<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE article PUBLIC "-//NLM//DTD JATS (Z39.96) Journal Publishing DTD v1.3 20210610//EN" "JATS-journalpublishing1-3.dtd">
<article article-type="research-article" dtd-version="1.3" xmlns:mml="http://www.w3.org/1998/Math/MathML" xmlns:xlink="http://www.w3.org/1999/xlink" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xml:lang="ru"><front><journal-meta><journal-id journal-id-type="publisher-id">kaz29</journal-id><journal-title-group><journal-title xml:lang="ru">Вестник Казахстанско-Британского технического университета</journal-title><trans-title-group xml:lang="en"><trans-title>Herald of the Kazakh-British Technical University</trans-title></trans-title-group></journal-title-group><issn pub-type="ppub">1998-6688</issn><issn pub-type="epub">2959-8109</issn><publisher><publisher-name>Казахстанско-Британский Технический Университет</publisher-name></publisher></journal-meta><article-meta><article-id pub-id-type="doi">10.55452/1998-6688-2025-22-4-107-118</article-id><article-id custom-type="elpub" pub-id-type="custom">kaz29-2284</article-id><article-categories><subj-group subj-group-type="heading"><subject>Research Article</subject></subj-group><subj-group subj-group-type="section-heading" xml:lang="ru"><subject>КОМПЬЮТЕРНЫЕ НАУКИ</subject></subj-group><subj-group subj-group-type="section-heading" xml:lang="en"><subject>COMPUTER SCIENCE</subject></subj-group></article-categories><title-group><article-title>СРЕДСТВА ВЫЯВЛЕНИЯ УЯЗВИМОСТЕЙ ИНФОРМАЦИОННОЙ  БЕЗОПАСНОСТИ НА ОСНОВАНИИ ДАННЫХ  ТЕМАТИЧЕСКИХ ИНТЕРНЕТ-РЕСУРСОВ</article-title><trans-title-group xml:lang="en"><trans-title>TOOLS FOR IDENTIFYING INFORMATION SECURITY  VULNERABILITIES BASED ON DATA FROM INTERNET RESOURCES</trans-title></trans-title-group></title-group><contrib-group><contrib contrib-type="author" corresp="yes"><contrib-id contrib-id-type="orcid">https://orcid.org/0009-0003-5806-8542</contrib-id><name-alternatives><name name-style="eastern" xml:lang="ru"><surname>Самуйлова</surname><given-names>А.</given-names></name><name name-style="western" xml:lang="en"><surname>Samuilova</surname><given-names>A.</given-names></name></name-alternatives><bio xml:lang="ru"><p>магистрант</p><p>г. Алматы</p></bio><bio xml:lang="en"><p>Master’s student</p><p>Almaty</p></bio><email xlink:type="simple">anastassyiasamuilova@gmail.com</email><xref ref-type="aff" rid="aff-1"/></contrib></contrib-group><aff-alternatives id="aff-1"><aff xml:lang="ru">Казахский национальный университет им. аль-Фараби<country>Казахстан</country></aff><aff xml:lang="en">Al-Farabi Kazakh National University<country>Kazakhstan</country></aff></aff-alternatives><pub-date pub-type="collection"><year>2025</year></pub-date><pub-date pub-type="epub"><day>23</day><month>12</month><year>2025</year></pub-date><volume>22</volume><issue>4</issue><fpage>107</fpage><lpage>118</lpage><permissions><copyright-statement>Copyright &amp;#x00A9; Самуйлова А., 2025</copyright-statement><copyright-year>2025</copyright-year><copyright-holder xml:lang="ru">Самуйлова А.</copyright-holder><copyright-holder xml:lang="en">Samuilova A.</copyright-holder><license xml:lang="ru" license-type="creative-commons-attribution" xlink:href="https://creativecommons.org/licenses/by/4.0/" xlink:type="simple"><license-p>Данная работа распространяется под лицензией Creative Commons Attribution 4.0.</license-p></license><license xml:lang="en" license-type="creative-commons-attribution" xlink:href="https://creativecommons.org/licenses/by/4.0/" xlink:type="simple"><license-p>This work is licensed under a Creative Commons Attribution 4.0 License.