Non-Homogeneous Stochastic Model for Cyber Security Predictions - Journal of Information Security

JIS > Vol.9 No.1, January 2018

Journal of Information Security

Volume 9, Issue 1 (January 2018)

ISSN Print: 2153-1234 ISSN Online: 2153-1242

Google-based Impact Factor: 3.79 Citations

Non-Homogeneous Stochastic Model for Cyber Security Predictions ()

HTML XML

Download as PDF (Size: 483KB) PP. 12-24

DOI: 10.4236/jis.2018.91002 919 Downloads 2,018 Views Citations

Author(s)

Pubudu Kalpani Kaluarachchi^1*, Chris P. Tsokos², Sasith M. Rajasooriya³

Affiliation(s)

¹Department of Mathematical and Physical Sciences, Miami University, Middletown, Ohio, USA.
²Distinguished University Professor, Department of Mathematics and Statistics, University of South Florida, Tampa, Florida, USA.
³Department of Statistics, Miami University, Oxford, Ohio, USA.

ABSTRACT

Any computer system with known vulnerabilities can be presented using attack graphs. An attacker generally has a mission to reach a goal state that he expects to achieve. Expected Path Length (EPL) [1] in the context of an attack graph describes the length or number of steps that the attacker has to take in achieving the goal state. However, EPL varies and it is based on the “state of vulnerabilities” [2] [3] in a given computer system. Any vulnerability throughout its life cycle passes through several stages that we identify as “states of the vulnerability life cycle” [2] [3]. In our previous studies we have developed mathematical models using Markovian theory to estimate the probability of a given vulnerability being in a particular state of its life cycle. There, we have considered a typical model of a computer network system with two computers subject to three vulnerabilities, and developed a method driven by an algorithm to estimate the EPL of this network system as a function of time. This approach is important because it allows us to monitor a computer system during the process of being exploited. Proposed non-homogeneous model in this study estimates the behavior of the EPL as a function of time and therefore act as an index of the risk associated with the network system getting exploited.

KEYWORDS

Vulnerability, Attack Graph, Markov Model, Security Evaluation, Expected Path Length (EPL), Common Vulnerability Scoring System (CVSS), Non Homogeneous Stochastic Model

Share and Cite:

Kaluarachchi, P. , Tsokos, C. and Rajasooriya, S. (2018) Non-Homogeneous Stochastic Model for Cyber Security Predictions. Journal of Information Security, 9, 12-24. doi: 10.4236/jis.2018.91002.

Cited by

[1]	Towards an Improved Understanding of Software Vulnerability Assessment Using Data-Driven Approaches
	arXiv preprint arXiv:2207.11708, 2022

[2]	Cybersecurity: Identifying the Vulnerability Intensity Function (VIF) and Vulnerability Index Indicator (VII) of a Computer Operating System
	Journal of Information Security, 2022

[3]	An Analytical Approach to Assess and Compare the Vulnerability Risk of Operating Systems.
	2020

[4]	An Analytical Approach to Assess and Compare the Vulnerability Risk of Operating Systems
	2020

[5]	Nonhomogeneous Risk Rank Analysis Method for Security Network System
	2019

[6]	Automated software vulnerability assessment with concept drift
	2019

[7]	Stochastic models of just-in-time systems and windows of vulnerability in terms of the processes of birth and death
	2019

[8]	Original Paper Risk Rank Analysis Method for Vulnerabilities in a Network System
	Urban Studies and Public Administration, 2019

[9]	Mathematical Modeling, Numerical Methods and Software Complexes

Journals Menu

Follow SCIRP

	+1 323-425-8868
	customer@scirp.org
	+86 18163351462(WhatsApp)
	1655362766

	Paper Publishing WeChat

Journals Menu

Home

About SCIRP

Service

Policies