Liqiang Z. A software security decision support method

The subject of research – Method for supporting decision making on software security. The object of research – Software security process. The dissertation work is devoted to solving the actual scientific and technical problem of developing a method of supporting decision-making regarding the security of software (software) taking into account the uncertainty factors of input and intermediate testing data. The scientific novelty of the results obtained is due to the theoretical generalization and a new solution to an important scientific and technical problem, which consists in the development of software security decision support to improve the accuracy of testing results. The following scientific results have been obtained. 1. For the first time, a fuzzy GERT model for studying software vulnerabilities has been developed. A distinctive feature of this model is that it takes into account the probabilistic characteristics of transitions from state to state along with temporal characteristics. This made it possible to reduce the fuzziness of the output characteristics of the time for conducting software vulnerability studies and improve the accuracy of modeling. 2. The mathematical model of the process of preparing for security testing has been improved, which differs from the known ones by the theoretically justified choice of generating functions of moments when describing transitions from state to state, as well as taking into account the stage of checking the source code for cryptographic and other methods of data protection, which made it possible to obtain analytical expressions for calculating probabilistic characteristics for research and more complex computer systems by mathematical methods. 3. The method of supporting decision making on software security has been further developed. A distinctive feature of the method is the synthesis of an improved method for generating a training sample in the process of training an artificial neural network. This made it possible to increase the efficiency of the method and increase the accuracy of classification and decision-making on software security. The practical significance of the results obtained is to improve the accuracy of decision-making about software security, using fuzzy modeling technologies and fuzzy sets. The practical significance of the results obtained is as follows. 1. The software vulnerability research process fuzzy GERT model use has improved the accuracy of modeling up to 13%. 2. The simplifying equivalent transformations improved algorithm use in modeling allowed to reduce the fuzziness of the output characteristics of the time for conducting software vulnerability studies up to 1.12 times. 3. The artificial neural network training method introduction into the general method for supporting decision-making on software security made it possible to increase the accuracy of classification and decision-making by 1.6 times for positive elements in the sample and 1.2 times for negative elements in the sample. 4. The decision support method use made it possible to increase the efficiency of software safety assessment up to 1.2 times. The results of the dissertation are implemented and used in the activities of the company "Line Up", the Research Center for Forensic Examination on Intellectual Property, and are also used in the educational process of the National Technical University "Kharkiv Polytechnic Institute". The relevance of the thesis topic is justified in the introduction, the main goal and task of the work are formulated, and the scientific novelty and practical value of the obtained results are presented.The first section is devoted to the analysis and comparative researches of methods for improving the software security. In the second section, the development a mathematical model for the software security testing first stage. In the third section, development of a fuzzy gert model for investigating common software vulnerabilities are developed. The fourth section is devoted to the the software security decision support method development. Key words: software, security testing, fuzzy logic, fuzzy GERT model, cyber threat, software vulnerability, software security mismatch, decision support.