Statistical Analysis and Modeling of Cyber Security and Health Sciences

Pokhrel, Nawa Raj

29 May 2018

Being in the era of information technology, importance and applicability of analytical statistical model an interdisciplinary setting in the modern statistics have increased significantly. Conceptually understanding the vulnerabilities in statistical perspective helps to develop the set of modern statistical models and bridges the gap between cybersecurity and abstract statistical /mathematical knowledge. In this dissertation, our primary goal is to develop series of the strong statistical model in software vulnerability in conjunction with Common Vulnerability Scoring System (CVSS) framework. In nutshell, the overall research lies at the intersection of statistical modeling, cybersecurity, and data mining. Furthermore, we generalize the model of software vulnerability to health science particularly in the stomach cancer data. In the context of cybersecurity, we have applied the well-known Markovian process in the combination of CVSS framework to determine the overall network security risk. The developed model can be used to identify critical nodes in the host access graph where attackers may be most likely to focus. Based on that information, a network administrator can make appropriate, prioritized decisions for system patching. Further, a flexible risk ranking technique is described, where the decisions made by an attacker can be adjusted using a bias factor. The model can be generalized for use with complicated network environments. We have further proposed a vulnerability analytic prediction model based on linear and non-linear approaches via time series analysis. Using currently available data from National Vulnerability Database (NVD) this study develops and present sets of predictive model by utilizing Auto Regressive Moving Average (ARIMA), Artificial Neural Network (ANN), and Support Vector Machine (SVM) settings. The best model which provides the minimum error rate is selected for prediction of future vulnerabilities. In addition, we purpose a new philosophy of software vulnerability life cycle. It says that vulnerability saturation is a local phenomenon, and it possesses an increasing cyclic behavior within the software vulnerability life cycle. Based on the new philosophy of software vulnerability life cycle, we purpose new effective differential equation model to predict future software vulnerabilities by utilizing the vulnerability dataset of three major OS: Windows 7, Linux Kernel, and Mac OS X. The proposed analytical model is compared with existing models in terms of fitting and prediction accuracy. Finally, the predictive model not only applicable to predict future vulnerability but it can be used in the various domain such as engineering, finance, business, health science, and among others. For instance, we extended the idea on health science; to predict the malignant tumor size of stomach cancer as a function of age based on the given historical data from Surveillance Epidemiology and End Results (SEER).

Software Vulnerability

Differential Equation

Operating System

ARIMA

SHEER

Statistics and Probability

Don’t let my Heart bleed! : An event study methodology in Heartbleed vulnerability case.

Lioupras, Ioannis, Manthou, Eleni

January 2014

Due to the rapid evolution of technology, IT software has become incredibly complex. However the human factor still has a very important role on the application of it, since people are responsible to create software. Consequently, software vulnerabilities represent inevitable drawbacks, found to cost extremely large amounts of money to the companies. “Heartbleed” is a recently discovered vulnerability with no prior investigation that answers questions about the impact it has to the companies affected. This paper focuses on the impact of it on the market value of the companies who participated in the vulnerability disclosure process with the help of an event study methodology. Furthermore our analysis investigates if there is a different affection to the value of the company based on the roles those companies had in the process. Our results suggest that the market did not punish the companies about the existence of vulnerability. However the general negative reaction of the market to the incident reflects the importance of a strategic vulnerability disclosure plan for such cases.

software vulnerability

IT risk management

disclosure policies

event study methodology

Real-Time Software Vulnerabilities in Cloud Computing : Challenges and Mitigation Techniques

