One of the leading areas of cybersecurity of communication networks is considered – the introduction of preventive mechanisms, among which the most promising are the methods of active security analysis. These methods allow, in addition to timely detection of vulnerabilities of the target system (analyzed system), to confirm the possibility of their implementation, that is, to validate vulnerabilities by simulating the real actions of a potential attacker. The urgent need to validate vulnerabilities out of the many identified is caused by the fact that some of them can only be theoretical, while others are exploited using malicious scripts (exploits). At the same time, the process of validating vulnerabilities is practically not studied. That is why the work carried out an experimental study of the functioning of modern tools for exploiting vulnerabilities. Based on the observations, general quantitative characteristics of the vulnerability validation process were identified. A mathematical model for the analysis of the above characteristics based on Bernstein polynomials has been developed. It is the polynomial representation of the procedure for confirming the possibility of implementing the identified vulnerabilities that makes it possible to describe the dynamics of this process, taking into account the complex and volatile nature of the environment. Analytical dependencies are obtained for the number of cases of successful and negative confirmation of vulnerabilities. In particular, negative validation cases include simply failed attempts to validate vulnerabilities, as well as attempts that resulted in critical errors on the target system during the rational cycle of validating the identified vulnerabilities. The proposed dependencies make it possible to construct the probability distribution laws for the above characteristics of the vulnerability testing process.
The dynamics of the increase in the number of vulnerabilities of software and hardware platforms of corporate networks, the accessibility of exploit modules for these vulnerabilities in the Internet and the Darknet, along with the lack of a sufficient number of highly qualified cybersecurity specialists make the problem of effective automation of preventive information protection mechanisms quite urgent. In particular, the basic algorithms for the sequential implementation of exploits embedded in the vulnerability exploitation tools are quite primitive, and the proposed approaches to their improvement require constant adaptation of mathematical models of the implementation of attacking actions. This justifies the direction of this research. This paper considers the issue of forming decision-making rules for the implementation of vulnerabilities’ exploits during an active analysis of the corporate networks’ security. Based on the results of the analysis of quantitative indicators of the quality of the validation mechanism of the identified vulnerabilities and the use of fuzzy logic methods, a fuzzy system was formed, membership functions for each of the linguistic variables were determined and a knowledge base was built, which makes it possible to determine the quality level of the validation mechanism of the identified vulnerabilities based on all available information. At the same time, in order to eliminate the “human factor” of making mistakes when validating vulnerabilities, based on the built fuzzy knowledge base and the established levels of exploit modules’ efficiency, the rules for the implementation of individual exploit modules during an active analysis of the corporate network’s security were formed. Results of research make it possible to create expert systems for diagnosing the effectiveness of the validation mechanism of the identified vulnerabilities of target systems, and also help to solve the problem of the lack of qualified specialists in the analysis and maintenance of an appropriate level of information security of corporate networks.
The article considers the problem of determining and assessing the quality of the vulnerability validation mechanism of the information systems and networks. Based on the practical analysis of the vulnerability validation process and the analytical dependencies of the basic characteristics of the vulnerability validation quality obtained using the Bernstein polynomials, additional key indicators were identified and characterised, which make it possible to assert with high reliability about the positive progress or consequences of the vulnerability validation of the target corporate network. The intervals of these indicators were experimentally determined at which the vulnerability validation mechanism is of high quality. In addition, during the calculations, a single integral indicator was also derived to quantitatively assess the quality of the vulnerability validation mechanism of the corporate networks, and an experimental study was carried out, as well as the assessment of the quality of the automatic vulnerability validation mechanism of the db_autopwn plugin designed to automate the Metasploit framework vulnerability exploitation tool. As a result, it was proposed the methodology for analysing the quality of the vulnerability validation mechanism in the corporate networks, which allows one to quantify the quality of the validation mechanism under study, which in turn will allow real-time monitoring and control of the validation progress of the identified vulnerabilities. Also, in the study, the dependences of previously determined key performance indicators of the vulnerability validation mechanism on the rational cycle time were obtained, which makes it possible to build the membership functions for the fuzzy sets. The construction of these sets, in particular, allows making decisions with minimal risks for an active analysis of the security of corporate networks.
Ан от а ц і я. Предметом вивчення у статті є модель процесу активного аналізу захищеності інформаційних систем та мереж, зокрема одного з її ключових компонентів, а саме механізму валідації вразливостей. Метою дослідження є розробка математичної моделі аналізу кількості успішної та негативної валідацій за час раціонального циклу валідації виявлених вразливостей під час автоматизованого активного аналізу захищеності корпоративної мережі. Результати: на основі проведених в роботі спостережень та досліджень функціонування засобів експлуатації виявлених вразливостей було прийнято рішення щодо опису динаміки процесів валідації саме за допомогою поліномів Бернштейна, які успішно апроксимують аналітичні залежності для кількісних характеристик процесу валідації вразливостей. При цьому, на основі порівняння емпіричних та розрахункових значень даних характеристик встановлено, що відхилення є допустимими. Висновки: розроблена математична модель забезпечує отримання аналітичних залежностей для кількості успішно валідованих, невалідованих вразливостей та кількості випадків валідації вразливостей, що призвели до критичних помилок за час раціонального циклу валідації виявлених вразливостей. К лю чов і с лов а : активний аналіз захищеності; валідація вразливостей; корпоративна мережа; поліноми Бернштейна.
scite is a Brooklyn-based organization that helps researchers better discover and understand research articles through Smart Citations–citations that display the context of the citation and describe whether the article provides supporting or contrasting evidence. scite is used by students and researchers from around the world and is funded in part by the National Science Foundation and the National Institute on Drug Abuse of the National Institutes of Health.
hi@scite.ai
10624 S. Eastern Ave., Ste. A-614
Henderson, NV 89052, USA
Copyright © 2024 scite LLC. All rights reserved.
Made with 💙 for researchers
Part of the Research Solutions Family.