Кафедри

Постійне посилання на розділhttps://repository.kpi.kharkov.ua/handle/KhPI-Press/35393

Переглянути

Результати пошуку

Зараз показуємо 1 - 4 з 4
  • Ескіз
    Документ
    Automated penetration testing method using deep machine learning technology
    (Національний технічний університет "Харківський політехнічний інститут", 2021) Semenov, Serhii; Weilin, Cao; Liqiang, Zhang; Bulba, Serhii
    The article developed a method for automated penetration testing using deep machine learning technology. The main purpose of the development is to improve the security of computer systems. To achieve this goal, the analysis of existing penetration testing methods was carried out and their main disadvantages were identified. They are mainly related to the subjectivity of assessments in the case of manual testing. In cases of automated testing, most authors confirm the fact that there is no unified effective solution for the procedures used. This contradiction is resolved using intelligent methods of analysis. It is proposed that the developed method be based on deep reinforcement learning technology. To achieve the main goal, a study was carried out of the Shadov system's ability to collect factual data for designing attack trees, as well as the Mulval platform for generating attack trees. A method for forming a matrix of cyber intrusions using the Mulval tool has been developed. The Deep Q - Lerning Network method has been improved for analyzing the cyber intrusion matrix and finding the optimal attack trajectory. In the study, according to the deep reinforcement learning method, the reward scores assigned to each node, according to the CVSS rating, were used. This made it possible to shrink the attack trees and identify an attack with a greater likelihood of occurring. A comparative study of the automated penetration testing method was carried out. The practical possibility of using the developed method to improve the security of a computer system has been revealed.
  • Ескіз
    Документ
    Automated penetration testing method using deep machine learning technology
    (Національний технічний університет "Харківський політехнічний інститут", 2021) Semenov, S. S.; Weilin, Cao; Liqiang, Zhang; Bulba, S. S.
    The article developed a method for automated penetration testing using deep machine learning technology. The main purpose of the development is to improve the security of computer systems. To achieve this goal, the analysis of existing penetration testing methods was carried out and their main disadvantages were identified. They are mainly related to the subjectivity of assessments in the case of manual testing. In cases of automated testing, most authors confirm the fact that there is no unified effective solution for the procedures used. This contradiction is resolved using intelligent methods of analysis. It is proposed that the developed method be based on deep reinforcement learning technology. To achieve the main goal, a study was carried out of the Shadov system's ability to collect factual data for designing attack trees, as well as the Mulval platform for generating attack trees. A method for forming a matrix of cyber intrusions using the Mulval tool has been developed. The Deep Q - Lerning Network method has been improved for analyzing the cyber intrusion matrix and finding the optimal attack trajectory. In the study, according to the deep reinforcement learning method, the reward scores assigned to each node, according to the CVSS rating, were used. This made it possible to shrink the attack trees and identify an attack with a greater likelihood of occurring. A comparative study of the automated penetration testing method was carried out. The practical possibility of using the developed method to improve the security of a computer system has been revealed.
  • Ескіз
    Документ
    Analysis and comparative studies of software penetration testing methods
    (Національний технічний університет "Харківський політехнічний інститут", 2021) Liqiang, Zhang; Weiling, Cao; Rabčan, Jan; Davydov, Viacheslav; Miroshnichenko, Nataliia
    Information security is one of the most important components in any organization. The disclosure of this information can lead not only to material losses, but also to the loss of the reputation and image of the company, which ultimately, in some cases, can lead to its complete collapse. Therefore, in order to avoid these consequences, it is necessary to analyze the security and reliability of information processing systems. One of the most effective ways to do this is through the use of "penetration testing" methods. The results obtained. The section provides software vulnerabilities analysis. The most frequently used types of attacks and intrusions by cyber intruders are highlighted. In contrast to this, methods comparative analysis for identifying software vulnerabilities was carried out. It is concluded that it is advisable to improve the methods for identifying vulnerabilities through the recommendations complex use taking into account the existing security risks of software tools, the features of modern methodologies and software development tools, as well as the modern software penetration testing methods capabilities.
  • Ескіз
    Документ
    Testing process for penetration into computer systems mathematical model modification
    (Національний технічний університет "Харківський політехнічний інститут", 2020) Semenov, Serhii; Weilin, Cao
    Testing process for penetration into computer systems mathematical model was developed in the article. The proposed model differs from the known by computer systems specialized information platforms security testing capabilities, which made it possible to estimate the penetration test algorithm execution time falling within a given interval probability. The proposed testing process for penetration into computer systems mathematical model was further developed (modified). Modified model distinctive feature is the Erlang distribution as the main one in the state transition processes mathematical formalization. This made it possible on the one hand to unify the mathematical model and present thetesting process at a higher level of the testing hierarchy, on the other hand to simplify it 1.7 times. A security testing mathematical model was developed in order to estimate the simulation results accuracy, based on the known GERT- networks simplification and modification approach. Testing algorithms execution time value mathematical expectation values are obtained and estimated. Comparative modeling results investigations have shown the study values comparability for all three approaches of security testing process mathematical formalization. This confirmed the hypothesis that it is advisable to use a unified mathematical formalization approach, which was implemented in a penetration testing process modified mathematical model.