DOI: https://doi.org/10.32515/2664-262X.2025.12(43).2.62-68
STRIDE-based threat Modeling of Cybersecurity Risks in Local Computer Networks
About the Authors
Orest Polotai, Associate Professor, PhD (Candidate of Technical Sciences), Associate Professor of the Department of Information Security Management, Lviv State University of Life Safety, Lviv, Ukraine, ORCID: https://orcid.org/0000-0003-4593-8601, e-mail: orest.polotaj@gmail.com
Oleksandr Dorenskyi, Associate Professor, PhD in Information Technology (Candidate of Technical Sciences), Associate Professor of Cybersecurity and Software Department, Central Ukrainian National Technical University, Kropyvnytskyi, Ukraine, ORCID: https://orcid.org/0000-0002-7625-9022, e-mail: dorenskyiop@kntu.kr.ua.
Anastasiia Kovalenko, Assistant Lecturer of Cybersecurity and Software Department, Central Ukrainian National Technical University, Kropyvnytskyi, Ukraine, ORCID: https://orcid.org/0009-0000-9042-8358, e-mail: stasja.artem09@gmail.com
Kostiantyn Buravchenko, Associate Professor, PhD (candidate of technical sciences), Associate Professor of Cybersecurity & Software Department, Central Ukrainian National Technical University, Kropyvnytskyi, Ukraine, ORCID: https://orcid.org/0000-0001-6195-7533, e-mail: buravchenkok@gmail.com
Abstract
The article examines the problem of ensuring LAN cybersecurity under conditions of increasing threat volume and complexity. Accordingly, the study focuses on developing a generalised adaptive method for threat modelling in LANs based on the STRIDE framework. To this end, the paper analyses current scientific sources on the application of STRIDE in the field of information security and identifies a gap between theoretical threat models and their practical implementation in the context of local networks. Based on a constructed DFD model, a structured representation of typical LAN components, external entities, network processes and data flows is formed. The STRIDE threat classification is applied to each model element, enabling the systematisation of potential risks and the development of a threat matrix for further analysis. An adaptive threat-modelling method is formulated, comprising network architecture analysis, automated generation of a threat list, selection of relevant countermeasures, modelling of a secure network architecture, and verification in a simulation environment. The effectiveness of the method is evaluated according to criteria such as completeness of threat coverage, adaptability, practical feasibility, and the degree of automation. The research findings demonstrate that the use of STRIDE in combination with DFD modelling enhances the structural consistency of cybersecurity analysis and provides a systematic approach to designing a LAN protection model.
Keywords
cybersecurity, LAN, STRIDE, threat modelling, network protection, system vulnerability, risk analysis
STRIDE-based threat Modeling of Cybersecurity Risks in Local Computer Networks
About the Authors
Orest Polotai, Associate Professor, PhD (Candidate of Technical Sciences), Associate Professor of the Department of Information Security Management, Lviv State University of Life Safety, Lviv, Ukraine, ORCID: https://orcid.org/0000-0003-4593-8601, e-mail: orest.polotaj@gmail.com
Oleksandr Dorenskyi, Associate Professor, PhD in Information Technology (Candidate of Technical Sciences), Associate Professor of Cybersecurity and Software Department, Central Ukrainian National Technical University, Kropyvnytskyi, Ukraine, ORCID: https://orcid.org/0000-0002-7625-9022, e-mail: dorenskyiop@kntu.kr.ua.
Anastasiia Kovalenko, Assistant Lecturer of Cybersecurity and Software Department, Central Ukrainian National Technical University, Kropyvnytskyi, Ukraine, ORCID: https://orcid.org/0009-0000-9042-8358, e-mail: stasja.artem09@gmail.com
Kostiantyn Buravchenko, Associate Professor, PhD (candidate of technical sciences), Associate Professor of Cybersecurity & Software Department, Central Ukrainian National Technical University, Kropyvnytskyi, Ukraine, ORCID: https://orcid.org/0000-0001-6195-7533, e-mail: buravchenkok@gmail.com
Abstract
Keywords
Full Text:
PDFReferences
1. Shostack, A. (2014). Threat Modeling: Designing for Security. Wiley, Hoboken. Scientific research: URL: www.scirp.org/reference/referencespapers?referenceid=3746452 (accessed: 22.06.2025).
2. OWASP. Application Threat Modeling: Веб сайт. URL: www.owasp.org/index.php/Threat_Risk_Modeling (accessed: 22.06.2025).
3. Khalil, S. M., Bahsi, H., Dola, H., Korõtko, T., McLaughlin, K., & Kotkas, V. (2023). Threat Modeling of Cyber Physical Systems: A Case Study of a Microgrid System. Computers & Security, 124, 102950.
4. Khan, S. A. (2017). A STRIDE Model based Threat Modelling using Unified and Or Fuzzy Operator for Computer Network Security. International Journal of Computing and Network Technology, 5(1), 13–20.
5. Dorenskyi, O. P., Ulichev, O. S., Zadorozhnyi, K. O., Kovalenko, A. S., & Drieieva, H. M. (2024). Conceptual model of the system of information confrontation of the coordination center for national security and defence. Tsentralnoukrainskyi naukovyi visnyk. Tekhnichni nauky, 10(41) II, 23–31. https://doi.org/10.32515/2664-262X.2024.10(41).2.23-31 [in Ukrainian].
