{"title":"基于“灰色系统”理论的信息安全漏洞数量预测","authors":"A. O. Efimov, S. A. Mishin, E. A. Rogozin","doi":"10.21822/2073-6185-2023-50-3-72-82","DOIUrl":null,"url":null,"abstract":"Objective . The aim of the work is to assess the possibility of applying the theory of “gray systems” to build a methodology for predicting the number of identified vulnerabilities in conditions of uncertainty of influencing factors and lack of initial data, including a comparative analysis of the results of this prediction obtained using traditional and improved models of the theory of “gray systems”, as well as machine learning models. Method . The paper describes a technique for constructing a “gray model” for predicting the number of identified vulnerabilities based on the theory of “gray systems”. The initial data for forecasting is information obtained from the CVE (Common Vulnerabilities and Exposures) vulnerability database. In the course of the study, the results of forecasting obtained using the developed “gray model” and the linear regression model implemented on the basis of the scikit-learn library and the Python programming language are analyzed. Result . The use of a linear regression model and models based on the theory of “gray systems” to predict the number of identified vulnerabilities allows you to get close forecast values. According to data obtained from the CVE vulnerability database, information on 7,015 identified vulnerabilities was published for the 1st quarter of 2023. The forecast obtained on the basis of the traditional model of the theory of “gray systems” turned out to be the closest to the published value. It should be noted that the forecast of the “gray model” is based only on the values of the initial data and does not depend on the circumstances arising in the field of information security, which is a limitation in the use of the proposed methodology. Conclusion . The results of the study indicate the possibility of applying the theory of “gray systems” for short-term forecasting of the number of detected vulnerabilities. The application of the developed methodology makes it possible to carry out the specified forecasting with a limited number of initial data.","PeriodicalId":31714,"journal":{"name":"Vestnik Dagestanskogo Gosudarstvennogo Tehniceskogo Universiteta Tehniceskie Nauki","volume":"46 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2023-10-28","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":"{\"title\":\"Forecasting the number of identified information security vulnerabilities based on the theory of “Gray Systems”\",\"authors\":\"A. O. Efimov, S. A. Mishin, E. A. Rogozin\",\"doi\":\"10.21822/2073-6185-2023-50-3-72-82\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"Objective . The aim of the work is to assess the possibility of applying the theory of “gray systems” to build a methodology for predicting the number of identified vulnerabilities in conditions of uncertainty of influencing factors and lack of initial data, including a comparative analysis of the results of this prediction obtained using traditional and improved models of the theory of “gray systems”, as well as machine learning models. Method . The paper describes a technique for constructing a “gray model” for predicting the number of identified vulnerabilities based on the theory of “gray systems”. The initial data for forecasting is information obtained from the CVE (Common Vulnerabilities and Exposures) vulnerability database. In the course of the study, the results of forecasting obtained using the developed “gray model” and the linear regression model implemented on the basis of the scikit-learn library and the Python programming language are analyzed. Result . The use of a linear regression model and models based on the theory of “gray systems” to predict the number of identified vulnerabilities allows you to get close forecast values. According to data obtained from the CVE vulnerability database, information on 7,015 identified vulnerabilities was published for the 1st quarter of 2023. The forecast obtained on the basis of the traditional model of the theory of “gray systems” turned out to be the closest to the published value. It should be noted that the forecast of the “gray model” is based only on the values of the initial data and does not depend on the circumstances arising in the field of information security, which is a limitation in the use of the proposed methodology. Conclusion . The results of the study indicate the possibility of applying the theory of “gray systems” for short-term forecasting of the number of detected vulnerabilities. The application of the developed methodology makes it possible to carry out the specified forecasting with a limited number of initial data.\",\"PeriodicalId\":31714,\"journal\":{\"name\":\"Vestnik Dagestanskogo Gosudarstvennogo Tehniceskogo Universiteta Tehniceskie Nauki\",\"volume\":\"46 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2023-10-28\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"0\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"Vestnik Dagestanskogo Gosudarstvennogo Tehniceskogo Universiteta Tehniceskie Nauki\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.21822/2073-6185-2023-50-3-72-82\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"Vestnik Dagestanskogo Gosudarstvennogo Tehniceskogo Universiteta Tehniceskie Nauki","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.21822/2073-6185-2023-50-3-72-82","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
引用次数: 0
摘要
目标。这项工作的目的是评估应用"灰色系统"理论建立一种方法的可能性,以便在影响因素不确定和缺乏初始数据的情况下预测已查明的漏洞数量,包括对使用"灰色系统"理论的传统模型和改进模型以及机器学习模型获得的预测结果进行比较分析。方法。本文基于“灰色系统”理论,提出了一种构建“灰色模型”预测已识别漏洞数量的方法。用于预测的初始数据是从CVE (Common Vulnerabilities and Exposures)漏洞数据库中获得的信息。在研究过程中,对所建立的“灰色模型”和基于scikit-learn库和Python编程语言实现的线性回归模型的预测结果进行了分析。结果。使用线性回归模型和基于“灰色系统”理论的模型来预测已识别漏洞的数量,使您能够获得接近的预测值。根据从CVE漏洞数据库获取的数据,2023年第一季度共公布了7,015个已识别漏洞的信息。结果表明,基于灰色系统理论的传统模型预测结果最接近公布值。值得注意的是,“灰色模型”的预测仅基于初始数据的值,而不取决于信息安全领域中出现的情况,这是所建议方法使用的局限性。结论。研究结果表明,“灰色系统”理论可以应用于检测漏洞数量的短期预测。应用所开发的方法,可以用有限数量的初始数据进行指定的预测。
Forecasting the number of identified information security vulnerabilities based on the theory of “Gray Systems”
Objective . The aim of the work is to assess the possibility of applying the theory of “gray systems” to build a methodology for predicting the number of identified vulnerabilities in conditions of uncertainty of influencing factors and lack of initial data, including a comparative analysis of the results of this prediction obtained using traditional and improved models of the theory of “gray systems”, as well as machine learning models. Method . The paper describes a technique for constructing a “gray model” for predicting the number of identified vulnerabilities based on the theory of “gray systems”. The initial data for forecasting is information obtained from the CVE (Common Vulnerabilities and Exposures) vulnerability database. In the course of the study, the results of forecasting obtained using the developed “gray model” and the linear regression model implemented on the basis of the scikit-learn library and the Python programming language are analyzed. Result . The use of a linear regression model and models based on the theory of “gray systems” to predict the number of identified vulnerabilities allows you to get close forecast values. According to data obtained from the CVE vulnerability database, information on 7,015 identified vulnerabilities was published for the 1st quarter of 2023. The forecast obtained on the basis of the traditional model of the theory of “gray systems” turned out to be the closest to the published value. It should be noted that the forecast of the “gray model” is based only on the values of the initial data and does not depend on the circumstances arising in the field of information security, which is a limitation in the use of the proposed methodology. Conclusion . The results of the study indicate the possibility of applying the theory of “gray systems” for short-term forecasting of the number of detected vulnerabilities. The application of the developed methodology makes it possible to carry out the specified forecasting with a limited number of initial data.
求助内容:
应助结果提醒方式:
京公网安备 11010802042870号
