Modeling Security Vulnerabilities Using Chaos Theory: Discovering Order, Structure, and Patterns from Chaotic Behavior in Complex Systems

Traditional analysis of events has used linear methods, however many phenomena are not adequately modeled using traditional linear principles. Because scientific problem solving strategies have been largely based on reductionism, events may go un-modeled and appear to lack order, structure, or “patternability”. This paper employs chaos theory to analyze security vulnerability announcements. It demonstrates that there might be an underlying pattern to seemingly random events. Determining this pattern can lead to a better understanding of the order and structure of vulnerability frequency.

[1]  J. Sprott Chaos and time-series analysis , 2001 .

[2]  W. Feller The Asymptotic Distribution of the Range of Sums of Independent Random Variables , 1951 .

[3]  Michael J. Stutzer,et al.  Chaotic dynamics and bifurcation in a macro model , 1980 .

[4]  B. Mandelbrot,et al.  Fractional Brownian Motions, Fractional Noises and Applications , 1968 .

[5]  R. Landauer,et al.  Thinking in Complexity: The Complex Dynamics of Matter, Mind, and Mankind , 1995 .

[6]  A. Lo Long-Term Memory in Stock Market Prices , 1989 .

[7]  Diana Richards,et al.  Is strategic decision making chaotic , 1990 .

[8]  R. Power CSI/FBI computer crime and security survey , 2001 .

[9]  Alexander M. Goulielmos,et al.  Marine accident prevention: an evaluation of the ISM code by the fundamentals of the complexity theory , 2002 .

[10]  Alexandros M. Goulielmos Complexity theory applied to management of shipping companies , 2002 .

[11]  A. Malliaris,et al.  Searching for Fractal Structure in Agricultural Futures Markets , 1997 .

[12]  B. Mandelbrot Stochastic models for the Earth's relief, the shape and the fractal dimension of the coastlines, and the number-area rule for islands. , 1975, Proceedings of the National Academy of Sciences of the United States of America.

[13]  Robert M. May,et al.  Simple mathematical models with very complicated dynamics , 1976, Nature.

[14]  James W. Begun,et al.  Chaos and Complexity , 1994 .

[15]  V. I. Oseledec A multiplicative ergodic theorem: Lyapunov characteristic num-bers for dynamical systems , 1968 .

[16]  David N. Nawrocki R/S Analysis and Long Term Dependence in Stock Market Indices , 1995 .