文章基本信息

标题：Cyber Security: Nonlinear Stochastic Models for Predicting the Exploitability
本地全文：下载
作者：Sasith M. Rajasooriya ; Chris. P. Tsokos ; Pubudu Kalpani Kaluarachchi 等
期刊名称：Journal of Information Security
印刷版ISSN：2153-1234
电子版ISSN：2153-1242
出版年度：2017
卷号：08
期号：02
页码：125-140
DOI：10.4236/jis.2017.82009
语种：English
出版社：Scientific Research Publishing
摘要：Obtaining complete information regarding discovered vulnerabilities looks extremely difficult. Yet, developing statistical models requires a great deal of such complete information about the vulnerabilities. In our previous studies, we introduced a new concept of “Risk Factor” of vulnerability which was calculated as a function of time. We introduced the use of Markovian approach to estimate the probability of a particular vulnerability being at a particular “state” of the vulnerability life cycle. In this study, we further develop our models, use available data sources in a probabilistic foundation to enhance the reliability and also introduce some useful new modeling strategies for vulnerability risk estimation. Finally, we present a new set of Non-Linear Statistical Models that can be used in estimating the probability of being exploited as a function of time. Our study is based on the typical security system and vulnerability data that are available. However, our methodology and system structure can be applied to a specific security system by any software engineer and using their own vulnerabilities to obtain their probability of being exploited as a function of time. This information is very important to a company’s security system in its strategic plan to monitor and improve its process for not being exploited.
关键词：Vulnerability Lifecycle;Stochastic Modeling;Security Risk Factor;Markov Process;Risk Evaluation