Abstract
With an ever-increasing trend of cybercrimes and incidents due to software vulnerabilities and exposures, effective and proactive vulnerability management becomes imperative in modern organisations regardless large or small. Forecasting models leveraging rich historical vulnerability disclosure data undoubtedly provide important insights to inform the cyber community with the anticipated risks. In this paper, we proposed a novel framework for statistically analysing long-Term vulnerability time series between January 1999 and January 2016. By utilising this sound framework, we initiated an important study on not only testing but also modelling persistent volatilities in the data. In sharp contrast to the existing models, we consider capturing both mean and conditional variance latent in the disclosure series. Through extensive empirical studies, a composite model is shown to effectively capture the sporadic nature of vulnerability time series. In addition, this paper paves the way for further study on the stochastic perspective of cyber vulnerability proliferation towards more accurate prediction models and better risk management.
Original language | English |
---|---|
Title of host publication | Proceedings - 2016 Cybersecurity and Cyberforensics Conference, CCC 2016 |
Place of Publication | Piscataway, NJ |
Publisher | IEEE, Institute of Electrical and Electronics Engineers |
Pages | 117-122 |
Number of pages | 6 |
Volume | 1 |
ISBN (Electronic) | 9781509026579 |
DOIs | |
Publication status | Published - 18 Oct 2016 |
Externally published | Yes |
Event | 1st Cybersecurity and Cyberforensics Conference, CCC 2016 - Amman, Jordan Duration: 2 Aug 2016 → 4 Aug 2016 |
Conference
Conference | 1st Cybersecurity and Cyberforensics Conference, CCC 2016 |
---|---|
Country/Territory | Jordan |
City | Amman |
Period | 2/08/16 → 4/08/16 |