HIGH TECH IN EARTH SPACE RESEARCH

Automation of vulnerability testing process in corporate systems for basic neuro-fuzzy algorithms

Lobaneva E.I., Lazarev A.I.

At the current stage of technology development, information systems on a corporate scale are becoming more and more widespread. Corporate systems include a hierarchical set of services and services that are constantly subject to internal changes in the configuration of the software and hardware component of the entire complex.

Among other things, the system may represent a concept of Internet Things, combining not only the main devices, but also additional devices to organize the convenience of the end user interaction. Such a complex is subject to constant threats from the point of view of information security due to the changes made, since the presence of an error even in a separate component can lead to the presence of a vulnerability that allows to get an unauthorized access to the whole system, and as a result - unauthorized access to information and management of the target object. To study such systems for vulnerabilities, it is proposed to develop an information product that would allow to automate the process of searching and exploitation of vulnerabilities in the whole network infrastructure and subsequent reporting on various criteria. The product under development is intended for the operating system of the Unix family and is intended for use on specialized operating systems such as Kali Linux, Parrot Sec, Nethunter, etc. Considering a corporate network segment, it is assumed to organize a search for vulnerabilities by introducing neutrally fuzzy algorithms that search for several parameters and, if successful, nested search in a particular segment. The Rapid7 vulnerability database is supposed to be used as the input data to perform fuzzy searches. This approach will allow to identify vulnerabilities both in a separate system interaction protocol and in the operating system of a separate object, which may be a switch or server. As a result, it is planned to obtain an automated management system for the Metasploit Framework through a web interface, allowing the information security specialist to quickly eliminate the identified vulnerabilities.

The subject of published articles on the nomenclature of specialties

2.2.15 Systems, networks and telecommunications (technical sciences)

2.3.1 System analysis, management and processing of information (technical sciences)

2.3.5 Mathematical and software of computing systems, complexes and computer networks (technical sciences)

2.3.6 Methods and information protection systems, information security (technical sciences)

2.5.13 Design, design and production of aircraft (technical sciences)

2.5.16 Dynamics, ballistics, the movement of aircraft (technical sciences)

Editorial board

Bobrowsky V.I.
(Ph.D., Associate Professor, Head of Department of "INTELTEH")

Borisov V.V.
(Ph.D., Professor, Actual Member of the Academy of Military Sciences, Professor, Department of Computer Science of MPEI)

Budko P.A.
(Ph.D., Professor, Department of Technical communication and automation in S.M. Budjonny Military Academy of the Signal Corps)

Budnikov S.A.
(Ph.D., associate professor, Actual Member of the Academy of Education Informatization, Head of the automated control systems Department in Russian Air Force Military Educational and Scientific Center “Air Force Academy named after Professor N.E. Zhukovsky and Y.A. Gagarin”)

Verhova G.V.
(Ph.D., Professor, Head of Department of Automation communication companies In the Bonch-Bruevich Saint Petersburg State University of Telecommunications)

Goncharevsky V.S.
(Ph.D., Professor, Honored Worker of Science and Technology of the Russian Federation, Professor of technologies and technical support and maintenance of the automated control systems in Military Space Academy of A.F. Mozhaysky)

Komashinskiy V.I.
(Ph.D., Professor, professor of processing and transmission discrete messages in the Bonch-Bruevich Saint Petersburg State University of Telecommunications)

Kirpanev A.V.
(Ph.D., Associate Professor, Head of JSC "Scientific Production Enterprise "Radar MMS")

Kurnosov V.I.
(Ph.D., Professor, Academician of Academy of Sciences of the Arctic, Academician of the International Academy of Informatization, International Academy of defense, security, law and order, corresponding member of the Academy of Natural Sciences, Senior Researcher" Open Joint Stock Company "Scientific Research Institute "Rubin")

Manuilov Y.S.
(Ph.D., Professor, Department of automated control systems space complexes in Military Space Academy of A.F. Mozhaysky)

Morozov A.V.
(Ph.D., Professor, Actual Member of the Academy of Military Sciences, Head of the Department of automated command and control systems in Military Аcademy of troops of antiaircraft defense)

Moshak N.N.
(Ph.D., Associate Professor, head of the department of "INTELTEH")

Prorok V.Y.
(Ph.D., Professor, professor of automatic control systems in Military Space Academy of A.F. Mozhaysky)

Semenov S.S.
(Ph.D., associate professor, professor of technical communication and automation in S.M. Budjonny Military Academy of the Signal Corps)

Sinicyn E.A.
(Ph.D., Professor, Head of the Research Department of JSC "The All-Russian research institute of radio equipment")

Shatrakov Y.G.
(Ph.D., Professor, Honored Worker of Science, Scientific Secretary of JSC "The All-Russian research institute of radio equipment")