Forecasting Software Vulnerabilities Using Time-Series Techniques

Forecasting Software Vulnerabilities Using Time-Series Techniques

Baidyanath Biswas (IIM Lucknow, India)
Copyright: © 2019 |Pages: 41
DOI: 10.4018/978-1-5225-3534-8.ch007


This chapter discusses the concepts of time-series applications and forecasting in the context of information systems security. The primary objective in such formulation is the training of the models followed by efficient prediction. Although economic and financial forecasting problems extensively use time-series, predicting software vulnerabilities is a novel idea. The chapter also provides appropriate guidelines for the implementation and adaptation of univariate time-series for information security. To achieve this, the authors focus on the following techniques: autoregressive (AR), moving average (MA), autoregressive integrated moving average (ARIMA), and exponential smoothing. The analysis considers a unique data set consisting of the publicly exposed software vulnerabilities, available from the U.S. Dept. of Homeland Security. The problem is presented first, followed by a general framework to identify the problem, estimate the best-fit parameters of that model, and conclude with an illustrative example from the above dataset to familiarize readers with the business problem.
Chapter Preview

1. Learning Objectives

  • This chapter will guide the readers to learn four advanced forecasting techniques – Autoregressive (AR), Moving Average (MA), Autoregressive Integrated Moving Average (ARIMA), and Exponential Smoothing.

  • The academic context of this study is set in the background of cybersecurity and software vulnerability disclosures. It makes the chapter a unique topic for researchers.

  • The chapter will aid students to solve forecasting problems dealing with various Information Security issues – virus attacks, malware, and data breaches.

  • Throughout the chapter, we extensively use R to model the forecasting problems for our analysis. R is a freeware, open-source language and commonly used to analyze statistical research problems.

  • In a real business scenario, the organization needs to minimize the IT risk of future software breaches and exploits. A proactive way of doing this involves the selection and use of software with common functionality but lowest vulnerability count among a set of available players in the market. Time-series forecasting methods proposed in this chapter will help academicians as well as top management in organizations to achieve this goal.


2. Introduction And Motivation

Security vulnerabilities are weaknesses that are resident in each software through which attackers can intrude into the IT systems and cause severe damage to the users. Often hackers exploit publicly disclosed vulnerabilities by targeting information systems, which lead to severe financial losses in those organizations (Telang & Wattal, 2007). The Common Vulnerabilities and Exposures (CVE) Project jointly with the US National Vulnerability Database (NVD) acts as a ready repository for publicly reported software vulnerabilities. While there were only 900 publicly reported vulnerabilities till 1999, a drastic increase in their disclosure each year has led to more than 82,000 CVEs reported in the NVD till date1. The year 2017 is witnessing a massive rise in the number of vulnerability exploits with maximum exposure count of more than 5400 till May, compared to 6400 for the entire year of 2015 and 2016. Figure 1 reports the approximate annual number of security vulnerabilities till date.

Figure 1.

Disclosed vulnerabilities by year: 1999-2017


2.1 What Is the Impact of Vulnerability Disclosure to Organizations?

Apart from regular application software and OS customers, recent attackers are targeting users on contemporary technology platforms such as cloud, mobile OS, and Internet-of-Things (I-o-T). The number of public Android OS vulnerabilities has increased from 89 in 2015 to 316 in 20162. The series of distributed denial-of-service (DDoS) attacks by Mirai botnet in October 2016 were executed through hacking CCTV cameras and I-o-T devices3. Attackers have also targeted Amazon Cloud and exploited vulnerabilities in Elastic Search through Backdoor.Linux.Mayday.g.4 These incidents confirm that top OS vendors and application software firms are the most affected through vulnerability exploits5. Hence, accurate prediction of public vulnerability exposures is of utmost importance to their businesses. Organizational initiatives such as the HP Tipping Point Zero Day (ZDI)6 promote responsible reporting of vulnerabilities. Further, existing studies endorse that publicly disclosed vulnerabilities are responsible for increased software attacks (Arora et al., 2006; Arora et al., 2008). Patching policies of firms can change with their severity, nature of software platform, and the market announcement of leaks (Arora et al., 2010). Software popularity also impacts the overall adoption among both white and black users, thereby increasing the susceptibility (Alhazmi et al., 2007; Ruohonen et al., 2015). Herein lies the importance of vulnerability estimation techniques and accurate forecasting.

Complete Chapter List

Search this Book: