Development of a method for checking vulnerabilities of a corporate network using Bernstein transformations

Authors

DOI:

https://doi.org/10.15587/1729-4061.2022.253530

Keywords:

active security analysis, exploitation of vulnerabilities, target system, corporate network security

Abstract

One of the leading areas of cybersecurity of communication networks is considered – the introduction of preventive mechanisms, among which the most promising are the methods of active security analysis. These methods allow, in addition to timely detection of vulnerabilities of the target system (analyzed system), to confirm the possibility of their implementation, that is, to validate vulnerabilities by simulating the real actions of a potential attacker. The urgent need to validate vulnerabilities out of the many identified is caused by the fact that some of them can only be theoretical, while others are exploited using malicious scripts (exploits). At the same time, the process of validating vulnerabilities is practically not studied. That is why the work carried out an experimental study of the functioning of modern tools for exploiting vulnerabilities. Based on the observations, general quantitative characteristics of the vulnerability validation process were identified. A mathematical model for the analysis of the above characteristics based on Bernstein polynomials has been developed. It is the polynomial representation of the procedure for confirming the possibility of implementing the identified vulnerabilities that makes it possible to describe the dynamics of this process, taking into account the complex and volatile nature of the environment. Analytical dependencies are obtained for the number of cases of successful and negative confirmation of vulnerabilities. In particular, negative validation cases include simply failed attempts to validate vulnerabilities, as well as attempts that resulted in critical errors on the target system during the rational cycle of validating the identified vulnerabilities. The proposed dependencies make it possible to construct the probability distribution laws for the above characteristics of the vulnerability testing process.

Author Biographies

Roman Kyrychok, Borys Hrinchenko Kyiv University

PhD

Department of Information and Cyber Security named after Professor Volodymyr Вuriachok

