can be implemented at various scales, ranging from the nanoworld to large-scale systems.Their complex interaction with the environment, interaction with social systems and the possibility of external malicious control can lead to unpredictable consequences [11].Most CPS applications have not considered human factors as an internal element.To this end, socio-cyber-physical systems (SCPS) [12] have emerged, which are usually considered as an extension of CPS and integrate cyberspace, physical space and social space.
With the development of the Internet of Things and social networks, a large amount of data is being generated.Social engineering techniques are combined with cyber, hybrid and targeted attacks.In this regard, a hybridity of targeted attacks appears.How to protect an enterprise network from the influence of heterogeneous data with a sociological component is a very difficult question.
A comprehensive, multi-level approach is required, which, in addition, solves the problem of protection against the influence of targeted attacks associated with different social groups in society.A compositional structure of protection is required.This protection must integrate the functional elements of systems to implement system-level properties that cannot be achieved by integrating the local properties of system components [10].
Further development of computing resources and capabilities of artificial intelligence (AI) has made a decisive shift in the worldview and social culture of electronic communication.
OpenAI, GoogleAI and DeepMind companies are improving modern AI technologies.Modern developments of OpenAI, Bard, DALL•E, ImageNet, etc. based on the Generative Pre-trained Transformer model actively use a set of databases [13].They transform and generate text, images, and speech.But the most important thing to take into account in the development trend of system security is that these developments have an open commercial and non-commercial AI API used in social systems.and offers practical examples and code snippets to help readers implement the techniques discussed.The book also includes detailed descriptions of popular open-source libraries such as TensorFlow and PyTorch, which are commonly used to build deep learning models.
One of the strengths of the publication is its focus on practical application.The author gives many examples of how generative models can be used in real-world scenarios such as creating images, text, and even music.The publication includes detailed explanations of the mathematics behind generative models that can be useful for implementing cyber defense systems.
While the publication is a good introduction to deep learning and generative models, it does not cover all aspects.Some important topics regarding system-level reasoning and its means of implementation in terms of processed knowledge, awareness raising, reasoning mechanisms have been omitted.The publication primarily focuses on specific deep learning frameworks such as Keras and TensorFlow, which may limit the applicability of the concepts presented to practitioners using other tools or languages.
The paper [19] provides an understanding of data management of the cyber-physical-social system (D-CPSS) using the 7C Framework.It describes how cyber-physical systems (CPS) integrate with social systems to form data-driven cyber-physical and social systems (D-CPSS).Integrating these systems brings many benefits, including increased efficiency, productivity and flexibility.However, challenges still exist in understanding and implementing D-CPSS.To better understand D-CPSS, the 7C framework is proposed.This framework provides a holistic view of D-CPSS, taking into account various components and their relationships.The 7C framework consists of seven dimensions: -cyber: this dimension refers to the digital technologies used in D-CPSS, including sensors, data analysis, and machine learning algorithms.These technologies enable the collection, analysis and interpretation of data that can be used to optimize production processes; -physical: this parameter refers to the physical components of D-CPSS, including machines, robots, and other equipment.These components are integrated with cyber systems to provide real-time monitoring and control of production processes; -social: this aspect refers to the human aspects of D-CPSS, including social networks and relationships between stakeholders.These relationships are critical to the success of social production as they enable collaboration, knowledge sharing and innovation; -cognitive: this dimension refers to the cognitive capabilities of D-CPSS, including decision-making and problem-solving.These capabilities are enhanced by the integration of cyber, physical and social systems; -communication: this parameter refers to the communication networks and protocols used in D-CPSS.Effective communication is essential to coordinate production activities and ensure that all stakeholders are informed and involved; -control: this parameter refers to the control mechanisms used in D-CPSS, including feedback loops and autonomous decision-making.These mechanisms allow the system to respond to changes in the environment and optimize performance; -context: this dimension refers to the broader context in which D-CPSS operates, including the regulatory envi-According to [14], as AI-based systems continue to improve, there are concerns that attackers will have more reasons to use them for malicious purposes.Artificial intelligence systems carry a number of risks that are not fully taken into account by existing structures and approaches to risk management in the content analysis of socio-cyberphysical systems.On the other hand, with proper control, artificial intelligence systems can mitigate security threats, their consequences and manage them [15].
Easy availability of information from open sources and uncontrolled intelligence make it easier to gather information.Specific targets can be carefully selected to create more robust and targeted attacks.A large group of victims can be targeted simultaneously, and some open-source tools can be used to launch semi-automated attacks.Technologies such as machine learning and artificial intelligence make attacks on sociophysical systems more effective and aggressive.Targeted, large-scale, robotic, automated attacks become possible.SCPS systems are becoming a serious, universal and persistent security threat.
Data transmitted from SCPS systems and information resulting from processing often generate different forms of data that require different levels of security.Managing data and information requires effective methods for processing, interpreting and reusing them.
For cybersecurity, new components are being added related to social influence, cognition, emotion, and decision-making.These components are present in methods of attacks on socio-cyberphysical systems [16].
NIST has released a white paper outlining standards for identifying and managing bias (prejudice) in AI [17].This guide is not intended to offer a definitive solution for eliminating AI bias.Its goal is to "identify significant issues in the complex field of AI bias and provide the first step in a roadmap for developing detailed socio-technical guidance for identifying and addressing AI bias". Advantages: -provides a clear and standardized framework for identifying and managing bias in AI systems; -offers a comprehensive approach to identifying bias, including different stages of the AI development lifecycle; -offers practical guidance for implementing the framework in a variety of organizational contexts; -offers a number of tools and techniques that can be used to identify and eliminate bias in AI systems; -can help organizations build more reliable and transparent artificial intelligence systems. Disadvantages: -the publication may not be accessible to non-experts in AI development or policy; -the framework may be too prescriptive for some organizations, limiting their flexibility to adapt to their specific needs; -the publication does not provide guidance on how to measure the effectiveness of bias reduction techniques and mitigate malicious influence; -this framework focuses on identifying and managing bias rather than addressing the root causes of bias in society and data.
A comprehensive guide to generative models and their applications is provided by [18].The book covers a range of topics, including autoencoders, variational autoencoders, generative adversarial networks, and deep belief networks.The author provides clear explanations of complex concepts ronment, market demand, and societal expectations.Understanding the context is essential to design and implement a D-CPSS that meets the needs of all stakeholders.
The 7C framework provides a useful tool for analyzing and developing D-CPSS considering cyber, physical, social, cognitive, communication, control, and context dimensions.
