Forecasting the number of identified information security vulnerabilities based on the theory of “Gray Systems”
Objective. The aim of the work is to assess the possibility of applying the theory of “gray systems” to build a methodology for predicting the number of identified vulnerabilities in conditions of uncertainty of influencing factors and lack of initial data, including a comparative analysis of the re...
Saved in:
| Main Authors: | , , |
|---|---|
| Format: | Article |
| Language: | Russian |
| Published: |
Dagestan State Technical University
2023-10-01
|
| Series: | Вестник Дагестанского государственного технического университета: Технические науки |
| Subjects: | |
| Online Access: | https://vestnik.dgtu.ru/jour/article/view/1343 |
| Tags: |
Add Tag
No Tags, Be the first to tag this record!
|
| _version_ | 1849250194861850624 |
|---|---|
| author | A. O. Efimov S. A. Mishin E. A. Rogozin |
| author_facet | A. O. Efimov S. A. Mishin E. A. Rogozin |
| author_sort | A. O. Efimov |
| collection | DOAJ |
| description | Objective. The aim of the work is to assess the possibility of applying the theory of “gray systems” to build a methodology for predicting the number of identified vulnerabilities in conditions of uncertainty of influencing factors and lack of initial data, including a comparative analysis of the results of this prediction obtained using traditional and improved models of the theory of “gray systems”, as well as machine learning models.Method. The paper describes a technique for constructing a “gray model” for predicting the number of identified vulnerabilities based on the theory of “gray systems”. The initial data for forecasting is information obtained from the CVE (Common Vulnerabilities and Exposures) vulnerability database. In the course of the study, the results of forecasting obtained using the developed “gray model” and the linear regression model implemented on the basis of the scikit-learn library and the Python programming language are analyzed.Result. The use of a linear regression model and models based on the theory of “gray systems” to predict the number of identified vulnerabilities allows you to get close forecast values. According to data obtained from the CVE vulnerability database, information on 7,015 identified vulnerabilities was published for the 1st quarter of 2023. The forecast obtained on the basis of the traditional model of the theory of “gray systems” turned out to be the closest to the published value. It should be noted that the forecast of the “gray model” is based only on the values of the initial data and does not depend on the circumstances arising in the field of information security, which is a limitation in the use of the proposed methodology.Conclusion. The results of the study indicate the possibility of applying the theory of “gray systems” for short-term forecasting of the number of detected vulnerabilities. The application of the developed methodology makes it possible to carry out the specified forecasting with a limited number of initial data. |
| format | Article |
| id | doaj-art-d08f21a64f2f4c59963c482a3ffffe6e |
| institution | Kabale University |
| issn | 2073-6185 2542-095X |
| language | Russian |
| publishDate | 2023-10-01 |
| publisher | Dagestan State Technical University |
| record_format | Article |
| series | Вестник Дагестанского государственного технического университета: Технические науки |
| spelling | doaj-art-d08f21a64f2f4c59963c482a3ffffe6e2025-08-20T03:57:21ZrusDagestan State Technical UniversityВестник Дагестанского государственного технического университета: Технические науки2073-61852542-095X2023-10-01503728210.21822/2073-6185-2023-50-3-72-82808Forecasting the number of identified information security vulnerabilities based on the theory of “Gray Systems”A. O. Efimov0S. A. Mishin1E. A. Rogozin2Voronezh Institute of the Ministry of Internal Affairs of RussiaVoronezh Institute of the Ministry of Internal Affairs of RussiaVoronezh Institute of the Ministry of Internal Affairs of RussiaObjective. The aim of the work is to assess the possibility of applying the theory of “gray systems” to build a methodology for predicting the number of identified vulnerabilities in conditions of uncertainty of influencing factors and lack of initial data, including a comparative analysis of the results of this prediction obtained using traditional and improved models of the theory of “gray systems”, as well as machine learning models.Method. The paper describes a technique for constructing a “gray model” for predicting the number of identified vulnerabilities based on the theory of “gray systems”. The initial data for forecasting is information obtained from the CVE (Common Vulnerabilities and Exposures) vulnerability database. In the course of the study, the results of forecasting obtained using the developed “gray model” and the linear regression model implemented on the basis of the scikit-learn library and the Python programming language are analyzed.Result. The use of a linear regression model and models based on the theory of “gray systems” to predict the number of identified vulnerabilities allows you to get close forecast values. According to data obtained from the CVE vulnerability database, information on 7,015 identified vulnerabilities was published for the 1st quarter of 2023. The forecast obtained on the basis of the traditional model of the theory of “gray systems” turned out to be the closest to the published value. It should be noted that the forecast of the “gray model” is based only on the values of the initial data and does not depend on the circumstances arising in the field of information security, which is a limitation in the use of the proposed methodology.Conclusion. The results of the study indicate the possibility of applying the theory of “gray systems” for short-term forecasting of the number of detected vulnerabilities. The application of the developed methodology makes it possible to carry out the specified forecasting with a limited number of initial data.https://vestnik.dgtu.ru/jour/article/view/1343information securityprotection of informationgray systemsnumber of vulnerabilitiesvulnerabilityforecasting |
| spellingShingle | A. O. Efimov S. A. Mishin E. A. Rogozin Forecasting the number of identified information security vulnerabilities based on the theory of “Gray Systems” Вестник Дагестанского государственного технического университета: Технические науки information security protection of information gray systems number of vulnerabilities vulnerability forecasting |
| title | Forecasting the number of identified information security vulnerabilities based on the theory of “Gray Systems” |
| title_full | Forecasting the number of identified information security vulnerabilities based on the theory of “Gray Systems” |
| title_fullStr | Forecasting the number of identified information security vulnerabilities based on the theory of “Gray Systems” |
| title_full_unstemmed | Forecasting the number of identified information security vulnerabilities based on the theory of “Gray Systems” |
| title_short | Forecasting the number of identified information security vulnerabilities based on the theory of “Gray Systems” |
| title_sort | forecasting the number of identified information security vulnerabilities based on the theory of gray systems |
| topic | information security protection of information gray systems number of vulnerabilities vulnerability forecasting |
| url | https://vestnik.dgtu.ru/jour/article/view/1343 |
| work_keys_str_mv | AT aoefimov forecastingthenumberofidentifiedinformationsecurityvulnerabilitiesbasedonthetheoryofgraysystems AT samishin forecastingthenumberofidentifiedinformationsecurityvulnerabilitiesbasedonthetheoryofgraysystems AT earogozin forecastingthenumberofidentifiedinformationsecurityvulnerabilitiesbasedonthetheoryofgraysystems |