TESTING PROCESS FOR PENETRATION INTO COMPUTER SYSTEMS MATHEMATICAL MODEL MODIFICATION

Main Article Content

Serhii Semenov
http://orcid.org/0000-0003-4472-9234
Cao Weilin
http://orcid.org/0000-0001-8230-5235

Abstract

Testing process for penetration into computer systems mathematical model was developed in the article. The proposed model differs from the known by computer systems specialized information platforms security testing capabilities, which made it possible to estimate the penetration test algorithm execution time falling within a given interval probability. The proposed testing process for penetration into computer systems mathematical model was further developed (modified). Modified model distinctive feature is the Erlang distribution as the main one in the state transition processes mathematical formalization. This made it possible on the one hand to unify the mathematical model and present the testing process at a higher level of the testing hierarchy, on the other hand to simplify it 1.7 times. A security testing mathematical model was developed in order to estimate the simulation results accuracy, based on the known GERT-networks simplification and modification approach. Testing algorithms execution time value mathematical expectation values are obtained and estimated. Comparative modeling results investigations have shown the study values comparability for all three approaches of security testing process mathematical formalization. This confirmed the hypothesis that it is advisable to use a unified mathematical formalization approach, which was implemented in a penetration testing process modified mathematical model.

Article Details

Section
Methods of information systems protection
Author Biographies

Serhii Semenov, National Technical University "Kharkiv Polytechnic Institute", Kharkiv

Doctor of Technical Sciences, Professor, Head of Computer Engineering and Programming Department

Cao Weilin, Neijiang Normal University, Neijiang

teacher, Department of IT information Centre

References

Minaev, V.A., Korolev, I.D., Mazin, A.V. and Konovalenko S.A. (2018), “Model for identifying vulnerabilities in unstable network interactions with an automated system”, Electronics, Radio industry: Central Research Institute of Economics, Control Systems and Information, No. 2, pp: 48-57.

Mikhalov, O.I., Demchenko, V.I. and Korsun D.A. (2007), “Assessment of the throughput capacity of GERT-fences with characteristic functions”, Adaptive systems for automatic control, No. 11, pp. 25-35.

Semenov S. (2012), “Methods of mathematical modeling of secure ITS based on a multilayer GERT network”, Bulletin of the National Technical University "Kharkov Polytechnic Institute". Series: Informatics and Modeling, NTU "KhPI", Kharkiv, No. 62 (968), pp. 185-193.

Atoum, Issa and Ahmed, Otoom (2017), “A Classification Scheme for Cybersecurity Models”, International Journal of Security and Its Application, Vol.11, No.1, pp.109-120.

Dingyu, Yan (2001), A Systems Thinking for Cybersecurity Modeling, arXiv, arXiv:2001.05734.

Engebretson, Patrick (2011), The basics of hacking and penetration testing: ethical hacking and penetration testing made easy, Elsevier, 159 p.

Felderer, Michael, Matthias, Büchler, Martin, Johns, Achim D., Brucker, Ruth, Breu and Alexander, Pretschner (2016), “Security Testing: A Survey”, Advances in Computers, Vol. 101, pp. 1-51.

Garg, Vishal (2020), Approaches, tools and techniques for security testing, available at:

https://www.3pillarglobal.com/insights/approaches-tools-techniques-for-security-testing

Goela Jai, Narayan and Mehtreb, B.M. (2015), “Vulnerability Assessment & Penetration Testing as a Cyber Defence Technology”, 3rd International Conference on Recent Trends in Computing 2015 (ICRTC-2015), pp. 710-715.

(2020), ISO/IEC 27001 INFORMATION SECURITY MANAGEMENT, available at: https://www.iso.org/isoiec-27001-information-security.html

Kim, Peter (2018), The Hacker Playbook 2: Practical Guide To Penetration Testing, Secure Planet LLC, 337 p.

(2020), Penetration Testing Methodologies - OWASP Foundation, available at: https://owasp.org/www-project-web-security-testing-guide/latest/3-The_OWASP_Testing_Framework/1-Penetration_Testing_Methodologies

Semenov, S., Sira, O., Kuchuk, N. (2018), “Development of graphicanalytical models for the software security testing algorithm”, Eastern-European Journal of Enterprise Technologies, Vol. 2, No. 4 (92), pp. 39-46, DOI: https://doi.org/10.15587/1729-4061.2018.127210

Serhii, Semenov, Viacheslav, Davydov, Oksana, Lipchanska and Maksym, Lipchanskyi (2020), “Development of unified mathematical model of programming modules obfuscation process based on graphic evaluation and review method”, Eastern-european journal of enterprise technologies, Vol. 3/2(105), pp. 6-16.

Sommestad, Teodor, Mathias, Ekstedt and Hannes, Holm (2013), “The Cyber Security Modeling Language: A Tool for Assessing the Vulnerability of Enterprise System Architectures”, IEEE Systems Journal, vol. 7, no. 3, pp. 363-373, DOI: https://doi.org/10.1109/JSYST.2012.2221853.