Kyrychok R.V. The method of automatic active security analysis of corporate networks based on intelligent vulnerability validation. – Qualification scientific work on the rights of a manuscript. Dissertation for the degree of Doctor of Philosophy in specialty 125 “Cybersecurity”. – State University of Telecommunications, MES of Ukraine, Kyiv, 2021. The dissertation is devoted to solving an urgent scientific problem, the essence of which is the development of the method of automatic active security analysis of corporate networks based on assessing the quality of the vulnerability validation mechanism of functioning information systems. To achieve the goal of increasing the effectiveness of automatic active security analysis of corporate networks by intellectualizing the process of vulnerability validation of software and hardware platforms based on fuzzy technology, the following tasks were solved: 1. For the first time, a mathematical model of analysing the quantitative characteristics of the vulnerability validation process is proposed, based on Bernstein polynomials, which allow describing the dynamics of this process. The use of this model makes it possible to obtain analytical dependencies for the number of successfully validated and invalidated vulnerabilities, as well as for the number of vulnerability validation cases that led to critical errors over the rational cycle of validation of identified vulnerabilities during the active analysis of the corporate network security. 2. For the first time, a methodology for analysing the quality of the validation mechanism for the identified vulnerabilities of the corporate network was developed, which is based on integral equations that take into account the quantitative characteristics of the investigated vulnerability validation mechanism at a certain point in time. This methodology makes it possible to build laws for the distribution of quality indicators of the vulnerability validation process and quantitatively assess the quality of the validation mechanism for the identified vulnerabilities, which in turn allows real-time monitoring and controlling the validation progress of the identified vulnerabilities during the active security analysis. 3. For the first time, it was developed the method of building a fuzzy knowledge base for making decisions when validating the vulnerabilities of software and hardware platforms during the active security analysis of the target corporate network, based on the use of fuzzy logic, which makes it possible to provide reliable information about the quality of the vulnerability validation mechanism in an indirect way. The built knowledge base allows the formation of final decision-making rules for the implementation of one or another attacking action, which in turn makes it possible to develop expert systems to automate the decision-making process when validating the identified vulnerabilities of target information systems and networks. 4. The method of automatic active security analysis, formed on the basis of the synthesis of the proposed model, methodology and method, has received further development. This method, in contrast to the existing ones, allows one to abstract from the conditions of dynamic changes in the environment, that is, the constant development of information technologies, which leads to an increase in the number of vulnerabilities and corresponding attack vectors, as well as to an increase in ready-to-use exploit vulnerabilities and their availability, and take into account only quality parameters of the vulnerability validation process itself. The method of automatic active security analysis of corporate networks based on intelligent vulnerability validation has been developed and brought to practical implementation, due to operational control and correction of the course of validation of identified vulnerabilities, it allows to increase, according to a single integral indicator, the quality of vulnerability validation to 20 times, which in turn indicates on improving the overall effectiveness of the automatic active security analysis of the corporate networks. The dissertation was carried out at the State University of Telecommunications. The results of scientific research were used at the Department of Information and cyber security of the Educational-scientific Institute of Information security in carrying out research work on the topic “Development of methods and means of increasing the survivability of information and communication systems in the conditions of the impact of cyber-attacks” (№ 0114V00391, SUT, Kyiv). Also, the results of scientific research were accepted for implementation in the activities of the Research Institution “CYBER SECURITY INSTITUTE” (act of 18.02.20); in EUROTELEKOM LLC (act of 02.03.20). Keywords: corporate network, active analysis of the security, target system, vulnerability validation, exploit, mechanism quality.