Although the paper provides a good overview of the 7C framework for understanding data-driven cyber-physical and social systems (D-CPSS) in the context of social production, there are some shortcomings: -lack of in-depth analysis: the paper provides a general overview of the 7C concept and its potential applications in social production.However, it does not give a detailed analysis of the structure or its limitations; -lack of empirical data: the paper does not provide any empirical data or case studies to support its arguments.It would be useful to have some examples of successful D-CPSS implementations and their impact on social production; -lack of discussion of ethical and social implications: although the paper briefly mentions the social aspects of D-CPSS, it does not discuss the ethical and social implications of these systems.For example, the paper does not address the potential impact of D-CPSS on job displacement or privacy issues related to data collection and analysis; -lack of discussion of technical challenges: although the paper briefly mentions the cyber and physical aspects of D-CPSS, it does not discuss technical challenges associated with implementing these systems.For example, the paper does not address potential cybersecurity risks or problems of integrating disparate systems.
A comprehensive overview of social engineering in cybersecurity is given in [20].The paper begins by defining social engineering and highlighting the key differences between social engineering and traditional hacking methods.Various types of social engineering attacks are discussed.The authors provide detailed descriptions of each type of attack, as well as examples of real incidents.One of the strengths of the paper is a detailed exploration of the mechanisms that make social engineering attacks successful.The authors identify several factors that contribute to the success of social engineering attacks, including the human tendency to trust others, the desire for social acceptance, and the tendency to rely on heuristics or mental shortcuts when making decisions.Various types of human vulnerabilities that cybercriminals exploit in social engineering attacks are also discussed.These include cognitive biases, emotional manipulation, and social influence.The authors give examples of how cybercriminals use these vulnerabilities to manipulate people into divulging sensitive information or performing actions they would not otherwise do.The authors also discuss some countermeasures to reduce the risks associated with social engineering attacks.In general, the content of the paper is comprehensive and informative.It provides a detailed overview of social engineering in cybersecurity.
Although the paper gives a comprehensive overview of social engineering in cybersecurity, there are some disadvantages and weaknesses to be considered.One of the drawbacks of the paper is that it relies heavily on theoretical concepts and does not contain enough practical examples or case studies.Although the authors cite some real-life examples of social engineering attacks, their number is limited and they are not analyzed in detail.This can make it difficult to fully understand the impact of social engineering attacks and how they work in practice.Additionally, the paper does not provide a comprehensive discussion of countermeasures to prevent or mitigate social engineering attacks.Although the authors briefly mention some countermeasures, they do not go into detail about how they can be implemented or how effective they are in practice.
The paper [21] highlights the importance of detecting anomalies and attacks in supervisory control networks.The work focuses on ensuring the safety and reliability of these systems by detecting abnormal behavior or malicious attacks that could potentially compromise their functionality.The paper includes statistical analysis, machine learning algorithms, rule-based systems, and a combination of these approaches.The advantages and limitations of each method are described, but possible solutions or improvements are not suggested.The research contributes to improving safety measures for CPS.
An approach to building a cyber security system that allows for a comprehensive analysis of various attack vectors is described in [22].The main idea is to develop an intelligent gateway system that effectively solves security problems through the use of virtual enterprise.The paper suggests that this approach can be useful in identifying vulnerabilities and weaknesses in a system.Simulation of various attack scenarios allows you to analyze potential security threats and develop appropriate countermeasures.The advantages of using virtualization technology in the development process are emphasized.It provides flexibility and adaptability during testing.
The paper [23] presents a socio-technical modeling approach as a valuable tool for understanding and mitigating cyber-physical threats.By incorporating social and organizational factors in the analysis, the proposed approach offers a more complete understanding of vulnerabilities and their potential impact.
The work [24] focuses on highlighting the concept of the cyber-physical universe, which encompasses a vast network of interconnected devices, systems and infrastructures connecting the digital and physical worlds.The authors argue that by viewing this nexus of cyber and physical entities as a cohesive system, one can gain valuable insight into emerging patterns and understand the dynamics shaping the modern world.The paper suggests that this cyber-physical universe represents a paradigm shift in the understanding of complex systems.By integrating data from sensors, devices and digital networks in real time, we can analyze and model the behavior of this interconnected system, thereby providing a deeper understanding of its emergent properties.An integrated approach to interacting data analysis, machine learning, and artificial intelligence is described to understand the vast amounts of data generated by the cyber-physical universe.It is claimed that using these technologies, we can identify hidden patterns, predict future trends and optimize system performance in various fields such as smart cities, transport, healthcare and industrial automation.The paper acknowledges the challenges associated with the cyber-physical universe, including privacy, security concerns and ethical implications.This requires a comprehensive approach that includes not only technical knowledge, but also considerations of social impact, policy frameworks and legal regulations.The study of patterns and dynamics in the context of the cyber-physical universe is discussed.
In [25], a socio-technical approach to creating sustainable connected transport systems is considered.The socio-technical approach combines technical elements such as advanced sensor technologies, data analysis and intelligent transport systems.By integrating technical elements with social factors, the proposed approach aims to improve the adaptability and responsiveness of transport infrastructure to disruptions.
Statistics on the interaction between technological infrastructure (such as sensors, communication networks and data analysis) and social factors (such as user behavior, policy frameworks, governance models) is provided.Options for designing and implementing this approach as a multi-aspect approach for managing transport systems are described.This includes understanding commuter behavior and preferences, considering the impact on urban mobility patterns, addressing privacy and security concerns, and ensuring equitable access to transport services.Resilience is a key aspect of this approach, emphasizing the ability of transport systems to withstand and recover from failures.The application for narrow tasks is described, which can be expanded to broader aspects.
The concept of digital twins and their potential impact on society are explored in [26].Digital twins enable real-time monitoring, analysis and optimization, bridging the gap between the physical and digital worlds.The authors emphasize that this approach is universal and can be applied in industries such as manufacturing, healthcare, transport and urban planning.One of the key aspects discussed in the paper is the integration of digital twins into SCPS.The authors suggest that integrating digital twins into SCPS can lead to more efficient decision-making, as well as improved resource allocation and use.The need for measures to ensure confidentiality and data security is emphasized.The concept of twins is presented without examples of practical implementation.
The paper [27] describes the transition from traditional approaches to a more comprehensive approach that includes the development of scenarios for reliable AI.It describes the design and development of specific scenarios and use cases to evaluate and verify the performance and reliability of AI systems.Methods of identification, interpretation, monitoring, correction and validation to create reliable, fair, and ethical AI systems are considered.
The analysis of publications allows us to conclude that when creating socio-cyber-physical systems and systems for ensuring their safe functioning, issues related to information processes of the social component have not been sufficiently studied.This is due to the fact that the processing and perception of information by a person differs significantly from those in a cyber-physical system.Therefore, these issues of perception analysis, assessment, exchange and processing of information are relevant and explain the urgency of developing methods for assessing these processes, which can be considered as a problem facing the authors.

