Purpose. To analyze the simulation tools available in the Satellite Communication Toolbox expansion package for modeling the physical principles of the construction and operation of satellite communication systems in general and the link budget assessment in particular. The aim of the work is to prepare the groundwork for a training and methodological complex for studying the satellite segment of hybrid orbital-terrestrial communication networks. Methods: an overview of the simulation tools of the Satellite Communication Toolbox and their capabilities for studying the link budget of the satellite segment of hybrid orbital-terrestrial communication networks. Novelty. Unlike the works devoted to the study of the channel budget, the author’s approach consists in the formalization of proposals for the use of the simulation tools of the Satellite Communication Toolbox in solving typical practical problems of estimating the satellite communication channel budget in order to consolidate the studied physical principles in laboratory and practical classes. Results of this work is the preparation of materials for studying the satellite communication channel budget for educational and methodological purposes. Theoretical / Practical relevance: the significance of the presented material lies in the improvement of the training and methodological complex for studying the principles of construction and functional features of modern and promising satellite communication systems.

Problem statement. A significant share of information security incidents on workstations is associated with process execution that deviates from typical user behavior. Traditional protection tools focused on signatures and network events do not provide behavioral context at the endpoint level, which limits the detection of rare processes and atypical parent – child process chains. The aim of the study is to improve the effectiveness of detecting deviations in user process activity by developing an agent-based monitoring system that accumulates process execution history and evaluates its typicality on workstations. Methods. The solution is based on an agent – server architecture including periodic collection of process state snapshots, process session construction, accumulative storage, and rule-based server-side analysis. Detection relies on process rarity assessment based on occurrence frequency, analysis of parent–child process chains, and rule-based identification of combined deviations without using machine learning methods. The novelty lies in a rule-based approach to behavioral analysis of processes on workstations based on the combination of a cumulative session storage, catalogs of allowed processes and process chains, and centralized server-side deviation detection logic. In contrast to existing approaches, the analysis focuses on assessing activity typicality rather than classifying maliciousness. Results. A prototype system for the Windows operating system has been developed, including a lightweight client agent and a server application based on FastAPI and SQLite. The system collects and stores process execution history, detects rare and atypical process launches, and generates alerts. Functional validation confirmed the correctness of the implemented analytical rules and the ability to generate informative signals of atypical activity. Practical significance. The proposed approach enables the formation of behavioral context of process activity on workstations and can be used as an additional data source for security monitoring and analysis systems, including SIEM and SOC, improving the detection of new and atypical user activity scenarios.