Author(s)

Sasith M. Rajasooriya^*, Chris. P. Tsokos, Pubudu Kalpani Kaluarachchi

Department of Mathematics and Statistics, University Of South Florida, Tampa, Florida, USA.

Obtaining complete information regarding discovered vulnerabilities looks extremely difficult. Yet, developing statistical models requires a great deal of such complete information about the vulnerabilities. In our previous studies, we introduced a new concept of “Risk Factor” of vulnerability which was calculated as a function of time. We introduced the use of Markovian approach to estimate the probability of a particular vulnerability being at a particular “state” of the vulnerability life cycle. In this study, we further develop our models, use available data sources in a probabilistic foundation to enhance the reliability and also introduce some useful new modeling strategies for vulnerability risk estimation. Finally, we present a new set of Non-Linear Statistical Models that can be used in estimating the probability of being exploited as a function of time. Our study is based on the typical security system and vulnerability data that are available. However, our methodology and system structure can be applied to a specific security system by any software engineer and using their own vulnerabilities to obtain their probability of being exploited as a function of time. This information is very important to a company’s security system in its strategic plan to monitor and improve its process for not being exploited.

Vulnerability Lifecycle, Stochastic Modeling, Security Risk Factor, Markov Process, Risk Evaluation

Rajasooriya, S. , Tsokos, C. and Kaluarachchi, P. (2017) Cyber Security: Nonlinear Stochastic Models for Predicting the Exploitability. Journal of Information Security, 8, 125-140. doi: 10.4236/jis.2017.82009.