Oleksandr Laptiev, Taras Shevchenko National University of Kyiv

Doctor of Technical Sciences, Associate Professor, Senior Researcher

Department of Cyber Security and Information Protection

Rostyslav Lisnevskyi, Taras Shevchenko National University of Kyiv

PhD, Associate Professor

Information Department System and Technologies

Valerii Kozlovskyi, National Aviation University

Doctor of Technical Sciences, Professor, Head of Department

Department of Information Security

Vitaliy Klobukov, National Aviation University

PhD, Assistant

Department of Information Security

References

  1. State of Cybersecurity Resilience 2021: How aligning security and the business creates cyber resilience. Accenture. Available at: https://www.accenture.com/_acnmedia/PDF-165/Accenture-State-Of-Cybersecurity-2021.pdf
  2. Bernshteyn, S. (1952). Dokazatel'stvo teoremy Veyershtrassa, osnovannoe na teorii veroyatnostey. Sobranie sochineniy. Vol. 1. Moscow: AN SSSR.
  3. Malozemov, V. (2019). O mnogochlenakh Bernshteyna. Seminar «CNSA & NDO». Available at: http://apmath.spbu.ru/cnsa/pdf/2019/Malozemov_BernsteinPolynom_17sep2019.pdf
  4. Milov, O., Yevseiev, S., Ivanchenko, Y., Milevskyi, S., Nesterov, O., Puchkov, O. et. al. (2019). Development of the model of the antagonistic agents behavior under a cyber conflict. Eastern-European Journal of Enterprise Technologies, 4 (9 (100)), 6–19. doi: https://doi.org/10.15587/1729-4061.2019.175978
  5. Barabash, O. (2020). The Indirect method of obtaining Estimates of the Parameters of Radio Signals of covert means of obtaining Information. International Journal of Emerging Trends in Engineering Research, 8 (8), 4133–4139. doi: https://doi.org/10.30534/ijeter/2020/17882020
  6. Laptiev, O., Vitalii, S., Yevseiev, S., Haidur, H., Gakhov, S., Hohoniants, S. (2020). The new method for detecting signals of means of covert obtaining information. 2020 IEEE 2nd International Conference on Advanced Trends in Information Theory (ATIT). doi: https://doi.org/10.1109/atit50783.2020.9349322
  7. Savchenko, V., Laptiev, O., Kolos, O., Lisnevskyi, R., Ivannikova, V., Ablazov, I. (2020). Hidden Transmitter Localization Accuracy Model Based on Multi-Position Range Measurement. 2020 IEEE 2nd International Conference on Advanced Trends in Information Theory (ATIT). doi: https://doi.org/10.1109/atit50783.2020.9349304
  8. Korchenko, A., Breslavskyi, V., Yevseiev, S., Zhumangalieva, N., Zvarych, A., Kazmirchuk, S. et. al. (2021). Development of a method for constructing linguistic standards for multi-criteria assessment of honeypot efficiency. Eastern-European Journal of Enterprise Technologies, 1 (2 (109)), 14–23. doi: https://doi.org/10.15587/1729-4061.2021.225346
  9. Laptiev, O., Savchenko, V., Pravdyvyi, A., Ablazov, I., Lisnevskyi, R., Kolos, O., Hudyma, V. (2021). Method of Detecting Radio Signals using Means of Covert by Obtaining Information on the basis of Random Signals Model. International Journal of Communication Networks and Information Security (IJCNIS), 13 (1), 48–54. URL: https://www.ijcnis.org/index.php/ijcnis/article/view/4902
  10. Hryshchuk, R., Korobiichuk, I., Ivanchenk, S., Roma, O., Golishevsky, A. (2019). The Throughput of Technical Channels as an Indicator of Protection Discrete Sources from Information Leakage. Computer Modeling and Intelligent Systems, 2353, 523–532.
  11. Mashkov, O. A., Sobchuk, V. V., Barabash, O. V., Dakhno, N. B. et. al. (2019). Improvement of variational-gradient method in dynamical systems of automated control for integro-differential models. Mathematical Modeling and Computing, 6 (2), 344–357. doi: https://doi.org/10.23939/mmc2019.02.344
  12. Barabash, O., Dakhno, N., Shevchenko, H., Sobchuk, V. (2018). Integro-Differential Models of Decision Support Systems for Controlling Unmanned Aerial Vehicles on the Basis of Modified Gradient Method. 2018 IEEE 5th International Conference on Methods and Systems of Navigation and Motion Control (MSNMC). doi: https://doi.org/10.1109/msnmc.2018.8576310
  13. Korotin, S., Kravchenko, Y., Starkova, O., Herasymenko, K., Mykolaichuk, R. (2019). Analytical Determination of the Parameters of the Self-Tuning Circuit of the Traffic Control System on the Limit of Vibrational Stability. 2019 IEEE International Scientific-Practical Conference Problems of Infocommunications, Science and Technology (PIC S&T). doi: https://doi.org/10.1109/picst47496.2019.9061256
  14. Rakushev, M., Permiakov, O., Lavrinchuk, O., Tarasenko, S., Kovbasiuk, S., Kravchenko, Y. (2019). Numerical Method of Integration on the Basis of Multidimensional Differential-Taylor Transformations. 2019 IEEE International Scientific-Practical Conference Problems of Infocommunications, Science and Technology (PIC S&T). doi: https://doi.org/10.1109/picst47496.2019.9061339
