Development of a fuzzy GERT-model for investigating common software vulnerabilities

Authors

DOI:

https://doi.org/10.15587/1729-4061.2021.243715

Keywords:

software, security testing, fuzzy GERT-model, cyber threat, software vulnerability

Abstract

This paper has determined the relevance of the issue related to improving the accuracy of the results of mathematical modeling of the software security testing process. The fuzzy GERT-modeling methods have been analyzed. The necessity and possibility of improving the accuracy of the results of mathematical formalization of the process of studying software vulnerabilities under the conditions of fuzziness of input and intermediate data have been determined. To this end, based on the mathematical apparatus of fuzzy network modeling, a fuzzy GERT model has been built for investigating software vulnerabilities. A distinctive feature of this model is to take into consideration the probabilistic characteristics of transitions from state to state along with time characteristics. As part of the simulation, the following stages of the study were performed. To schematically describe the procedures for studying software vulnerabilities, a structural model of this process has been constructed. A "reference GERT model" has been developed for investigating software vulnerabilities. The process was described in the form of a standard GERT network. The algorithm of equivalent transformations of the GERT network has been improved, which differs from known ones by considering the capabilities of the extended range of typical structures of parallel branches between neighboring nodes. Analytical expressions are presented to calculate the average time spent in the branches and the probability of successful completion of studies in each node. The calculation of these probabilistic-temporal characteristics has been carried out in accordance with data on the simplified equivalent fuzzy GERT network for the process of investigating software vulnerabilities. Comparative studies were conducted to confirm the accuracy and reliability of the results obtained. The results of the experiment showed that in comparison with the reference model, the fuzziness of the input characteristic of the time of conducting studies of software vulnerabilities was reduced, which made it possible to improve the accuracy of the simulation results.

Author Biographies

Serhii Semenov, National Technical University "Kharkiv Polytechnic Institute"

Doctor of Technical Sciences, Professor

Department of Computer Engineering and Programming

Liqiang Zhang, Neijiang Normal University

Postgraduate Student

College of Computer Science

Weiling Cao, Neijiang Normal University

Postgraduate Student

Department of IT Information Centre

Serhii Bulba, National Technical University "Kharkiv Polytechnic Institute"

PhD

Department of Computer Engineering and Programming

Vira Babenko, Cherkasy State Technological University

Doctor of Technical Sciences, Associate Professor

Department of Informational Security and Computer Engineering

Viacheslav Davydov, National Technical University "Kharkiv Polytechnic Institute"

PhD

Department of Computer Engineering and Programming

References

CWE Version 4.1. Available at: https://cwe.mitre.org/data/published/cwe_v4.1.pdf

Semenov, S., Liqiang, Z., Weiling, C., Davydov, V. (2021). Development a mathematical model for the software security testing first stage. Eastern-European Journal of Enterprise Technologies, 3 (2 (111)), 24–34. doi: https://doi.org/10.15587/1729-4061.2021.233417

Pritsker, A. A. B. (1977). Modeling and Analysis Using Q-GERT Networks. Wiley: distributed by Halsted Press Division of John Wiley & Sons, 420.

Semenova, A., Dubrovskyi, M., Savitskyi, V. (2017). A GERT model of an algorithm for analyzing security of a web application. Advanced Information Systems, 1 (1), 61–64. doi: https://doi.org/10.20998/2522-9052.2017.1.11

Semenov, S., Davydov, V., Lipchanska, O., Lipchanskyi, M. (2020). Development of unified mathematical model of programming modules obfuscation process based on graphic evaluation and review method. Eastern-European Journal of Enterprise Technologies, 3 (2 (105)), 6–16. doi: https://doi.org/10.15587/1729-4061.2020.206232

Gavrylenko, S., Chelak, V., Hornostal, O., Vassilev, V. (2020). Development of a method for identifying the state of a computer system using fuzzy cluster analysis. Advanced Information Systems, 4 (2), 8–11. doi: https://doi.org/10.20998/2522-9052.2020.2.02

Lin, K.-P., Wen, W., Chou, C.-C., Jen, C.-H., Hung, K.-C. (2011). Applying fuzzy GERT with approximate fuzzy arithmetic based on the weakest t-norm operations to evaluate repairable reliability. Applied Mathematical Modelling, 35 (11), 5314–5325. doi: https://doi.org/10.1016/j.apm.2011.04.022

Zhang, N., Yan, S., Fang, Z., Yang, B. (2021). Fuzzy GERT model based on z-tag and its application in weapon equipment management. Journal of Intelligent & Fuzzy Systems, 40 (6), 12503–12519. doi: https://doi.org/10.3233/jifs-201731

Lachmayer, R., Afsari, M., Hassani, R. (2015). C# method for all Types of Nodes in Fuzzy GERT. International Journal of Artificial Intelligence and Neural Networks – IJAINN, 5 (1), 57–62. Available at: https://www.researchgate.net/publication/304247081_C_method_for_all_Types_of_Nodes_in_Fuzzy_GERT

Radziszewska-Zielina, E., Śladowski, G. (2017). Proposal of the Use of a Fuzzy Stochastic Network for the Preliminary Evaluation of the Feasibility of the Process of the Adaptation of a Historical Building to a Particular Form of Use. IOP Conference Series: Materials Science and Engineering, 245, 072029. doi: https://doi.org/10.1088/1757-899x/245/7/072029

Tousheh Asl, S., Hashemin, S. S. (2018). Completion Time of Special Kind of GERT-Type Networks with Fuzzy Times for Activities. International Journal of Industrial Engineering, 5 (1), 1–8. doi: https://doi.org/10.14445/23499362/ijie-v5i1p101

Wang, H.-H., Zhu, J.-J., Yao, Y.-C. (2019). GERT network optimization with consideration of "time-resource" on large aircraft collaborative development. Kongzhi yu Juece/Control and Decision, 34 (2), 309–316. doi: https://doi.org/10.13195/j.kzyjc.2018.0121

Liu, X., Fang, Z., Zhang, N. (2017). A value transfer GERT network model for carbon fiber industry chain based on input–output table. Cluster Computing, 20 (4), 2993–3001. doi: https://doi.org/10.1007/s10586-017-0960-y

Semenov, S., Liqiang, Z., Weiling, C. (2020). Penetration Testing Process Mathematical Model. 2020 IEEE International Conference on Problems of Infocommunications. Science and Technology (PIC S&T). doi: https://doi.org/10.1109/picst51311.2020.9468039

Norouzi, G., Heydari, M., Noori, S., Bagherpour, M. (2015). Developing a Mathematical Model for Scheduling and Determining Success Probability of Research Projects Considering Complex-Fuzzy Networks. Journal of Applied Mathematics, 2015, 1–15. doi: https://doi.org/10.1155/2015/809216

Gavareshki, M. H. K. (2004). New fuzzy GERT method for research projects scheduling. 2004 IEEE International Engineering Management Conference (IEEE Cat. No.04CH37574). doi: https://doi.org/10.1109/iemc.2004.1407495

Published

2021-12-29

How to Cite

Semenov, S., Zhang, L., Cao, W., Bulba, S., Babenko, V., & Davydov, V. (2021). Development of a fuzzy GERT-model for investigating common software vulnerabilities. Eastern-European Journal of Enterprise Technologies, 6(2 (114), 6–18. https://doi.org/10.15587/1729-4061.2021.243715