TITLE:
Non-Homogeneous Stochastic Model for Cyber Security Predictions
AUTHORS:
Pubudu Kalpani Kaluarachchi, Chris P. Tsokos, Sasith M. Rajasooriya
KEYWORDS:
Vulnerability, Attack Graph, Markov Model, Security Evaluation, Expected Path Length (EPL), Common Vulnerability Scoring System (CVSS), Non Homogeneous Stochastic Model
JOURNAL NAME:
Journal of Information Security,
Vol.9 No.1,
November
30,
2017
ABSTRACT:
Any computer system with known vulnerabilities can be presented using attack graphs. An attacker generally has a mission to reach a goal state that he expects to achieve. Expected Path Length (EPL) [1] in the context of an attack graph describes the length or number of steps that the attacker has to take in achieving the goal state. However, EPL varies and it is based on the “state of vulnerabilities” [2] [3] in a given computer system. Any vulnerability throughout its life cycle passes through several stages that we identify as “states of the vulnerability life cycle” [2] [3]. In our previous studies we have developed mathematical models using Markovian theory to estimate the probability of a given vulnerability being in a particular state of its life cycle. There, we have considered a typical model of a computer network system with two computers subject to three vulnerabilities, and developed a method driven by an algorithm to estimate the EPL of this network system as a function of time. This approach is important because it allows us to monitor a computer system during the process of being exploited. Proposed non-homogeneous model in this study estimates the behavior of the EPL as a function of time and therefore act as an index of the risk associated with the network system getting exploited.