An Improved Stochastic Model for Cybersecurity Risk Assessment

Most of the existing solutions in cybersecurity analysis has been centered on identifying threats and vulnerabilities, and also providing suitable defense mechanisms to improve the robustness of the cyberspace network. These solutions lack effective capabilities to countermeasure the effect of risks and perform long-term prediction. In this paper, an improved risk assessment model for cyberspace security that will effectively predict and mitigate the consequences of risk was developed. Real-time vulnerabilities of a selected network were scanned and analysed and the ease of vulnerability exploitability was assessed. A Risk Assessment Model was formulated using the synergy of Absorbing Markov Chain and Markov Reward Model. The model was utilized to analyse cybersecurity state of the selected network. The proposed model was simulated using R- Statistical Package, and its performance was evaluated by benchmarking with an existing model, using Reliability and Availability as metrics. The result showed that the proposed model has higher reliability and availability over the existing model. This implied that there is a significant improvement in the assessment of security situations in a cyberspace network.

[1]  Yashwant K. Malaiya,et al.  A Framework for Software Security Risk Evaluation using the Vulnerability Lifecycle and CVSS Metrics , 2010 .

[2]  James R. Conrad,et al.  Analyzing the Risks of Information Security Investments with Monte-Carlo Simulations , 2005, WEIS.

[3]  M. Asif Khan,et al.  Cyber security quantification model , 2010, SIN.

[4]  Vilhelm Verendel,et al.  Quantified security is a weak hypothesis: a critical survey of results and assumptions , 2009, NSPW '09.

[5]  Akinyemi Bodunde Odunola,et al.  An Adaptive Decision-Support Model for Data Communication Network Security Risk Management , 2014 .

[6]  Vladimir Tigranovich Tsakanyan The role of cybersecurity in world politics , 2017 .

[7]  Nong Ye,et al.  A System-Fault-Risk Framework for cyber attack classification , 2006, Inf. Knowl. Syst. Manag..

[8]  Akinyemi Akinyemi,et al.  A Scalable Attack Graph Generation for Network Security Management , 2018 .

[9]  Pubudu Kalpani Kaluarachchi,et al.  Stochastic Modelling of Vulnerability Life Cycle and Security Risk Evaluation , 2016 .

[10]  Akinyemi Bodunde Odunola,et al.  Performance Prediction Model for Network Security Risk Management , 2015 .

[11]  Yashwant K. Malaiya,et al.  Defining and Assessing Quantitative Security Risk Measures Using Vulnerability Lifecycle and CVSS Metrics , 2011 .

[12]  Pubudu Kalpani Kaluarachchi,et al.  Cyber Security: Nonlinear Stochastic Models for Predicting the Exploitability , 2017 .

[13]  Zhong Chen,et al.  Evaluating Network Security With Two-Layer Attack Graphs , 2009, 2009 Annual Computer Security Applications Conference.

[14]  B O Akinyemi,et al.  System Simulation of a Bayesian Network-Based Performance Prediction Model for Data Communication Networks , 2018 .

[15]  Siv Hilde Houmb,et al.  Estimating ToE Risk Level Using CVSS , 2009, 2009 International Conference on Availability, Reliability and Security.

[16]  Scott Musman,et al.  A game theoretic approach to cyber security risk management , 2018 .

[17]  Miles McQueen,et al.  Quantitative Risk reduction estimation Tool For Control Systems, Suggested Approach and Research Needs , 2006 .

[18]  Suku Nair,et al.  Cyber Security Analytics: A Stochastic Model for Security Quantification Using Absorbing Markov Chains , 2014 .

[19]  Bernhard Plattner,et al.  Large-scale vulnerability analysis , 2006, LSAD '06.

[20]  Boniface Kayode Alese,et al.  A REVIEW OF GAME THEORY APPROACH TO CYBER SECURITY RISK MANAGEMENT , 2018 .

[21]  Eric Byres,et al.  The Industrial Security Incident Database the Changing Landscape – a Deceiving Trend Security Incidents and Trends in Scada and Process Industries (a) (b) , .