Development of a fuzzy GERT-model for investigating common software vulnerabilities

Authors

DOI:

https://doi.org/10.15587/1729-4061.2021.243715

Keywords:

software, security testing, fuzzy GERT-model, cyber threat, software vulnerability

Abstract

This paper has determined the relevance of the issue related to improving the accuracy of the results of mathematical modeling of the software security testing process. The fuzzy GERT-modeling methods have been analyzed. The necessity and possibility of improving the accuracy of the results of mathematical formalization of the process of studying software vulnerabilities under the conditions of fuzziness of input and intermediate data have been determined. To this end, based on the mathematical apparatus of fuzzy network modeling, a fuzzy GERT model has been built for investigating software vulnerabilities. A distinctive feature of this model is to take into consideration the probabilistic characteristics of transitions from state to state along with time characteristics. As part of the simulation, the following stages of the study were performed. To schematically describe the procedures for studying software vulnerabilities, a structural model of this process has been constructed. A "reference GERT model" has been developed for investigating software vulnerabilities. The process was described in the form of a standard GERT network. The algorithm of equivalent transformations of the GERT network has been improved, which differs from known ones by considering the capabilities of the extended range of typical structures of parallel branches between neighboring nodes. Analytical expressions are presented to calculate the average time spent in the branches and the probability of successful completion of studies in each node. The calculation of these probabilistic-temporal characteristics has been carried out in accordance with data on the simplified equivalent fuzzy GERT network for the process of investigating software vulnerabilities. Comparative studies were conducted to confirm the accuracy and reliability of the results obtained. The results of the experiment showed that in comparison with the reference model, the fuzziness of the input characteristic of the time of conducting studies of software vulnerabilities was reduced, which made it possible to improve the accuracy of the simulation results.

Author Biographies

Serhii Semenov, National Technical University "Kharkiv Polytechnic Institute"

Doctor of Technical Sciences, Professor

Department of Computer Engineering and Programming

Liqiang Zhang, Neijiang Normal University

Postgraduate Student

College of Computer Science

Weiling Cao, Neijiang Normal University

Postgraduate Student

Department of IT Information Centre

Serhii Bulba, National Technical University "Kharkiv Polytechnic Institute"

PhD

Department of Computer Engineering and Programming

Vira Babenko, Cherkasy State Technological University

Doctor of Technical Sciences, Associate Professor

Department of Informational Security and Computer Engineering

Viacheslav Davydov, National Technical University "Kharkiv Polytechnic Institute"

