Architecture of the system for vulnerabilities detection and prediction in information systems based on artificial intelligence methods

Abstract

Network security is one of the most active research directions in the field of information security. This direction includes many approaches, one of which is the construction of attack graphs. When building attack graphs, each device in the network is a node of the graph, while the ability to move across the graph is defined by a network policy as well as by the intruder’s possibility to compromise the corresponding devices. In turn, the possibility of compromising the device is determined by the presence of vulnerabilities in them. The exploitation of vulnerabilities leads to the impact on the attacked system and/or the obtaining of user or admin access rights by the intruder. At the same time, open database data is used to analyze if devices are vulnerable. The problem is that data on many devices is not described in open databases, while the information in such databases may contain errors, be inconsistent and incomplete. The solution to this issue lies in the use of artificial intelligence methods to detect and predict the vulnerabilities of information systems. This paper presents the original architecture of the system that solves this task. The key features of the proposed solution are the use of artificial intelligence methods for predicting unknown results of vulnerability metrics based on known ones, as well as for predicting vulnerability categories for not known as vulnerable devices configurations based on their configuration similarity with vulnerable devices.