</license-p></license></permissions><self-uri xlink:href="https://vestnik.kbtu.edu.kz/jour/article/view/2284">https://vestnik.kbtu.edu.kz/jour/article/view/2284</self-uri><abstract><p>По мере усложнения киберугроз традиционные методы обнаружения уязвимостей теряют эффективность. Цель данной работы – разработка и апробация подхода к выявлению уязвимостей на основе анализа данных с тематических интернет-ресурсов: форумов, блогов и социальных сетей. Эти источники содержат большое количество неструктурированной информации, что требует применения методов интеллектуального анализа данных. В работе используется интеграция современных технологий: предобученной языковой модели SecBERT (Security Bidirectional Encoder Representations from Transformers), предназначенной для задач в области кибербезопасности, и адаптивной нейро-нечеткой системы вывода DENFIS (Dynamic Evolving Neural-Fuzzy Inference System). Предлагаемая система позволяет фильтровать нерелевантные сообщения, выделять индикаторы компрометации и потенциальные угрозы. Применение нечеткой логики дает возможность эффективно обрабатывать неопределенную и неполную информацию. Проведенные эксперименты подтвердили высокую точность классификации и устойчивость нечеткой кластеризации (FPC = 0,93; PE = 0,28; XB = 0,042). Система продемонстрировала способность к своевременному выявлению признаков киберугроз и обладает потенциалом масштабирования для задач мониторинга и предсказания атак. Результаты свидетельствуют о его потенциале в повышении скорости реагирования на киберугрозы и усилении защиты информационных систем.</p></abstract><trans-abstract xml:lang="en"><p>As cyber threats become more complex, traditional vulnerability detection methods lose their effectiveness. The purpose of this work is to develop and test an approach to identifying vulnerabilities based on the analysis of data from thematic Internet resources: forums, blogs and social networks. These sources contain a large amount of unstructured information, which requires the use of data mining methods. The work uses the integration of modern technologies: the pre-trained SecBERT language model (Security Bidirectional Encoder Representations from Transformers), designed for cybersecurity tasks, and the adaptive neuro-fuzzy inference system DENFIS (Dynamic Evolving Neural-Fuzzy Inference System). The proposed system allows you to filter irrelevant messages, highlight indicators of compromise and potential threats. The use of fuzzy logic makes it possible to efficiently process vague and incomplete information. Experiments confirmed high classification accuracy and stable fuzzy clustering performance (FPC = 0.93; PE = 0.28; XB = 0.042). The system demonstrated the ability to promptly detect signs of cyber threats and has scalability potential for monitoring and attack prediction tasks. The results indicate its potential in increasing the speed of response to cyber threats and strengthening the protection of information systems.</p></trans-abstract><kwd-group xml:lang="ru"><kwd>уязвимости информационной безопасности</kwd><kwd>тематические интернет-ресурсы</kwd><kwd>трансформеры</kwd><kwd>SecBERT</kwd><kwd>нейро-нечеткая логика</kwd></kwd-group><kwd-group xml:lang="en"><kwd>information security vulnerabilities</kwd><kwd>thematic Internet resources</kwd><kwd>transformers</kwd><kwd>SecBERT</kwd><kwd>neurofuzzy logic</kwd></kwd-group></article-meta></front><back><ref-list><title>References</title><ref id="cit1"><label>1</label><citation-alternatives><mixed-citation xml:lang="ru">Sommer, R., and Paxson, V. Outside the Closed World: On Using Machine Learning for Network Intrusion Detection. Proceedings of the IEEE Symposium on Security and Privacy, 305–316 (2010). https://doi.org/10.1109/SP.2010.25.</mixed-citation><mixed-citation xml:lang="en">Sommer, R., and Paxson, V. Outside the Closed World: On Using Machine Learning for Network Intrusion Detection. Proceedings of the IEEE Symposium on Security and Privacy, 305–316 (2010). https://doi.org/10.1109/SP.2010.25.</mixed-citation></citation-alternatives></ref><ref id="cit2"><label>2</label><citation-alternatives><mixed-citation xml:lang="ru">Bilge, L., and Dumitras, T. Before We Knew It: An Empirical Study of Zero-Day Attacks in the Real World. Proceedings of the ACM Conference on Computer and Communications Security (CCS), 83–94 (2012). https://doi.org/10.1145/2382196.2382284.</mixed-citation><mixed-citation xml:lang="en">Bilge, L., and Dumitras, T. Before We Knew It: An Empirical Study of Zero-Day Attacks in the Real World. Proceedings of the ACM Conference on Computer and Communications Security (CCS), 83–94 (2012). https://doi.org/10.1145/2382196.2382284.</mixed-citation></citation-alternatives></ref><ref id="cit3"><label>3</label><citation-alternatives><mixed-citation xml:lang="ru">National Institute of Standards and Technology (NIST). National Vulnerability Database (NVD) (2010). https://nvd.nist.gov/.