TITLE:
Stochastic Modelling of Vulnerability Life Cycle and Security Risk Evaluation
AUTHORS:
Sasith M. Rajasooriya, Chris P. Tsokos, Pubudu Kalpani Kaluarachchi
KEYWORDS:
Stochastic Modelling, Security, Risk Evaluation, Vulnerability Life Cycle, Risk Factor
JOURNAL NAME:
Journal of Information Security,
Vol.7 No.4,
July
21,
2016
ABSTRACT: The
objective of the present study is to propose a risk evaluation statistical
model for a given vulnerability by examining the Vulnerability Life Cycle and
the CVSS score. Having a better understanding of the behavior of vulnerability
with respect to time will give us a great advantage. Such understanding will
help us to avoid exploitations and introduce patches for a particular
vulnerability before the attacker takes the advantage. Utilizing the proposed
model one can identify the risk factor of a specific vulnerability being
exploited as a function of time. Measuring of the risk factor of a given
vulnerability will also help to improve the security level of software and to
make appropriate decisions to patch the vulnerability before an exploitation
takes place.