Save 10% on All IGI Global Research Books
& OnDemand Individual Chapter & Article DownloadsAvailable exclusively on IGI Global’s Online Bookstore. Offer valid through October 31, 2024

Special Offers
- Save 10% on the IGI Global Online bookstore
  Now through October 31, 2024, save 10% on all IGI Global research books & OnDemand individual chapter & article downloads. IGI Global contributors may stack this discount with their exclusive 50% contributor discount, which is automatically applied when logged into a contributor portal account. Non-contributors may also combine the discount with one other discount, including coupon codes. Not valid on open access processing charges, e-collections, or videos. Discount is not applicable for distributors.
  Explore Books & Chapters
- IGI Global’s New Emerging Topic e-Book Collections
  Acquire highly focused and affordable Cutting-Edge Peer-Reviewed Research Content through a selection of 17 topic-focused e-Book Collections discounted up to 90%, compared to list prices. Collection topics include Artificial Intelligence, Data Science, Language Learning, Marketing and Customer Relations, Sustainability, and many more. Hosted on the InfoSci^® platform, these collections feature no DRM, no additional cost for multi-user licensing, no embargo of content, full-text PDF & HTML format, and more.
  Learn More
- Open Access Book (Free Access) - Encyclopedia of Information Science and Technology, Sixth Edition (ISBN: 9781668473665)
  The Encyclopedia of Information Science and Technology, Sixth Edition) continues the legacy set forth by the first five editions by providing comprehensive coverage and up-to-date definitions of the most important issues, concepts, and trends pertaining to technological advancements and information management within a variety of settings and industries. The entire book is being published under open access.
  Read Now
- Open Access Book (Free Access) - Food Sustainability, Environmental Awareness, and Adaptation and Mitigation Strategies for Developing Countries (ISBN: 9781668456293)
  Food Sustainability, Environmental Awareness, and Adaptation and Mitigation Strategies for Developing Countries provides information on the recent technology, mitigation, and environmental protection that must be applied for food sustainability in developing countries. This book is being published under Platinum Open Access through funding from Diponegoro University, Indonesia.
  Read Now
- Open Access Book (Free Access) - New Models of Higher Education: Unbundled, Rebundled, Customized, and DIY (ISBN: 9781668438091)
  The Walmart Corporation and the Lumina Foundation have provided funding to make New Models of Higher Education: Unbundled, Rebundled, Customized, and DIY fully open access, completely removing any paywall between scholars in education and the latest research on new models for the future of higher education.
  Read Now
- Open Access Book (Free Access) - Handbook of Research on the Global View of Open Access and Scholarly Communications (ISBN: 9781799898054)
  Through a collaboration between IGI Global and the University of North Texas, the Handbook of Research on the Global View of Open Access and Scholarly Communications has been published as fully open access, completely removing any paywall between researchers of any field, and the latest research on the equitable and inclusive nature of Open Access and all of its complications.
  Read Now
Books
- - Books by Subject
  - Business, Administration, & Management
  - Scientific, Technical, & Medical (STM)
  - Education & Social Sciences
  - Books by Field
Journals
- - Journals
  - OnDemand Journal Articles
  - Journals by Subject
  - Business, Administration, & Management
  - Scientific, Technical, & Medical (STM)
  - Education & Social Sciences
  - Journals by Field
e-Collections
OnDemand
Open Access
- View All Open Access Opportunities
  Search across all of IGI Global’s available open access publishing opportunities to unleash your research potential.
  Find an Open Access Journal for Your Next Manuscript
  Search across all of IGI Global’s available open access publishing opportunities to unleash your research potential.
  Submit an Open Access Book Proposal
  Learn more about open access book publishing and how it can propel your research forward in the field.
  Convert Your Work to Open Access
  Already published? You can convert your work to open access to increase its impact through IGI Global’s Restrospective Open Access Program.
  Utilize Open Access Collection Database
  Open up your research potential by utilizing our open access content or integrating the open access collection into your library
  Consider Open Access Agreements
  For Libraries: consider no-cost or investment-level open access agreements with IGI Global to support your faculty's research endeavors.
  Search Funding Resources
  Looking for additional funding resources to support your open accesss endeavors? View industry resources compiled by our open access team.
  Review Open Access Policies & Ethical Guidelines
  Considering IGI Global to publish your work under open access? Review IGI Global’s open access policies and ethical guidelines
Publish with Us
Resources
- - Instructors
  - Course Adoption
  - Teaching Cases
  - K-12 Online Learning Collection
  - Authors and Editors
  - eEditorial Discovery^® System
  - Peer Review Process
  - Ethics and Malpractice
  - COPE Membership
  - Fair Use Policy
  - Open Access Publishing
  - FAQ
Catalogs
About Us

