The object of this study is to propose a statistical model for predicting the Expected Path Length\n(expected number of steps the attacker will take, starting from the initial state to compromise the\nsecurity goalââ?¬â?EPL) in a cyber-attack. The model we developed is based on utilizing vulnerability\ninformation along with having host centric attack graph. Utilizing the developed model, one can\nidentify the interaction among the vulnerabilities and individual variables (risk factors) that drive\nthe Expected Path Length. Gaining a better understanding of the relationship between vulnerabilities\nand their interactions can provide security administrators a better view and an understanding\nof their security status. In addition, we have also ranked the attributable variables and their\ncontribution in estimating the subject length. Thus, one can utilize the ranking process to take\nprecautions and actions to minimize Expected Path Length.
Loading....