TITLE:
Cybersecurity: A Statistical Predictive Model for the Expected Path Length
AUTHORS:
Pubudu Kalpani Kaluarachchi, Chris P. Tsokos, Sasith M. Rajasooriya
KEYWORDS:
Vulnerability, Attack Graph, Markov Model, Security Evaluation, Expected Path Length, CVSS
JOURNAL NAME:
Journal of Information Security,
Vol.7 No.3,
April
5,
2016
ABSTRACT: The object of this
study is to propose a statistical model for predicting the Expected Path Length
(expected number of steps the attacker will take, starting from the initial
state to compromise the security goal—EPL) in a cyber-attack. The model we
developed is based on utilizing vulnerability information along with having
host centric attack graph. Utilizing the developed model, one can identify the
interaction among the vulnerabilities and individual variables (risk factors)
that drive the Expected Path Length. Gaining a better understanding of the
relationship between vulnerabilities and their interactions can provide
security administrators a better view and an understanding of their security
status. In addition, we have also ranked the attributable variables and their contribution
in estimating the subject length. Thus, one can utilize the ranking process to
take precautions and actions to minimize Expected Path Length.