Okonoboh, Matthias Aifuobhokhan, Tekkali, Sudhakar

January 2011

Context: Cloud computing is rapidly emerging in the area of distributed computing. In the meantime, many organizations also attributed the technology to be associated with several business risks which are yet to be resolved. These challenges include lack of adequate security, privacy and legal issues, resource allocation, control over data, system integrity, risk assessment, software vulnerabilities and so on which all have compromising effect in cloud environment. Organizations based their worried on how to develop adequate mitigation strategies for effective control measures and to balancing common expectation between cloud providers and cloud users. However, many researches tend to focus on cloud computing adoption and implementation and with less attention to vulnerabilities and attacks in cloud computing. This paper gives an overview of common challenges and mitigation techniques or practices, describes general security issues and identifies future requirements for security research in cloud computing, given the current trend and industrial practices. Objectives: We identified common challenges and linked them with some compromising attributes in cloud as well as mitigation techniques and their impacts in cloud practices applicable in cloud computing. We also identified frameworks we consider relevant for identifying threats due to vulnerabilities based on information from the reviewed literatures and findings. Methods: We conducted a systematic literature review (SLR) specifically to identify empirical studies focus on challenges and mitigation techniques and to identify mitigation practices in addressing software vulnerabilities and attacks in cloud computing. Studies were selected based on the inclusion/exclusion criteria we defined in the SLR process. We search through four databases which include IEEE Xplore, ACM Digital Library, SpringerLinks and SciencDirect. We limited our search to papers published from 2001 to 2010. In additional, we then used the collected data and knowledge from finding after the SLR, to design a questionnaire which was used to conduct industrial survey which also identifies cloud computing challenges and mitigation practices persistent in industry settings. Results: Based on the SLR a total of 27 challenges and 20 mitigation techniques were identified. We further identified 7 frameworks we considered relevant for mitigating the prevalence real-time software vulnerabilities and attacks in the cloud. The identified challenges and mitigation practices were linked to compromised cloud attributes and the way mitigations practices affects cloud computing, respectively. Furthermore, 5 and 3 additional challenges and suggested mitigation practices were identified in the survey. Conclusion: This study has identified common challenges and mitigation techniques, as well as frameworks practices relevant for mitigating real-time software vulnerabilities and attacks in cloud computing. We cannot make claim on exhaustive identification of challenges and mitigation practices associated with cloud computing. We acknowledge the fact that our findings might not be sufficient to generalize the effect of the different service models which include SaaS, IaaS and PaaS, and also true for the different deployment models such as private, public, community and hybrid. However, this study we assist both cloud provider and cloud customers on the security, privacy, integrity and other related issues and useful in the part of identifying further research area that can help in enhancing security, privacy, resource allocation and maintain integrity in the cloud environment. / Kungsmarksvagen 67 SE-371 44 Karlskrona Sweden Tel: 0737159290

Cloud Computing

Software Vulnerability

System Integrity

Distributed Systems

Computer Sciences

Datavetenskap (datalogi)

Software Engineering

Programvaruteknik

Predicting vulnerability for requirements: A data-driven approach

Imtiaz, Sayem Mohammad

09 August 2019

Being software security one of the primary concerns in the software engineering community, researchers are coming up with many preemptive approaches which are primarily designed to detect vulnerabilities in the post-implementation stage of the software development life-cycle (SDLC). While they have been shown to be effective in detecting vulnerabilities, the consequences are often expensive. Accommodating changes after detecting a bug or vulnerability in late stages of the SDLC is costly. On that account, in this thesis, we propose a novel framework to provide an additional measure of predicting vulnerabilities at earlier stages of the SDLC. To that end, we leverage state-of-the-art machine learning classification algorithms to predict vulnerabilities for new requirements. We also present a case study on a large open-source-software (OSS) system, Firefox, evaluating the effectiveness of the extended prediction module. The results demonstrate that the framework could be a viable augmentation to the traditional vulnerabilityighting tools.

information retrieval

machine learning

requirement traceability

software security

software vulnerability prediction

Vulnerability Reports Analysis and Management / Vulnerability Reports Analysis and Management

Domány, Dušan

January 2011

Various vulnerabilities in software products can often represent a significant security threat if they are discovered by malicious attackers. It is therefore important to identify these vulnerabilities and report their presence to responsible persons before they are exploited by malicious subjects. The number of security reports about discovered vulnerabilities in various software products has grown rapidly over the last decade. It is becoming more and more difficult to process all of the incoming reports manually. This work discusses various methods that can be used to automate several important processes in collecting and sorting the reports. The reports are analyzed in various ways, including techniques of text mining, and the results of the analysis are applied in form of practical implementation.

