Кафедри

Постійне посилання на розділhttps://repository.kpi.kharkov.ua/handle/KhPI-Press/35393

Переглянути

Результати пошуку

Зараз показуємо 1 - 3 з 3
  • Ескіз
    Документ
    The software security decision support method development
    (Національний технічний університет "Харківський політехнічний інститут", 2022) Liqiang, Zhang; Miroshnichenko, Nataliia
    The actuality of the power to improve the accuracy of the results was determined in order to make a decision about the process of testing the software security. An analysis of the methods of support for making a decision was carried out. The necessity and feasibility of improving the accuracy of the results was determined in case of further software security inconsistencies in the minds of the fuzziness of input and intermediate data. With this method, on the basis of the mathematical apparatus of fuzzy logic, the method of support for making a decision about the security of software security has been developed. The main feature of this method is the synthesis of an improved method of generating the initial vibration in the process of starting a piece of neural string. Within the framework of the model, the next stages of follow-up are reached. For the mathematical formalization of the process of accepting the decision and designation of the input data, the model of forming the vector in the input data was developed. Depending on this model for shaping the input data, an anonymous sign of potential inconsistencies and undeclared possibilities of the PP is valid until the data of PVS-Studio Analysis Results. To improve the accuracy of the classification of data collected, the method of creating a piece of neural array has been improved, which is modified by the method of generating a sample, which is being developed. This generation method includes three equal generations: generation of the initial vibration, generation of the initial butt and generation of a specific value of the safety characteristic. This made it possible to increase the accuracy of classification and acceptance of the solution by 1.6 times for positive elements in the selection by 1.2 times for negative elements in the selection. To confirm the effectiveness of the development of the method of support for the decision on how to ensure software security, a ROC-analysis was carried out over the course of the above procedures. The results of the experiment confirmed the hypothesis about the efficiency of the divided method of support to make a decision about the security of PZ up to 1.2 times equal to the methods, which are based on the position of discriminant and cluster analysis.
  • Ескіз
    Документ
    Analysis and comparative research of the main approaches to the mathematical formalization of the penetration testing process
    (ФОП Петров В. В., 2021) Liqiang, Zhang; Weiling, Cao; Davydov, Viacheslav; Brechko, Veronika
    In dynamic models, threats (vulnerabilities) can be viewed as a flow of temporary events. If the intervals of real-ized cyber threats are recorded, then a continuous log-list of events related to software security can be formed. In some cases and models, only the number of realized cyber threats for an arbitrary time interval can be recorded. In this case, the software response to threats can be represented only at discrete points. In static models, the implementation of cyber threats is not related to time, but the dependence of the number of errors or the number of implemented test cases (models by error area) on the characteristics of the input data (models by data area) is taken into account. The article analyzes the methods of mathematical formalization of the software penetration testing process. This software testing method is one of many approaches to testing the security of computer systems. The article substantiates the importance of the processes of preliminary prototyping and mathematical formalization. The classification is carried out and the advantages and disadvantages of the main approaches of mathematical modeling are highlighted. The list and main characteristics of dynamic and static models are presented. One of the negative factors of formalization is indicated - the neglect of the factors of a priori uncertainty in the safety parameters in static models.
  • Ескіз
    Документ
    Analysis and comparative studies of software penetration testing methods
    (Національний технічний університет "Харківський політехнічний інститут", 2021) Liqiang, Zhang; Weiling, Cao; Rabčan, Jan; Davydov, Viacheslav; Miroshnichenko, Nataliia
    Information security is one of the most important components in any organization. The disclosure of this information can lead not only to material losses, but also to the loss of the reputation and image of the company, which ultimately, in some cases, can lead to its complete collapse. Therefore, in order to avoid these consequences, it is necessary to analyze the security and reliability of information processing systems. One of the most effective ways to do this is through the use of "penetration testing" methods. The results obtained. The section provides software vulnerabilities analysis. The most frequently used types of attacks and intrusions by cyber intruders are highlighted. In contrast to this, methods comparative analysis for identifying software vulnerabilities was carried out. It is concluded that it is advisable to improve the methods for identifying vulnerabilities through the recommendations complex use taking into account the existing security risks of software tools, the features of modern methodologies and software development tools, as well as the modern software penetration testing methods capabilities.