Classification and coding of software defects resulting from cyberattacks

Abstract

Based on the analysis of the impact of cyberattacks on the state of operability of automated systems and complexes, the article proposes a methodology for classifying and coding defects of damaged software. The methodology for classifying and coding software defects was developed based on certain characteristics and classification features of the most common cyberattacks and software defects resulting from their effects. The classification is based on existing relationships between damaged software and possible defects resulting from cyberattacks, as well as between software defects and methods for their detection and recovery. Based on the analysis of classification features, the structure of the technological code of a damaged software defect was developed, the elements of which are certain classification features. Using the example of one of the types of cyberattacks, SQL-injection, a practical example of classification and assignment of codes for defects of damaged software is given, as well as options for possible combinations of defect codes that may arise during the action of a cyberattack of the type SQL-injection. In order to further formalize the repair of damaged software defects, a hierarchical relationship equal to the theoretical state tree of the SQL injection attack type is given, which corresponds to the order of classification and coding. The studies that have been conducted allow applying the methodology for classifying and coding damaged software defects due to cyberattacks for automated design of technological processes for diagnosing damaged software defects, as well as determining the feasibility of restoring software modules and solving other technological issues related to information protection.