Кафедри

Постійне посилання на розділhttps://repository.kpi.kharkov.ua/handle/KhPI-Press/35393

Переглянути

Результати пошуку

Зараз показуємо 1 - 6 з 6
  • Ескіз
    Документ
    The software security decision support method development
    (Національний технічний університет "Харківський політехнічний інститут", 2022) Liqiang, Zhang; Miroshnichenko, Nataliia
    The actuality of the power to improve the accuracy of the results was determined in order to make a decision about the process of testing the software security. An analysis of the methods of support for making a decision was carried out. The necessity and feasibility of improving the accuracy of the results was determined in case of further software security inconsistencies in the minds of the fuzziness of input and intermediate data. With this method, on the basis of the mathematical apparatus of fuzzy logic, the method of support for making a decision about the security of software security has been developed. The main feature of this method is the synthesis of an improved method of generating the initial vibration in the process of starting a piece of neural string. Within the framework of the model, the next stages of follow-up are reached. For the mathematical formalization of the process of accepting the decision and designation of the input data, the model of forming the vector in the input data was developed. Depending on this model for shaping the input data, an anonymous sign of potential inconsistencies and undeclared possibilities of the PP is valid until the data of PVS-Studio Analysis Results. To improve the accuracy of the classification of data collected, the method of creating a piece of neural array has been improved, which is modified by the method of generating a sample, which is being developed. This generation method includes three equal generations: generation of the initial vibration, generation of the initial butt and generation of a specific value of the safety characteristic. This made it possible to increase the accuracy of classification and acceptance of the solution by 1.6 times for positive elements in the selection by 1.2 times for negative elements in the selection. To confirm the effectiveness of the development of the method of support for the decision on how to ensure software security, a ROC-analysis was carried out over the course of the above procedures. The results of the experiment confirmed the hypothesis about the efficiency of the divided method of support to make a decision about the security of PZ up to 1.2 times equal to the methods, which are based on the position of discriminant and cluster analysis.
  • Ескіз
    Документ
    Automated penetration testing method using deep machine learning technology
    (Національний технічний університет "Харківський політехнічний інститут", 2021) Semenov, Serhii; Weilin, Cao; Liqiang, Zhang; Bulba, Serhii
    The article developed a method for automated penetration testing using deep machine learning technology. The main purpose of the development is to improve the security of computer systems. To achieve this goal, the analysis of existing penetration testing methods was carried out and their main disadvantages were identified. They are mainly related to the subjectivity of assessments in the case of manual testing. In cases of automated testing, most authors confirm the fact that there is no unified effective solution for the procedures used. This contradiction is resolved using intelligent methods of analysis. It is proposed that the developed method be based on deep reinforcement learning technology. To achieve the main goal, a study was carried out of the Shadov system's ability to collect factual data for designing attack trees, as well as the Mulval platform for generating attack trees. A method for forming a matrix of cyber intrusions using the Mulval tool has been developed. The Deep Q - Lerning Network method has been improved for analyzing the cyber intrusion matrix and finding the optimal attack trajectory. In the study, according to the deep reinforcement learning method, the reward scores assigned to each node, according to the CVSS rating, were used. This made it possible to shrink the attack trees and identify an attack with a greater likelihood of occurring. A comparative study of the automated penetration testing method was carried out. The practical possibility of using the developed method to improve the security of a computer system has been revealed.
  • Ескіз
    Документ
    Analysis and comparative research of the main approaches to the mathematical formalization of the penetration testing process
    (ФОП Петров В. В., 2021) Liqiang, Zhang; Weiling, Cao; Davydov, Viacheslav; Brechko, Veronika
    In dynamic models, threats (vulnerabilities) can be viewed as a flow of temporary events. If the intervals of real-ized cyber threats are recorded, then a continuous log-list of events related to software security can be formed. In some cases and models, only the number of realized cyber threats for an arbitrary time interval can be recorded. In this case, the software response to threats can be represented only at discrete points. In static models, the implementation of cyber threats is not related to time, but the dependence of the number of errors or the number of implemented test cases (models by error area) on the characteristics of the input data (models by data area) is taken into account. The article analyzes the methods of mathematical formalization of the software penetration testing process. This software testing method is one of many approaches to testing the security of computer systems. The article substantiates the importance of the processes of preliminary prototyping and mathematical formalization. The classification is carried out and the advantages and disadvantages of the main approaches of mathematical modeling are highlighted. The list and main characteristics of dynamic and static models are presented. One of the negative factors of formalization is indicated - the neglect of the factors of a priori uncertainty in the safety parameters in static models.
