Modeling the vulnerabilities validation mechanism in the active analysis of the security of corporate networks using Bernstein polynomials

Abstract

The subject of the article is the models of the process of active analysis of the security of information systems and networks, in particular, one of its key components, namely the vulnerability validation mechanism. The purpose of the article is to develop a mathematical model for analysing the number of successful and negative validations over a rational cycle of validation of identified vulnerabilities during an automated active analysis of the security of the corporate network. Results: Based on the observations and studies of the exploitation tools of the identified vulnerabilities, it was decided to describe the dynamic of the validation processes using Bernstein polynomials, which successfully approximate the analytical dependencies for the quantitative characteristics of the vulnerability validation process. Also based on a comparison of the empirical and calculated values of these characteristics, it was established that deviations are permissible. Conclusions: The developed mathematical model provides with analytical dependencies for the number of successfully validated, invalidated vulnerabilities and the number of vulnerability validation cases that led to critical errors over the rational cycle of validation of identified vulnerabilities.