Development of a method for checking vulnerabilities of a corporate network using Bernstein transformations

Authors

DOI:

https://doi.org/10.15587/1729-4061.2022.253530

Keywords:

active security analysis, exploitation of vulnerabilities, target system, corporate network security

Abstract

One of the leading areas of cybersecurity of communication networks is considered – the introduction of preventive mechanisms, among which the most promising are the methods of active security analysis. These methods allow, in addition to timely detection of vulnerabilities of the target system (analyzed system), to confirm the possibility of their implementation, that is, to validate vulnerabilities by simulating the real actions of a potential attacker. The urgent need to validate vulnerabilities out of the many identified is caused by the fact that some of them can only be theoretical, while others are exploited using malicious scripts (exploits). At the same time, the process of validating vulnerabilities is practically not studied. That is why the work carried out an experimental study of the functioning of modern tools for exploiting vulnerabilities. Based on the observations, general quantitative characteristics of the vulnerability validation process were identified. A mathematical model for the analysis of the above characteristics based on Bernstein polynomials has been developed. It is the polynomial representation of the procedure for confirming the possibility of implementing the identified vulnerabilities that makes it possible to describe the dynamics of this process, taking into account the complex and volatile nature of the environment. Analytical dependencies are obtained for the number of cases of successful and negative confirmation of vulnerabilities. In particular, negative validation cases include simply failed attempts to validate vulnerabilities, as well as attempts that resulted in critical errors on the target system during the rational cycle of validating the identified vulnerabilities. The proposed dependencies make it possible to construct the probability distribution laws for the above characteristics of the vulnerability testing process.

Author Biographies

Roman Kyrychok, Borys Hrinchenko Kyiv University

PhD

Department of Information and Cyber Security named after Professor Volodymyr Вuriachok