The aim and objectives of the study
The aim of the study is to create a multi-loop security system in socio-cyberphysical systems, taking into account the integration of cyber threats with threats based on social engineering, as well as a security model for information interactions.This approach makes it possible to ensure the synergy of security systems between the functional elements of security systems and ensure the implementation of system-level properties that cannot be achieved by integrating the local properties of the security system components.
To achieve the aim, the following objectives must be accomplished: -to analyze the processes of influence in socio-cyberphysical systems; -to create a threat classifier taking into account threats based on social engineering methods and multi-loop information security systems; -to develop a security model of information interactions in socio-cyberphysical systems; -to conduct a study of the security model of information interactions in socio-cyberphysical systems.

1. Processes of information interaction in the socio-cyberphysical system
The object of the study is the process of forming security mechanisms for information interactions in socio-cyberphysical systems, the subject is a security model of information interactions in socio-cyberphysical systems.The study proposes an approach that is based on passive and active stages, including: -creation of new data by artificial intelligence for automatic alerts; -information collection templates; -search for threat indicators; -procedural analysis; -automation of artificial intelligence procedures for data analysis and creation of new ones.
The general problems of timely detection of cyber threats (targeted attacks) on socio-cyber-physical systems are presented in Fig. 1.From a general point of view, a cyber-physical-social system (CPSS) is a combination of two systems: cyber-physical (CPS) and social.CPS belongs to a generation of systems with integrated computing and physical capabilities, closely related to the 4th industrial revolution [28].The social aspect refers to interacting individuals having their own consciousness, preferences, motivation and behavior.The development of CPSS is still at an early stage.Over the past decade, different researchers have used different terms to refer to the integration of the human dimension in CPS, proposing different concepts.For example, [29][30][31] used cyber-physical-human systems (CPHS), defined as "systems of interconnected systems (computers, cyber-physical devices and people) "talking" to each other in space" and time, while also allowing other systems, devices and data streams to connect and disconnect".In [32], the concept of cyber-physical-social thinking (CPST) hyperspace was introduced for the geological information system.This work defines CPSS as "a system deployed with a focus on people, knowledge, society and culture, in addition to cyberspace and physical space.Therefore, it can bind nature, cyberspace and society with certain rules", while for CPST this is established through the merging of a new dimension of thought space into the CPS space.A thought space is a high-level thinking or idea that arose during the people's intellectual activity.The work visualizes human intelligence separately from the social aspect of CPSS as a thought space.On the other hand, the term "cyber-physical social systems" (CPSS) was also used in [33,34] and was defined as "complex socio-technical systems in which human and technical aspects are closely intertwined".According to this definition, the scope of SCPS extends to the intangible objects of social context, which include social culture and norms, personal beliefs and attitudes, and informal institutions of social interactions.The concept of CPSS has been formulated in many works; however, the usage is not uniform.Moreover, the perspective and method of definition also vary from domain to domain.In an attempt to address this gap, [3] proposed a holistic definition and domain-independent conceptualization of CPSS based on the general framework provided by systems theory.Let us introduce the following concepts [4]:

Effective Intel use
-CPSS is a system strictly consisting of a Cyber-Physical System (CPS) and a Social System (SS) in which system components interact in a virtual and physical environment, where CPS and SS are defined respectively as follows; -a Cyber-Physical System (CPS) is a system that encompasses all systems and subsystems of Cyber and Physical Systems, their components and interactions between them, as well as the integration of computing with physical processes; -a Social System (SS) is a system consisting of interacting individuals, each having his own consciousness, preferences, motivation and behavior.
Elements united on the basis of information transfer processes form cybernetic space.Social space is represented by people with their knowledge, mental abilities and sociocultural elements.Cybernetic space exchanges information with physical space (endpoints) and social space (people).
All three spaces are closely interconnected and are represented by sets of their components (physical objects with software elements and people).Information interaction between physical, cybernetic and social spaces (S-CPS) is carried out through the interaction of the components that form these spaces.Because physical resources cannot interact without the support of information technology, cyber protection of information transfer processes is required.Since interaction also affects social resources, cyber defense must use artificial intelligence methods as a mandatory component.At the same time, cybernetic and social resources are active resources that can initiate interaction, as shown in Fig. 2  In addition to cyber and social resources, S-CPS includes a set of representations that serve to represent knowledge about the problem area in which S-CPS operates and provides a figurative component for information interaction.As one of the possible knowledge models, a model can be used that is formed on the basis of a dictionary of signatures, trust policies, risks, threat level (CVE behavioral databases, standard policies).The listed elements participate in interaction as a passive element -through requests from active elements (cybernetic and social resources).In Fig. 2, interaction with the passive element is indicated by unidirectional arrows.
Possible processes of information interaction among S-CPS elements relate to the cyber defense of the current area of interaction of the network or networks.Cyber defense is based on the Trust Security principle [35] and includes: -event tracking; -state tracking; -location of physical devices; -access to physical devices; -trust level; -security level of the network segment.
The action of security system mechanisms (cyber defense) extends not only to terminal devices, but, most importantly, to the information channel that S-CPS resources use to interact with each other [36].An online community can act as an information channel, i.e. a virtual community whose participants interact via the Internet.Unlike social networks, an online community unites people based on common interests or goals.Since S-CPS involves the integration of physical, cyber and social spaces to solve specific problems, the commonality of goals was a key factor that determined the choice of the Internet community concept for organizing information interaction among S-CPS resources.
To understand the processes occurring in online communities, in particular, to understand and analyze the information influence on members of such a community from interested parties, agent-based models can be useful.The agent-based approach provides simulation modeling of the behavior of agents playing various roles in communication processes, agent characteristics, decision-making, adaptive behavior and mobility, as well as agent interaction with the environment.

