FORMALIZATION OF THE CHOICE OF A METHOD FOR RESTORING DAMAGED SOFTWARE AS A RESULT OF CYBERATTACKS
DOI:
https://doi.org/10.28925/2663-4023.2025.28.855Keywords:
formalization; method of restoration; damaged software; technological conditions; relationships; properties; technological process of restoration; model; graph models.Abstract
The article proposes a methodology for the formalized choice of a method for restoring damaged software as a result of cyberattacks. The development of the presented methodology was carried out based on an analysis of modern formal methods and tools, which include logical-algebraic approaches to the analysis and restoration of software of information and communication systems. To develop the methodological materials given in this article, scientific developments of domestic and foreign specialists on modeling and verification of the operation of various models currently used in the field of cybersecurity were used. As a tool for formalizing the choice of a method for restoring damaged software, graph models were selected, which allow visualization of possible solutions for choosing a method for restoring damaged software and also provide an opportunity to design a technological process and assign an optimal route for restoring software defects. Based on the analysis of the components of the technological process of restoring damaged software, the main elements that require research are identified and a graph of relationships is constructed, with the help of which the relationships between the elements of one technological object and the relationships between the elements of different objects belonging to the structure of the technological process of restoring damaged software are determined. Conditions are formulated that confirm the truth of the relationships determined based on the results of the task of choosing a method for restoring damaged software as a result of cyberattacks. The main properties of the elements that implement the structure of the technological process of restoring damaged software are determined. Based on the relationships and main properties of the elements, technological conditions are formulated that allow choosing a rational method for restoring damaged software as a result of cyberattacks. The formalized rules that have been developed allow building algorithms for choosing a rational method for restoring software, as well as developing and implementing software tools to automate complex processes for analyzing and restoring systems after cyberattacks.
Downloads
References
Bartock, М., Cichonski, J., & Souppaya, М. (2018). Guide for Cybersecurity Event Recovery. NIST Special Publication 800-184. https://doi.org/10.6028/NIST.SP.800-184
Pogashiy, S.S. (2022). Models and methods of information protection in cyber-physical systems. Ukrainian Scientific Journal of Information Security, 28(2), 67–79.
Kovalenko, O.V. (2020). Models and methods for developing secure software for computer systems. (Dissertation of Doctor of Technical Sciences). Central Ukrainian National Technical University, Cherkasy.
Obodyak, V.K., Shelekhov, I.V., & Dovbysh, A.S. (2021). Modern information technologies in cybersecurity: monograph. Sumy: Sumy State University.
Pengyuan, L., Mengyu L., Zhang, L., Sokolsky, O., Sridhar, K., & Kong, F. (2024). Recovery from Adversarial Attacks in Cyber-physical Systems: Shallow, Deep and Exploratory Works. ACM Comput. Surv, 1, 1–38. https://doi.org/10.1145/3653974
Raffaele, R., Griffioen, P., & Sinopoli, B. (2020). Software Rejuvenation Under Persistent Attacks in Constrained Environments. IFAC PapersOnLine, 53-2, 4088–4094. https://www.sciencedirect.com
Kulik, T., Dongol, B., Gorm, P., & Schneider, S. (2022). A Survey of Practical Formal Methods for Security. Form. Asp. Comput. 34, 1–39. https://dl.acm.org/doi/full/10.1145/3522582
Ojo, C., Osoko, E., Okolo, J., & Jaji, M. (2024). Incident response: A structured model from detection to containment and recovery. World Journal of Advanced Research and Reviews 24(1), 1401–1407. https://doi:10.30574/wjarr.2024.24.1.3148
Drinkwater, K., & Sultan, S. (2022). Integrating Cybersecurity and Disaster Recovery: A Unified Approach to Business Continuity. https://www.researchgate.net/publication/383268245
Kulik, T., & Gorm, P. (2018). Towards Formal Verification of Cyber Security Standards. Proceedings of the Institute for System Programming of RAS, 30(4), 79–94. https:// DOI:10.15514/ISPRAS-2018-30(4)-5
Chow, K., Deshpande, U., Seshadri, S., & Liu, L. (2021). SRA: Smart Recovery Advisor for Cyber Attacks, SIGMOD/PODS ‘21: International Conference on Management of Data. Shaanxi, China: PODS.
Mishra, A., & Khurram, M. (2023). Security requirements specification by formal methods: a research metadata analysis. Multimedia Tools and Applications, 83, 41847–41866. https://link.springer.com/article/10.1007/s11042-023-17218-4
Sunandita Patra, S., Velazquez, A., Kang, M., & Nau, D. (2021). Using Online Planning and Acting to Recover from Cyberattacks on Software-defined Networks, AAAI Conference on Artificial Intelligence. Vancouver, Canada: AAAI-21.
Wachter, J. (2023). Graph models for cybersecurity - a survey. Klagenfurt, Austria: University of Klagenfurt. https://doi.org/10.48550/arXiv.2311.10050
Li, J., Yang, G., & Shao, Y. (2023). Ransomware Detection Metho-Based on TextGCN, 6th International Conference on Artificial Intelligence and Big Data (ICAIBD), Chengdu, China: MDPI Journal.
Wei, R., Cai, L., Aimin Yu, A., & Meng, D. (2021). DeepHunter: A Graph Neural Network Based Approach for Robust Cyber Threat Hunting. Security and Privacy in Communication Networks, 3–24. https://arxiv.org/abs/2104.09806
Rabzelj, M., Bohak, C., Južnič, L., Kos, A., & Sedlar, U. (2023). Cyberattack Graph Modeling for Visual Analytics. IEEE Access, 1, 1–34. https://doi.org/10.1109/access.2023.3304640
Vyshnivskyi, V., & Danilov I. (2023). A method for protecting a virtual cloud environment based on an attack structure graph. Modern Information Security, 1(53), 24–33. https://doi: 10.31673/2409-7292.2023.010003
Published
How to Cite
Issue
Section
License
Copyright (c) 2025 Юрій Добришин
This work is licensed under a Creative Commons Attribution-NonCommercial-ShareAlike 4.0 International License.
