Searching Deterministic Chaotic Properties in System-Wide Vulnerability Datasets

Ioannis Tsantilis,Thomas K Dasaklis,Constantinos Patsakis,Christos Douligeris

doi:10.3390/informatics8040086

Abstract

Cybersecurity is a never-ending battle against attackers, who try to identify and exploit misconfigurations and software vulnerabilities before being patched. In this ongoing conflict, it is important to analyse the properties of the vulnerability time series to understand when information systems are more vulnerable. We study computer systems’ software vulnerabilities and probe the relevant National Vulnerability Database (NVD) time-series properties. More specifically, we show through an extensive experimental study based on the National Institute of Standards and Technology (NIST) database that the relevant systems software time series present significant chaotic properties. Moreover, by defining some systems based on open and closed source software, we compare their chaotic properties resulting in statistical conclusions. The contribution of this novel study is focused on the prepossessing stage of vulnerabilities time series forecasting. The strong evidence of their chaotic properties as derived by this research effort could lead to a deeper analysis to provide additional tools to their forecasting process.

Highlights

The probabilistic analysis of these results indicates that the prediction of vulnerability scores using a time series of vulnerability data is a promising approach with far-reaching implications for adopting proper security management measures
We present an example of the process of data collection from the National Vulnerability Database (NVD)
Using the methodology presented in [76] the following is observed: A map function is used as the basis to perform this investigation and the results show that while regular noise corresponds to H ≈ 0, the peak of this map function is related to the chaotic zone at H = 0.40 − 0.60 and with a steady gradient in between

Summary

Introduction

Publisher’s Note: MDPI stays neutral with regard to jurisdictional claims in published maps and institutional affiliations. Cyber attacks against information systems have considerably increased during the recent years. The attackers take advantage of a series of system-wide vulnerabilities that are present in operating systems, servers, and other software. A software vulnerability is defined as “a defect which enables an attacker to bypass security measures” [1]

Objectives

Methods

Findings

Discussion

Conclusion