2. Multidimensionality as a characteristic of the structure of a security system
The widespread idea that we are at the beginning of the "fourth industrial revolution" has attracted significant attention from both business and academia.This movement, often referred to as Industry 4.0 or Smart Manufacturing, has become more prominent following a program launched by the German government and the development of similar initiatives in the United States and other countries [37].This was also facilitated by programs such as the "Factory of the Future" of the European Union [38].The original idea primarily focused on the convergence of the physical and virtual worlds, represented by the term "cyber-physical system (CPS)", thereby promoting a "CPS-based industry".As a result, the term CPPS (cyber-physical production system) even appeared [39,40].Soon, this idea gradually grew into a combination of CPS, Internet of Things (IoT), and Internet of Services (IoS), demonstrating the evolution towards digitalization or digital transformation.The original point of view has been complemented by the aspect of "smartness" or "intelligence", as evidenced by the terms "smart machines", "smart sensors", "smart factory", "smart environment", "smart products", etc. [41].Thus, the next industrial revolution is the result of a close combination of contributions from various fields of technology, computer science, manufacturing and, in particular, artificial intelligence.
To adequately understand the holistic vision brought by Industry 4.0 and the associated digital transformation, it is necessary to view it through the lens of collaborative networks (CNs).Of course, we can say that this is "another partial view".However, the prospect of collaboration is explicitly or implicitly present in most Industry 4.0 requirements.In addition, CNs are interdisciplinary and multidisciplinary in nature, which can be useful in gaining a holistic understanding of challenges associated with this transformation.Therefore, "collaboration" is the decisive challenge of the fourth industrial revolution.As a consequence, the area of "Collaboration Networks", among others, must be seen as a major factor in this transformation.To support this assertion, some keywords associated with Industry 4.0 should be noted, including "networks", "vertical and horizontal integration", "value chains", and "co-design/ end-to-end design" [42].The review [43] also indicates that "interconnection" and "collaboration" are among the main "terminology clusters" found.
Thus, it can be argued that the classical methods of developing network perimeter protection are no longer valid.The amount of data, the amount of self-describing data that systems generate increase by an order of magnitude every 5 years.At the same time, the problem is that, in parallel with data growth, the subset of redundant data (i.e.noise) grows even faster than the set of useful data as a whole.To assess the dynamics of these processes, it is necessary to analyze the interaction in complex dynamic environments.Classical security methods are difficult to consider as classical paradigms of designing security systems.Solutions are needed that enable the design of security systems that remain operational in complex, constantly changing environments.Such solutions exist.They are cognitive processes that the brain actually uses to work in a complex, dynamic environment.It should be noted that in order to cope with the complexity and dynamism of the environment, the brain uses methods such as reverse engineering, cognitive thinking and modeling, which belong to the field of artificial intelligence (AI).This is about taking existing security algorithms and applying them to the full range of IT operations, taking into account artificial intelligence methods and models.Considering the speed at which structures and situations change in IT environments, it is simply impossible to implement effective protection of these processes without using AI, without using similar approaches.
An analysis of artificial intelligence methods shows that the algorithms it contains are divided into different types (Fig. 3) [21].Particular attention should be paid to algorithms associated with the selection of data subject to subsequent analysis.These are algorithms related to the detection of patterns.There are algorithms associated with the results of processing information contained in these patterns.Much of the work in deep learning is largely related to pattern detection.Thus, algorithms are used that determine the choice of which data to analyze first.With regard to means of ensuring the security of computer and communication systems, it can be argued that the emphasis in protection is shifting towards detecting patterns of network traffic.
Thus, the analysis of artificial intelligence algorithms shown in Fig. 3 allows us to formulate a vector for further improvement of the security system for the interaction of SCPS continuous business processes.This approach ensures the emergence of the formation of multi-loop security systems, taking into account the integration of both CPHS infrastructure elements and CPSS formation technologies.
To understand the processes occurring in online communities, in particular, to understand and analyze the information influence on members of such a community from stakeholders, agent-based models can be useful.The agent-based approach provides simulation modeling of the behavior of agents playing various roles in communication processes, agent characteristics, decision-making, adaptive behavior and mobility, as well as agent interaction with the environment.
Not only analytical methods, but also software tools have been developed to use this modeling approach using the NetLogo agent-based modeling framework.This environment is one of the most popular for such purposes today, and the built-in graphical tools and constant support and updating of the versions used allow you to make a clear choice in favor of this programming and modeling environment.Ultimately, the use of the selected tools ensures the creation of more realistic and management-relevant forecasts, and also opens up new opportunities for the exchange of models and connection with other methods.
The use of any modeling environment must involve a preliminary analysis of the assumptions and limitations of the model being developed.First of all, this relates to the time of process modeling.Although it is possible to build continuous-time models of information influence, discrete-time models were chosen as more common.Discrete-time models of influence dynamics reflect changes in the set of opinions of agents at a given time t to the set of opinions of these agents at time t+1.In the proposed model of the dynamics of information influence, opinions of individual agents are formed on the basis of a discrete set of values.
It should be kept in mind that agent-based modeling, despite all its strengths, can also have weaknesses.One of them is the amount of calculations required.Interactions and associated computations tend to increase exponentially as the number of agents increases.Another potential weakness is the tendency to ignore elements of system-level behavior when the focus is on agent-level behavior.

Results of developing a security model for information
interactions in socio-cyberphysical systems

1. Analysis of influence processes in socio-cyberphysical systems
To understand what patterns of influence processes should be used for certain agents to analyze and identify a threat, you need to understand how it is formed.This provision can be considered as the basic principle for constructing a multidimensional structure model in SCPS.
Against the backdrop of repeated online influence operations (hidden or overt), attempts to mislead or influence the opinion of the target audience [44], individual behavioral data is collected and diagnosed in the cyber environment [45].Based on this, linguistic (language) models are formed, using which content can be generated in real time, which can be added to the content of the current interaction at the place where this inter-individual interaction occurs.As a result, a situation arises where distorted social norms are generated in distorted content [46].The result of this process is the formation of the necessary behavior of the target audience.
It is advisable to describe the processes of influencing the target audience using agent-based modeling methods.This approach is natural for representing the intentional manipulation of information to influence beliefs or opinions.
Suppose we have a set of N agents, each representing an individual in the target audience.

Fig. 3. Types of artificial intelligence algorithms
We model the flow of information as a set M of information sources, each of which is represented by a binary variable I j , where I j =1 indicates that the source expresses and supports a desired point of view or desired behavior, and I j =0 indicates that it expresses the exact opposite.Each information source also has a set of characteristics or attributes, which may include things such as media, authorship, design.
Agents and information sources interact with each other at successive discrete moments in time, allowing their behavior to be modeled using the following set of rules or algorithms.The following rules are proposed: 1. Dynamics of the agent's beliefs.At each time step, each agent updates its belief based on the information received.This can be modeled using a simple rule, for example: where Y i -belief variable, I j -binary variable of the desired topic, w ij -the weight or importance of information source j for agent i, ij w′ -the weight of the opposite point of view for this source.
These weights can be based on factors such as the perceived credibility, relevance, or resonance of the information source with the agent's characteristics or attributes.
2. Selecting a source of information.At each time step, each agent chooses for himself those sources of information that he should pay attention to.This rule can be formally written as follows: ( ) ( ) where threshold j is a threshold value representing the minimum level of collective influence required for a source of information to be considered relevant or influential to agents.This threshold can be based on factors such as the size or diversity of the audience, the prominence or influence of the source, or the contextual relevance of the topic.
3. Manipulations with information sources.At each time step, each information source can manipulate the information it provides to influence agents' beliefs.This approach allows us to model this using the rule: where M ij is the level of manipulation, representing the degree of intentional bias or distortion introduced by the source of information.This level can be based on factors such as the incentives or goals of the source, the level of confidence or accountability in the informa-tion ecosystem, or the influence of external factors such as rumors or disinformation.
Modeling the behavior of these agents and information sources over a selected time interval allows analyzing the emergent dynamics of the system and identifying patterns or trends that can be used to inform interventions or countermeasures against deliberate manipulation of information.

