Exploiting Vulnerability Disclosures: Statistical Framework and Case Study

2016 Cybersecurity and Cyberforensics Conference (CCC) Pub Date : 2016-10-18 DOI:10.1109/CCC.2016.10

Mingjian Tang, M. Alazab, Yuxiu Luo

{"title":"Exploiting Vulnerability Disclosures: Statistical Framework and Case Study","authors":"Mingjian Tang, M. Alazab, Yuxiu Luo","doi":"10.1109/CCC.2016.10","DOIUrl":null,"url":null,"abstract":"With an ever-increasing trend of cybercrimes and incidents due to software vulnerabilities and exposures, effective and proactive vulnerability management becomes imperative in modern organisations regardless large or small. Forecasting models leveraging rich historical vulnerability disclosure data undoubtedly provide important insights to inform the cyber community with the anticipated risks. In this paper, we proposed a novel framework for statistically analysing long-term vulnerability time series between January 1999 and January 2016. By utilising this sound framework, we initiated an important study on not only testing but also modelling persistent volatilities in the data. In sharp contrast to the existing models, we consider capturing both mean and conditional variance latent in the disclosure series. Through extensive empirical studies, a composite model is shown to effectively capture the sporadic nature of vulnerability time series. In addition, this paper paves the way for further study on the stochastic perspective of cyber vulnerability proliferation towards more accurate prediction models and better risk management.","PeriodicalId":120509,"journal":{"name":"2016 Cybersecurity and Cyberforensics Conference (CCC)","volume":"80 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2016-10-18","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"8","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"2016 Cybersecurity and Cyberforensics Conference (CCC)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/CCC.2016.10","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 8

Abstract

With an ever-increasing trend of cybercrimes and incidents due to software vulnerabilities and exposures, effective and proactive vulnerability management becomes imperative in modern organisations regardless large or small. Forecasting models leveraging rich historical vulnerability disclosure data undoubtedly provide important insights to inform the cyber community with the anticipated risks. In this paper, we proposed a novel framework for statistically analysing long-term vulnerability time series between January 1999 and January 2016. By utilising this sound framework, we initiated an important study on not only testing but also modelling persistent volatilities in the data. In sharp contrast to the existing models, we consider capturing both mean and conditional variance latent in the disclosure series. Through extensive empirical studies, a composite model is shown to effectively capture the sporadic nature of vulnerability time series. In addition, this paper paves the way for further study on the stochastic perspective of cyber vulnerability proliferation towards more accurate prediction models and better risk management.

查看原文本刊更多论文

利用漏洞披露:统计框架和案例研究

随着软件漏洞和暴露导致的网络犯罪和事件的不断增加，有效和主动的漏洞管理对于现代组织，无论大小，都是必不可少的。利用丰富的历史漏洞披露数据的预测模型无疑为告知网络社区预期的风险提供了重要的见解。在本文中，我们提出了一个新的框架，用于统计分析1999年1月至2016年1月之间的长期脆弱性时间序列。通过利用这一健全的框架，我们开始了一项重要的研究，不仅对数据的持续波动进行测试，而且对数据的持续波动进行建模。与现有模型形成鲜明对比的是，我们考虑捕获披露系列中潜在的均值和条件方差。通过大量的实证研究，表明复合模型可以有效地捕捉脆弱性时间序列的偶发性。此外，本文还为进一步从网络脆弱性扩散的随机视角进行研究，建立更准确的预测模型和更好的风险管理奠定了基础。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文求助全文

来源期刊

2016 Cybersecurity and Cyberforensics Conference (CCC)

自引率

0.00%

发文量