The subject matter of the paper is the process of ensuring the protection of Web applications against attacks aimed at obtaining unauthorized access to the functions of the content management system administrator. The goal is to create a method to select measures to protect the Web application against attacks. The tasks are: to determine a list of common Web application security measures, to develop a method of selection the most efficient protective measures within a limited budget. The methods used are: attacks trees analysis, expert assessment method, methods for solving nonlinear integer programming problems with Boolean variables. The following results were obtained. The method for selecting Web application security measures based on the success rate estimation of a Web application attack has been developed. Inasmuch as all protective measures differ in cost, effectiveness, and influence on various attack vectors, as a result of the choice an optimal set of countermeasures that will provide the maximal reduction level of attack success rate must be determined. That's why not only changing the parameters of countermeasures, but also changing the parameters of the attack tree can lead to changing the set of countermeasures. The problem of selecting protection measures is a nonlinear problem of integer programming with Boolean variables. Conclusions. The scientific novelty of the results is as follows: the method of selecting countermeasures by solving the optimization problem, which allows to select the most effective countermeasures in a limited budget, was improved. The minimization of the attack success rate is used as а target function; the budget of services is specified as a limitation. However, it is also possible to use a minimization of a budget level as a target function, wherein the maximum allowable value of the attack success rate is used as a limitation.
The subject matter of the article is methods and technologies of ensuring the cybersecurity of industrial and web-oriented systems and networks, training of cybersecurity specialists during the acquisition of professional knowledge. The purpose of the article is to ensure the cybersecurity of industrial and web-oriented systems and networks by developing and implementing appropriate methodologies (concepts, principles, set of models, methods) and technologies in the industry, as well as in training the cybersecurity specialists during the acquisition of professional knowledge. The problem of developing models, methods, and technologies for ensuring the cybersecurity of mobile systems, web-oriented systems based on content management systems, virtual networks that provide their interaction, and a methodology for training cybersecurity specialists are formulated. Based on the analysis the particular tasks of developing convolutional neural network model, information technology methods and models for ensuring the cybersecurity of web-oriented systems and networks, a methodological framework of creating information technology, and a model of digital knowledge platform for use in the field of cybersecurity specialists training and security of industrial systems were formulated. The basic theoretical decisions, which underlie the construction of real industrial and web-oriented systems and networks, were described in the article. The results of work are increased reliability value of detecting the malware in the Android operating system, reduced rates of false positives, provided an allowable value of the success rate of attacks at a minimum cost, reduced time spent on building and rebuilding the structure of the virtual network, increased efficiency of cybersecurity specialists training and security of industrial systems. From the above, it is possible to conclude that the obtained results can be used in a line of existing and prospective approaches at designing difficult, complex, hybrid, technical, cyber-physical systems with a web-oriented interface for users and administrators.
The paper deals with the process of development of the universal data transfer protocol for IOT projects. It describes the reasons for the mobile solution is needed. All main ways of communication are every IOT system are described. It is spoken in details about different ways to transfer data on the mobile side. WIFI, Bluetooth and Bluetooth Low Energy are noted as main existed protocols. Much attention is given to Bluetooth Low Energy as the main protocol for the universal solution to base on. The method proposed explained with the example of the common healthcare project’s system. The main data buses are defined.
Дослідження процесів отримання несанкціонованого доступу в системах керування вмістом являє науковий інтерес і дає можливість розробляти ефективні способи захисту від вторгнень. Предметом дослідження є процеси оцінювання та забезпечення безпеки Web-застосунків, створених за допомогою систем керування вмістом. Метою статті є визначення проблем оцінювання і забезпечення безпеки Web-застосунків. Результати. Показано особливості використання систем керування вмістом в якості об'єкта дослідження проблем безпеки. Визначено основні причини успішних атак Web-застосунків. Наведені приклади існуючих методів тестування безпеки, визначено їх переваги та недоліки. Запропоновано комплекс дій, спрямованих на зниження ймовірності успішної атаки. Висновок. Визначено проблеми оцінювання та забезпечення безпеки Web-застосунків. Зумовлено необхідність створення методів для вирішення проблем, показано взаємозв'язок вирішуваних завдань.
scite is a Brooklyn-based organization that helps researchers better discover and understand research articles through Smart Citations–citations that display the context of the citation and describe whether the article provides supporting or contrasting evidence. scite is used by students and researchers from around the world and is funded in part by the National Science Foundation and the National Institute on Drug Abuse of the National Institutes of Health.
hi@scite.ai
10624 S. Eastern Ave., Ste. A-614
Henderson, NV 89052, USA
Copyright © 2024 scite LLC. All rights reserved.
Made with 💙 for researchers
Part of the Research Solutions Family.