A GERT model of an algorithm for analyzing security of a web application

Article Sidebar

PDF (Українська)
Published: Sep 11, 2017
DOI: https://doi.org/10.20998/2522-9052.2017.1.11
Keywords:
security of a Web application, a mathematical model, GERT model

Main Article Content

Anna Semenova
National Technical University "Kharkiv Polytechnic Institute", Kharkiv
Mark Dubrovskyi
Ivan Kozhedub Kharkiv National Air Force University, Kharkiv
Vitalii Savitskyi
Ivan Kozhedub Kharkiv National Air Force University, Kharkiv

Abstract

The subject of the study in the article is the mathematical network GERT model algorithm for analyzing the security of web applications, which allows you to find an arbitrary distribution function and the probability density function for the execution time of security of a Web application analysis algorithm. Objectives: The analysis of the problem and formulation of the task, task solution, flow chart of security of a Web application analysis, GERT model of security of a Web application analysis algorithm, probability density function for the execution time of security of a Web application analysis algorithm. The methods that are used: Methods of graph theory, security testing algorithms, methods of probability theory and mathematical statistics. The following results are obtained. An algorithm for testing the security of web applications is developed. A mathematical model of the algorithm for testing Web application security was developed, the model allowed to find an arbitrary distribution function of the statistical value of the vulnerability testing time. The probability distribution function for testing the security of web applications is found. This will make calculations and identify the most likely case of the law of distribution of the random value of the time of testing Web application security. Conclusion. A mathematical model of the algorithm security of a Web application analysis has been developed based on an exponential GERT network that is different from known models through taking into account DOM structure execution or analysis. The model can be used to study processes in automated systems as well as to develop new data security tools and protocols. Using exponential stochastic GERT models makes it possible to employ results obtained in an analytical form (functions, distribution densities) for comparative analysis and studies of more complex computer systems using mathematical methods.

Article Details

How to Cite
Semenova, A., Dubrovskyi, M., & Savitskyi, V. (2017). A GERT model of an algorithm for analyzing security of a web application. Advanced Information Systems, 1(1), 61–64. https://doi.org/10.20998/2522-9052.2017.1.11
Issue
Vol. 1 No. 1 (2017): Advanced Information Systems
Section
Methods of information systems protection
Author Biographies

Anna Semenova, National Technical University "Kharkiv Polytechnic Institute", Kharkiv

student of the Department of Computer Science and Programming

Mark Dubrovskyi, Ivan Kozhedub Kharkiv National Air Force University, Kharkiv

student

Vitalii Savitskyi, Ivan Kozhedub Kharkiv National Air Force University, Kharkiv

student

References

About The Open Web Application Security Project – OWASP, available at :

https://www.owasp.org/index.php/About_The_ Open_Web_Application_Security_Project (last accessed December 26, 2016).

Babincev, I. and Vuletic, D. (2016), “Web application security analysis using the kali Linux operating system”, Vojnotehnicki glasnik. Military Technical Courier, Vol. 64 № 2 available at : https://cyberleninka.ru/article/v/web-application-security-analysis-using-the-kali-linux-operating-system (last accessed December 26, 2016).

Baranov, P. and Beybutov E. (2015) “Securing information resources using Web application firewalls”, Business Informatics, No. 4 (34). pp. 71-78.

Edvards, G. (1980), Poslednyaya teorema Ferma. Geneticheskoye vvedeniye v algebraicheskuyu teoriyu chisel, Moskva : Mir, 486 p.

Gmurman, V.Ye. (2003), Teoriya veroyatnostey i matematicheskaya statistika, Moskva : Vysshaya shkola, 479 p.

Il'yenko, F.V. and Prikhod'ko, T.A. (2013), “Problemy uyazvimosti Web i sredstva dlya analiza bezopasnosti Web- prilozheniy”, Ínformatsíyní upravlyayuchí sistemi ta komp’yuterniy monítoring. Materiali III mizhnarodnoí naukovo- tekhnichnoí konferentsií studentiv, aspirantiv ta molodikh vchenikh, Donets'k, DonNTU, available at : http://masters.donntu. org/2013/fknt/ilyenko/library/sredstva_analiza_bezopasnosti_web_ilyenko_prixodko.pdf (last accessed December 26, 2016).

Category: OWASP Top Ten Project – OWASP, available at :

https://www.owasp.org/index.php/Category:OWASP_Top_ Ten_Project. (last accessed December 26, 2016).

Cohen, W., Ravikumar, P. and Fienberg S. A Comparison of String Metrics for Matching Names and Records, available at : https://www.cs.cmu.edu/afs/cs/Web/People/wcohen/postscript/kdd-2003-match-ws.pdf (last accessed December 26, 2016).

Pritsker, A.A.В. and Happ, W.W. {1966), GERT : “Part I. Fundamentals”, The Journal of Industrial Engineering.

Pritsker, A.A.В.(1979), Modeling and analysis using Q-GERT networks, New York: Wiley : Distributed by Halsted Press.

Semenov, S.G., Bos'ko, V.V. and Berezyuk, Í.A. (2012), “Issledovaniya veroyatnostno-vremennykh kharakteristik mul'tiservisnogo kanala svyazi s ispol'zovaniyem matematicheskogo apparata GERT-seti”, Sistemi obrobki ínformatsíí̈, Kharkiv : KHU PS, Vol. 1. Ic. 3 (101). – pp. 139–142.

Semenov, S.G. (2012), “Metodika matematicheskogo modelirovaniya zashchishchennoy ITS na osnove mnogosloynoy GERT-seti”, Vísnik Natsíonal'nogo tekhníchnogo uníversitetu «KPIt», KH.:NTU «Kharkívs'kiy polítekhníchniy ínstitut»,. № 62 (968), рр. 173–181.

Sung Gyeong Bae, Hyunghun Cho, Inho Lim and Sukyoung Ryu (2014) “SAFEWAPI: Web API Misuse Detector for Web Applications”, Proceedings of the 22Nd ACM SIGSOFT International Symposium on Foundations of Software Engineering, pp. 507–517, available at : https://pdfs.semanticscholar.org/ (last accessed December 26, 2016).