Exploiting vulnerability disclosures

Statistical framework and case study

Mingjian Tang, Mamoun Alazab, Yuxiu Luo

Research output: Chapter in Book/Report/Conference proceedingConference Paper published in ProceedingsResearchpeer-review

Abstract

With an ever-increasing trend of cybercrimes and incidents due to software vulnerabilities and exposures, effective and proactive vulnerability management becomes imperative in modern organisations regardless large or small. Forecasting models leveraging rich historical vulnerability disclosure data undoubtedly provide important insights to inform the cyber community with the anticipated risks. In this paper, we proposed a novel framework for statistically analysing long-Term vulnerability time series between January 1999 and January 2016. By utilising this sound framework, we initiated an important study on not only testing but also modelling persistent volatilities in the data. In sharp contrast to the existing models, we consider capturing both mean and conditional variance latent in the disclosure series. Through extensive empirical studies, a composite model is shown to effectively capture the sporadic nature of vulnerability time series. In addition, this paper paves the way for further study on the stochastic perspective of cyber vulnerability proliferation towards more accurate prediction models and better risk management.

Original languageEnglish
Title of host publicationProceedings - 2016 Cybersecurity and Cyberforensics Conference, CCC 2016
Place of PublicationAmman, Jordan
PublisherIEEE, Institute of Electrical and Electronics Engineers
Pages117-122
Number of pages6
ISBN (Electronic)9781509026579
DOIs
Publication statusPublished - 18 Oct 2016
Event1st Cybersecurity and Cyberforensics Conference, CCC 2016 - Amman, Jordan
Duration: 2 Aug 20164 Aug 2016

Conference

Conference1st Cybersecurity and Cyberforensics Conference, CCC 2016
CountryJordan
CityAmman
Period2/08/164/08/16

Fingerprint

vulnerability
Time series
time series
Risk management
Acoustic waves
risk management
proliferation
incident
Composite materials
Testing
trend
management
community

Cite this

Tang, M., Alazab, M., & Luo, Y. (2016). Exploiting vulnerability disclosures: Statistical framework and case study. In Proceedings - 2016 Cybersecurity and Cyberforensics Conference, CCC 2016 (pp. 117-122). [16397865] Amman, Jordan: IEEE, Institute of Electrical and Electronics Engineers. https://doi.org/10.1109/CCC.2016.10
Tang, Mingjian ; Alazab, Mamoun ; Luo, Yuxiu. / Exploiting vulnerability disclosures : Statistical framework and case study. Proceedings - 2016 Cybersecurity and Cyberforensics Conference, CCC 2016. Amman, Jordan : IEEE, Institute of Electrical and Electronics Engineers, 2016. pp. 117-122
@inproceedings{4684d156a94e412c94bf30f23bf124ce,
title = "Exploiting vulnerability disclosures: Statistical framework and case study",
abstract = "With an ever-increasing trend of cybercrimes and incidents due to software vulnerabilities and exposures, effective and proactive vulnerability management becomes imperative in modern organisations regardless large or small. Forecasting models leveraging rich historical vulnerability disclosure data undoubtedly provide important insights to inform the cyber community with the anticipated risks. In this paper, we proposed a novel framework for statistically analysing long-Term vulnerability time series between January 1999 and January 2016. By utilising this sound framework, we initiated an important study on not only testing but also modelling persistent volatilities in the data. In sharp contrast to the existing models, we consider capturing both mean and conditional variance latent in the disclosure series. Through extensive empirical studies, a composite model is shown to effectively capture the sporadic nature of vulnerability time series. In addition, this paper paves the way for further study on the stochastic perspective of cyber vulnerability proliferation towards more accurate prediction models and better risk management.",
keywords = "Cyber security, Generalised autoregressive conditional heteroskedasticity, Time series, Volatility, Vulnerability",
author = "Mingjian Tang and Mamoun Alazab and Yuxiu Luo",
year = "2016",
month = "10",
day = "18",
doi = "10.1109/CCC.2016.10",
language = "English",
pages = "117--122",
booktitle = "Proceedings - 2016 Cybersecurity and Cyberforensics Conference, CCC 2016",
publisher = "IEEE, Institute of Electrical and Electronics Engineers",
address = "United States",

