IDEAS home Printed from https://ideas.repec.org/a/eee/reensy/v176y2018icp52-61.html
   My bibliography  Save this article

Multivariate models using MCMCBayes for web-browser vulnerability discovery

Author

Listed:
  • Johnston, Reuben
  • Sarkani, Shahryar
  • Mazzuchi, Thomas
  • Holzer, Thomas
  • Eveleigh, Timothy

Abstract

Vulnerabilities that enable well-known exploit techniques are preventable, but their public discovery continues in software. Vulnerability discovery modeling (VDM) techniques were proposed to assist managers with decisions, but do not include influential variables describing the software release (SR) (e.g., code size and complexity characteristics) and security assessment profile (SAP) (e.g., security team size or skill). Consequently, they have been limited to modeling discoveries over time for SR and SAP scenarios of unique products, whose results are not readily comparable without making assumptions that equate all SR and SAP combinations under study. This article introduces a groundbreaking capability that allows forecasting expected discoveries over time for arbitrary SR and SAP combinations, thus enabling managers to better understand the effects of influential variables they control on the phenomenon. To do this, we use variables that describe arbitrary SR and SAP combinations and construct VDM extensions that parametrically scale results from a defined baseline SR and SAP to the arbitrary SR and SAP of interest. Scaling parameters are estimated using expert judgment data gathered with a novel pairwise comparison approach. These data are then used to demonstrate predictions and how multivariate VDM techniques could be used by software-makers.

Suggested Citation

  • Johnston, Reuben & Sarkani, Shahryar & Mazzuchi, Thomas & Holzer, Thomas & Eveleigh, Timothy, 2018. "Multivariate models using MCMCBayes for web-browser vulnerability discovery," Reliability Engineering and System Safety, Elsevier, vol. 176(C), pages 52-61.
    • Handle: RePEc:eee:reensy:v:176:y:2018:i:c:p:52-61
    DOI: 10.1016/j.ress.2018.03.024
    as

    Download full text from publisher

    File URL: http://www.sciencedirect.com/science/article/pii/S0951832017313856
    Download Restriction: Full text for ScienceDirect subscribers only
    File URL: https://libkey.io/10.1016/j.ress.2018.03.024?utm_source=ideas
    LibKey link: if access is restricted and if your library uses this service, LibKey will redirect you to where you can use your library subscription to access this item
    ---><---

    As the access to this document is restricted, you may want to search for a different version of it.

    References listed on IDEAS

    as
    1. N. Friel & A. N. Pettitt, 2008. "Marginal likelihood estimation via power posteriors," Journal of the Royal Statistical Society Series B, Royal Statistical Society, vol. 70(3), pages 589-607, July.
    2. Szwed, P. & Dorp, J. Rene van & Merrick, J.R.W. & Mazzuchi, T.A. & Singh, A., 2006. "A Bayesian paired comparison approach for relative accident probability assessment with covariate information," European Journal of Operational Research, Elsevier, vol. 169(1), pages 157-177, February.
    3. Refik Soyer & M. Murat Tarimcilar, 2008. "Modeling and Analysis of Call Center Arrival Data: A Bayesian Approach," Management Science, INFORMS, vol. 54(2), pages 266-278, February.
    Full references (including those not matched with items on IDEAS)

    Citations

    Citations are extracted by the CitEc Project, subscribe to its RSS feed for this item.
    as


    Cited by:

    1. Johnston, Reuben & Sarkani, Shahryar & Mazzuchi, Thomas & Holzer, Thomas & Eveleigh, Timothy, 2019. "Bayesian-model averaging using MCMCBayes for web-browser vulnerability discovery," Reliability Engineering and System Safety, Elsevier, vol. 183(C), pages 341-359.

