Browsing by Author "Pestana, Dinis"
Now showing 1 - 4 of 4
Results Per Page
Sort Options
- Generalized beta models and population growth: so many routes to chaosPublication . Brilhante, Maria de Fátima; Gomes, Maria Ivette; Mendonça, Sandra; Pestana, Dinis; Pestana, Pedro DuarteLogistic and Gompertz growth equations are the usual choice to model sustainable growth and immoderate growth causing depletion of resources, respectively. Observing that the logistic distribution is geo-max-stable and the Gompertz function is proportional to the Gumbel max-stable distribution, we investigate other models proportional to either geo-max-stable distributions (log- logistic and backward log-logistic) or to other max-stable distributions (Fréchet or max-Weibull). We show that the former arise when in the hyper-logistic Blumberg equation, connected to the Beta (p, q) function, we use fractional exponents p − 1 = 1 ∓ 1/α and q − 1 = 1 ± 1/α, and the latter when in the hyper-Gompertz-Turner equation, the exponents of the logarithmic factor are real and eventually fractional. The use of a BetaBoop function establishes interesting connections to Probability Theory, Riemann–Liouville’s fractional integrals, higher-order monotonicity and convexity and generalized unimodality, and the logistic map paradigm inspires the investigation of the dynamics of the hyper- logistic and hyper-Gompertz maps.
- Measuring the risk of vulnerabilities exploitationPublication . Brilhante, Maria de Fátima; Pestana, Dinis; Pestana, Pedro Duarte; Rocha, Maria LuísaModeling the vulnerabilities lifecycle and exploitation frequency are at the core of security of networks evaluation. Pareto, Weibull, and log-normal models have been widely used to model the exploit and patch availability dates, the time to compromise a system, the time between compromises, and the exploitation volumes. Random samples (systematic and simple random sampling) of the time from publication to update of cybervulnerabilities disclosed in 2021 and in 2022 are analyzed to evaluate the goodness-of-fit of the traditional Pareto and log-normal laws. As censoring and thinning almost surely occur, other heavy-tailed distributions in the domain of attraction of extreme value or geo-extreme value laws are investigated as suitable alternatives. Goodness-of-fit tests, the Akaike information criterion (AIC), and the Vuong test, support the statistical choice of log-logistic, a geomax stable law in the domain of attraction of the Fréchet model of maxima, with hyperexponential and general extreme value fittings as runners-up. Evidence that the data come from a mixture of differently stretched populations affects vulnerabilities scoring systems, specifically the common vulnerabilities scoring system (CVSS).
- Metrologia e a transição digital: medição da severidade de vulnerabilidades e risco de exploraçãoPublication . Brilhante, Maria de Fátima; Pestana, Dinis; Pestana, Pedro Duarte; Rocha, Maria Luísa; Sequeira, FernandoA transição digital torna desejável normalizar a medição do risco associado às vulnerabilidades, fundamental para a priorização das necessidades de remediação ou mitigação, seja patch ou workaround, e é um desafio para a evolução da Metrologia no que se refere a meios auxiliares de medições virtuais. Torna também desejável aperfeiçoar as métricas usadas e sua utilização, nomeadamente no que se re- fere a reavaliação, se possível automática, da remediação do risco ao longo do tempo após descoberta e divulgação da vulnerabilidade. O CVSS — Common Vulnerability Scoring System usa métricas base, métricas temporais e métricas ambientais para calcular scores com o objetivo de priorizar as necessidades de correção das vulnerabilidades. Porém é estático, as métricas temporais, facultativas e pouco usadas, não estão preparadas para lhe conferir potencialidades dinâmicas, que são o ponto forte do EPSS — Exploit Prediction Scoring System, que surgiu em 2021. Fazemos uma avaliação crítica da evolução da versão 2 para a versão 3.1 do CVSS e de propostas de alteração das suas métricas temporais no desiderato de tornar o sistema dinâmico. O enquadramento de variáveis do ciclo de vida de vulnerabilidades na teoria dos valores extremos, eventualmente sujeitos a filtragem geométrica, sugere modelações alternativas (Geral de Valores Extremos, Pareto Generalizada, Log-logística) ao tradicional ajustamento com Pareto ou com Lognormal na procura de metodologias racionais de alteração do cálculo de modificações da pontuação do CVSS. Por outro lado abordamos a possibilidade de usar aprendizagem de máquina para reavaliação simples da medição da severidade ao longo do tempo
- Population growth and geometrically-thinned extreme value theoryPublication . Brilhante, Maria de Fátima; Gomes, Maria Ivette; Mendonça, Sandra; Pestana, Dinis; Pestana, Pedro Duarte; Henriques-Rodrigues, L.; Menezes, R.; Machado, L.M.; Faria, S.; de Carvalho, M.Starting from the simple Beta(2,2) model, connected to the Verhulst logistic parabola, several extensions are discussed, and connections to extremal models are revealed. Aside from the classical general extreme value model, extreme value models in randomly stopped extremes schemes are also discussed. Logistic and Gompertz growth equations are the usual choice to model sustainable growth. Therefore, observing that the logistic distribution is (geo)max-stable and the Gompertz function is proportional to the Gumbel max-stable distribution, other growth models, related to classical and to geometrically thinned extreme value theory are investigated.