Markov Model of Cyber Attack Life Cycle Triggered by Software Vulnerability
Abstract
Software vulnerability life cycles illustrate changes in detection processes of software vulnerabilities during using computer systems. Unfortunately, the detection can be made by cyber-adversaries and a discovered software vulnerability may be consequently exploited for their own purpose. The vulnerability may be exploited by cyber-criminals at any time while it is not patched. Cyber-attacks on organizations by exploring vulnerabilities are usually conducted through the processes divided into many stages. These cyber-attack processes in literature are called cyber-attack live cycles or cyber kill chains. The both type of cycles have their research reflection in literature but so far, they have been separately considered and modeled. This work addresses this deficiency by proposing a Markov model which combine a cyber-attack life cycle with an idea of software vulnerability life cycles. For modeling is applied homogeneous continuous time Markov chain theory.
References
K. G. J. Coleman, “Aggression in Cyberspace,” in Conflict and Cooperation in the Global Commons: A Comprehensive Approach for International Security, S. Jasper, Ed. Washington, DC: Georgetown University Press, 2012, pp. 105-119.
E. M. Hutchins, M. J. Cloppert, and R.M. Amin: “Intelligence-driven computer network defense informed by analysis of adversary campaigns and intrusion kill chains,” in Leading Issues in Information Warfare and Security Research, vol. 1, J. Ryan, Ed. Reading, UK: Academic Publishing International Ltd, 2011, pp.78-104.
M. S. Khan, S. Siddiqui, and K. Ferens, “A Cognitive and Concurrent Cyber Kill Chain Model,” in Computer and Network Security Essentials, K. Daimi, Ed. Cham, Switzerland: Springer, 2018, pp. 585-602.
J. M. Spring, E. Hatleback, “Thinking about intrusion kill chains as mechanisms,” Journal of Cybersecurity, vol. 3 (3), pp. 185-197, Nov. 2017. DOI: 10.1093/cybsec/tyw012
A. Hahn, R.K. Thomas, I. Lozano, and A. Cardenas, “A multi-layered and kill-chain based security analysis framework for cyber-physical systems,” International Journal of Critical Infrastructure Protection, vol. 11, pp. 39-50, Dec. 2015.
R. Hoffmann, “The general cyber-attack life cycle and its continuous-time Markov chain model,” Ekonomiczne Problemy Usług, vol. 2/2018 (131), t.1, pp. 121-130, 2018. DOI: 10.18276/epu.2018.131/1-12
R. Hoffmann, “Markov Models of Cyber Kill Chains with Iterations,” in 2019 International Conference on Military Communications and Information Systems (ICMCIS), Budva, Montenegro, IEEE, 2019. DOI: 10.1109/ICMCIS.2019.8842810
R. Hoffmann, „The Markov models of cyber-attack life cycles,” Roczniki Kolegium Analiz Ekonomicznych SGH, vol. 54, pp. 303–317, 2019.
W. A. Arbaugh, W. L. Fithen and J. McHugh, "Windows of vulnerability: a case study analysis," Computer, vol. 33, no. 12, pp. 52-59, Dec. 2000.
E. Rescorla, "Is finding security holes a good idea?," in IEEE Security & Privacy, vol. 3, no. 1, pp. 14-19, Jan.-Feb. 2005.
S. Frei, “Security econometrics – the dynamics of (in)security. Dissertation 18197,” Zurich: ETH Zurich 2009.
S. Frei, D. Schatzmann, B. Plattner and B. Trammell, “Modeling the Security Ecosystem - The Dynamics of (In)Security,” in Economics of Information Security and Privacy, T. Moore, D. Pym, C. Ioannidis, Ed. Boston: Springer 2010, pp.79-106.
H. Joh, Y.K. Malaiya, “A Framework for Software Security Risk Evaluation using the Vulnerability Lifecycle and CVSS Metrics,” in: Proceedings of the 2010 International Workshop on Risk and Trust in Extended Enterprises (RTEE’2010), USA, San Jose 2010, pp. 430–434.
H. Joh, Y.K. Malaiya, “Defining and Assessing Quantitative Security Risk Measures Using Vulnerability Lifecycle and CVSS Metrics,” in Proceedings of the 2011 International Conference on Security and Management (SAM'11), vol. 1, USA, Las Vegas 2011, pp.10–16.
H. Okamura, M. Tokuzane and T. Dohi, “Security Evaluation for Software System with Vulnerability Life Cycle and User Profiles,” in Proceedings of 2012 Workshop on Dependable Transportation Systems/Recent Advances in Software Dependability (WDTS-RASD 2012), Japan, Niigata 2012, pp. 39–44.
