Development of a method for checking vulnerabilities of a corporate network using Bernstein transformations
Keywords:active security analysis, exploitation of vulnerabilities, target system, corporate network security
One of the leading areas of cybersecurity of communication networks is considered – the introduction of preventive mechanisms, among which the most promising are the methods of active security analysis. These methods allow, in addition to timely detection of vulnerabilities of the target system (analyzed system), to confirm the possibility of their implementation, that is, to validate vulnerabilities by simulating the real actions of a potential attacker. The urgent need to validate vulnerabilities out of the many identified is caused by the fact that some of them can only be theoretical, while others are exploited using malicious scripts (exploits). At the same time, the process of validating vulnerabilities is practically not studied. That is why the work carried out an experimental study of the functioning of modern tools for exploiting vulnerabilities. Based on the observations, general quantitative characteristics of the vulnerability validation process were identified. A mathematical model for the analysis of the above characteristics based on Bernstein polynomials has been developed. It is the polynomial representation of the procedure for confirming the possibility of implementing the identified vulnerabilities that makes it possible to describe the dynamics of this process, taking into account the complex and volatile nature of the environment. Analytical dependencies are obtained for the number of cases of successful and negative confirmation of vulnerabilities. In particular, negative validation cases include simply failed attempts to validate vulnerabilities, as well as attempts that resulted in critical errors on the target system during the rational cycle of validating the identified vulnerabilities. The proposed dependencies make it possible to construct the probability distribution laws for the above characteristics of the vulnerability testing process.
- State of Cybersecurity Resilience 2021: How aligning security and the business creates cyber resilience. Accenture. Available at: https://www.accenture.com/_acnmedia/PDF-165/Accenture-State-Of-Cybersecurity-2021.pdf
- Bernshteyn, S. (1952). Dokazatel'stvo teoremy Veyershtrassa, osnovannoe na teorii veroyatnostey. Sobranie sochineniy. Vol. 1. Moscow: AN SSSR.
- Malozemov, V. (2019). O mnogochlenakh Bernshteyna. Seminar «CNSA & NDO». Available at: http://apmath.spbu.ru/cnsa/pdf/2019/Malozemov_BernsteinPolynom_17sep2019.pdf
- Milov, O., Yevseiev, S., Ivanchenko, Y., Milevskyi, S., Nesterov, O., Puchkov, O. et. al. (2019). Development of the model of the antagonistic agents behavior under a cyber conflict. Eastern-European Journal of Enterprise Technologies, 4 (9 (100)), 6–19. doi: https://doi.org/10.15587/1729-4061.2019.175978
- Barabash, O. (2020). The Indirect method of obtaining Estimates of the Parameters of Radio Signals of covert means of obtaining Information. International Journal of Emerging Trends in Engineering Research, 8 (8), 4133–4139. doi: https://doi.org/10.30534/ijeter/2020/17882020
- Laptiev, O., Vitalii, S., Yevseiev, S., Haidur, H., Gakhov, S., Hohoniants, S. (2020). The new method for detecting signals of means of covert obtaining information. 2020 IEEE 2nd International Conference on Advanced Trends in Information Theory (ATIT). doi: https://doi.org/10.1109/atit50783.2020.9349322
- Savchenko, V., Laptiev, O., Kolos, O., Lisnevskyi, R., Ivannikova, V., Ablazov, I. (2020). Hidden Transmitter Localization Accuracy Model Based on Multi-Position Range Measurement. 2020 IEEE 2nd International Conference on Advanced Trends in Information Theory (ATIT). doi: https://doi.org/10.1109/atit50783.2020.9349304
- Korchenko, A., Breslavskyi, V., Yevseiev, S., Zhumangalieva, N., Zvarych, A., Kazmirchuk, S. et. al. (2021). Development of a method for constructing linguistic standards for multi-criteria assessment of honeypot efficiency. Eastern-European Journal of Enterprise Technologies, 1 (2 (109)), 14–23. doi: https://doi.org/10.15587/1729-4061.2021.225346
- Laptiev, O., Savchenko, V., Pravdyvyi, A., Ablazov, I., Lisnevskyi, R., Kolos, O., Hudyma, V. (2021). Method of Detecting Radio Signals using Means of Covert by Obtaining Information on the basis of Random Signals Model. International Journal of Communication Networks and Information Security (IJCNIS), 13 (1), 48–54. URL: https://www.ijcnis.org/index.php/ijcnis/article/view/4902
- Hryshchuk, R., Korobiichuk, I., Ivanchenk, S., Roma, O., Golishevsky, A. (2019). The Throughput of Technical Channels as an Indicator of Protection Discrete Sources from Information Leakage. Computer Modeling and Intelligent Systems, 2353, 523–532.