Environmentally aware vulnerability prioritisation within large networks : A proposed novel method

Lenander, Marcus, Tigerström, Jakob

January 2022

Background. Software vulnerabilities are a constant threat to organisations, businesses, and individuals. Keeping all devices patched from security software vulnerabilities is complex and time-consuming. Companies must use resources efficiently to ensure that the most severe security vulnerability is prioritised first. Today’s state-of-the-art prioritisation method only relies on the severity of the vulnerability without its environmental context. We propose a novel method that automatically prioritises the vulnerabilities in a device based on its environmental information, such as role and criticality. Objectives. This thesis aims to analyse to what extent vulnerabilities can be prioritised based on the environmental information of the device. Furthermore, we investigate the possibility of automatically estimating the role and criticality of a device and to what extent they can more accurately reflect the severity of the vulnerabilities present in the device. Methods. The proposed novel method uses environmental information found by a vulnerability scanner. Based on this information, the method estimates the role of the device. The role is then used by the method to estimate the criticality of the device. Based on the criticality and environmental information, a new vulnerability score is calculated for each vulnerability, and the list is reprioritised based on the latest score. We further apply an experimental study to analyse the assessment of the method against experts' assessment. Results. The experimental study indicates that the method performs slightly better than the state-of-the-art method. The proposed novel method estimated the primary role with an accuracy of 100% and the secondary role with an accuracy of 71.4%. The method's criticality assessment has a moderate agreement with the experts' criticality assessment. Overall, the method's reprioritised vulnerability lists correlate almost perfectly with the experts' vulnerability lists. Conclusions. Considering the environmental information during the prioritisation of vulnerabilities is beneficial. We find that our method performs slightly better than the state-of-the-art method. The proposed method needs further improvements to give a better criticality estimation. However, more research is required to claim that system administrators could benefit from using the proposed method when prioritising vulnerabilities. / Bakgrund. Sårbarheter i programvara är ett konstant hot mot organisationer och företag såväl som till privatpersoner. Att se till att enheterna är säkra är en komplex och tidskrävande uppgift. Det är därför viktigt att prioritera den tiden som finns dit där den gör mest nytta, det vill säga att åtgärda den allvarligaste sårbarheten först. Den allra bästa sårbarheter prioriterings metoden baseras på allvarlighetsgraden utan att ta hänsyn till sårbarhetens miljömetrik. Därav föreslår vi en ny prioriterings metod som automatiskt prioriterar sårbarheterna baserat på en enhets miljömetrik så som roll och kritikalitet. Syfte. Syftet med detta arbetet är att avgöra i vilken utsträckning det går att prioritera sårbarheter baserat på des miljömetrik. Utöver detta ska vi även undersöka huruvida man kan automatiskt uppskatta en enhets roll och kritikalitet för att bättre reflektera sårbarhetens allvarlighetsgrad. Metod. Den föreslagna metoden använder sig av sammanhangs information som tillhandahålls av en sårbarhets scanner. Utifrån denna information kommer enhetens roll att uppskattas. Den estimerade rollen kommer då användas av metoden för att bestämma enhetens kritikalitet. Baserat på kritikaliteten och sammanhangs informationen kommer en ny allvarlighetsgrad beräknas för all sårbarheter.  Listan av sårbarheter kommer omprioriteras med hänsyn till de senast beräknade allvarlighetsgraderna. Ett experiment utförs sedan för att analysera huruvida bra den nya prioriterings metoden är och för att validera resultatet kommer det jämföras mot experters prioritering. Resultat. Den experimentella studien indikerar på att vår metod presterar lite bättre än den den allra bästa sårbarheter prioriterings metoden. Den föreslagna metoden kan uppskatta den primära rollen med en träffsäkerhet på 100% och sekundära rollen med 71.4% träffsäkerhet. Metodens uppskattning av kritikaliteten är måttlig överensstämmande med den av experternas uppskattning. Överlag korrelerar metodens prioritiseringlista bättre med experternas än vad den allra senaste prioritiserings metoden gör. Slutsats. Genom att ta hänsyn till en enhets miljömetrik vid beräkningen av sårbarhetens allvarlighetsgrad får man ett bättre resultat än om den inte skulle varit med i beräkningen. Vi ser att vår metod fungerar bättre över lag än av den allra senaste prioritiserings metoden gör. Den föreslagna metoden behöver forskas mer på för att säkert kunna säga att den är användbar.

Software vulnerability management

vulnerability prioritisation

CVSS

environmental metrics

cyber security

Hantering av sårbarhet i programvara

prioritering av sårbarheter

CVSS

Miljömetrik

cybersäkerhet

Computer Sciences

Datavetenskap (datalogi)