Automatic construction of a neuro-fuzzy vulnerability risk analysis model

Tatarinova, Yuliia; Sinelnikova, Olga

doi:10.1109/stc-csit.2019.8929770

Cited by 1 publication

(1 citation statement)

References 5 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…In paper [20], a fuzzy model of the Evaluation() function (4) was constructed, membership functions were determined and a rule base was formed based on expert evaluation. According to paper [20], the size of the characteristic vector and of linguistic variables is len(T i )=8, and the number of term-sets is len(T i j)=34. In order to take into consideration most possible cases, the size of the required rule base should be ≈82.000.…”

Section: Neuro-fuzzy Systemsmentioning

confidence: 99%

Constructing a model for the dynamic evaluation of vulnerability in software based on public sources

Tatarinova¹,

Sinelnikova

2021

EEJET

Self Cite

View full text Add to dashboard Cite

One of the key processes in software development and information security management is the evaluation of vulnerability risks. Analysis and evaluation of vulnerabilities are considered a resource-intensive process that requires high qualifications and a lot of technical information. The main opportunities and drawbacks of existing systems for evaluation of vulnerability risks in software, which include the lack of consideration of the impact of trends and the degree of popularity of vulnerability on the final evaluation, were analyzed. During the study, the following information was analyzed in the structured form: the vector of the general system of vulnerability evaluation, the threat type, the attack vector, the existence of the original code with patches, exploitation programs, and trends. The obtained result made it possible to determine the main independent characteristics, the existence of a correlation between the parameters, the order, and schemes of the relationships between the basic magnitudes that affect the final value of evaluation of vulnerability impact on a system. A dataset with formalized characteristics, as well as expert evaluation for further construction of a mathematical model, was generated. Analysis of various approaches and methods for machine learning for construction of a target model of dynamic risk evaluation was carried out: neuro-fuzzy logic, regression analysis algorithms, neuro-network modeling. A mathematical model of dynamic evaluation of vulnerability risk in software, based on the dynamics of spreading information about a vulnerability in open sources and a multidimensional model with an accuracy of 88.9 %, was developed. Using the obtained model makes it possible to reduce the analysis time from several hours to several minutes and to make a more effective decision regarding the establishment of the order of patch prioritization, to unify the actions of experts, to reduce the cost of managing information security risks

show abstract

Section: Neuro-fuzzy Systemsmentioning

confidence: 99%