Seasonal Variation in the Vulnerability Discovery Process

Joh, HyunChul; Malaiya, Yashwant K.

doi:10.1109/icst.2009.9

Cited by 11 publications

(16 citation statements)

References 20 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…5.1), and, in turn, to impossibility to make a meaningful short-term forecast. To conclude, application of approach presented in [4] lead to negative results while our approach helped to resolve this problem.…”

Section: Discussionmentioning

confidence: 99%

“…This task helps to provide an indirect estimation of reliability of a given software solution. Such research work was partially performed in [4] though the authors just made a seasonal analysis of vulnerability discovery process concluding that a forecasting is intended to be their future work.…”

Section: Related Studiesmentioning

confidence: 99%

“…periods of swings followed by periods of relative calm. (4) ARCH can be generalized to make the conditional variance a function of past conditional variances in which case the model is called generalized autoregressive conditional heteroskedasticity (GARCH). GARCH (u, w) is defined in Eq.…”

Section: First Of A11 It Is Necessary To Try a Simple Autoregressive mentioning

confidence: 99%

See 2 more Smart Citations

Forecasting of Information Security Related Incidents: Amount of Spam Messages as a Case Study

Romanov

Okamoto

2010

IEICE Trans. Commun.

View full text Add to dashboard Cite

SUMMARYWith the increasing demand for services provided by Communication networks, quality and reliability of such services as well as confidentiality of data transfer are becoming ones of the highest concerns. At the same time, because of growing hacker's activities, quality of provided content and reliability of its continuous delivery strongly depend on integrity of data transmission and availability of communication infrastructure, thus on information security of a given IT landscape. But, the amount of resources allocated to provide information security (like security staff, technical countermeasures and etc.) must be reasonable from the economic point of view. This fact, in turn, leads to the need to employ a forecasting technique in order to make planning of IT budget and short-term planning of potential bottlenecks. In this paper we present an approach to make such a forecasting for a wide class of information security related incidents (ISRI) -unambiguously detectable ISRl. This approach is based on different auto regression models which are widely used in financial time series analysis but can not be directly applied to ISRI time series due to specifics related to information security. We investigate and address this specifics by proposing rules (special conditions) of collection and storage of ISRI time series, adherence to which improves forecasting in this subject field. We present an application of our approach to one type of unambiguously detectable ISRI -ill110unt of spam messages which, if not mitigated properly, could create additional load on communication infrastructure and consume significant amounts of network capacity. Finally we evaluate our approach by simulation and actual measurement. key words: jl1/ormatiol1 securiTY incidents, forecasting, planning

show abstract

Section: Discussionmentioning

confidence: 99%

Section: Related Studiesmentioning

confidence: 99%

See 1 more Smart Citation

Forecasting of Information Security Related Incidents: Amount of Spam Messages as a Case Study

Romanov

Okamoto

2010

IEICE Trans. Commun.

View full text Add to dashboard Cite

show abstract

“…In this context, Joh and Malaiya (2009) proposed a study on the seasonal variation in the process of security vulnerability discovery of software. The authors' idea was to investigate the National Vulnerability Database (NVD) between 1995 and 2007 and discover at what time of year vulnerability discovery rates were higher, detecting possible causes.…”

Section: Introductionmentioning

confidence: 99%

An updated analysis of seasonal variations of the security vulnerability discovery process

Borges¹,

Gabriel²,

Miani³

2020

RBCA

View full text Add to dashboard Cite

Several factors may influence the security vulnerability discovery rates. The projection of these rates might help the development and the prioritization of software patches. Previous work studied the seasonal behaviors of the vulnerability discovery process for several operating systems and web related software systems. We propose a replication study of an experiment conducted more than a decade ago to understand the changes in the dynamics of the security vulnerability discovery rates. In contrast to the findings from ten years ago, the investigated systems do not exhibit a year-end peak. Besides, the higher incidence during mid-year months for Microsoft operating systems was only noticed for the most recent Windows OSes: Windows 8.1 and Windows 10. These results highlight the importance of reproducibility in scientific works. In the area of cybersecurity, in particular, it is important that models are created from studies conducted using updated data.

show abstract

“…Software attackers or crackers create malware that take advantage of security vulnerabilities, thereby compromising IT systems and leading to data loss, unauthorized access of confidential information by intruders, IT system user inaccessibility, etc. [1] Software security vulnerability is explained as a flaw within an IT system that causes the system to work irregularly and contrary to its designated purpose [7] . Malware issues could extend to causing a system to violate its designed security policy.…”

Section: Introductionmentioning

confidence: 99%

Mitigating Vulnerability Risks in Cybersecurity Using Predictive Measures

Adebiaye¹

2017

IJASRD

View full text Add to dashboard Cite

The number of vulnerability attacks and the ease with which an attack can be perpetrated have increased as the software industry and Internet use have grown. Researchers have discovered a lack of established procedures for analysis and collection of data errors generated during software development. Under such conditions, from a software developer's perspective, the probability of releasing secured products may not be feasible, as vulnerabilities are likely to be discovered. Given the fact that there is no guaranteed vulnerability risk free software currently in existence, it is critical to understand vulnerability risks prediction and prevention measures. This study examines vulnerability risks using statistical predictive design measures based on software characteristics. The study tests the severity, frequency and diversity of vulnerability risks. Using a survey methodology to collect data from IT practitioners. The study showed cogent insights and provided clear perspectives of vulnerability risks and how software characteristics can be used as predictive measures to identify security holes. The study will ultimately help IT and Information Security experts to understand frequency and severity of vulnerability risks and proffer solutions during software development.

show abstract

Seasonal Variation in the Vulnerability Discovery Process

Cited by 11 publications

References 20 publications

Forecasting of Information Security Related Incidents: Amount of Spam Messages as a Case Study

Forecasting of Information Security Related Incidents: Amount of Spam Messages as a Case Study

An updated analysis of seasonal variations of the security vulnerability discovery process

Mitigating Vulnerability Risks in Cybersecurity Using Predictive Measures

Contact Info

Product

Resources

About