2. Formation of a threat classifier based on combining with threats of social engineering methods
To form a threat classifier, we will use the approaches presented in [47][48][49][50][51].
At the same time, we will introduce a classification of threats based on social engineering, which will increase the level of objectivity of possible social threats and ensure synergy in the formation of a dynamic model for the formation of security systems.Fig. 4 presents the proposed classification of threats.
The presented classification of social engineering threats (Fig. 4) allows us to formulate the main phases of their integration with targeted attacks and form a unified threat classifier (Fig. 5).In addition, this approach will make it possible to form a mathematical apparatus for the formation of multi-loop security systems.
This takes into account the multi-loop aspects of socio-cyberphysical systems, their multi-platform nature and the synthesis of various technologies.
To formally describe the mathematical apparatus of the cybernetic threat model, we will use the approach in [52], which will allow us to form an objective assessment of threats with signs of synergy and hybridity in multi-loop systems -socio-cyberphysical systems.To ensure the security of the entire protection system, it is necessary to take into account the threats of the internal and external loops for each of the platforms, taking into account their integration with threats based on social engineering methods (Fig. 4): -internal loop threats, taking into account the hybridity and synergy of threats for platform 1 -social networks: . ,

SS ISL Af
where 1platform

SS ISL С synerg
W is the synergy of threats to the confidentiality service; soc.eng. 1 -finding critical points of the system, soc.eng. 2 -system compromise, soc.eng. 3 -data compromise, soc.eng. 4 -system hacking, soc.eng. 5 -collection of information, α i -weighting factor of the possibility of implementing a threat based on social engineering methods, i ∈ {0.25; 0.5; 0.75; 1.0}, where 0.25 is the probability of using a threat based on social engineering methods once a year (low level), 0.5 is the probability of using a threat based on social engineering methods once a month (medium level), 0.75 -probability of using a threat based on social engineering methods once a week (high level), 1.0 -probability of using a threat based on social engineering methods once a day (critical level); . ,

W
is the synergy of threats to the affiliation service; -internal loop threats, taking into account the hybridity and synergy of threats for platform 3 -cyber-physical systems: . .

CPS ISL С I A Au Af synerg
, .

W
is the synergy of threats to the affiliation service.
General assessment of threats to the internal loop, taking into account the technologies of the socio-cyberphysical system and threats based on social engineering methods: .

CPSS SS ISL ISL C I A Au Af synerg CS ISL C I A Au Af synerg CS ISL
General assessment of threats to the internal loop, taking into account the form of ownership of elements and technologies of the socio-cyberphysical system and threats based on social engineering methods (Fig. 4 . , .

SS ESL A SS
where 1platform

W
is the synergy of threats to the confidentiality service, is the synergy of threats to the affiliation service; soc.eng. 1 -finding critical points of the system, soc.eng. 2 -system compromise, soc.eng. 3 -data compromise, soc.eng. 4 -system hacking, soc.eng. 5 -collection of information, α i -weighting factor of the possibility of implementing a threat based on social engineering methods, i∈{0.25;0.5; 0.75; 1.0}, where 0.25 is the probability of using a threat based on social engineering methods once a year (low level), 0.5 is the probability of using a threat based on social engineering methods once a month (medium level), 0.75 -probability of using a threat based on social engineering methods once a week (high level), 1.0 -probability of using a threat based on social engineering methods once a day (critical level); -external loop threats, taking into account the hybridity and synergy of threats for platform 2 -cyberspace:

W
is the synergy of threats to the affiliation service; -external loop threats, taking into account the hybridity and synergy of threats for platform 3 -cyber-physical systems: . ,

W
is the synergy of threats to the confiden tiality service,

W
is the synergy of threats to the affiliation service.

CPSS SS ESL ESL C I A Au Af synerg СS ESL CPS ESL C I A Au Af synerg
General assessment of external threats, taking into account the form of ownership of the elements and technologies of the socio-cyberphysical system (Fig. 4

W
-general assessment of internal threats to the corporate property system.
Based on expressions (4), ( 9), an assessment of threats in socio-cyberphysical systems in the internal and external security loops of CPSS is formed, and based on expressions (5), ( 10) -taking into account forms of ownership (separately).
To provide a generalized assessment of a multi-loop security system, we use the formula: Each element of information resources can be described by a vector: where Тype i is the type of information asset, described by a set of basic values: Тype i = {CI i , PD i , CD i , TS i , StR i , PubI i , ContI i , PI i }, where СI i is confidential information, PD i is payment documents, CD i is credit documents, TS i is trade secret, StR i -statistical reports, PubI i -public information, ContI icontrol information, PI i -personal data., A -availability, Au i A -authenticity, Af i A -affiliation); β i is a metric for the relationship between time and the degree of information secrecy for an asset (critical -1.0; high -0.75;medium -0.5; low -0.25; very low -0.01).
Then the general (current) level of security of socio-cyberphysical systems based on wireless mobile technologies is described by the expression: − for additive convolution: ; − for multiplicative convolution: Fig. 6 presents a tuple of the proposed classifier, which takes into account the synergetic threat model, taking into account the hybridity of cyber threats and their integration with threats based on social engineering methods.
In addition, the multi-loop of socio-cyberphysical systems, their multi-platform nature and the integration of its constituent elements are taken into account.
This approach makes it possible to unify not only the construction of a threat classifier, but also to provide a comprehensive assessment of targeted attacks based on the emergent properties of the complex formation of attacks.

3. Development of a security model for information interactions in socio-cyberphysical systems
With the unification of the cyber-physical and social space, cyber defense faces the following challenges, which are common to various groups of methods (Fig. 7): -the need to track information exchange in real time; -the need to recognize multimodal information, i.e. information not only in the form of text messages, but also voice or gesture information; -the need to generate and apply patterns to control information interaction between resources based on S-CPS representations.
If analysis is carried out on the basis of damaged, noisy data contained in the general flow of different types of information, the results can be very problematic.Therefore, before using a particular pattern (say, when using neural network training) as part of detection technology, it is necessary to ensure that the data is not noisy, or the noise level is reduced to a minimum, and that the information redundancy of the message is minimized.
Data sets from different domains typically contain data defined by a wide range of attributes, among which there are varying degrees of correlation.Identifying data objects that do not correspond to these hidden correlations is challenging.Moreover, attributes can often play different roles in applications.In particular, some features can be perceived as independent variables that are responsible for determining the context in which the dependent variable exhibits abnormal behavior.