- Mashkov, O. A., Sobchuk, V. V., Barabash, O. V., Dakhno, N. B. et. al. (2019). Improvement of variational-gradient method in dynamical systems of automated control for integro-differential models. Mathematical Modeling and Computing, 6 (2), 344–357. doi: https://doi.org/10.23939/mmc2019.02.344
- Barabash, O., Dakhno, N., Shevchenko, H., Sobchuk, V. (2018). Integro-Differential Models of Decision Support Systems for Controlling Unmanned Aerial Vehicles on the Basis of Modified Gradient Method. 2018 IEEE 5th International Conference on Methods and Systems of Navigation and Motion Control (MSNMC). doi: https://doi.org/10.1109/msnmc.2018.8576310
- Korotin, S., Kravchenko, Y., Starkova, O., Herasymenko, K., Mykolaichuk, R. (2019). Analytical Determination of the Parameters of the Self-Tuning Circuit of the Traffic Control System on the Limit of Vibrational Stability. 2019 IEEE International Scientific-Practical Conference Problems of Infocommunications, Science and Technology (PIC S&T). doi: https://doi.org/10.1109/picst47496.2019.9061256
- Rakushev, M., Permiakov, O., Lavrinchuk, O., Tarasenko, S., Kovbasiuk, S., Kravchenko, Y. (2019). Numerical Method of Integration on the Basis of Multidimensional Differential-Taylor Transformations. 2019 IEEE International Scientific-Practical Conference Problems of Infocommunications, Science and Technology (PIC S&T). doi: https://doi.org/10.1109/picst47496.2019.9061339
- Barabash, O., Lukova-Chuiko, N., Sobchuk, V., Musienko, A. (2018). Application of Petri Networks for Support of Functional Stability of Information Systems. 2018 IEEE First International Conference on System Analysis & Intelligent Computing (SAIC). doi: https://doi.org/10.1109/saic.2018.8516747
- Kravchenko, Y., Leshchenko, O., Dakhno, N., Trush, O., Makhovych, O. (2019). Evaluating the Effectiveness of Cloud Services. 2019 IEEE International Conference on Advanced Trends in Information Theory (ATIT). doi: https://doi.org/10.1109/atit49449.2019.9030430
- Musienko, A. P., Serdyuk, A. S. (2013). Lebesgue-type inequalities for the de la Vallée-poussin sums on sets of entire functions. Ukrainian Mathematical Journal, 65 (5), 709–722. doi: https://doi.org/10.1007/s11253-013-0808-4
- Saiko, V., Nakonechnyi, V., Narytnyk, T., Brailovskyi, M., Lukova-Chuiko, N. (2020). Terahertz Range Interconnecting Line For LEO-System. 2020 IEEE 15th International Conference on Advanced Trends in Radioelectronics, Telecommunications and Computer Engineering (TCSET). doi: https://doi.org/10.1109/tcset49122.2020.235468
- Ruban, I., Martovytskyi, V., Lukova-Chuiko, N. (2018). Approach to Classifying the State of a Network Based on Statistical Parameters for Detecting Anomalies in the Information Structure of a Computing System. Cybernetics and Systems Analysis, 54 (2), 302–309. doi: https://doi.org/10.1007/s10559-018-0032-1
- Lakhno, V., Kozlovskii, V., Boiko, Y., Mishchenko, A., Opirskyy, I. (2017). Management of information protection based on the integrated implementation of decision support systems. Eastern-European Journal of Enterprise Technologies, 5 (9 (89)), 36–42. doi: https://doi.org/10.15587/1729-4061.2017.111081
