Vulnerability base formation algorithm and neural network architecture selection for its processing

The article discusses the need for an algorithm to form the information system vulnerability base and the selection of the neural network architecture. A description of existing systems and criteria for assessing vulnerabilities as well as a group of metrics are given. The vulnerability databases were analyzed and discrepancies in the assessment of vulnerabilities, advantages and disadvantages were identified. The following architectures were identified and studied: feed forward neural network, generative adversarial network, Autoencoder, recurrent neural network without long short-term memory, recurrent neural network with long short-term memory, Rumelhart multilayer perceptron, liquid state machine, Boltzmann machine. A preliminary analysis of neural network architectures is presented taking into account significant parameters for further use in the field of information security and vulnerability classification. Based on the results obtained during the study of the parameters of neural networks, feed forward neural network, recurrent neural network with long short-term memory and generative adversarial network were identified. An alternative method of forming a vulnerability database by means of neural networks is proposed. As a result, an algorithm for forming a vulnerability base and a method for automating it using a neural network are suggested. The solution will allow the neural network to constantly receive up-to-date data for training and, owing to this, the vulnerability database will be updated as quickly as possible, which will make it the most complete, reliable and up-to-date of all existing vulnerability databases.

1. Baskakov A.V., Fedorko E.D., Ostapenko A.G. Issledovanie global'nyh baz dannyh ujazvimostej informacionno-telekommunikacionnyh sistem. Informacija i bezopasnost'. 2006;9(2):152–154. (In Russ.).

2. Wen Sh.F. Software Security in Open Source Development: A Systematic Literature Review. Conference of Open Innovations Association. 2017;21:364–373.

3. Vasil'ev V.I., Vul'fin A.M., Kirillova A.D., Kuchkarova N.V. Metodika ocenki aktual'nyh ugroz i ujazvimostej na osnove tehnologij kognitivnogo modelirovanija i Text Mining. Sistemy upravlenija, svjazi i bezopasnosti. 2021;(3):110–134. DOI: 10.24412/2410-9916-2021-3-110-134. (In Russ.).

4. Brazhuk A. Semantic model of attacks and vulnerabilities based on CAPEC and CWE dictionaries. International Journal of Open Information Technologies. 2019;7(3):38–41.

5. GOST R 56545-2015 Zashhita informacii. Ujazvimosti informacionnyh sistem. Pravila opisanija ujazvimostej. Standartinform. Moskva; 2015. (In Russ.).

6. Reestr ujazvimostej BDU FSTJeK Rossii. Available at: http://www.bdu.fstec.ru/ (accessed on: 10.06.2022). (In Russ.).

7. Nacional'naja baza ujazvimostej. Available at: https://nvd.nist.gov/ (accessed on:10.06.2022). (In Russ.).

8. Amirgamzaev G.G., Alimagomedov M.G. Ujazvimosti informacionnyh sistem. Voprosy ustojchivogo razvitija obshhestva. 2021;(4):440–442. DOI: 10.34755/IROK.2021.99.93.091. (In Russ.).

9. Obshhij obzor sistem ocenki ujazvimostej (CVSS 2.0/3.0). Available at: https://safe-surf.ru/specialists/article/5211/596644/ (accessed on: 06.01.2022). (In Russ.).

10. Kruglov V.V., V.V. Borisov. Iskusstvennye nejronnye seti. Teorija i praktika. 2-e izd. M.: Gorjachaja linija-Telekom; 2002. 382 р. (In Russ.).

11. Goodfellow Y., Benjio I., Courville A. Deep learning. Cambridge: The MIT Press; 2016. 802 р.

12. Laptev V.V., Danilov V.V., Gerget O.M. Issledovanie generativno-sostjazatel'nyh setej dlja sinteza novyh medicinskih dannyh. Avtomatizacija i modelirovanie v proektirovanii i upravlenii. 2020;2(8):17–23. DOI: 10.30987/2658-6436-2020-2-17-23. (In Russ.).

13. Akinina N.V., Akinin M.V., Sokolova A.V. [i dr.]. Avtojenkoder: podhod k umen'sheniju razmernosti vektornogo prostranstva s kontroliruemoj poterej informacii. Izvestija Tul'skogo gosudarstvennogo universiteta. Tehnicheskie nauki. 2016;(9):3–12. (In Russ.).

14. Grushko Ju.V., Grushko V.V. Perceptivnye integral'nye patterny – metod bystrogo otslezhivanija zrachkov na osnove otklika perseptrona INS-MLP i modificirovannyj chislennyj metod differencial'noj jevoljucii. Mezhdunarodnyj issledovatel'skij zhurnal. 2022;6-1(120):36–55. DOI: 10.23670/IRJ.2022.120.6.001. (In Russ.).