A statistical model for predicting an expected path length (âEPLâ) of the steps of an attacker is described. The model is based on utilizing vulnerability information along with an attack graph. Using the model, it is possible to identify the interaction among vulnerabilities and individual variables or risk factors that drive the EPL. Gaining a better understanding of the relationship between the vulnerabilities and their interactions can provide security administrators with a better view and understanding of their security status. In addition, a number of different attributable variables and their contribution in estimating the EPL can be ranked. Thus, it is possible to utilize the ranking process to take precautions and actions to minimize the EPL.
Rajasooriya, Sasith Maduranga; Tsokos, Chris Peter; and Hitigala Kaluarachchilage, Pubudu Kalpani K., "Statistical predictive model for expected path length" (2020). USF Patents. 1166.
University of South Florida