Patenton — panteon of patents

(19)

RU

(11)

2 783 224

(13)

C1

(51)

IPC

G06F21/57(2013-01-01)

G06F17/16(2006-01-01)

(21) (22)

Application

2021127267, 2021-09-15

(24)

Start date

2021-09-15

(22)

Actual filing date

2021-09-15

(45)

Published

2022-11-10

(72)

Inventor

Butrik Ekaterina EvgenevnaSolovev Sergej VeniaminovichEnyutin Aleksej Yurevich

(73)

Holder

Federalnoe Avtonomnoe Uchrezhdenie Nauchno-Issledovatelskij Ispytatelnyj Institut Problem Tekhnicheskoj Zashchity Informatsii Federalnoj Sluzhby Po Tekhnicheskomu I Eksportnomu Kontrolyu"

METHOD FOR IDENTIFYING SOFTWARE VULNERABILITIES FORMING THE CONDITIONS FOR INFORMATION SECURITY VIOLATION IN AN INFORMATION SYSTEM DUE TO A COMPUTER ATTACK Russian patent published in 2022 - IPC G06F21/57 G06F17/16 

Abstract RU 2783224 C1

FIELD: information protection.

SUBSTANCE: method for identifying software vulnerabilities forming the conditions for information security violation in an information system due to a computer attack consists in forming a set of types of terms of known computer attack techniques (hereinafter referred to as techniques) and vulnerabilities identified by analysing the descriptions of techniques and vulnerabilities; determining the weights of each type of terms by an expert evaluation method; forming an ordered vector of types of terms with account to the weights; forming vector representations of each technique and vulnerability included in the formed set, represented as values of the types of terms; calculating measures of matching of the descriptions of techniques and vulnerabilities in order to determine identity thereof; and forming a list of vulnerabilities required to implement a computer attack based on the calculated measures of matching of the descriptions of techniques and vulnerabilities.

EFFECT: higher effectiveness of forming a list of information system vulnerabilities, the operation whereof may lead to a violation of information security in the information systems.

1 cl, 1 dwg

Similar patents RU2783224C1

Title Year Author Number
METHOD OF EVALUATING SECURITY OF INFORMATION RESOURCE BASED ON EVALUATING POTENTIAL COMPUTER ATTACK TECHNIQUES 2023
  • Dobryshin Mikhail Mikhailovich
  • Belov Andrei Sergeevich
  • Tsibulia Aleksei Nikolaevich
  • Anisimov Vladimir Georgievich
  • Gromov Iurii Iurevich
 RU2830484C1
METHOD OF CONTROLLING PROTECTION SURFACE OF CORPORATE COMMUNICATION NETWORK 2023
  • Dobryshin Mikhail Mikhailovich
 RU2824314C1
METHOD OF PRIORITIZING INFORMATION SECURITY THREATS BASED ON DATA FROM OPEN SOURCES 2023
  • Nosarev Aleksandr Iurevich
  • Zinniatullin Timur Ilshatovich
  • Varlamova Viktoriia Viktorovna
  • Gribkov Artem Dmitrievich
 RU2833413C1
METHOD AND SYSTEM FOR AUTOMATED DOCUMENTATION OF SECURITY THREATS AND VULNERABILITIES RELATED TO AN INFORMATION RESOURCE 2022
  • Lebedev Sergej Vyacheslavovich
  • Savin Mikhail Valerevich
 RU2789990C1
METHOD FOR AUTOMATED TESTING OF SOFTWARE AND HARDWARE SYSTEMS AND COMPLEXES 2018
  • Dukhvalov Andrej Petrovich
  • Rudina Ekaterina Aleksandrovna
  • Kort Semen Stanislavovich
  • Zolotnikov Vyacheslav Nikolaevich
 RU2715025C2
METHOD OF DETERMINING ACTUAL THREATS TO INFORMATION SECURITY OF INFORMATION INFRASTRUCTURE OBJECTS BASED ON WORD VECTORIZATION METHOD IN ARTIFICIAL NEURAL NETWORK 2024
  • Minakov Vladimir Aleksandrovich
  • Grigorev Sergej Vadimovich
 RU2833173C1
METHOD OF AUTOMATED DESIGN ENGENEERING OF HARDWARE AND SOFTWARE SYSTEMS AND COMPLEXES 2017
  • Dukhvalov Andrej Petrovich
  • Rudina Ekaterina Aleksandrovna
  • Kort Semen Stanislavovich
  • Zolotnikov Vyacheslav Nikolaevich
 RU2659740C1
CONTROL SYSTEM FOR SECURITY POLICY OF ELEMENTS OF CORPORATE COMMUNICATION NETWORK 2023
  • Dobryshin Mikhail Mikhailovich
  • Shugurov Dmitrii Evgenevich
  • Belov Andrei Sergeevich
  • Anisimov Vladimir Georgievich
  • Gromov Iurii Iurevich
  • Klimov Sergei Mikhailovich
  • Mishin Dmitrii Stanislavovich
  • Filin Andrei Viktorovich
 RU2813469C1
METHOD OF DETERMINING ACTUAL THREATS TO INFORMATION SECURITY OF INFORMATION INFRASTRUCTURE OBJECTS 2024
  • Minakov Vladimir Aleksandrovich
  • Grigorev Sergej Vadimovich
  • Brudanin Artem Viktorovich
 RU2834868C1
METHOD OF DETERMINING POTENTIAL THREATS TO INFORMATION SECURITY BASED ON INFORMATION ON VULNERABILITIES OF SOFTWARE 2019
  • Mamuta Vladimir Vladimirovich
  • Solovev Sergej Veniaminovich
 RU2705460C1

RU 2 783 224 C1

Authors

Butrik Ekaterina Evgenevna

Solovev Sergej Veniaminovich

Enyutin Aleksej Yurevich

Dates

2022-11-10Published

2021-09-15Filed

download Download PDF read Similar patents