The potential breach of access to confidential content hosted in a university's Private Academic Cloud (PAC) underscores the need for developing new protection methods. This paper introduces a Threat Analyzer Software (TAS) and a predictive algorithm rooted in both an operational model and discrete threat recognition procedures (DTRPs). These tools aid in identifying the functional layers that attackers could exploit to embed malware in guest operating systems (OS) and the PAC hypervisor. The solutions proposed herein play a crucial role in ensuring countermeasures against malware introduction into the PAC. Various hypervisor components are viewed as potential threat sources to the PAC's information security (IS). Such threats may manifest through the distribution of malware or the initiation of processes that compromise the PAC's security. The demonstrated counter-threat method, which is founded on the operational model and discrete threat recognition procedures, facilitates the use of mechanisms within the HIPV to quickly identify cyber attacks on the PAC, especially those employing "rootkit" technologies. This prompt identification empowers defenders to take swift and appropriate actions to safeguard the PAC.

The article herein presents the method and algorithms for forming the feature space for the base of intellectualized system knowledge for the support system in the cyber threats and anomalies tasks. The system being elaborated might be used both autonomously by cyber threat services analysts and jointly with information protection complex systems. It is shown, that advised algorithms allow supplementing dynamically the knowledge base upon appearing the new threats, which permits to cut the time of their recognition and analysis, in particular, for cases of hard-to-explain features and reduce the false responses in threat recognizing systems, anomalies and attacks at informatization objects. It is stated herein, that collectively with the outcomes of previous authors investigations, the offered algorithms of forming the feature space for identifying cyber threats within decisions making support system are more effective. It is reached at the expense of the fact, that, comparing to existing decisions, the described decisions in the article, allow separate considering the task of threat recognition in the frame of the known classes, and if necessary supplementing feature space for the new threat types. It is demonstrated, that new threats features often initially are not identified within the frame of existing base of threat classes knowledge in the decision support system. As well the methods and advised algorithms allow fulfilling the time-efficient cyber threats classification for a definite informatization object.