CC BY
73Данные об открытии сотовых поликарбонатных листов в условиях взрыва с минимальными размерами проемов
Таблица - 2
Максимальное давление взрыва, МПа
2.5
5
7.5
10
12.5
20
30
Количество полностью раскрытых СПЛ толщиной 4 мм, %
100
100
100
100
100
100
100
Количество полностью раскрытых СПЛ толщиной 6 мм, %
100
100
100
100
100
100
100
Количество полностью раскрытых СПЛ толщиной 8 мм, %
93.3
100
100
100
100
100
100
Выводы. Учитывая проведенные исследования можно сделать следующие выводы. Было разработано математическое описания поведение СПЛ под воздействием взрыва на основе уравнения статического равновесия. Данные, полученные в результате расчета, показали, что все СПЛ с минимальными размерами полностью раскрылись, кроме одного случая для СПЛ толщиной 8 мм для максимального избыточного давления 2.5 кПа. Это совпадает с результатами, полученными по упрощенной модели, и свидетельствует об адекватности разработанных математических моделей и рекомендаций. Для обеспечения нормального открытия ЛСК с СПЛ можно рекомендовать не использовать СПЛ толщиной 8 мм для ЛСК, которые применяются для защиты от избыточного давления взрыва не более 2.5 кПа, или их применение должно быть дополнительно обоснованно или с помощью эксперимента, или в результате расчета.
Список литературы
1. ДСТУ Б В.1.1-36:2016 Визначення категорш примщень, будиншв, установок за вибухопо-жежною та пожежною небезпекою.
2. Pozdieiev, S., Nuianzin, O., Sidnei, S., Shchipets, S. Computational study of bearing walls fire
resistance tests efficiency using different combustion furnaces configurations (2017) MATEC Web of Conferences, 116, art. no. 02027, . DOI: 10.1051/matec-conf/201711602027.
3. Nekora, O., Slovynsky, V., Pozdieiev, S. The research of bearing capacity of reinforced concrete beam with use combined experimental-computational method (2017) MATEC Web of Conferences, 116, art. no. 02024, . DOI: 10.1051/matecconf/201711602024.
4. Пилюгин Л.П. Конструкции сооружений взрывоопасных производств. М.: Стройиздаг, 1988. 315 с.7
5. ТКП 45-2.02-38-2006 (02250). Конструкции легкосбрасываемые. Правила расчета. Минск: Министерство архитектуры и строительства Республики Беларусь, 2006. - 27 с.
6. NFPA 68. Standard on Explosion Protection by Deflagration Venting. 2013 Edition.
7. BS EN 14491:2012. Dust Explosion Venting Protective Systems.
8. Hallquist, J.O.: LS-DYNA Theory Manual, Livermore Software Technology Corporation: California, USA 2005.
9. Sarva, S.S.; Boyce, M.C. Mechanics of polycarbonate during high-rate tension. J. Mech. Mater. Struct. 2007, 2, 1853-1880.
STATISTICAL ANALYSIS OF VULNERABILITIES IN MODERN SOFTWARE
Popova O.,
Associate professor of the department of the information systems and programming of the institute of computer systems and information security of the Kuban state technological university
Totukhov K.,
Associate professor of the department of the information systems and programming of the institute of computer systems and information security of the Kuban state technological university
Kushnir N.,
Senior lecturer of the department of the information systems and programming of the institute of computer
systems and information security of the Kuban state technological university
Reznichenko L.,
Student of the department of the information systems and programming of the institute of computer systems
and information security of the Kuban state technological university
Yatskevich E.