Oleksandr Laptiev, Taras Shevchenko National University of Kyiv

Doctor of Technical Sciences, Associate Professor, Senior Researcher

Department of Cyber Security and Information Protection

Rostyslav Lisnevskyi, Taras Shevchenko National University of Kyiv

PhD, Associate Professor

Information Department System and Technologies

Valerii Kozlovskyi, National Aviation University

Doctor of Technical Sciences, Professor, Head of Department

Department of Information Security

Vitaliy Klobukov, National Aviation University

PhD, Assistant

Department of Information Security

References

  1. State of Cybersecurity Resilience 2021: How aligning security and the business creates cyber resilience. Accenture. Available at: https://www.accenture.com/_acnmedia/PDF-165/Accenture-State-Of-Cybersecurity-2021.pdf
  2. Bernshteyn, S. (1952). Dokazatel'stvo teoremy Veyershtrassa, osnovannoe na teorii veroyatnostey. Sobranie sochineniy. Vol. 1. Moscow: AN SSSR.
  3. Malozemov, V. (2019). O mnogochlenakh Bernshteyna. Seminar «CNSA & NDO». Available at: http://apmath.spbu.ru/cnsa/pdf/2019/Malozemov_BernsteinPolynom_17sep2019.pdf
  4. Milov, O., Yevseiev, S., Ivanchenko, Y., Milevskyi, S., Nesterov, O., Puchkov, O. et. al. (2019). Development of the model of the antagonistic agents behavior under a cyber conflict. Eastern-European Journal of Enterprise Technologies, 4 (9 (100)), 6–19. doi: https://doi.org/10.15587/1729-4061.2019.175978
  5. Barabash, O. (2020). The Indirect method of obtaining Estimates of the Parameters of Radio Signals of covert means of obtaining Information. International Journal of Emerging Trends in Engineering Research, 8 (8), 4133–4139. doi: https://doi.org/10.30534/ijeter/2020/17882020
  6. Laptiev, O., Vitalii, S., Yevseiev, S., Haidur, H., Gakhov, S., Hohoniants, S. (2020). The new method for detecting signals of means of covert obtaining information. 2020 IEEE 2nd International Conference on Advanced Trends in Information Theory (ATIT). doi: https://doi.org/10.1109/atit50783.2020.9349322
  7. Savchenko, V., Laptiev, O., Kolos, O., Lisnevskyi, R., Ivannikova, V., Ablazov, I. (2020). Hidden Transmitter Localization Accuracy Model Based on Multi-Position Range Measurement. 2020 IEEE 2nd International Conference on Advanced Trends in Information Theory (ATIT). doi: https://doi.org/10.1109/atit50783.2020.9349304
  8. Korchenko, A., Breslavskyi, V., Yevseiev, S., Zhumangalieva, N., Zvarych, A., Kazmirchuk, S. et. al. (2021). Development of a method for constructing linguistic standards for multi-criteria assessment of honeypot efficiency. Eastern-European Journal of Enterprise Technologies, 1 (2 (109)), 14–23. doi: https://doi.org/10.15587/1729-4061.2021.225346
  9. Laptiev, O., Savchenko, V., Pravdyvyi, A., Ablazov, I., Lisnevskyi, R., Kolos, O., Hudyma, V. (2021). Method of Detecting Radio Signals using Means of Covert by Obtaining Information on the basis of Random Signals Model. International Journal of Communication Networks and Information Security (IJCNIS), 13 (1), 48–54. URL: https://www.ijcnis.org/index.php/ijcnis/article/view/4902
  10. Hryshchuk, R., Korobiichuk, I., Ivanchenk, S., Roma, O., Golishevsky, A. (2019). The Throughput of Technical Channels as an Indicator of Protection Discrete Sources from Information Leakage. Computer Modeling and Intelligent Systems, 2353, 523–532.
  11. Mashkov, O. A., Sobchuk, V. V., Barabash, O. V., Dakhno, N. B. et. al. (2019). Improvement of variational-gradient method in dynamical systems of automated control for integro-differential models. Mathematical Modeling and Computing, 6 (2), 344–357. doi: https://doi.org/10.23939/mmc2019.02.344
  12. Barabash, O., Dakhno, N., Shevchenko, H., Sobchuk, V. (2018). Integro-Differential Models of Decision Support Systems for Controlling Unmanned Aerial Vehicles on the Basis of Modified Gradient Method. 2018 IEEE 5th International Conference on Methods and Systems of Navigation and Motion Control (MSNMC). doi: https://doi.org/10.1109/msnmc.2018.8576310
  13. Korotin, S., Kravchenko, Y., Starkova, O., Herasymenko, K., Mykolaichuk, R. (2019). Analytical Determination of the Parameters of the Self-Tuning Circuit of the Traffic Control System on the Limit of Vibrational Stability. 2019 IEEE International Scientific-Practical Conference Problems of Infocommunications, Science and Technology (PIC S&T). doi: https://doi.org/10.1109/picst47496.2019.9061256
  14. Rakushev, M., Permiakov, O., Lavrinchuk, O., Tarasenko, S., Kovbasiuk, S., Kravchenko, Y. (2019). Numerical Method of Integration on the Basis of Multidimensional Differential-Taylor Transformations. 2019 IEEE International Scientific-Practical Conference Problems of Infocommunications, Science and Technology (PIC S&T). doi: https://doi.org/10.1109/picst47496.2019.9061339
  15. Barabash, O., Lukova-Chuiko, N., Sobchuk, V., Musienko, A. (2018). Application of Petri Networks for Support of Functional Stability of Information Systems. 2018 IEEE First International Conference on System Analysis & Intelligent Computing (SAIC). doi: https://doi.org/10.1109/saic.2018.8516747
  16. Kravchenko, Y., Leshchenko, O., Dakhno, N., Trush, O., Makhovych, O. (2019). Evaluating the Effectiveness of Cloud Services. 2019 IEEE International Conference on Advanced Trends in Information Theory (ATIT). doi: https://doi.org/10.1109/atit49449.2019.9030430
  17. Musienko, A. P., Serdyuk, A. S. (2013). Lebesgue-type inequalities for the de la Vallée-poussin sums on sets of entire functions. Ukrainian Mathematical Journal, 65 (5), 709–722. doi: https://doi.org/10.1007/s11253-013-0808-4
  18. Saiko, V., Nakonechnyi, V., Narytnyk, T., Brailovskyi, M., Lukova-Chuiko, N. (2020). Terahertz Range Interconnecting Line For LEO-System. 2020 IEEE 15th International Conference on Advanced Trends in Radioelectronics, Telecommunications and Computer Engineering (TCSET). doi: https://doi.org/10.1109/tcset49122.2020.235468
  19. Ruban, I., Martovytskyi, V., Lukova-Chuiko, N. (2018). Approach to Classifying the State of a Network Based on Statistical Parameters for Detecting Anomalies in the Information Structure of a Computing System. Cybernetics and Systems Analysis, 54 (2), 302–309. doi: https://doi.org/10.1007/s10559-018-0032-1
  20. Lakhno, V., Kozlovskii, V., Boiko, Y., Mishchenko, A., Opirskyy, I. (2017). Management of information protection based on the integrated implementation of decision support systems. Eastern-European Journal of Enterprise Technologies, 5 (9 (89)), 36–42. doi: https://doi.org/10.15587/1729-4061.2017.111081
  21. Kozlovskyi, V., Lakhno, V., Kasatkin, D., Boiko, Y., Kravchuk, P., Lishchynovska, N. (2019). A model and algorithm for detecting spyware in medical information systems. International Journal of Mechanical Engineering and Technology, 10 (1), 287–295. Available at: https://iaeme.com/MasterAdmin/Journal_uploads/IJMET/VOLUME_10_ISSUE_1/IJMET_10_01_029.pdf
  22. Lakhno, V. A., Kasatkin, D. Y., Blozva, A. I., Kozlovskyi, V., Balanyuk, Y., Boiko, Y. (2020). The Development of a Model of the Formation of Cybersecurity Outlines Based on Multi Criteria Optimization and Game Theory. Advances in Intelligent Systems and Computing, 10–22. doi: https://doi.org/10.1007/978-3-030-63319-6_2
  23. Barabash, O., Kopiika, O., Zamrii, I., Sobchuk, V., Musienko, A. (2018). Fraktal and Differential Properties of the Inversor of Digits of Q s-Representation of Real Number. Modern Mathematics and Mechanics, 79–95. doi: https://doi.org/10.1007/978-3-319-96755-4_5
  24. Samoilenko, A. M., Samoilenko, V. G., Sobchuk, V. V. (1999). On periodic solutions of the equation of a nonlinear oscillator with pulse influence. Ukrainian Mathematical Journal, 51 (6), 926–933. doi: https://doi.org/10.1007/bf02591979
  25. Sobchuk, V., Pichkur, V., Barabash, O., Laptiev, O., Igor, K., Zidan, A. (2020). Algorithm of Control of Functionally Stable Manufacturing Processes of Enterprises. 2020 IEEE 2nd International Conference on Advanced Trends in Information Theory (ATIT). doi: https://doi.org/10.1109/atit50783.2020.9349332
  26. Yudin, O., Sydorenko, V., Gnatyuk, S., Verkhovets, O. (2021). Model of the quantitative criterion calculation for security assessment of the information and telecommunications systems in the critical infrastructure of the state. Advanced Information Systems, 5 (4), 109–115. doi: https://doi.org/10.20998/2522-9052.2021.4.15
  27. Semenov, S., Weilin, C., Zhang, L., Bulba, S. (2021). Automated penetration testing method using deep machine learning technology. Advanced Information Systems, 5 (3), 119–127. doi: https://doi.org/10.20998/2522-9052.2021.3.16
  28. Operating System Market Share (11.2019-10.2020). Available at: https://netmarketshare.com/operating-system-market-share.aspx
  29. Desktop Windows Version Market Share Worldwide (01.2021-01.2022). Available at: https://gs.statcounter.com/os-version-market-share/windows/desktop/worldwide

