Markov Model of Cyber Attack Life Cycle Triggered by Software Vulnerability

Romuald Hoffmann


Software vulnerability life cycles illustrate changes in detection processes of software vulnerabilities during using computer systems. Unfortunately, the detection can be made by cyber-adversaries and a discovered software vulnerability may be consequently exploited for their own purpose. The vulnerability may be exploited by cyber-criminals at any time while it is not patched. Cyber-attacks on organizations by exploring vulnerabilities are usually conducted through the processes divided into many stages. These cyber-attack processes in literature are called cyber-attack live cycles or cyber kill chains. The both type of cycles have their research reflection in literature but so far, they have been separately considered and modeled. This work addresses this deficiency by proposing a Markov model which combine a cyber-attack life cycle with an idea of software vulnerability life cycles. For modeling is applied homogeneous continuous time Markov chain theory.

Full Text:



K. G. J. Coleman, “Aggression in Cyberspace,” in Conflict and Cooperation in the Global Commons: A Comprehensive Approach for International Security, S. Jasper, Ed. Washington, DC: Georgetown University Press, 2012, pp. 105-119.

E. M. Hutchins, M. J. Cloppert, and R.M. Amin: “Intelligence-driven computer network defense informed by analysis of adversary campaigns and intrusion kill chains,” in Leading Issues in Information Warfare and Security Research, vol. 1, J. Ryan, Ed. Reading, UK: Academic Publishing International Ltd, 2011, pp.78-104.

M. S. Khan, S. Siddiqui, and K. Ferens, “A Cognitive and Concurrent Cyber Kill Chain Model,” in Computer and Network Security Essentials, K. Daimi, Ed. Cham, Switzerland: Springer, 2018, pp. 585-602.

J. M. Spring, E. Hatleback, “Thinking about intrusion kill chains as mechanisms,” Journal of Cybersecurity, vol. 3 (3), pp. 185-197, Nov. 2017. DOI: 10.1093/cybsec/tyw012

A. Hahn, R.K. Thomas, I. Lozano, and A. Cardenas, “A multi-layered and kill-chain based security analysis framework for cyber-physical systems,” International Journal of Critical Infrastructure Protection, vol. 11, pp. 39-50, Dec. 2015.

R. Hoffmann, “The general cyber-attack life cycle and its continuous-time Markov chain model,” Ekonomiczne Problemy Usług, vol. 2/2018 (131), t.1, pp. 121-130, 2018. DOI: 10.18276/epu.2018.131/1-12

R. Hoffmann, “Markov Models of Cyber Kill Chains with Iterations,” in 2019 International Conference on Military Communications and Information Systems (ICMCIS), Budva, Montenegro, IEEE, 2019. DOI: 10.1109/ICMCIS.2019.8842810

R. Hoffmann, „The Markov models of cyber-attack life cycles,” Roczniki Kolegium Analiz Ekonomicznych SGH, vol. 54, pp. 303–317, 2019.

W. A. Arbaugh, W. L. Fithen and J. McHugh, "Windows of vulnerability: a case study analysis," Computer, vol. 33, no. 12, pp. 52-59, Dec. 2000.

E. Rescorla, "Is finding security holes a good idea?," in IEEE Security & Privacy, vol. 3, no. 1, pp. 14-19, Jan.-Feb. 2005.

S. Frei, “Security econometrics – the dynamics of (in)security. Dissertation 18197,” Zurich: ETH Zurich 2009.

S. Frei, D. Schatzmann, B. Plattner and B. Trammell, “Modeling the Security Ecosystem - The Dynamics of (In)Security,” in Economics of Information Security and Privacy, T. Moore, D. Pym, C. Ioannidis, Ed. Boston: Springer 2010, pp.79-106.

H. Joh, Y.K. Malaiya, “A Framework for Software Security Risk Evaluation using the Vulnerability Lifecycle and CVSS Metrics,” in: Proceedings of the 2010 International Workshop on Risk and Trust in Extended Enterprises (RTEE’2010), USA, San Jose 2010, pp. 430–434.

H. Joh, Y.K. Malaiya, “Defining and Assessing Quantitative Security Risk Measures Using Vulnerability Lifecycle and CVSS Metrics,” in Proceedings of the 2011 International Conference on Security and Management (SAM'11), vol. 1, USA, Las Vegas 2011, pp.10–16.

H. Okamura, M. Tokuzane and T. Dohi, “Security Evaluation for Software System with Vulnerability Life Cycle and User Profiles,” in Proceedings of 2012 Workshop on Dependable Transportation Systems/Recent Advances in Software Dependability (WDTS-RASD 2012), Japan, Niigata 2012, pp. 39–44.

S.M. Rajasooriya, Ch.P. Tsokos and P.K. Kaluarachchi, “Stochastic Modelling of Vulnerability Life Cycle and Security Risk Evaluation,” Journal of Information Security, vol. 7 (4), pp. 269–279, July 2016.

T. Nakagawa, “Stochastic Processes with Applications to Reliability Theory,” Springer, London 2011.

W. Keller, M. Modarres, “A historical overview of probabilistic risk assessment development and its use in the nuclear power industry: A tribute to the late Professor Norman Carl Rasmussen,” Reliability Engineering & System Safety, vol. 89 (3), pp. 271–285, Sep. 2005.

S. Kaplan, B. J. Garrick, “On the quantitative definition of risk,” Risk Analysis, vol. 1(1), pp. 11–27, Mar. 1981.

ENISA, “ENISA Threat Landscape Report 2018,” Jan. 2019 (2019), last accessed 2019/11/02.

McAfee, “McAfee Labs Threats Report. August 2019,”, last accessed 2019/11/01., last accessed 2020/03/02., last accessed 2020/03/02.


  • There are currently no refbacks.

International Journal of Electronics and Telecommunications
is a periodical of Electronics and Telecommunications Committee
of Polish Academy of Sciences

eISSN: 2300-1933