文章基本信息

标题：Cybersecurity: A Statistical Predictive Model for the Expected Path Length
本地全文：下载
作者：Pubudu Kalpani Kaluarachchi ; Chris P. Tsokos ; Sasith M. Rajasooriya 等
期刊名称：Journal of Information Security
印刷版ISSN：2153-1234
电子版ISSN：2153-1242
出版年度：2016
卷号：07
期号：03
页码：112-128
DOI：10.4236/jis.2016.73008
语种：English
出版社：Scientific Research Publishing
摘要：The object of this study is to propose a statistical model for predicting the Expected Path Length (expected number of steps the attacker will take, starting from the initial state to compromise the security goal—EPL) in a cyber-attack. The model we developed is based on utilizing vulnerability information along with having host centric attack graph. Utilizing the developed model, one can identify the interaction among the vulnerabilities and individual variables (risk factors) that drive the Expected Path Length. Gaining a better understanding of the relationship between vulnerabilities and their interactions can provide security administrators a better view and an understanding of their security status. In addition, we have also ranked the attributable variables and their contribution in estimating the subject length. Thus, one can utilize the ranking process to take precautions and actions to minimize Expected Path Length.
关键词：Vulnerability;Attack Graph;Markov Model;Security Evaluation;Expected Path Length;CVSS