Abstract
This paper has determined the relevance of the issue related to improving the accuracy of the results of mathematical modeling of the software security testing process. The fuzzy GERT-modeling methods have been analyzed. The necessity and possibility of improving the accuracy of the results of mathematical formalization of the process of studying software vulnerabilities under the conditions of fuzziness of input and intermediate data have been determined. To this end, based on the mathematical apparatus of fuzzy network modeling, a fuzzy GERT model has been built for investigating software vulnerabilities. A distinctive feature of this model is to take into consideration the probabilistic characteristics of transitions from state to state along with time characteristics. As part of the simulation, the following stages of the study were performed. To schematically describe the procedures for studying software vulnerabilities, a structural model of this process has been constructed. A "reference GERT model" has been developed for investigating software vulnerabilities. The process was described in the form of a standard GERT network. The algorithm of equivalent transformations of the GERT network has been improved, which differs from known ones by considering the capabilities of the extended range of typical structures of parallel branches between neighboring nodes. Analytical expressions are presented to calculate the average time spent in the branches and the probability of successful completion of studies in each node. The calculation of these probabilistic-temporal characteristics has been carried out in accordance with data on the simplified equivalent fuzzy GERT network for the process of investigating software vulnerabilities. Comparative studies were conducted to confirm the accuracy and reliability of the results obtained. The results of the experiment showed that in comparison with the reference model, the fuzziness of the input characteristic of the time of conducting studies of software vulnerabilities was reduced, which made it possible to improve the accuracy of the simulation results.
Highlights
The current level of threats to the security of software and the increasing requirements of customers for its provision predetermine the need for a number of specialized measures
The structural elements of the GERT network are characterized by the following features: when describing the input parts, typical structures are used in accordance with Table 2; when describing the output parts, probabilistic characteristics are used
Limitations, and assumptions that relate to the mathematical descriptive component of the software vulnerability research model
Summary
The current level of threats to the security of software and the increasing requirements of customers for its provision predetermine the need for a number of specialized measures (security testing procedures). At the same time, improving the accuracy of calculations can be achieved in various ways: the construction of schemes of increased order, highlighting the main features of the solution, the extrapolation of numerical solutions obtained on a sequence of steps, etc. In each of these techniques, it is advisable to consider the factor of fuzziness of input data and uncertainty of external influences. Improving the accuracy of the results of mathematical modeling of the security testing process is a relevant task It can be resolved by improving and building a mathematical model for studying the vulnerability of software, taking into consideration the uncertainty factor of the input and intermediate test results. At the same time, taking into consideration the uncertainties of input data and intermediate results is one of the innovative components of modeling
Sign-in/Register to view highlights & summary Sign-in/Register to access full text options 
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a call
