TY - JOUR
T1 - Modeling of Extreme Vulnerability Disclosure in Smart City Industrial Environments
AU - Tang, Ming Jian
AU - Yin, Jiao
AU - Alazab, Mamoun
AU - Cao, Jinli
AU - Luo, Yuxiu
N1 - Funding Information:
Manuscript received April 10, 2020; revised August 15, 2020; accepted September 1, 2020. Date of publication September 7, 2020; date of current version March 5, 2021. The work of Jiao Yin was supported by the Science and Technology Research Program of Chongqing Municipal Education Commission of China under Grant KJQN201901306. Paper no. TII-20-1804. (Corresponding author: MingJian Tang.) MingJian Tang is with the Huawei Technologies Company Ltd., Shen-zhen 518129, China (e-mail: tmj2000@hotmail.com).
Publisher Copyright:
© 2005-2012 IEEE.
Copyright:
Copyright 2021 Elsevier B.V., All rights reserved.
PY - 2021/6
Y1 - 2021/6
N2 - With an ever-accelerating trend of cybercrimes due to software vulnerabilities and exposures in Smart City industrial environment, effective and proactive vulnerability risk management becomes imperative. Statistical models learning rich historical vulnerability disclosure data undoubtedly provide critical risk insights. In this article, based on extreme value theory coupled with generalized additive models, we propose a novel framework to model extreme vulnerability disclosure events under both stationary and nonstationary scenarios. By utilizing this rigorous framework, we initiated an important study on quantifying extreme cyber risks. Through extensive empirical studies using real-life datasets, our proposed framework proves to effectively capture the dynamics of extreme events. Furthermore, it enables us to address quantitatively some of the key cyber risk management questions.
AB - With an ever-accelerating trend of cybercrimes due to software vulnerabilities and exposures in Smart City industrial environment, effective and proactive vulnerability risk management becomes imperative. Statistical models learning rich historical vulnerability disclosure data undoubtedly provide critical risk insights. In this article, based on extreme value theory coupled with generalized additive models, we propose a novel framework to model extreme vulnerability disclosure events under both stationary and nonstationary scenarios. By utilizing this rigorous framework, we initiated an important study on quantifying extreme cyber risks. Through extensive empirical studies using real-life datasets, our proposed framework proves to effectively capture the dynamics of extreme events. Furthermore, it enables us to address quantitatively some of the key cyber risk management questions.
KW - Cybersecurity
KW - extreme value theory (EVT)
KW - extreme vulnerability disclosure (EVD)
KW - peak over threshold (POT)
UR - http://www.scopus.com/inward/record.url?scp=85092692923&partnerID=8YFLogxK
U2 - 10.1109/TII.2020.3022182
DO - 10.1109/TII.2020.3022182
M3 - Article
AN - SCOPUS:85092692923
VL - 17
SP - 4150
EP - 4158
JO - IEEE Transactions on Industrial Informatics
JF - IEEE Transactions on Industrial Informatics
SN - 1551-3203
IS - 6
M1 - 9187565
ER -