Fig. 6. Classifier of synergistic threats with aggregation of threats based on social engineering methods
Consequently, the work focuses on detecting data objects that exhibit abnormal behavior in a subset of attributes called behavioral, in relation to them some others called contextual.As a major contribution, a model is proposed to describe the correlation laws hidden in data distributions across pairs of behavioral and contextual attributes.A probabilistic measure is introduced aimed at assessing subsequently observed objects based on how much their behavior deviates from the detected correlation laws [53].
Correlation between these attributes exists both at the topological level and at the level of semantic content of data sets, as well as in the time domain.Thus, the result of this stage will be a set of clusters of correlated data.These clusters indicate events that correlate with each other in terms of temporal, semantic, and topological dimensions.
A mathematical model of this process can be considered as a model, using which it is necessary to determine manipulative factors based on observed patterns of beliefs or opinions of the target audience: Suppose, as in the previous model, we have a set of N agents, each of which has a binary belief variable Y i .There is also a set M of potential manipulative factors that may reflect phenomena such as media framing, linguistic features, visual cues, or social influence.
Manipulative factors can be represented using a set of binary variables X j , where X j =1 indicates the presence of a potential manipulative factor, and X j =0 indicates its absence.For example, the presence of a particular framing style can be represented using a binary variable, where X j =1 indicates that framing is present and X j =0 indicates its absence.
Thus, it is necessary to determine which manipulative factors are most strongly associated with the observed patterns of beliefs or opinions of the target audience.This relationship can be represented as a logistic regression model, where the probability of an agent having a certain belief is presented as a function of manipulative factors: Once the coefficients of the logistic regression model have been estimated, we can proceed to identifying the manipulative factors that are most strongly associated with the observed patterns of beliefs or opinions in the target audience.This can be done by examining the magnitude and sign of the coefficients, which indicate the strength and direction of the relationship between each manipulative factor and the likelihood of the agent having a particular belief.
By identifying the manipulative factors that are most closely related to observed patterns of beliefs or opinions, interventions or countermeasures can be developed to reduce the influence of the manipulative factors and promote balanced decision-making.
To perform these actions, both entropy analysis of information flows and extraction of relevant data using a library of patterns can be used.Let's assume that we have a flow of information consisting of a set of N messages.Each message is characterized by a set of attributes that describe its content and context.Each message can be represented as a feature vector, where each feature is a binary variable indicating the presence or absence of a certain characteristic.
We also define a set of patterns M or templates that capture the key characteristics of messages associated with certain topics.For example, we may have a pattern that captures the key features of politics-related posts, another for sports-related posts, and so on.
To analyze the entropy of an information flow and extract relevant data, a technique such as pattern matching or clustering can be used.This allows you to identify messages that match library patterns.The pattern library can be represented as a matrix P, where each row corresponds to a pattern and each column corresponds to a function: , where p i,j is a binary variable indicating the presence or absence of feature j in sample i.
To identify messages that are similar to patterns in the proposed library, we represent messages as feature vectors and calculate their similarity to each pattern using a measure such as cosine similarity or Jaccard similarity.For example, when representing a message as a vector M, its , where dot(M, P i ) is the scalar product of the vectors M and P i , norm(M) and norm(P i ) are the Euclidean norms of the vectors M and P i .This similarity measure can be used to identify the top k patterns that best match each message and use them to extract relevant data or insights.For example, if a message most closely matches a policy pattern, you can infer that it contains political content and add it to the political message database.
To analyze the entropy of the information flow, you can also calculate the entropy of pattern distribution in the library.For example, the entropy H can be calculated as: where p i is the proportion of messages similar to pattern i, log 2 is the base 2 logarithm.By analyzing the entropy of pattern distribution, one can get an idea of the diversity and balance of topics in the information flow.For example, low entropy may indicate that the information flow is dominated by a few specific topics, while if entropy is high, the information flow is diverse and covers a wide range of topics.
Thus, the constructed mathematical model allows us to analyze the entropy of information flows and extract the corresponding data using a library of patterns.This approach can be useful for understanding the dynamics of information dissemination and developing effective interventions or countermeasures.
To identify the correlation of the received data with the time of receipt, text content and computer network topology according to previously obtained clusters, it is proposed to use a mathematical model based on clustering algorithms.The construction of such a model is a sequence of the following steps.
Let there be a data set of N messages.Each message is characterized by three main features: time of receipt t, message content C and computer network topology T. Each message can be represented as a three-dimensional vector: where t is the time of receipt, C is the text content, T is the computer network topology.
To group messages based on their similarity, it is suggested to use a distance metric such as Euclidean distance or cosine distance to calculate the distance between each pair of messages: , , , , where d C (C i , C j ) and d T (T i , T j ) are the distances between content and topology elements, respectively.Distances for categorical features are calculated using the Jaccard index or Hamming distance, and for continuous features, it is cosine similarity or Euclidean distance.
After calculating the distance between all pairs of messages, it is possible to use a clustering algorithm such as k-means or hierarchical clustering to group similar messages into clusters.The algorithm works by iteratively assigning each message to the nearest cluster center and updating the cluster centers based on the new assignments.
The number of clusters k can be determined using methods such as the elbow method or the silhouette method.These methods aim to find the value of k that maximizes the similarity within a cluster and minimizes the similarity between clusters.
Once messages are grouped, it becomes possible to analyze the characteristics of each cluster to draw conclusions about correlations between the time of receipt, text content, and computer network topology.Next, to identify a pattern or trend, it is necessary to calculate the average time of receipt, content similarity, and network topology similarity for each cluster and compare them with each other.
To analyze clusters using cause-and-effect relationships, it is proposed to use a Bayesian network, which is a probabilistic graphical model representing cause-and-effect relationships between variables.
Building a mathematical model using Bayesian networks can be done as follows.
Suppose messages are grouped into k clusters and a set of variables is defined that can affect the time of receipt, text content, and computer network topology (such as sender, recipient, message type, and network location).Each variable can be represented as a node in a Bayesian network, where the edges between the nodes represent the cause-and-effect relationships between the variables.
For example, we can assume that the sender has a causal effect on the text content and network topology, and the type of message has a causal effect on the time of receipt and text content.This hypothesis can be represented as a Bayesian network with the following nodes: sender, message type, time of receipt, content, network topology.
Since the edges between nodes indicate cause-and-effect relationships between variables, it can be assumed that the sender has a causal effect on the nodes of content formation and network topology, which is reflected by the edges of the graph from the sender node to the content and topology nodes.
To determine cause-and-effect relationships between variables, conditional probabilities represented by a Bayesian network are used.For example, you can calculate the probability of receiving the contents of a message given the sender and topology: The probability is estimated from the data by counting the frequency of each combination of variables in the dataset and normalizing them by the total number of messages.
Once conditional probabilities are determined, they can be used to predict cause-and-effect relationships between variables.For example, it is possible to predict the probability of receiving a message from a particular sender, given the content and topology: This probability can be used to analyze the causal effect of the sender on the content and topology of messages.
Options for displaying this information may include Bayesian network and conditional probability visualizations, as well as pre-actions and explanations of cause-and-effect relationships between variables.This allows you to obtain a list of the most likely senders given a specific content and topology, or a list of the most likely content given a specific sender and time of receipt.In this case, it becomes possible to obtain an explanation of cause-and-effect relationships, for example, "messages sent by sender A, as a rule, have a topology similar to messages sent by sender B, but different content".
Thus, the proposed version of the security model of information interactions in socio-cyberphysical systems provides cluster analysis using cause-and-effect relationships.This approach can be represented as a Bayesian network, where nodes represent variables and edges represent cause-andeffect relationships between them.Conditional probabilities represented by the network can be used to make predictions and explanations of cause-and-effect relationships.Options for displaying this information may include visualizations, predictions, and explanations of cause-and-effect relationships between variables.Fig. 8 shows a security model of information interactions in socio-cyberphysical systems. . ., .