}

Tang, M, Alazab, M & Luo, Y 2016, Exploiting vulnerability disclosures: Statistical framework and case study. in Proceedings - 2016 Cybersecurity and Cyberforensics Conference, CCC 2016., 16397865, IEEE, Institute of Electrical and Electronics Engineers, Amman, Jordan, pp. 117-122, 1st Cybersecurity and Cyberforensics Conference, CCC 2016, Amman, Jordan, 2/08/16. https://doi.org/10.1109/CCC.2016.10

Exploiting vulnerability disclosures : Statistical framework and case study. / Tang, Mingjian; Alazab, Mamoun; Luo, Yuxiu.

Proceedings - 2016 Cybersecurity and Cyberforensics Conference, CCC 2016. Amman, Jordan : IEEE, Institute of Electrical and Electronics Engineers, 2016. p. 117-122 16397865.

Research output: Chapter in Book/Report/Conference proceedingConference Paper published in ProceedingsResearchpeer-review

TY - GEN

T1 - Exploiting vulnerability disclosures

T2 - Statistical framework and case study

AU - Tang, Mingjian

AU - Alazab, Mamoun

AU - Luo, Yuxiu

PY - 2016/10/18

Y1 - 2016/10/18

N2 - With an ever-increasing trend of cybercrimes and incidents due to software vulnerabilities and exposures, effective and proactive vulnerability management becomes imperative in modern organisations regardless large or small. Forecasting models leveraging rich historical vulnerability disclosure data undoubtedly provide important insights to inform the cyber community with the anticipated risks. In this paper, we proposed a novel framework for statistically analysing long-Term vulnerability time series between January 1999 and January 2016. By utilising this sound framework, we initiated an important study on not only testing but also modelling persistent volatilities in the data. In sharp contrast to the existing models, we consider capturing both mean and conditional variance latent in the disclosure series. Through extensive empirical studies, a composite model is shown to effectively capture the sporadic nature of vulnerability time series. In addition, this paper paves the way for further study on the stochastic perspective of cyber vulnerability proliferation towards more accurate prediction models and better risk management.

AB - With an ever-increasing trend of cybercrimes and incidents due to software vulnerabilities and exposures, effective and proactive vulnerability management becomes imperative in modern organisations regardless large or small. Forecasting models leveraging rich historical vulnerability disclosure data undoubtedly provide important insights to inform the cyber community with the anticipated risks. In this paper, we proposed a novel framework for statistically analysing long-Term vulnerability time series between January 1999 and January 2016. By utilising this sound framework, we initiated an important study on not only testing but also modelling persistent volatilities in the data. In sharp contrast to the existing models, we consider capturing both mean and conditional variance latent in the disclosure series. Through extensive empirical studies, a composite model is shown to effectively capture the sporadic nature of vulnerability time series. In addition, this paper paves the way for further study on the stochastic perspective of cyber vulnerability proliferation towards more accurate prediction models and better risk management.

KW - Cyber security

KW - Generalised autoregressive conditional heteroskedasticity

KW - Time series

KW - Volatility

KW - Vulnerability

UR - http://www.scopus.com/inward/record.url?scp=84994877156&partnerID=8YFLogxK

U2 - 10.1109/CCC.2016.10

DO - 10.1109/CCC.2016.10

M3 - Conference Paper published in Proceedings

SP - 117

EP - 122

BT - Proceedings - 2016 Cybersecurity and Cyberforensics Conference, CCC 2016

PB - IEEE, Institute of Electrical and Electronics Engineers

CY - Amman, Jordan

ER -

Tang M, Alazab M, Luo Y. Exploiting vulnerability disclosures: Statistical framework and case study. In Proceedings - 2016 Cybersecurity and Cyberforensics Conference, CCC 2016. Amman, Jordan: IEEE, Institute of Electrical and Electronics Engineers. 2016. p. 117-122. 16397865 https://doi.org/10.1109/CCC.2016.10