Student of the department of the information systems and programming of the institute of computer systems
and information security of the Kuban state technological university
Abstract
This article presents a statistical analysis of the vulnerabilities of modern software. The vulnerabilities were analyzed by error types and CVSS severity. The actual task of the security service of any organization is to protect against external and internal threats. During attacks, cybercriminals use means and methods to penetrate the infrastructure, anchor in it and hide the traces of attacks. Stages of attacks are carried out through the exploitation of
both those already found by information security specialists, but not fixed in the attacked infrastructure, and using undetected vulnerabilities called "zero-day vulnerabilities." Statistical analysis of vulnerabilities will help information security specialists and software developers understand which testing and which errors need to spend more time. To reduce the amount of manual work, it is common practice for specialists to use automatic scanning tools. But vulnerability scanners have costs (false positives and false negatives), so the data obtained during the scan must be rechecked manually.
Keywords: Vulnerability, Common Weakness Enumeration, Common Vulnerabilities and Exposures, Common Vulnerability Scoring System, Information protection, Information system, Software, Information security.
1. Introduction
This article presents a statistical analysis of the vulnerabilities of modern software. The vulnerabilities were analyzed by error types and CVSS severity. The actual task of the security service of any organization is to protect against external and internal threats. During attacks, cybercriminals use means and methods to penetrate the infrastructure, anchor in it and hide the traces of attacks. Stages of attacks are carried out through the exploitation of both those already found by information security specialists, but not fixed in the attacked infrastructure, and using undetected vulnerabilities called "zero-day vulnerabilities." Statistical analysis of vulnerabilities will help information security specialists and software developers understand which testing and which errors need to spend more time. To reduce the
amount of manual work, it is common practice for specialists to use automatic scanning tools. But vulnerability scanners have costs (false positives and false negatives), so the data obtained during the scan must be re-checked manually.
2. Methods
Based on GOST R 56546-2015 "Information Security. Information systems vulnerabilities. Classification of information systems vulnerabilities", classification of software errors CWE (Common Weakness Enumeration) and information security practices adopted in the industry and the international community of specialists, a list of types of software errors has been developed. Description of error types is presented in Table 1.
Table 1.
Types of software errors
№ Type Description
1 Configuration error associated with incorrect software settings
2 Data validation error are associated with incomplete verification of the input (input) data
3 Access paths error related to the ability to track the path to directories
4 Error using external links associated with the ability to follow links
5 Command execution error related to the ability to inject OS commands
6 Cross-site scriptingerror related to cross-site scripting (scripting)
7 Source injection error related to the implementation of interpreted operators of program-
ming languages or markup
8 Executable code injection error related to arbitrary code injection
10 Memory overflow error related to memory buffer overflow
11 Error of dynamic parameters of associated with an uncontrolled format string
functions
12 Incorrect calculation error related to calculations:
a) invalid range
b) signed number error
c) number truncation error
d) error in byte order indication in numbers
Vulnerability severity levels are determined according to the international vulnerability assessment standard - CVSS. The description of the standard is presented in Table 2.
Table 2.
International Vulnerability Assessment Standard_
CVSS v2.0 CVSS v3.0
Threat level Scoring range Threat level Scoring range
Low 0.0 - 3.9 Absent 0
Low 0.1 - 3.9
Middle 4.0 - 6.9 Middle 4.0 - 6.9
High 7.0 - 10.0 High 7.0 - 8.9
Critical 9.0 - 10.0
3. Results
"Russian Robotics" provided data from one of the automatic web vulnerability scanners for analysis [4]. The dataset is a 22,520 target scan report containing 80,611 software errors. By the level of severity of vulnerabilities, errors can be distributed as follows (Table 3).
Table 3.
CVSS v2.0 CVSS v3.0 The number of errors in the dataset
Threat level Scoring range Threat level Scoring range
Low 0.0 - 3.9 Absent 0 39 759
Low 0.1 - 3.9 23 137
Middle 4.0 - 6.9 Middle 4.0 - 6.9 17 009
High 7.0 - 10.0 High Critical 7.0 - 8.9 9.0 - 10.0 698 8
Severity level
Critical "Low ■ Middle «High "Absent
Fig. 1. The number of errors in the dataset by severity level
Below we will consider vulnerabilities with a severity level higher than low. Software errors can be categorized as follows (Table 4).
Table 4.
