A carregar...
Publicação
Measuring the risk of vulnerabilities exploitation
| Nome: | Descrição: | Tamanho: | Formato: | |
|---|---|---|---|---|
| 2.22 MB | Adobe PDF |
Orientador(es)
Resumo(s)
Modeling the vulnerabilities lifecycle and exploitation frequency are at the core of security
of networks evaluation. Pareto, Weibull, and log-normal models have been widely used to model the exploit and patch availability dates, the time to compromise a system, the time between compromises, and the exploitation volumes. Random samples (systematic and simple random sampling) of the time from publication to update of cybervulnerabilities disclosed in 2021 and in 2022 are analyzed to evaluate the goodness-of-fit of the traditional Pareto and log-normal laws. As censoring and thinning almost surely occur, other heavy-tailed distributions in the domain of attraction of extreme value or geo-extreme value laws are investigated as suitable alternatives. Goodness-of-fit tests, the Akaike information criterion (AIC), and the Vuong test, support the statistical choice of log-logistic, a geomax stable law in the domain of attraction of the Fréchet model of maxima, with hyperexponential
and general extreme value fittings as runners-up. Evidence that the data come from a mixture of differently stretched populations affects vulnerabilities scoring systems, specifically the common vulnerabilities scoring system (CVSS).
Descrição
Palavras-chave
Cybervulnerabilities CVSS Metrics Vulnerabilities Lifecycle Risk Management
Contexto Educativo
Citação
Brilhante, M.F., Pestana, D., Pestana, P.D. & Rocha, M.L. (2024). Measuring the Risk of Vulnerabilities Exploitation. AppliedMath, 4(1), 2.
Editora
MDPI