TITLE:
Cybersecurity: A Stochastic Predictive Model to Determine Overall Network Security Risk Using Markovian Process
AUTHORS:
Nawa Raj Pokhrel, Chris P. Tsokos
KEYWORDS:
Vulnerability, Attack Graph, Markov Model, Exploitability, CVSS, FIRST, NVD, IDS
JOURNAL NAME:
Journal of Information Security,
Vol.8 No.2,
April
28,
2017
ABSTRACT: There
are several security metrics developed to protect the computer networks. In
general, common security metrics focus on qualitative and subjective aspects of
networks lacking formal statistical models. In the present study, we propose a
stochastic model to quantify the risk associated with the overall network using
Markovian process in conjunction with Common Vulnerability Scoring System (CVSS)
framework. The model we developed uses host access graph to represent the
network environment. Utilizing the developed model, one can filter the large
amount of information available by making a priority list of vulnerable nodes existing in the network. Once a priority list is prepared, network administrators
can make software patch decisions. Gaining in depth understanding of the risk
and priority level of each host helps individuals to implement decisions like
deployment of security products and to design network topologies.