    Most related items

    These are the items that most often cite the same works as this one and are cited by the same works as this one.
    1. Xing Ju Lee & Christopher C. Drovandi & Anthony N. Pettitt, 2015. "Model choice problems using approximate Bayesian computation with applications to pathogen transmission data sets," Biometrics, The International Biometric Society, vol. 71(1), pages 198-207, March.
    2. Cameron Roach & Rob Hyndman & Souhaib Ben Taieb, 2021. "Non‐linear mixed‐effects models for time series forecasting of smart meter demand," Journal of Forecasting, John Wiley & Sons, Ltd., vol. 40(6), pages 1118-1130, September.
    3. Jeong Eun Lee & Christian Robert, 2013. "Imortance Sampling Schemes for Evidence Approximation in Mixture Models," Working Papers 2013-42, Center for Research in Economics and Statistics.
    4. Will Penny & Biswa Sengupta, 2016. "Annealed Importance Sampling for Neural Mass Models," PLOS Computational Biology, Public Library of Science, vol. 12(3), pages 1-25, March.
    5. Kinshuk Jerath & Anuj Kumar & Serguei Netessine, 2015. "An Information Stock Model of Customer Behavior in Multichannel Customer Support Services," Manufacturing & Service Operations Management, INFORMS, vol. 17(3), pages 368-383, July.
    6. Spezia, L. & Cooksley, S.L. & Brewer, M.J. & Donnelly, D. & Tree, A., 2014. "Modelling species abundance in a river by Negative Binomial hidden Markov models," Computational Statistics & Data Analysis, Elsevier, vol. 71(C), pages 599-614.
    7. Vitoratou, Silia & Ntzoufras, Ioannis & Moustaki, Irini, 2016. "Explaining the behavior of joint and marginal Monte Carlo estimators in latent variable models with independence assumptions," LSE Research Online Documents on Economics 57685, London School of Economics and Political Science, LSE Library.
    8. AWLP Thilan & P Menéndez & JM McGree, 2023. "Assessing the ability of adaptive designs to capture trends in hard coral cover," Environmetrics, John Wiley & Sons, Ltd., vol. 34(6), September.
    9. Mustafa Akan & Bar{i}c{s} Ata & Martin A. Lariviere, 2011. "Asymmetric Information and Economies of Scale in Service Contracting," Manufacturing & Service Operations Management, INFORMS, vol. 13(1), pages 58-72, September.
    10. Joshua C. C. Chan & Liana Jacobi & Dan Zhu, 2022. "An automated prior robustness analysis in Bayesian model comparison," Journal of Applied Econometrics, John Wiley & Sons, Ltd., vol. 37(3), pages 583-602, April.
    11. Viktor DOLIA & Irina ENGLEZI, 2015. "Determine the safe transport of dangerous goods route," Transport Problems, Silesian University of Technology, Faculty of Transport, vol. 10(1), pages 31-44, March.
    12. Goerlandt, Floris & Montewka, Jakub, 2015. "Maritime transportation risk analysis: Review and analysis in light of some foundational issues," Reliability Engineering and System Safety, Elsevier, vol. 138(C), pages 115-134.
    13. repec:dau:papers:123456789/5724 is not listed on IDEAS
    14. Landon, Joshua & Ruggeri, Fabrizio & Soyer, Refik & Murat Tarimcilar, M., 2010. "Modeling latent sources in call center arrival data," European Journal of Operational Research, Elsevier, vol. 204(3), pages 597-603, August.
    15. Zhang, Yifan & Fong, Duncan K.H. & DeSarbo, Wayne S., 2021. "A generalized ordinal finite mixture regression model for market segmentation," International Journal of Research in Marketing, Elsevier, vol. 38(4), pages 1055-1072.
    16. Fouskakis, Dimitris & Ntzoufras, Ioannis & Perrakis, Konstantinos, 2020. "Variations of power-expected-posterior priors in normal regression models," Computational Statistics & Data Analysis, Elsevier, vol. 143(C).
    17. Alzahrani, Naif & Neal, Peter & Spencer, Simon E.F. & McKinley, Trevelyan J. & Touloupou, Panayiota, 2018. "Model selection for time series of count data," Computational Statistics & Data Analysis, Elsevier, vol. 122(C), pages 33-44.
    18. Filippone, Maurizio & Sanguinetti, Guido, 2011. "Approximate inference of the bandwidth in multivariate kernel density estimation," Computational Statistics & Data Analysis, Elsevier, vol. 55(12), pages 3104-3122, December.
    19. Adam J. Branscum & Dunlei Cheng & J. Jack Lee, 2015. "Testing hypotheses about medical test accuracy: considerations for design and inference," Journal of Applied Statistics, Taylor & Francis Journals, vol. 42(5), pages 1106-1119, May.
    20. J. Dorp & Jason Merrick, 2011. "On a risk management analysis of oil spill risk using maritime transportation system simulation," Annals of Operations Research, Springer, vol. 187(1), pages 249-277, July.
    21. Drovandi, Christopher C. & McGree, James M. & Pettitt, Anthony N., 2013. "Sequential Monte Carlo for Bayesian sequentially designed experiments for discrete data," Computational Statistics & Data Analysis, Elsevier, vol. 57(1), pages 320-335.

    Corrections

    All material on this site has been provided by the respective publishers and authors. You can help correct errors and omissions. When requesting a correction, please mention this item's handle: RePEc:eee:reensy:v:176:y:2018:i:c:p:52-61. See general information about how to correct material in RePEc.

    If you have authored this item and are not yet registered with RePEc, we encourage you to do it here. This allows to link your profile to this item. It also allows you to accept potential citations to this item that we are uncertain about.

    If CitEc recognized a bibliographic reference but did not link an item in RePEc to it, you can help with this form .

    If you know of missing items citing this one, you can help us creating those links by adding the relevant references in the same way as above, for each refering item. If you are a registered author of this item, you may also want to check the "citations" tab in your RePEc Author Service profile, as there may be some citations waiting for confirmation.

    For technical questions regarding this item, or to correct its authors, title, abstract, bibliographic or download information, contact: Catherine Liu (email available below). General contact details of provider: https://www.journals.elsevier.com/reliability-engineering-and-system-safety .

    Please note that corrections may take a couple of weeks to filter through the various RePEc services.

    IDEAS is a RePEc service. RePEc uses bibliographic data supplied by the respective publishers.