Graduation Year

2019

Document Type

Dissertation

Degree

Ph.D.

Degree Name

Doctor of Philosophy (Ph.D.)

Degree Granting Department

Mathematics and Statistics

Major Professor

Chris P. Tsokos, Ph.D.

Committee Member

Kandethody M. Ramachandran, Ph.D.

Committee Member

Lu Lu, Ph.D.

Committee Member

Yuncheng You, Ph.D.

Keywords

Software Vulnerability, Differential Equation, Operating System, ARIMA, SHEER

Abstract

Being in the era of information technology, importance and applicability of analytical statistical model an interdisciplinary setting in the modern statistics have increased significantly. Conceptually understanding the vulnerabilities in statistical perspective helps to develop the set of modern statistical models and bridges the gap between cybersecurity and abstract statistical /mathematical knowledge. In this dissertation, our primary goal is to develop series of the strong statistical model in software vulnerability in conjunction with Common Vulnerability Scoring System (CVSS) framework. In nutshell, the overall research lies at the intersection of statistical modeling, cybersecurity, and data mining. Furthermore, we generalize the model of software vulnerability to health science particularly in the stomach cancer data.

In the context of cybersecurity, we have applied the well-known Markovian process in the combination of CVSS framework to determine the overall network security risk. The developed model can be used to identify critical nodes in the host access graph where attackers may be most likely to focus. Based on that information, a network administrator can make appropriate, prioritized decisions for system patching. Further, a flexible risk ranking technique is described, where the decisions made by an attacker can be adjusted using a bias factor. The model can be generalized for use with complicated network environments.

We have further proposed a vulnerability analytic prediction model based on linear and non-linear approaches via time series analysis. Using currently available data from National Vulnerability Database (NVD) this study develops and present sets of predictive model by utilizing Auto Regressive Moving Average (ARIMA), Artificial Neural Network (ANN), and Support Vector Machine (SVM) settings. The best model which provides the minimum error rate is selected for prediction of future vulnerabilities.

In addition, we purpose a new philosophy of software vulnerability life cycle. It says that vulnerability saturation is a local phenomenon, and it possesses an increasing cyclic behavior within the software vulnerability life cycle. Based on the new philosophy of software vulnerability life cycle, we purpose new effective differential equation model to predict future software vulnerabilities by utilizing the vulnerability dataset of three major OS: Windows 7, Linux Kernel, and Mac OS X. The proposed analytical model is compared with existing models in terms of fitting and prediction accuracy.

Finally, the predictive model not only applicable to predict future vulnerability but it can be used in the various domain such as engineering, finance, business, health science, and among others. For instance, we extended the idea on health science; to predict the malignant tumor size of stomach cancer as a function of age based on the given historical data from Surveillance Epidemiology and End Results (SEER).

Share

COinS