Fig. 8. Security model of information interactions in socio-cyberphysical systems
The proposed security model of information resources in socio-cyberphysical systems makes it possible to form a multi-loop security system for information interaction in socio-cyberphysical systems.This takes into account the synthesis of technologies and interaction channels; for each platform of socio-cyberphysical systems it is proposed to form internal and external security loops, which will allow taking into account the interaction of information flows, both within the platform and external.This approach will create the necessary level of objectivity in the analysis of possible cyber-physical (targeted or mixed) threats, taking into account possible integration with threats based on social engineering methods.In addition, timely identify critical points in the infrastructure of each platform and formulate preventive protection measures.

4. Study of the proposed security model of information interactions in socio-cyberphysical systems
To analyze the proposed model of influence in socio-cyberphysical systems, it is necessary to perform simulation modeling of the described processes.When developing a simulation model, we will take into account some characteristics of agents and features of their behavior when interacting in socio-cyberphysical systems.
Modeling the dynamics of opinions is based on the use of so-called agent-based thinking [54].Using this approach, it is possible to define the rules of interaction between individual agents within the model and allow social influence to spread throughout the system.This allows complex models to be built based on relatively simple rules.If the simulation results are realistic, it can be argued that the proposed rules are sufficient to create realistic emergent behavior.In other words, this behavior can be explained by the proposed mechanism.
Agents are any objects that fill a model that implements agent-based thinking.This is consistent with individual agent-based models (ABM) in the taxonomy proposed in [55].
One behavior of the system-level opinion dynamics model that can have a significant influence on information impacts is agent scheduling.Namely: what agent(s) and in what order influence (or are influenced by) what other agents at each discrete point in time.Let us include two types of agent schedules in the model: a schedule with repeated averaging (all agents are simultaneously influenced by all others they are associated with) and a schedule with limited reliability (there is one pair of agents.Thus, the influence of agents on each other in the model is simultaneously formed or all agents are simultaneously influenced by all others, subject to confidence restrictions).
The next characteristic is the taxonomy "Synchrony, subject type, scale".This is a short method for conveying the schedule of the opinion dynamics model.Synchrony refers to whether states are constantly updated as agents act, and has two options: synchronous and asynchronous.The type of subject refers to the direction of influence and has four options: target, source, group and mixed.Scale refers to the number of actors selected for each role per time step.
Synchrony determines whether each agent's state updates occur in parallel or sequentially.A model in which all agent updates occur in parallel will be called synchronous.A model in which some or all agent updates occur sequentially is called asynchronous.
When defining a model built on the basis of agent-based thinking, we will consider three main types of actors.Namely: source agents who influence others when they act, target agents who are influenced by others when they act, and groups of agents who mutually influence each other.The choice of agent type affects the schedule and the order in which the influence occurs.
If the primary actors are source agents, some set of secondary actors (i.e.targets) is selected for each primary actor.In the asynchronous model, this source influences all of its targets before another source acts.If the primary actors are target agents, a certain set of secondary actors (i.e.sources) is selected for each primary actor.In the asynchronous model, this target is influenced by all of its sources before another target takes effect.
If primary actors are groups of agents, there are no secondary actors; each group influences its member agents as defined by the model.Each group action can be represented as an opinion dynamics model running on a subset of agents, so these graphs can be further refined using taxonomy.Collision rules may be required for synchronous models where one agent can be selected as a member of multiple groups.
If the primary actors are of mixed types, some or all of the above types of actors exist and act within the model.It is necessary to indicate whether actors of a given type act before actors of another type, representing the sequential application of several opinion dynamics models within a time step, or whether they act in a mixed order, representing a truly mixed opinion dynamics model.
To demonstrate the use of the taxonomy and potential differences that may arise in model results due to different schedules, we examine two models.
The first of these is the repeated averaging model.The repeated averaging model uses a linear transformation of the agents' opinion vector to perform discrete-time updates.This model tends to converge under reasonable conditions.The modeling process is considered to have converged when the spread of opinions falls below 0.01.Graphs of opinion dynamics are shown in Tables 1-3.The agent's volatility indicator µ was introduced as a model parameter, which reflects the agent's willingness to change his opinion.A zero value of the parameter µ reflects the agent's inability to change his opinion, and a unit value reflects the agent's complete readiness to change his opinion under outside influence.In the graphs presented in Table 1, the axes correspond to the following variables.The horizontal axis corresponds to the number of information exchanges as a result of interaction between agents, the vertical axis reflects the value of two variables: the average opinion for a group of agents (mean opinion) and the dispersion (scatter) of opinions in a group of agents (range opinion).
Thus, the analysis of the results of Tables 1-3 showed that in the case of agents who are sources of influence, the convergence of the information influence process occurs at higher values of the volatility level (susceptibility to influence and readiness to change one's beliefs).At lower values of the volatility coefficient, the convergence of the influence process occurs at later points in time.With a fixed level of volatility within a certain type of agent, changes when changing the mode of influence (synchronous or asynchronous) are practically insignificant.
The second model of influence dynamics in socio-cyberphysical systems is the generalized model of limited confidence.The model differs in one key point -after initializing a set of messages and network topologies, they are filtered, allowing the inclusion of only secondary participants whose opinions are within the confidence threshold of the main actor.An individual agent, if influenced at time t, influences other agents while maintaining a certain level of self-confidence, which can be changed before the start of the simulation.This ensures the convergence of clusters of agents having the same formed beliefs (points of view).
Analysis of synchrony and bias at µ=0.9 Agent type Synchrony and Bias Synchronous Asynchronous (without Bias) Asynchronous (with Bias) In Table 4 presents the simulation results regarding the formation of agent clusters.For all simulated situations, the level of volatility (i.e.willingness to change one's opinion) was chosen to be 0.5.This means that with a probability of 0.5, the agent is ready to change his opinion under the influence of the agents around him.The horizontal axis still corresponds to the number of information exchanges, and the vertical axis reflects the conditional index of the opinions of agents in the cluster.Thus, the analysis of Table 4 showed that for agents who are sources of influence, the formation of their stable clusters occurs more quickly in the case when these agents have certain biases and interaction occurs in an asynchronous mode.In addition, for agents who are the target of information influence.The difference is that this requires a longer period of influence.For a group of agents, the formation of a stable cluster occurs most quickly in the case of asynchronous interaction, when the agents in the group have biases.

