文章基本信息

标题：Non-Homogeneous Stochastic Model for Cyber Security Predictions
本地全文：下载
作者：Pubudu Kalpani Kaluarachchi ; Chris P. Tsokos ; Sasith M. Rajasooriya 等
期刊名称：Journal of Information Security
印刷版ISSN：2153-1234
电子版ISSN：2153-1242
出版年度：2018
卷号：09
期号：01
页码：12-24
DOI：10.4236/jis.2018.91002
语种：English
出版社：Scientific Research Publishing
摘要：Any computer system with known vulnerabilities can be presented using attack graphs. An attacker generally has a mission to reach a goal state that he expects to achieve. Expected Path Length (EPL) [1] in the context of an attack graph describes the length or number of steps that the attacker has to take in achieving the goal state. However, EPL varies and it is based on the “ state of vulnerabilities ” [2] [3] in a given computer system. Any vulnerability throughout its life cycle passes through several stages that we identify as “ states of the vulnerability life cycle ” [2] [3] . In our previous studies we have developed mathematical models using Markovian theory to estimate the probability of a given vulnerability being in a particular state of its life cycle. There, we have considered a typical model of a computer network system with two computers subject to three vulnerabilities, and developed a method driven by an algorithm to estimate the EPL of this network system as a function of time. This approach is important because it allows us to monitor a computer system during the process of being exploited. Proposed non-homogeneous model in this study estimates the behavior of the EPL as a function of time and therefore act as an index of the risk associated with the network system getting exploited.
关键词：Vulnerability;Attack Graph;Markov Model;Security Evaluation;Expected Path Length (EPL);Common Vulnerability Scoring System (CVSS);Non Homogeneous Stochastic Model