Graduation Year

2017

Document Type

Dissertation

Degree

Ph.D.

Degree Name

Doctor of Philosophy (Ph.D.)

Degree Granting Department

Mathematics and Statistics

Major Professor

Chris P. Tsokos, Ph.D.

Committee Member

Kandethody Ramachandran, Ph.D.

Committee Member

Dan Shen, Ph.D.

Committee Member

Lu Lu, Ph.D.

Keywords

Cyber Security, Markov Model, Vulnerability, Risk Rank

Abstract

Development of Cybersecurity processes and strategies should take two main approaches. One is to develop an efficient and effective set of methodologies to identify software vulnerabilities and patch them before being exploited. Second is to develop a set of methodologies to predict the behavior of attackers and execute defending techniques based on attacking behavior. Managing of Vulnerabilities and analyzing them is directly related to the first approach. Developing of methodologies and models to predict the behavior of attackers is related to the second approach. Both these approaches are inseparably interconnected. Our effort in this study mainly focuses on developing useful statistical models that can give us signals about the behavior of cyber attackers.

Analytically understanding of vulnerabilities in statistical point of view helps to develop a set of statistical models that works as a bridge between Cybersecurity and Abstract Statistical and Mathematical knowledge. Any such effort should begin with properly understanding the nature of Vulnerabilities in a computer network system. We start this study with analyzing "Vulnerability" based on inferences that can be taken from National Vulnerability Database (NVD). In Cybersecurity context, we apply Markov approach to develop suitable predictive models to successfully estimate the minimum number of steps to compromise a security goal that an attacker would take using the concept of Expected Path Length (EPL).

We have further developed Non-Homogeneous Stochastic model by improving EPL estimates in to a time dependent variable. This approach analytically applied in a simple model of computer network with discovered vulnerabilities resulted in several useful observations exemplifying the applicability in real world computer systems. The methodology indicated a measure of the "Risk" associated with the model network as a function of time indicating defending professionals on the threats they are facing and should anticipate to face.

Furthermore, using a similar approach taken in well-known Google page rank algorithm, a new ranking algorithm of vulnerability ranks with respect to time for computer network system is also presented in this study.

With better IT resources analytical models and methodologies presented in this study can be developed into more generalized versions and apply in real world computer network environments.

Share

COinS