AUTOMATIC SECURITY ANALYSIS OF INFORMATION SYSTEMS INDEPENDENTLY OF FORMAL SPECIFICATIONS
Annotation
Subject of Research.The paper considers the method for security analysis of information systems. The method enables to evaluate the security state of information system under research in terms of the presence of unpatched vulnerabilities, which could be exploited with the public instruments. The proposed method allows for the state analysis of information system under research with no need to compose any formal specifications. The validation is carried out upon the live system in automatic mode, and system reaction to the attacking influences, performed with the Metasploit penetration testing platform, is observed. Method. The attack tree for the system under research is being constructed on the basis of the input data matching. The tree traversal follows. This provides the possibility of multi-stage attack validation. The decrease of total security analysis time period is achieved due to marking the constructed tree with probabilities of its nodes successful triggering and probability accounting during tree traversal. This probabilistic elaboration is performed with the help of radial-basis artificial neural network. Reliability of performed analysis is provided with the actual validation of presumptive vulnerabilities during tree traversal. Main Results. The program system is implemented on the basis of the proposed method. The experiments on the processing rate and effectiveness are carried out. During the experiment the security state of information systems from the set was analyzed with the help of developed program and its analog. The developed system transcends the analog from 1.5 to 6 rate by the introduced quantitative index of effectiveness. This fact proves the efficiency of proposed method. Practical Relevance. Organizations and security analysts could apply the program system, implemented on the basis of proposed method, as the standalone penetration testing and security analysis instrument.
Keywords
Постоянный URL
Articles in current issue
- TWO-LENS AFOCAL COMPENSATOR FOR THERMAL DEFOCUS CORRECTION OF CATADIOPTRIC SYSTEM
- ATMOSPHERE PRESSURE EFFECT ON THE FIBER OPTIC GYROSCOPE OUTPUT SIGNAL
- CONTROL OF SCATTERING IN OPTICAL FIBER BY FIBER TWIST
- ALGORITHM FOR MOBILE ROBOT CROSS COUNTRY MOTION
- ALGORITHM FOR RESONANCE CONTROL OF IRON MASS FRACTION IN MAGNETITE ORE
- THEORETICAL ANALYSIS OF DYNAMIC SELECTION OF SWITCHING AUXILIARY OBJECTIVES ON XdivK PROBLEM
- ON RESTORATION OF SMEARED COLOR IMAGES
- IMAGE QUALITY ENHANCEMENT BY PROCESSING OF VIDEO FRAMES WITH DIFFERENT EXPOSURE TIME
- SECURITY MODEL OF MOBILE MULTI-AGENT ROBOTIC SYSTEMS WITH COLLECTIVE MANAGEMENT
- ANOMALY DETECTION IN WIRELESS SENSOR NETWORKS OF «SMART HOME» SYSTEM
- EFFECTIVENESS OF STEGANALYSIS BASED ON MACHINE LEARNING METHODS
- POST-INCIDENT INTERNAL AUDIT PROCEDURE OF COMPUTER DEVICES
- IMPROVED VISUAL ODOMETRY METHOD FOR SIMULTANEOUS UNMANNED AERIAL VEHICLE NAVIGATION AND EARTH SURFACE MAPPING
- FAST TEST ZONE SEARCH ALGORITHM FOR INTERFRAME ENCODING
- TREE SIMILARITY ESTIMATION BY CALCULATION OF pq-GRAM DISTANCE
- GENERATING DATASETS FOR THE BINARY CLASSIFICATION TASK BASED ON THEIR CHARACTERISTIC DESCRIPTIONS
- PARAMETER INTERVALITY OF REMOTE CONTROL SYSTEMS GENERATED WITH ERROR DETECTION MODE IN COMMUNICATION CHANNEL
- HEAT TRANSFER IN A CAVITY WITH ROTATING DISK IN TURBULENT REGIME
- MATHEMATICAL AND NUMERICAL MODELING OF FREE TURNING SEGMENTS OF SELF-REGULATED STATIC-DYNAMIC GAS BEARING
- NUMERICAL ANALYSIS METHODS OF SOFTWARE TEST EFFICIENCY
- ON THE SIMULATION PARADIGM ANALYSIS
- SMART LASER HEAD
- NEW DESIGN METHOD OF OUTPUT ROBUST CONTROL ALGORITHMS