  15. Barabash, O., Lukova-Chuiko, N., Sobchuk, V., Musienko, A. (2018). Application of Petri Networks for Support of Functional Stability of Information Systems. 2018 IEEE First International Conference on System Analysis & Intelligent Computing (SAIC). doi: https://doi.org/10.1109/saic.2018.8516747
  16. Kravchenko, Y., Leshchenko, O., Dakhno, N., Trush, O., Makhovych, O. (2019). Evaluating the Effectiveness of Cloud Services. 2019 IEEE International Conference on Advanced Trends in Information Theory (ATIT). doi: https://doi.org/10.1109/atit49449.2019.9030430
  17. Musienko, A. P., Serdyuk, A. S. (2013). Lebesgue-type inequalities for the de la Vallée-poussin sums on sets of entire functions. Ukrainian Mathematical Journal, 65 (5), 709–722. doi: https://doi.org/10.1007/s11253-013-0808-4
  18. Saiko, V., Nakonechnyi, V., Narytnyk, T., Brailovskyi, M., Lukova-Chuiko, N. (2020). Terahertz Range Interconnecting Line For LEO-System. 2020 IEEE 15th International Conference on Advanced Trends in Radioelectronics, Telecommunications and Computer Engineering (TCSET). doi: https://doi.org/10.1109/tcset49122.2020.235468
  19. Ruban, I., Martovytskyi, V., Lukova-Chuiko, N. (2018). Approach to Classifying the State of a Network Based on Statistical Parameters for Detecting Anomalies in the Information Structure of a Computing System. Cybernetics and Systems Analysis, 54 (2), 302–309. doi: https://doi.org/10.1007/s10559-018-0032-1
  20. Lakhno, V., Kozlovskii, V., Boiko, Y., Mishchenko, A., Opirskyy, I. (2017). Management of information protection based on the integrated implementation of decision support systems. Eastern-European Journal of Enterprise Technologies, 5 (9 (89)), 36–42. doi: https://doi.org/10.15587/1729-4061.2017.111081
  21. Kozlovskyi, V., Lakhno, V., Kasatkin, D., Boiko, Y., Kravchuk, P., Lishchynovska, N. (2019). A model and algorithm for detecting spyware in medical information systems. International Journal of Mechanical Engineering and Technology, 10 (1), 287–295. Available at: https://iaeme.com/MasterAdmin/Journal_uploads/IJMET/VOLUME_10_ISSUE_1/IJMET_10_01_029.pdf
  22. Lakhno, V. A., Kasatkin, D. Y., Blozva, A. I., Kozlovskyi, V., Balanyuk, Y., Boiko, Y. (2020). The Development of a Model of the Formation of Cybersecurity Outlines Based on Multi Criteria Optimization and Game Theory. Advances in Intelligent Systems and Computing, 10–22. doi: https://doi.org/10.1007/978-3-030-63319-6_2
  23. Barabash, O., Kopiika, O., Zamrii, I., Sobchuk, V., Musienko, A. (2018). Fraktal and Differential Properties of the Inversor of Digits of Q s-Representation of Real Number. Modern Mathematics and Mechanics, 79–95. doi: https://doi.org/10.1007/978-3-319-96755-4_5
  24. Samoilenko, A. M., Samoilenko, V. G., Sobchuk, V. V. (1999). On periodic solutions of the equation of a nonlinear oscillator with pulse influence. Ukrainian Mathematical Journal, 51 (6), 926–933. doi: https://doi.org/10.1007/bf02591979
  25. Sobchuk, V., Pichkur, V., Barabash, O., Laptiev, O., Igor, K., Zidan, A. (2020). Algorithm of Control of Functionally Stable Manufacturing Processes of Enterprises. 2020 IEEE 2nd International Conference on Advanced Trends in Information Theory (ATIT). doi: https://doi.org/10.1109/atit50783.2020.9349332
  26. Yudin, O., Sydorenko, V., Gnatyuk, S., Verkhovets, O. (2021). Model of the quantitative criterion calculation for security assessment of the information and telecommunications systems in the critical infrastructure of the state. Advanced Information Systems, 5 (4), 109–115. doi: https://doi.org/10.20998/2522-9052.2021.4.15
  27. Semenov, S., Weilin, C., Zhang, L., Bulba, S. (2021). Automated penetration testing method using deep machine learning technology. Advanced Information Systems, 5 (3), 119–127. doi: https://doi.org/10.20998/2522-9052.2021.3.16
  28. Operating System Market Share (11.2019-10.2020). Available at: https://netmarketshare.com/operating-system-market-share.aspx
  29. Desktop Windows Version Market Share Worldwide (01.2021-01.2022). Available at: https://gs.statcounter.com/os-version-market-share/windows/desktop/worldwide

Published

2022-02-28

How to Cite

Kyrychok, R., Laptiev, O., Lisnevskyi, R., Kozlovskyi, V., & Klobukov, V. (2022). Development of a method for checking vulnerabilities of a corporate network using Bernstein transformations. Eastern-European Journal of Enterprise Technologies, 1(9(115), 93–101. https://doi.org/10.15587/1729-4061.2022.253530

Issue

Section

Information and controlling system