</mixed-citation><mixed-citation xml:lang="en">National Institute of Standards and Technology (NIST). National Vulnerability Database (NVD) (2010). https://nvd.nist.gov/.</mixed-citation></citation-alternatives></ref><ref id="cit4"><label>4</label><citation-alternatives><mixed-citation xml:lang="ru">Zhao, X., Wang, X., and Li, X. Vulnerability Disclosure and Information Verification Delays in Cybersecurity. Journal of Cybersecurity Research, 3 (2), 45–60 (2015).</mixed-citation><mixed-citation xml:lang="en">Zhao, X., Wang, X., and Li, X. Vulnerability Disclosure and Information Verification Delays in Cybersecurity. Journal of Cybersecurity Research, 3 (2), 45–60 (2015).</mixed-citation></citation-alternatives></ref><ref id="cit5"><label>5</label><citation-alternatives><mixed-citation xml:lang="ru">Wang, W., and Lu, Y. Mining Cyber Threat Intelligence from the Dark Web. IEEE Transactions on Information Forensics and Security, 13 (2), 275–286 (2018). https://doi.org/10.1109/TIFS.2017.2761918.</mixed-citation><mixed-citation xml:lang="en">Wang, W., and Lu, Y. Mining Cyber Threat Intelligence from the Dark Web. IEEE Transactions on Information Forensics and Security, 13 (2), 275–286 (2018). https://doi.org/10.1109/TIFS.2017.2761918.</mixed-citation></citation-alternatives></ref><ref id="cit6"><label>6</label><citation-alternatives><mixed-citation xml:lang="ru">O’Connor, N., and Torabi, A. Cyber Threat Intelligence: An Introduction. IEEE Security &amp; Privacy, 13 (3), 19–27 (2015).</mixed-citation><mixed-citation xml:lang="en">O’Connor, N., and Torabi, A. Cyber Threat Intelligence: An Introduction. IEEE Security &amp; Privacy, 13 (3), 19–27 (2015).</mixed-citation></citation-alternatives></ref><ref id="cit7"><label>7</label><citation-alternatives><mixed-citation xml:lang="ru">Cadar, C., Dunbar, D., and Engler, D. KLEE: Unassisted and Automatic Generation of High-Coverage Tests for Complex Systems Programs. Proceedings of the USENIX Symposium on Operating Systems Design and Implementation (OSDI), 209–224 (2008).</mixed-citation><mixed-citation xml:lang="en">Cadar, C., Dunbar, D., and Engler, D. KLEE: Unassisted and Automatic Generation of High-Coverage Tests for Complex Systems Programs. Proceedings of the USENIX Symposium on Operating Systems Design and Implementation (OSDI), 209–224 (2008).</mixed-citation></citation-alternatives></ref><ref id="cit8"><label>8</label><citation-alternatives><mixed-citation xml:lang="ru">Yadav, S., Sharma, A., and Gupta, M. Indicators of Compromise Analysis Using Threat Intelligence Platforms. Journal of Cybersecurity, 5 (4), 210–223 (2019). https://doi.org/10.5555/1855741.1855756.</mixed-citation><mixed-citation xml:lang="en">Yadav, S., Sharma, A., and Gupta, M. Indicators of Compromise Analysis Using Threat Intelligence Platforms. Journal of Cybersecurity, 5 (4), 210–223 (2019). https://doi.org/10.5555/1855741.1855756.</mixed-citation></citation-alternatives></ref><ref id="cit9"><label>9</label><citation-alternatives><mixed-citation xml:lang="ru">Devlin, J., Chang, M.W., Lee, K., and Toutanova, K. BERT: Pre-training of Deep Bidirectional Transformers for Language Understanding. Proceedings of NAACL HLT, 4171–4186 (2019). https://doi.org/10.18653/v1/N19-1423.</mixed-citation><mixed-citation xml:lang="en">Devlin, J., Chang, M.W., Lee, K., and Toutanova, K. BERT: Pre-training of Deep Bidirectional Transformers for Language Understanding. Proceedings of NAACL HLT, 4171–4186 (2019). https://doi.org/10.18653/v1/N19-1423.</mixed-citation></citation-alternatives></ref><ref id="cit10"><label>10</label><citation-alternatives><mixed-citation xml:lang="ru">Aghaei, E., Jain, S., Arun, P., and Sambamoorthy, A. SecureBERT 2.0: Advanced Language Model for Cybersecurity Intelligence. Cisco AI, San Jose, CA, USA (2025). {eaghaei, sjain2, parun, asambamo}@ cisco.com.</mixed-citation><mixed-citation xml:lang="en">Aghaei, E., Jain, S., Arun, P., and Sambamoorthy, A. SecureBERT 2.0: Advanced Language Model for Cybersecurity Intelligence. Cisco AI, San Jose, CA, USA (2025). {eaghaei, sjain2, parun, asambamo}@ cisco.com.</mixed-citation></citation-alternatives></ref><ref id="cit11"><label>11</label><citation-alternatives><mixed-citation xml:lang="ru">Jin, Y., Jang, E., Cui, J., Chung, J.