6. Agile Modeling. Security Threat Models: An Agile Introduction: Веб сайт. URL: http://www.agilemodeling.com/artifacts/securityThreatModel.htm (accessed: 22.06.2025).
7. Kizza, J. M. (2019). Guide to Computer Network Security. Springer.
8. Hapon, A. O., Fedorchenko, V. M., & Polyakov, A. O. (2020). Approaches to building a threat model for open source code security analysis. Systemy obrobky informatsii, 1, 128–135. https://doi.org/10.30748/soi.2020.160.17 [in Ukrainian].
9. Polotai, O. I., & Puzyr, A. O. (2024). Analysis and implementation of DLP systems to prevent confidential data leakage at enterprises. Visnyk Lvivskoho derzhavnoho universytetu bezpeky zhyttiediialnosti, 30, 134–144. https://doi.org/10.32447/20784643.30.2024.13 [in Ukrainian].
10. Polotai, O. I., Fedynets, N. I., & Kukharska, N. P. (2024). Research of cybersecurity threats and ways to counter them at the data-link layer of computer networks. Visnyk Lvivskoho derzhavnoho universytetu bezpeky zhyttiediialnosti, 29, 65–71. https://doi.org/10.32447/20784643.29.2024.07 [in Ukrainian].
11. Shelekhov, I. V., Prylepa, D. V., Khibovska, Yu. O., Shamonin, K. Ye., & Dorenskyi, O. P. (2025). Information-extreme technology for intelligent analysis of educational content quality in universities. Tsentralnoukrainskyi naukovyi visnyk. Tekhnichni nauky, 12(43) I, 58–72. https://doi.org/10.32515/2664- 262X.2025.12(43).1.58-72 [in Ukrainian].
12. Korniienko, O., Kozub, N., & Dorenskyi, O. (2025). Method and technological solution of an AI-based adaptive investor survey service for determining individual risk profile. Central Ukrainian Scientific Bulletin. Technical Sciences, 11(42) II, 3–10. https://doi.org/10.32515/2664-262X.2025.11(42).1.3-10.
Citations
1. Shostack, A. Threat Modeling: Designing for Security. Wiley, Hoboken. Scientific research: URL: www.scirp.org/reference/referencespapers?referenceid=3746452 (дата звернення: 22.06.2025).
2. OWASP. Application Threat Modeling: Веб сайт. URL: www.owasp.org/index.php/Threat_Risk_Modeling (дата звернення: 22.06.2025).
3. Khalil S. M., Bahsi H., Dola H., Korõtko T., McLaughlin K., Kotkas V. Threat Modeling of Cyber-Physical Systems: A Case Study of a Microgrid System. Computers & Security. Vol. 124, 2023. Pp. 102950.
4. Khan S. A. A STRIDE Model based Threat Modelling using Unified and-Or Fuzzy Operator for Computer Network Security. International Journal of Computing and Network Technology. Vol. 5, 1, 2017. Pp. 13-20.
5. Доренський О.П., Улічев О.С., Задорожний К.О., Коваленко А.С., Дрєєва Г.М. Концептуальна модель системи інформаційного протиборства координаційного центру з питань національної безпеки і оборони. Центральноукраїнський науковий вісник. Технічні науки. 2024. Вип. 10(41). Ч. 2. С. 23-31. https://doi.org/10.32515/2664-262X.2024.10(41).2.23-31.
6. Agile Modeling. Security Threat Models: An Agile Introduction: Веб сайт. URL: http://www.agilemodeling.com/artifacts/securityThreatModel.htm (дата звернення: 22.06.2025).
7. Kizza, J. M. Guide to Computer Network Security. Springer 2019.
8. Гапон А.О., Федорченко В.М., Поляков А.О. Підходи до побудови моделі загроз для аналізу безпеки відкритого програмного кода. Системи обробки інформації. 2020. Вип. 1. С. 128-135. DOI: 10.30748/soi.2020.160.17.
9. Полотай О.І., Пузир А.О. Аналіз та впровадження засобів запобігання витоку конфіденційної інформації на підприємствах, на прикладі системи DLP. Вісник Львівського державного університету безпеки життєдіяльності. 2024. № 30. С. 134-144. DOI: 10.32447/20784643.30.2024.13.
10. Полотай О.І., Фединець Н.І., Кухарська Н.П. Дослідження загроз інформаційної безпеки та способів їх вирішення в комп'ютерних мережах на канальному рівні. Вісник Львівського державного університету безпеки життєдіяльності. 2024. № 29. С. 65-71. DOI: 10.32447/20784643.29.2024.07.
11. Шелехов І.В., Прилепа Д.В., Хібовська Ю.О., Шамонін К.Є., Доренський О.П. Інформаційно- екстремальна технологія інтелектуального аналізу якості освітнього контенту в закладах вищої освіти. Центральноукраїнський науковий вісник. Технічні науки. 2025. Вип. 12(43), ч. 1. С. 58-72. DOI: https://doi.org/10.32515/2664-262X.2025.12(43).1.58-72.
12. Korniienko O., Kozub N., Dorenskyi O. Method and Technological Solution of an AI-Based Adaptive Investor Survey Service for Determining an Individual Risk Profile. Central Ukrainian Scientific Bulletin. Technical Sciences. 2025. Issue 11(42), Part IІ. P. 3-10. DOI: 10.32515/2664-262X.2025.11(42).1.3-10.
Copyright (©) 2025, Orest Polotai, Oleksandr Dorenskyi, Anastasiia Kovalenko, Kostiantyn Buravchenko