- Kozlovskyi, V., Lakhno, V., Kasatkin, D., Boiko, Y., Kravchuk, P., Lishchynovska, N. (2019). A model and algorithm for detecting spyware in medical information systems. International Journal of Mechanical Engineering and Technology, 10 (1), 287–295. Available at: https://iaeme.com/MasterAdmin/Journal_uploads/IJMET/VOLUME_10_ISSUE_1/IJMET_10_01_029.pdf
- Lakhno, V. A., Kasatkin, D. Y., Blozva, A. I., Kozlovskyi, V., Balanyuk, Y., Boiko, Y. (2020). The Development of a Model of the Formation of Cybersecurity Outlines Based on Multi Criteria Optimization and Game Theory. Advances in Intelligent Systems and Computing, 10–22. doi: https://doi.org/10.1007/978-3-030-63319-6_2
- Barabash, O., Kopiika, O., Zamrii, I., Sobchuk, V., Musienko, A. (2018). Fraktal and Differential Properties of the Inversor of Digits of Q s-Representation of Real Number. Modern Mathematics and Mechanics, 79–95. doi: https://doi.org/10.1007/978-3-319-96755-4_5
- Samoilenko, A. M., Samoilenko, V. G., Sobchuk, V. V. (1999). On periodic solutions of the equation of a nonlinear oscillator with pulse influence. Ukrainian Mathematical Journal, 51 (6), 926–933. doi: https://doi.org/10.1007/bf02591979
- Sobchuk, V., Pichkur, V., Barabash, O., Laptiev, O., Igor, K., Zidan, A. (2020). Algorithm of Control of Functionally Stable Manufacturing Processes of Enterprises. 2020 IEEE 2nd International Conference on Advanced Trends in Information Theory (ATIT). doi: https://doi.org/10.1109/atit50783.2020.9349332
- Yudin, O., Sydorenko, V., Gnatyuk, S., Verkhovets, O. (2021). Model of the quantitative criterion calculation for security assessment of the information and telecommunications systems in the critical infrastructure of the state. Advanced Information Systems, 5 (4), 109–115. doi: https://doi.org/10.20998/2522-9052.2021.4.15
- Semenov, S., Weilin, C., Zhang, L., Bulba, S. (2021). Automated penetration testing method using deep machine learning technology. Advanced Information Systems, 5 (3), 119–127. doi: https://doi.org/10.20998/2522-9052.2021.3.16
- Operating System Market Share (11.2019-10.2020). Available at: https://netmarketshare.com/operating-system-market-share.aspx
- Desktop Windows Version Market Share Worldwide (01.2021-01.2022). Available at: https://gs.statcounter.com/os-version-market-share/windows/desktop/worldwide
How to Cite
Copyright (c) 2022 Roman Kyrychok, Oleksandr Laptiev, Rostyslav Lisnevskyi, Valerii Kozlovskyi, Vitaliy Klobukov
This work is licensed under a Creative Commons Attribution 4.0 International License.
The consolidation and conditions for the transfer of copyright (identification of authorship) is carried out in the License Agreement. In particular, the authors reserve the right to the authorship of their manuscript and transfer the first publication of this work to the journal under the terms of the Creative Commons CC BY license. At the same time, they have the right to conclude on their own additional agreements concerning the non-exclusive distribution of the work in the form in which it was published by this journal, but provided that the link to the first publication of the article in this journal is preserved.