+7 (495) 987 43 74 ext. 3304
Join us -              
Рус   |   Eng


Kharlamov Pavel S.

Student, Information Technology in Economics and Management Department, Branch of the National Research University "MPEI" in Smolensk
Smolensk, Russia

Virtualization of information object vulnerability testing container based on DeX technology and deep learning neural networks

The modern development of information security tools, along with the improvement of remote access methods, allows software and hardware to be audited without the need for direct access to the system under test. One of its components is related to the implementation of software on mobile ARM processor architectures. Within this direction of development, the approach that allows integrating Linux kernel-based distributions by introducing a virtual container chroot (change root) into the Android OS- based system and, consequently, performing penetration testing without the need to use personal computers is highlighted. An example of this approach is the Kali NetHunter distribution which allows remote system administration functionality through the KeX module. Besides the obvious advantages of KeX functionality, some disadvantages should also be mentioned: firstly, the low speed of GUI processing due to translation to remote hosts and the need to support translation at operating system level; secondly, the consumption of energy resources when using the desktop features of the KeX module. In order to solve the mentioned problems, a system of virtualization of energy-efficient container for testing the vulnerabilities of critical information objects has been developed and based on the principle of multi-containerization. The software of the system is represented by two components: an enlarged module for integration of the chroot container into the DeX environment (primary), and an enlarged module for ensuring energy efficiency using predictive neural network models based on variable time intervals (secondary). As a result of comparing the effectiveness of existing and implemented approaches in penetration testing, it is noted that the proposed system can be used in testing the security of particular platforms and systems, including highly sensitive information objects or resources. Read more...