Forecasting Software Vulnerabilities Using Time-Series Techniques

Baidyanath Biswas

Source Title: Machine Learning Techniques for Improved Business Analytics

DOI: 10.4018/978-1-5225-3534-8.ch007

OnDemand:

(Individual Chapters)

Available

$33.75

List Price: $37.50

Current Special Offers

10% Discount:-$3.75

TOTAL SAVINGS: $3.75

Abstract

This chapter discusses the concepts of time-series applications and forecasting in the context of information systems security. The primary objective in such formulation is the training of the models followed by efficient prediction. Although economic and financial forecasting problems extensively use time-series, predicting software vulnerabilities is a novel idea. The chapter also provides appropriate guidelines for the implementation and adaptation of univariate time-series for information security. To achieve this, the authors focus on the following techniques: autoregressive (AR), moving average (MA), autoregressive integrated moving average (ARIMA), and exponential smoothing. The analysis considers a unique data set consisting of the publicly exposed software vulnerabilities, available from the U.S. Dept. of Homeland Security. The problem is presented first, followed by a general framework to identify the problem, estimate the best-fit parameters of that model, and conclude with an illustrative example from the above dataset to familiarize readers with the business problem.

Chapter Preview

Top

1. Learning Objectives

•
This chapter will guide the readers to learn four advanced forecasting techniques – Autoregressive (AR), Moving Average (MA), Autoregressive Integrated Moving Average (ARIMA), and Exponential Smoothing.
•
The academic context of this study is set in the background of cybersecurity and software vulnerability disclosures. It makes the chapter a unique topic for researchers.
•
The chapter will aid students to solve forecasting problems dealing with various Information Security issues – virus attacks, malware, and data breaches.
•
Throughout the chapter, we extensively use R to model the forecasting problems for our analysis. R is a freeware, open-source language and commonly used to analyze statistical research problems.
•
In a real business scenario, the organization needs to minimize the IT risk of future software breaches and exploits. A proactive way of doing this involves the selection and use of software with common functionality but lowest vulnerability count among a set of available players in the market. Time-series forecasting methods proposed in this chapter will help academicians as well as top management in organizations to achieve this goal.

Top

2. Introduction And Motivation

Security vulnerabilities are weaknesses that are resident in each software through which attackers can intrude into the IT systems and cause severe damage to the users. Often hackers exploit publicly disclosed vulnerabilities by targeting information systems, which lead to severe financial losses in those organizations (Telang & Wattal, 2007). The Common Vulnerabilities and Exposures (CVE) Project jointly with the US National Vulnerability Database (NVD) acts as a ready repository for publicly reported software vulnerabilities. While there were only 900 publicly reported vulnerabilities till 1999, a drastic increase in their disclosure each year has led to more than 82,000 CVEs reported in the NVD till date¹. The year 2017 is witnessing a massive rise in the number of vulnerability exploits with maximum exposure count of more than 5400 till May, compared to 6400 for the entire year of 2015 and 2016. Figure 1 reports the approximate annual number of security vulnerabilities till date.

Figure 1.

Disclosed vulnerabilities by year: 1999-2017

2.1 What Is the Impact of Vulnerability Disclosure to Organizations?

Apart from regular application software and OS customers, recent attackers are targeting users on contemporary technology platforms such as cloud, mobile OS, and Internet-of-Things (I-o-T). The number of public Android OS vulnerabilities has increased from 89 in 2015 to 316 in 2016². The series of distributed denial-of-service (DDoS) attacks by Mirai botnet in October 2016 were executed through hacking CCTV cameras and I-o-T devices³. Attackers have also targeted Amazon Cloud and exploited vulnerabilities in Elastic Search through Backdoor.Linux.Mayday.g.⁴ These incidents confirm that top OS vendors and application software firms are the most affected through vulnerability exploits⁵. Hence, accurate prediction of public vulnerability exposures is of utmost importance to their businesses. Organizational initiatives such as the HP Tipping Point Zero Day (ZDI)⁶ promote responsible reporting of vulnerabilities. Further, existing studies endorse that publicly disclosed vulnerabilities are responsible for increased software attacks (Arora et al., 2006; Arora et al., 2008). Patching policies of firms can change with their severity, nature of software platform, and the market announcement of leaks (Arora et al., 2010). Software popularity also impacts the overall adoption among both white and black users, thereby increasing the susceptibility (Alhazmi et al., 2007; Ruohonen et al., 2015). Herein lies the importance of vulnerability estimation techniques and accurate forecasting.

Complete Chapter List

Search this Book:

Reset

MLA

APA

Chicago

Export Reference