Article

Article title THE INTELLECTUAL APPROACH TO RISK AND VULNERABILITY ANALYSIS FOR THE INFORMATION SYSTEMS
Authors D.A. Kavchuk, E.P. Tumoyan, G.A. Evstafiev
Section SECTION II. SECURITY OF INFORMATION SYSTEMS AND NETWORKS
Month, Year 12, 2013 @en
Index UDC 004.056.5
DOI
Abstract The existing risk management systems are based on the analyzing plenty of various factors, including organizational, legal and other «non-technical» ones. This leads to inability of such a systems to evaluate the security state of computer system thoroughly. This work suggests the intellectual approach to risk and vulnerability analysis of the information systems. The approach consider the real data about the system under research state rather, than the subjective expert evaluations. The aim of the current research is the exclusion of the subjectivity in risk assessments and the decreasing of time consuming for the process of risk and vulnerability analysis for the computer system. This and is achieved through the use of the mathematical apparatus of the artificial neural network and the probabilistic attack tree. The security assessment for the Windows systems was performed in order to evaluate the efficiency of the developed system. As the result the conformity between the real security of the information system and the assigned evaluations was proved.

Download PDF

Keywords Risk analysis; vulnerability validation; attack tree; artificial neural network.
References 1. Евстафьев Г.А. Сравнительный анализ существующих решений управления рисками ИБ // Неделя науки. – Таганрог: Изд-во ТТИ ЮФУ, 2008. – C. 360-363.
2. RiskWatch Risk assessment [Электронный ресурс] URL: http://riskwatch.com/ (дата обращения: 17.10.2013).
3. Куканова Н. Современные методы и средства анализа и контроля рисков информационных систем компаний [Электронный ресурс] URL: http://dsec.ru/ipm-research-center/article/modern_methods_and_means_for_analysis_and_risk_
management_of_information_systems_of_companies/ (дата обращения: 17.10.2013).
4. OCTAVE Information Security Risk Evaluation [Электронный ресурс] URL: http://www.cert.org/octave/ (дата обращения: 17.10.2013).
5. Тумоян Е.П., Кавчук Д.А. Метод оптимизации автоматической проверки уязвимостей удаленных информационных систем // Безопасность информационных технологий. – 2013. – № 1. – С. 25-30.
6. Хайкин С. Нейронные сети: полный курс. – 2-e изд.: Пер. с англ. – М.: Изд. дом "Вильямс", 2006. – 1104 с.
7. Проект CWE [Электронный ресурс] URL: http://cwe.mitre.org/ (дата обращения: 12.08.2013).
8. Проект OSVDB [Электронный ресурс] URL: http://osvdb.org/ (дата обращения: 12.08.2013).
9. Tumoyan E., Kavchuk D. The method of optimizing the automatic vulnerability validation // Proceedings of the Fifth International Conference on Security of Information and Networks
SIN 2012. – 25-27 October 2012. – P. 205-208

Comments are closed.