S.M. Rajasooriya, Ch.P. Tsokos and P.K. Kaluarachchi, “Stochastic Modelling of Vulnerability Life Cycle and Security Risk Evaluation,” Journal of Information Security, vol. 7 (4), pp. 269–279, July 2016.
T. Nakagawa, “Stochastic Processes with Applications to Reliability Theory,” Springer, London 2011.
W. Keller, M. Modarres, “A historical overview of probabilistic risk assessment development and its use in the nuclear power industry: A tribute to the late Professor Norman Carl Rasmussen,” Reliability Engineering & System Safety, vol. 89 (3), pp. 271–285, Sep. 2005.
S. Kaplan, B. J. Garrick, “On the quantitative definition of risk,” Risk Analysis, vol. 1(1), pp. 11–27, Mar. 1981.
ENISA, “ENISA Threat Landscape Report 2018,” Jan. 2019 https://www.enisa.europa.eu/publications/enisa-threat-landscape-report-2018 (2019), last accessed 2019/11/02.
McAfee, “McAfee Labs Threats Report. August 2019,” https://www.mcafee.com/enterprise/en-us/assets/reports/rp-quarterly-threats-aug-2019.pdf, last accessed 2019/11/01.
https://www.fireeye.com/cyber-map/threat-map.html, last accessed 2020/03/02.
https://threatmap.checkpoint.com, last accessed 2020/03/02.
Downloads
Published
Issue
Section
License
Copyright (c) 2021 International Journal of Electronics and Telecommunications
This work is licensed under a Creative Commons Attribution-NonCommercial 4.0 International License.
1. License
The non-commercial use of the article will be governed by the Creative Commons Attribution license as currently displayed on https://creativecommons.org/licenses/by/4.0/.
2. Author’s Warranties
The author warrants that the article is original, written by stated author/s, has not been published before, contains no unlawful statements, does not infringe the rights of others, is subject to copyright that is vested exclusively in the author and free of any third party rights, and that any necessary written permissions to quote from other sources have been obtained by the author/s. The undersigned also warrants that the manuscript (or its essential substance) has not been published other than as an abstract or doctorate thesis and has not been submitted for consideration elsewhere, for print, electronic or digital publication.
3. User Rights
Under the Creative Commons Attribution license, the author(s) and users are free to share (copy, distribute and transmit the contribution) under the following conditions: 1. they must attribute the contribution in the manner specified by the author or licensor, 2. they may alter, transform, or build upon this work, 3. they may use this contribution for commercial purposes.
4. Rights of Authors
Authors retain the following rights:
- copyright, and other proprietary rights relating to the article, such as patent rights,
- the right to use the substance of the article in own future works, including lectures and books,
- the right to reproduce the article for own purposes, provided the copies are not offered for sale,
- the right to self-archive the article
- the right to supervision over the integrity of the content of the work and its fair use.
5. Co-Authorship
If the article was prepared jointly with other authors, the signatory of this form warrants that he/she has been authorized by all co-authors to sign this agreement on their behalf, and agrees to inform his/her co-authors of the terms of this agreement.
6. Termination
This agreement can be terminated by the author or the Journal Owner upon two months’ notice where the other party has materially breached this agreement and failed to remedy such breach within a month of being given the terminating party’s notice requesting such breach to be remedied. No breach or violation of this agreement will cause this agreement or any license granted in it to terminate automatically or affect the definition of the Journal Owner. The author and the Journal Owner may agree to terminate this agreement at any time. This agreement or any license granted in it cannot be terminated otherwise than in accordance with this section 6. This License shall remain in effect throughout the term of copyright in the Work and may not be revoked without the express written consent of both parties.
7. Royalties
This agreement entitles the author to no royalties or other fees. To such extent as legally permissible, the author waives his or her right to collect royalties relative to the article in respect of any use of the article by the Journal Owner or its sublicensee.
8. Miscellaneous
The Journal Owner will publish the article (or have it published) in the Journal if the article’s editorial process is successfully completed and the Journal Owner or its sublicensee has become obligated to have the article published. Where such obligation depends on the payment of a fee, it shall not be deemed to exist until such time as that fee is paid. The Journal Owner may conform the article to a style of punctuation, spelling, capitalization and usage that it deems appropriate. The Journal Owner will be allowed to sublicense the rights that are licensed to it under this agreement. This agreement will be governed by the laws of Poland.
By signing this License, Author(s) warrant(s) that they have the full power to enter into this agreement. This License shall remain in effect throughout the term of copyright in the Work and may not be revoked without the express written consent of both parties.