Big data for cybersecurity: Vulnerability disclosure trends and dependencies

Ming Jian Tang*, Mamoun Alazab, Yuxiu Luo

*Corresponding author for this work

    Research output: Contribution to journalArticlepeer-review

    112 Citations (Scopus)

    Abstract

    Complex Big Data systems in modern organisations are progressively becoming attack targets by existing and emerging threat agents. Elaborate and specialised attacks will increasingly be crafted to exploit vulnerabilities and weaknesses. With the ever-increasing trend of cybercrime and incidents due to these vulnerabilities, effective vulnerability management is imperative for modern organisations regardless of their size. However, organisations struggle to manage the sheer volume of vulnerabilities discovered on their networks. Moreover, vulnerability management tends to be more reactive in practice. Rigorous statistical models, simulating anticipated volume and dependence of vulnerability disclosures, will undoubtedly provide important insights to organisations and help them become more proactive in the management of cyber risks. By leveraging the rich yet complex historical vulnerability data, our proposed novel and rigorous framework has enabled this new capability. By utilising this sound framework, we initiated an important study on not only handling persistent volatilities in the data but also further unveiling multivariate dependence structure amongst different vulnerability risks. In sharp contrast to the existing studies on univariate time series, we consider the more general multivariate case striving to capture their intriguing relationships. Through our extensive empirical studies using the real world vulnerability data, we have shown that a composite model can effectively capture and preserve long-term dependency between different vulnerability and exploit disclosures. In addition, the paper paves the way for further study on the stochastic perspective of vulnerability proliferation towards building more accurate measures for better cyber risk management as a whole.

    Original languageEnglish
    Article number7968482
    Pages (from-to)635-647
    Number of pages13
    JournalIEEE Transactions on Big Data
    Volume5
    Issue number3
    DOIs
    Publication statusPublished - 1 Jul 2019

    Fingerprint

    Dive into the research topics of 'Big data for cybersecurity: Vulnerability disclosure trends and dependencies'. Together they form a unique fingerprint.

    Cite this