  • Ескіз
    Документ
    Automated penetration testing method using deep machine learning technology
    (Національний технічний університет "Харківський політехнічний інститут", 2021) Semenov, S. S.; Weilin, Cao; Liqiang, Zhang; Bulba, S. S.
    The article developed a method for automated penetration testing using deep machine learning technology. The main purpose of the development is to improve the security of computer systems. To achieve this goal, the analysis of existing penetration testing methods was carried out and their main disadvantages were identified. They are mainly related to the subjectivity of assessments in the case of manual testing. In cases of automated testing, most authors confirm the fact that there is no unified effective solution for the procedures used. This contradiction is resolved using intelligent methods of analysis. It is proposed that the developed method be based on deep reinforcement learning technology. To achieve the main goal, a study was carried out of the Shadov system's ability to collect factual data for designing attack trees, as well as the Mulval platform for generating attack trees. A method for forming a matrix of cyber intrusions using the Mulval tool has been developed. The Deep Q - Lerning Network method has been improved for analyzing the cyber intrusion matrix and finding the optimal attack trajectory. In the study, according to the deep reinforcement learning method, the reward scores assigned to each node, according to the CVSS rating, were used. This made it possible to shrink the attack trees and identify an attack with a greater likelihood of occurring. A comparative study of the automated penetration testing method was carried out. The practical possibility of using the developed method to improve the security of a computer system has been revealed.
  • Ескіз
    Документ
    Analysis and comparative studies of software penetration testing methods
    (Національний технічний університет "Харківський політехнічний інститут", 2021) Liqiang, Zhang; Weiling, Cao; Rabčan, Jan; Davydov, Viacheslav; Miroshnichenko, Nataliia
    Information security is one of the most important components in any organization. The disclosure of this information can lead not only to material losses, but also to the loss of the reputation and image of the company, which ultimately, in some cases, can lead to its complete collapse. Therefore, in order to avoid these consequences, it is necessary to analyze the security and reliability of information processing systems. One of the most effective ways to do this is through the use of "penetration testing" methods. The results obtained. The section provides software vulnerabilities analysis. The most frequently used types of attacks and intrusions by cyber intruders are highlighted. In contrast to this, methods comparative analysis for identifying software vulnerabilities was carried out. It is concluded that it is advisable to improve the methods for identifying vulnerabilities through the recommendations complex use taking into account the existing security risks of software tools, the features of modern methodologies and software development tools, as well as the modern software penetration testing methods capabilities.
  • Ескіз
    Документ
    Analysis and comparative researches of methods for improving the software
    (Національний технічний університет "Харківський політехнічний інститут", 2020) Mozhaiev, Mykhailo; Davydov, Viacheslav; Liqiang, Zhang
    The results analysis of main methods for identifying software vulnerabilities presents in the article. The results of authors’ research, synthesizing and regulating knowledge about systems for detecting software vulnerabilities, are presented. The software analysis methods used during certification tests are considered. It is shown that the methods and techniques existing for software security analysis use do not ensure the result accuracy under fuzzy input data conditions. This drawback is aggravated by strict requirements for the test scenarios implementation speed. This is largely due to the fact that experts, in order to a decision make, have to conflicting information large amounts analyzed. Consequently, it is necessary to develop a system for identifying vulnerabilities, the main task of which will be to the conflicting information amount minimize used by an expert when making a decision. The most promising direction the existing identifying vulnerabilities systems efficiency increasing is seen in reducing the burden on an expert by methods for identifying vulnerabilities and implementinga decision support system improving. This will significantly reduce the time spent on a decision making on software security, and, as a result, will the software security testing procedure accessible to a developer’s wide range make more.