-W., Lee, Y., and Shin, S. DarkBERT: A Language Model for the Dark Side of the Internet. KAIST, Daejeon, South Korea; S2W Inc., Seongnam, South Korea (2023). {ijinjin, claude}@kaist.ac.kr; {genesith, geeoon19, jwchung, lee}@s2w.inc. https://aclanthology.org/2023.acl-long.415.pdf.</mixed-citation><mixed-citation xml:lang="en">Jin, Y., Jang, E., Cui, J., Chung, J.-W., Lee, Y., and Shin, S. DarkBERT: A Language Model for the Dark Side of the Internet. KAIST, Daejeon, South Korea; S2W Inc., Seongnam, South Korea (2023). {ijinjin, claude}@kaist.ac.kr; {genesith, geeoon19, jwchung, lee}@s2w.inc. https://aclanthology.org/2023.acl-long.415.pdf.</mixed-citation></citation-alternatives></ref><ref id="cit12"><label>12</label><citation-alternatives><mixed-citation xml:lang="ru">Güven, M. A Comprehensive Review of Large Language Models in Cyber Security. International Journal of Computational and Experimental Science and Engineering, 10 (3), 507–516 (2024). https://doi.org/10.22399/ijcesen.469.</mixed-citation><mixed-citation xml:lang="en">Güven, M. A Comprehensive Review of Large Language Models in Cyber Security. International Journal of Computational and Experimental Science and Engineering, 10 (3), 507–516 (2024). https://doi.org/10.22399/ijcesen.469.</mixed-citation></citation-alternatives></ref><ref id="cit13"><label>13</label><citation-alternatives><mixed-citation xml:lang="ru">Vaswani, A., Shazeer, N., Parmar, N., Uszkoreit, J., Jones, L., Gomez, A.N., Kaiser, L., and Polosukhin, I. Attention Is All You Need. Advances in Neural Information Processing Systems (NeurIPS), 5998–6008 (2017). https://doi.org/10.48550/arXiv.1706.03762.</mixed-citation><mixed-citation xml:lang="en">Vaswani, A., Shazeer, N., Parmar, N., Uszkoreit, J., Jones, L., Gomez, A.N., Kaiser, L., and Polosukhin, I. Attention Is All You Need. Advances in Neural Information Processing Systems (NeurIPS), 5998–6008 (2017). https://doi.org/10.48550/arXiv.1706.03762.</mixed-citation></citation-alternatives></ref><ref id="cit14"><label>14</label><citation-alternatives><mixed-citation xml:lang="ru">Jang, J.S.R. ANFIS: Adaptive-Network-Based Fuzzy Inference System. IEEE Transactions on Systems, Man, and Cybernetics, 23 (3), 665–685 (1993). https://doi.org/10.1109/21.256541.</mixed-citation><mixed-citation xml:lang="en">Jang, J.S.R. ANFIS: Adaptive-Network-Based Fuzzy Inference System. IEEE Transactions on Systems, Man, and Cybernetics, 23 (3), 665–685 (1993). https://doi.org/10.1109/21.256541.</mixed-citation></citation-alternatives></ref><ref id="cit15"><label>15</label><citation-alternatives><mixed-citation xml:lang="ru">Kasabov, N., and Song, Q. DENFIS: Dynamic Evolving Neural-Fuzzy Inference System and Its Application for Time-Series Prediction. IEEE Transactions on Fuzzy Systems, 10 (2), 144–154 (2002). https://doi.org/10.1109/91.995117.</mixed-citation><mixed-citation xml:lang="en">Kasabov, N., and Song, Q. DENFIS: Dynamic Evolving Neural-Fuzzy Inference System and Its Application for Time-Series Prediction. IEEE Transactions on Fuzzy Systems, 10 (2), 144–154 (2002). https://doi.org/10.1109/91.995117.</mixed-citation></citation-alternatives></ref><ref id="cit16"><label>16</label><citation-alternatives><mixed-citation xml:lang="ru">Poletaev, V.S. Informatsionno-analiticheskaya sistema prognozirovaniya ugroz i uyazvimostey informatsionnoy bezopasnosti na osnove analiza dannykh tematicheskikh internet-resursov [InformationAnalytical System for Predicting Cybersecurity Threats and Vulnerabilities Based on Analysis of Thematic Internet Resources] (Ulyanovsk: UlSU, 2024), 172 p. (in Russian)</mixed-citation><mixed-citation xml:lang="en">Poletaev, V.S. Informatsionno-analiticheskaya sistema prognozirovaniya ugroz i uyazvimostey informatsionnoy bezopasnosti na osnove analiza dannykh tematicheskikh internet-resursov [InformationAnalytical System for Predicting Cybersecurity Threats and Vulnerabilities Based on Analysis of Thematic Internet Resources] (Ulyanovsk: UlSU, 2024), 172 p. (in Russian)</mixed-citation></citation-alternatives></ref></ref-list><fn-group><fn fn-type="conflict"><p>The authors declare that there are no conflicts of interest present.</p></fn></fn-group></back></article>
