Exploiting vulnerability disclosures: Statistical framework and case study

Mingjian Tang, Mamoun Alazab, Yuxiu Luo

Research output: Chapter in Book/Report/Conference proceedingConference Paper published in Proceedingspeer-review


With an ever-increasing trend of cybercrimes and incidents due to software vulnerabilities and exposures, effective and proactive vulnerability management becomes imperative in modern organisations regardless large or small. Forecasting models leveraging rich historical vulnerability disclosure data undoubtedly provide important insights to inform the cyber community with the anticipated risks. In this paper, we proposed a novel framework for statistically analysing long-Term vulnerability time series between January 1999 and January 2016. By utilising this sound framework, we initiated an important study on not only testing but also modelling persistent volatilities in the data. In sharp contrast to the existing models, we consider capturing both mean and conditional variance latent in the disclosure series. Through extensive empirical studies, a composite model is shown to effectively capture the sporadic nature of vulnerability time series. In addition, this paper paves the way for further study on the stochastic perspective of cyber vulnerability proliferation towards more accurate prediction models and better risk management.

Original languageEnglish
Title of host publicationProceedings - 2016 Cybersecurity and Cyberforensics Conference, CCC 2016
Place of PublicationPiscataway, NJ
PublisherIEEE, Institute of Electrical and Electronics Engineers
Number of pages6
ISBN (Electronic)9781509026579
Publication statusPublished - 18 Oct 2016
Externally publishedYes
Event1st Cybersecurity and Cyberforensics Conference, CCC 2016 - Amman, Jordan
Duration: 2 Aug 20164 Aug 2016


Conference1st Cybersecurity and Cyberforensics Conference, CCC 2016


Dive into the research topics of 'Exploiting vulnerability disclosures: Statistical framework and case study'. Together they form a unique fingerprint.

Cite this