Discussion of the results of creating a multi-loop security system for information interactions in sociocyberphysical systems
Conducted research on the creation of a multi-level security system for information interactions in socio-cyberphysical systems (Tables 3-4) allows us to form an objective assessment of the possible influence of source agents based on social engineering methods.
A significant difference of the proposed approach is the presence of a classifier of threats to socio-cyberphysical systems, which makes it possible to increase the level of objectivity in assessing the integration of targeted (mixed) attacks with threats based on social engineering methods.The proposed approach to generating classifier tuples is unified and intuitive, which allows its use in various areas of IT technologies and systems.The difference from known threat assessment methods [49][50][51] is the formation of a model based on a comprehensive threat assessment (with signs of synergy and hybridity) with threats based on social engineering methods.This will allow us to obtain a more objective assessment of the impact not only on the "victim" when implementing a targeted attack, but also to timely implement preventive measures taking into account measures to counteract social engineering methods.
The developed mathematical apparatus makes it possible to take into account the formation of multi-loop systems, taking into account the specifics of software (hardware and software) tools and mechanisms of both socio-cyberphysical systems and critical infrastructure objects.In this case, it is proposed to use the division of socio-cyberphysical systems into platforms: platform 1 -cyber systems, platform 2 -cyberspace, platform 3 -social networks.The cyber systems platform, as a rule, contains sensor, video surveillance systems, sensors, etc., as well as elements of mechanisms for performing tasks from the control system.The cyberspace platform is usually formed on the basis of cloud technologies and allows you to manage elements of the cyber systems platform, as well as interact with the social networking platform.The social platform circulates both management and general information in instant messengers and social networks.Thus, the proposed classifier takes into account the signs of synergy and hybridity of targeted attacks, as well as the possibility of combining with threats based on social engineering methods.This approach differs from well-known approaches [52,[56][57][58][59][60][61][62][63][64] by the ability to take into account the entire variety of targeted attacks combined with threats based on social engineering methods, considering the signs of synergy and hybridity.
Comparison of the proposed approach with known studies leads to the following conclusions.
The general conclusion is that well-known studies have focused exclusively on modeling and analyzing the dynamics of information influence in terms of social research, without taking into account the influence of processes on the overall security level of the socio-cyberphysical system.In particular, in [65], two agents simultaneously influence their immediate neighbors in the same dimension.In repeated averaging models, all agents are simultaneously influenced by all others they are associated with, and in limited confidence models, there is one pair of agents simultaneously influencing each other [66] or all agents are simultaneously influenced by all others in the model [67] subject to confidence restrictions.A number of publications do not consider the issue of scheduling the work of agents [55,68], although the geographic location of the agent is taken into account.This approach in the context of a socio-cyberphysical system is a significant drawback.
The main disadvantage of the proposed approach is the difficulty of assessing the statistical data of social engineering methods and the impact of threats based on social engineering on the implementation of targeted attacks.
As part of the simulation, it is necessary to take into account that agent-based modeling requires significant computing resources, which can increase exponentially depending on the increase in the number of agents.In addition, this approach to modeling "forces" restrictions on the behavior of the system as a whole when studying the agents themselves.At the same time, the presented classifier will allow us to systematize and form hybrid and/or synergetic threats, complex (general) threats based on the complete probability theorem.This approach can be used in almost any field of information and communication systems, as well as in smart technologies to create multi-loop (multi-level) information security systems, taking into account the integration of targeted threats with social engineering methods (mechanisms).
The proposed approach will further allow us to formulate the concept of building multi-loop information security systems based on the formation of security loops (internal and external), as well as taking into account the physical location and functioning of infrastructure elements and the logical structure of information and communication networks of both socio-cyber-physical systems and critical infrastructure facilities.

Conclusions
1.The processes of information influence in socio-cyberphysical systems are analyzed.The analysis showed insufficient research into the information processes of the social component of socio-cyber-physical systems and systems for ensuring their safe functioning.Based on the results of the analysis, a conclusion was made about the relevance of developing methods for assessing these processes.
2. A classification of threats based on social engineering methods is proposed, which makes it possible to form a unified, objective classifier of threats, taking into account the signs of their hybridity and synergy.This approach allows us to ensure the formation of a comprehensive assessment of targeted (mixed) attacks on socio-cyberphysical systems, taking into account the construction of multi-loop information security systems.
3. A security system for information interactions in socio-cyberphysical systems has been developed.Based on the proposed model, an understanding of the cause-andeffect relationships that exist in the social component of socio-cyberphysical systems is provided, and also an analysis of clusters of system agents in the form of a Bayesian network is given.In general, this approach to developing a security system will allow us to take into account the synthesis of technologies and channels of interaction of circulating information in socio-cyberphysical systems.For each platform of socio-cyberphysical systems, it is proposed to form an internal and external security loop, which will allow taking into account the interaction of information flows, both within the platform and externally.The formed multi-loop security model provides timely counteraction to targeted attacks, taking into account their integration with social engineering threats.
4. A study of the proposed security system of information interactions in socio-cyberphysical systems was carried out in the form of simulation modeling.Qualitative characteristics of the influence mode and quantitative indicators have been determined that ensure more rapid formation of agent clusters and convergence of the process of information influence on them.

Fig. 2 .
Fig. 2. Cybernetic and social resources that initiate interaction

Fig. 4 .
Fig. 4. Classification of threats based on social engineering methods -synergy of threats to the affiliation service;-internal loop threats, taking into account the hybridity and synergy of threats for platform 2 -cyberspace: where X m is a set of binary variables corresponding to manipulative factors, b 0 , b 1 , b 2 , ..., b n are coefficients of the logistic regression model, logistic is a logistic sigmoid function that maps a linear combination of manipulative factors to probabilities in the range from 0 to 1: parameters b 0 , b 1 , b 2 , ..., b m are the coefficients of the logistic regression model and can be estimated using maximum likelihood or other methods.

Fig. 7 .
Fig. 7. Detection and correlation of artifacts in cybersecurity systems DETERMINING SYNERGY AND HYBRIDITY OF TARGETED ATTACKS ON SOCIO-CYBER-PHYSICAL SYSTEMS external safety loop General assessment of external threats, taking into account the ownership of elements and technologies of the socio-cyberphysical threat system based on social engineering methods -General assessment of external threats, taking into account the ownership of elements and technologies of the socio-cyberphysical system and threats based on social engineering methods internal safety loop General assessment of internal loop threats, taking into account the technologies of the sociocyberphysical system and threats based on social engineering methods General assessment of internal loop threats, taking into account the ownership of elements and technologies of the socio-cyberphysical system and threats based on social engineering methods Au Af synerg С I A Au Af synerg СS ISL С I A Au Af synerg Each agent is characterized by a binary belief variable Y i , where Y i =1 indicates agreement with the expressed point of view or direction of behavior, and Y i =0 indicates disagreement.Agents also have a set of characteristics or attributes, including age, gender, education level, political affiliation, etc. ): ): corporativCPSS ESL

Table 1
Analysis of synchrony and bias at µ=0.5

Table 3
Analysis of synchrony and bias at µ=0.1

Table 4
Results of modeling the processes of forming clusters of information interaction agents