Procedures to identify the probabilities for different states in a vulnerability life cycle are described. The probabilities are used to develop a number of statistical models to evaluate the risk factor of a particular vulnerability at time âtâ. A transition probability matrix of all states of a particular vulnerability as a function of time is also described. A Markov chain process can be iterated to reach a steady state of the transition probability matrix, with the initial probabilities reaching the absorbing states, including exploited and patched states. A risk factor is also introduced for use as an index of the risk of a vulnerability being exploited. Finally, statistical models that can calculate the risk factor more conveniently without going through the Markovian process are described.
Rajasooriya, Sasith Maduranga; Tsokos, Chris Peter; and Hitigala Kaluarachchilage, Pubudu Kalpani K, "Non-linear stochastic models for predicting exploitability" (2020). USF Patents. 1195.
University of South Florida