The number of errors in the dataset by error type
№
Type
Description
1 2
3
4
5
6
7
8 10 11 12
13
14
15
16
17
18
19
20 21
Configuration error
Data validation error
Access paths error
Error using external links
Command execution error
Cross-site scripting error
Source injection error
Executable code injection error
Memory overflow error
Error of dynamic parameters of functions
Incorrect calculation error
Expansion error
Privilege escalation error
Authentication bypass error
Cryptographic protection error
Cross-site request spoofing error
Race condition error
Resource management error
Access control policy error
Another type of error
427 50 9 474 8 200 69 4
25 0 0
134 0 2
14 744 0 0
1517 0
52
8
23137
39759
17009
Also, in the course of a more detailed analysis of vulnerabilities of high and critical levels of severity, it was revealed that the automatic vulnerability scanner has a problem of false positives in 25% of cases, since it uses heuristic analysis algorithms. It is not possible to establish the false negatives level, since its calculation requires access directly to the scanned information system (Table 5).
The scientific heritage No 57 (2020) 53
Table 5.
The number of errors in the dataset of high and critical level
Vulnerability The number of errors False positive cases
Cross-origin resource sharing vali- 474 0
dation error
XSS 166 166
Remote code execution 4 4
Dos by long password 3 0
SQL injection 8 6
SSL / TLS related errors 23 0
CVE-2014-0133 25 0
CVE-2018-8719 2 2
Information disclosure 1 1
Total: 706 179
4. Discussion
To reduce the amount of manual work, technicians can now use a selection tree based on a binary Q&A tree [5] in conjunction with automated scanning tools. The results obtained will allow you to configure it correctly. This will help you quickly select the most appropriate method for solving problems.
5. Conclusions
Obviously, when developing, much attention must be paid to information security, while it should be borne in mind that the use of exclusively vulnerability scanners is unacceptable. Also, given the scale of modern cybercrimes, we can conclude that an information security specialist is needed in every organization along with a system administrator.
The reported study was funded by RFBR [Project title: The development of the theory of quality assessment of the information, taking into account its structural component, № 19-47-230004, from 19.04.2019]. All the work on compiling the paper and obtaining calculated and experimental data was evenly distributed among its authors.
References
1. The MITRE Corporation (2020). CWE Version 4.2 2020-08-20. https://cwe.mitre.org/data/pub-lished/cwe_latest.pdf. Accessed 04 Dec 2020.
2. Forum of Incident Response and Security Teams (2020) Common Vulnerability Scoring System v3.1: Specification Document. https://www.first.org/cvss/v3.1/specification-docu-ment. Accessed 04 Dec 2020.
3. GOST R 56546-2015 Information security. Information systems vulnerabilities. Classification of information systems vulnerabilities (2020) JSC Codex. http://docs.cntd.ru/document/1200123702. Accessed 04 Dec 2020.
4. Russian Robotics (2020). https://www.rusrobots.ru. Accessed 04 Dec 2020.
5. Popova O, Popov B, Karandey V, Gerash-chenko A (2019) Entropy and Algorithm of Obtaining Decision Trees in a Way Approximated to the Natural Intelligence. Int J of Cog In and Nat Int 13(3):50-66.
ОСОБЕННОСТИ РАБОТЫ СТАЛЬНОЙ БАШНИ НА РАЗЛИЧНЫЕ НАГРУЗКИ И
ВОЗДЕЙСТВИЯ
Попова Ю.А.
Студент Акимова Э.К.
Студент Ращепкина С.А.
Кандидат технических наук, доцент Балаковский инженерно-технологический институт - филиал Национального исследовательского
ядерного университета «МИФИ», Россия
SPECIFIC FEATURES OF STEEL TOWER OPERATION ON VARIOUS LOADS AND IMPACTS
Popova Y.,
Student Akimova E., Student Rashchepkina S.
Candidate of Technical Sciences, Associate Professor The Balakovo engineering and technological Institute - branch of the National research nuclear University «MEPhI», Russia