PhD

Department of Computer Engineering and Programming

References

  1. CWE Version 4.1. Available at: https://cwe.mitre.org/data/published/cwe_v4.1.pdf
  2. Semenov, S., Liqiang, Z., Weiling, C., Davydov, V. (2021). Development a mathematical model for the software security testing first stage. Eastern-European Journal of Enterprise Technologies, 3 (2 (111)), 24–34. doi: https://doi.org/10.15587/1729-4061.2021.233417
  3. Pritsker, A. A. B. (1977). Modeling and Analysis Using Q-GERT Networks. Wiley: distributed by Halsted Press Division of John Wiley & Sons, 420.
  4. Semenova, A., Dubrovskyi, M., Savitskyi, V. (2017). A GERT model of an algorithm for analyzing security of a web application. Advanced Information Systems, 1 (1), 61–64. doi: https://doi.org/10.20998/2522-9052.2017.1.11
  5. Semenov, S., Davydov, V., Lipchanska, O., Lipchanskyi, M. (2020). Development of unified mathematical model of programming modules obfuscation process based on graphic evaluation and review method. Eastern-European Journal of Enterprise Technologies, 3 (2 (105)), 6–16. doi: https://doi.org/10.15587/1729-4061.2020.206232
  6. Gavrylenko, S., Chelak, V., Hornostal, O., Vassilev, V. (2020). Development of a method for identifying the state of a computer system using fuzzy cluster analysis. Advanced Information Systems, 4 (2), 8–11. doi: https://doi.org/10.20998/2522-9052.2020.2.02
  7. Lin, K.-P., Wen, W., Chou, C.-C., Jen, C.-H., Hung, K.-C. (2011). Applying fuzzy GERT with approximate fuzzy arithmetic based on the weakest t-norm operations to evaluate repairable reliability. Applied Mathematical Modelling, 35 (11), 5314–5325. doi: https://doi.org/10.1016/j.apm.2011.04.022
  8. Zhang, N., Yan, S., Fang, Z., Yang, B. (2021). Fuzzy GERT model based on z-tag and its application in weapon equipment management. Journal of Intelligent & Fuzzy Systems, 40 (6), 12503–12519. doi: https://doi.org/10.3233/jifs-201731
  9. Lachmayer, R., Afsari, M., Hassani, R. (2015). C# method for all Types of Nodes in Fuzzy GERT. International Journal of Artificial Intelligence and Neural Networks – IJAINN, 5 (1), 57–62. Available at: https://www.researchgate.net/publication/304247081_C_method_for_all_Types_of_Nodes_in_Fuzzy_GERT
  10. Radziszewska-Zielina, E., Śladowski, G. (2017). Proposal of the Use of a Fuzzy Stochastic Network for the Preliminary Evaluation of the Feasibility of the Process of the Adaptation of a Historical Building to a Particular Form of Use. IOP Conference Series: Materials Science and Engineering, 245, 072029. doi: https://doi.org/10.1088/1757-899x/245/7/072029
  11. Tousheh Asl, S., Hashemin, S. S. (2018). Completion Time of Special Kind of GERT-Type Networks with Fuzzy Times for Activities. International Journal of Industrial Engineering, 5 (1), 1–8. doi: https://doi.org/10.14445/23499362/ijie-v5i1p101
  12. Wang, H.-H., Zhu, J.-J., Yao, Y.-C. (2019). GERT network optimization with consideration of "time-resource" on large aircraft collaborative development. Kongzhi yu Juece/Control and Decision, 34 (2), 309–316. doi: https://doi.org/10.13195/j.kzyjc.2018.0121
  13. Liu, X., Fang, Z., Zhang, N. (2017). A value transfer GERT network model for carbon fiber industry chain based on input–output table. Cluster Computing, 20 (4), 2993–3001. doi: https://doi.org/10.1007/s10586-017-0960-y
  14. Semenov, S., Liqiang, Z., Weiling, C. (2020). Penetration Testing Process Mathematical Model. 2020 IEEE International Conference on Problems of Infocommunications. Science and Technology (PIC S&T). doi: https://doi.org/10.1109/picst51311.2020.9468039
  15. Norouzi, G., Heydari, M., Noori, S., Bagherpour, M. (2015). Developing a Mathematical Model for Scheduling and Determining Success Probability of Research Projects Considering Complex-Fuzzy Networks. Journal of Applied Mathematics, 2015, 1–15. doi: https://doi.org/10.1155/2015/809216
  16. Gavareshki, M. H. K. (2004). New fuzzy GERT method for research projects scheduling. 2004 IEEE International Engineering Management Conference (IEEE Cat. No.04CH37574). doi: https://doi.org/10.1109/iemc.2004.1407495

Downloads

Published

2021-12-29

How to Cite

Semenov, S., Zhang, L., Cao, W., Bulba, S., Babenko, V., & Davydov, V. (2021). Development of a fuzzy GERT-model for investigating common software vulnerabilities. Eastern-European Journal of Enterprise Technologies, 6(2 (114), 6–18. https://doi.org/10.15587/1729-4061.2021.243715

Issue

Vol. 6 No. 2 (114) (2021): Information technology. Industry control systems

Section

Information technology

License

Copyright (c) 2021 Serhii Semenov, Liqiang Zhang, Weiling Cao, Serhii Bulba, Vira Babenko, Viacheslav Davydov

Creative Commons License

This work is licensed under a Creative Commons Attribution 4.0 International License.

The consolidation and conditions for the transfer of copyright (identification of authorship) is carried out in the License Agreement. In particular, the authors reserve the right to the authorship of their manuscript and transfer the first publication of this work to the journal under the terms of the Creative Commons CC BY license. At the same time, they have the right to conclude on their own additional agreements concerning the non-exclusive distribution of the work in the form in which it was published by this journal, but provided that the link to the first publication of the article in this journal is preserved.

A license agreement is a document in which the author warrants that he/she owns all copyright for the work (manuscript, article, etc.).
The authors, signing the License Agreement with TECHNOLOGY CENTER PC, have all rights to the further use of their work, provided that they link to our edition in which the work was published.
According to the terms of the License Agreement, the Publisher TECHNOLOGY CENTER PC does not take away your copyrights and receives permission from the authors to use and dissemination of the publication through the world's scientific resources (own electronic resources, scientometric databases, repositories, libraries, etc.).
In the absence of a signed License Agreement or in the absence of this agreement of identifiers allowing to identify the identity of the author, the editors have no right to work with the manuscript.
It is important to remember that there is another type of agreement between authors and publishers – when copyright is transferred from the authors to the publisher. In this case, the authors lose ownership of their work and may not use it in any way.