Downloads

Published

2022-02-28

How to Cite

Kyrychok, R., Laptiev, O., Lisnevskyi, R., Kozlovskyi, V., & Klobukov, V. (2022). Development of a method for checking vulnerabilities of a corporate network using Bernstein transformations. Eastern-European Journal of Enterprise Technologies, 1(9(115), 93–101. https://doi.org/10.15587/1729-4061.2022.253530

Issue

Vol. 1 No. 9(115) (2022): Information and controlling system

Section

Information and controlling system

License

Copyright (c) 2022 Roman Kyrychok, Oleksandr Laptiev, Rostyslav Lisnevskyi, Valerii Kozlovskyi, Vitaliy Klobukov

Creative Commons License

This work is licensed under a Creative Commons Attribution 4.0 International License.

The consolidation and conditions for the transfer of copyright (identification of authorship) is carried out in the License Agreement. In particular, the authors reserve the right to the authorship of their manuscript and transfer the first publication of this work to the journal under the terms of the Creative Commons CC BY license. At the same time, they have the right to conclude on their own additional agreements concerning the non-exclusive distribution of the work in the form in which it was published by this journal, but provided that the link to the first publication of the article in this journal is preserved.

A license agreement is a document in which the author warrants that he/she owns all copyright for the work (manuscript, article, etc.).
The authors, signing the License Agreement with TECHNOLOGY CENTER PC, have all rights to the further use of their work, provided that they link to our edition in which the work was published.
According to the terms of the License Agreement, the Publisher TECHNOLOGY CENTER PC does not take away your copyrights and receives permission from the authors to use and dissemination of the publication through the world's scientific resources (own electronic resources, scientometric databases, repositories, libraries, etc.).
In the absence of a signed License Agreement or in the absence of this agreement of identifiers allowing to identify the identity of the author, the editors have no right to work with the manuscript.
It is important to remember that there is another type of agreement between authors and publishers – when copyright is transferred from the authors to the publisher. In this case, the authors lose ownership of their work and may not use it in any way.