IDEAS home Printed from https://ideas.repec.org/a/eee/reensy/v176y2018icp52-61.html
   My bibliography  Save this article

Multivariate models using MCMCBayes for web-browser vulnerability discovery

Author

Listed:
  • Johnston, Reuben
  • Sarkani, Shahryar
  • Mazzuchi, Thomas
  • Holzer, Thomas
  • Eveleigh, Timothy

Abstract

Vulnerabilities that enable well-known exploit techniques are preventable, but their public discovery continues in software. Vulnerability discovery modeling (VDM) techniques were proposed to assist managers with decisions, but do not include influential variables describing the software release (SR) (e.g., code size and complexity characteristics) and security assessment profile (SAP) (e.g., security team size or skill). Consequently, they have been limited to modeling discoveries over time for SR and SAP scenarios of unique products, whose results are not readily comparable without making assumptions that equate all SR and SAP combinations under study. This article introduces a groundbreaking capability that allows forecasting expected discoveries over time for arbitrary SR and SAP combinations, thus enabling managers to better understand the effects of influential variables they control on the phenomenon. To do this, we use variables that describe arbitrary SR and SAP combinations and construct VDM extensions that parametrically scale results from a defined baseline SR and SAP to the arbitrary SR and SAP of interest. Scaling parameters are estimated using expert judgment data gathered with a novel pairwise comparison approach. These data are then used to demonstrate predictions and how multivariate VDM techniques could be used by software-makers.

Suggested Citation

  • Johnston, Reuben & Sarkani, Shahryar & Mazzuchi, Thomas & Holzer, Thomas & Eveleigh, Timothy, 2018. "Multivariate models using MCMCBayes for web-browser vulnerability discovery," Reliability Engineering and System Safety, Elsevier, vol. 176(C), pages 52-61.
    • Handle: RePEc:eee:reensy:v:176:y:2018:i:c:p:52-61
    DOI: 10.1016/j.ress.2018.03.024
    as

    Download full text from publisher

    File URL: http://www.sciencedirect.com/science/article/pii/S0951832017313856
    Download Restriction: Full text for ScienceDirect subscribers only
    File URL: https://libkey.io/10.1016/j.ress.2018.03.024?utm_source=ideas
    LibKey link: if access is restricted and if your library uses this service, LibKey will redirect you to where you can use your library subscription to access this item
    ---><---

    As the access to this document is restricted, you may want to search for a different version of it.

    References listed on IDEAS

    as
    1. N. Friel & A. N. Pettitt, 2008. "Marginal likelihood estimation via power posteriors," Journal of the Royal Statistical Society Series B, Royal Statistical Society, vol. 70(3), pages 589-607, July.
    2. Szwed, P. & Dorp, J. Rene van & Merrick, J.R.W. & Mazzuchi, T.A. & Singh, A., 2006. "A Bayesian paired comparison approach for relative accident probability assessment with covariate information," European Journal of Operational Research, Elsevier, vol. 169(1), pages 157-177, February.
    3. Refik Soyer & M. Murat Tarimcilar, 2008. "Modeling and Analysis of Call Center Arrival Data: A Bayesian Approach," Management Science, INFORMS, vol. 54(2), pages 266-278, February.
    Full references (including those not matched with items on IDEAS)

    Citations

    Citations are extracted by the CitEc Project, subscribe to its RSS feed for this item.
    as


    Cited by:

    1. Johnston, Reuben & Sarkani, Shahryar & Mazzuchi, Thomas & Holzer, Thomas & Eveleigh, Timothy, 2019. "Bayesian-model averaging using MCMCBayes for web-browser vulnerability discovery," Reliability Engineering and System Safety, Elsevier, vol. 183(C), pages 341-359.

    Most related items

    These are the items that most often cite the same works as this one and are cited by the same works as this one.
    1. Xing Ju Lee & Christopher C. Drovandi & Anthony N. Pettitt, 2015. "Model choice problems using approximate Bayesian computation with applications to pathogen transmission data sets," Biometrics, The International Biometric Society, vol. 71(1), pages 198-207, March.
    2. Cameron Roach & Rob Hyndman & Souhaib Ben Taieb, 2021. "Non‐linear mixed‐effects models for time series forecasting of smart meter demand," Journal of Forecasting, John Wiley & Sons, Ltd., vol. 40(6), pages 1118-1130, September.
    3. Jeong Eun Lee & Christian Robert, 2013. "Imortance Sampling Schemes for Evidence Approximation in Mixture Models," Working Papers 2013-42, Center for Research in Economics and Statistics.
    4. Will Penny & Biswa Sengupta, 2016. "Annealed Importance Sampling for Neural Mass Models," PLOS Computational Biology, Public Library of Science, vol. 12(3), pages 1-25, March.
    5. Kinshuk Jerath & Anuj Kumar & Serguei Netessine, 2015. "An Information Stock Model of Customer Behavior in Multichannel Customer Support Services," Manufacturing & Service Operations Management, INFORMS, vol. 17(3), pages 368-383, July.
    6. Antão, P. & Sun, S. & Teixeira, A.P. & Guedes Soares, C., 2023. "Quantitative assessment of ship collision risk influencing factors from worldwide accident and fleet data," Reliability Engineering and System Safety, Elsevier, vol. 234(C).
    7. Spezia, L. & Cooksley, S.L. & Brewer, M.J. & Donnelly, D. & Tree, A., 2014. "Modelling species abundance in a river by Negative Binomial hidden Markov models," Computational Statistics & Data Analysis, Elsevier, vol. 71(C), pages 599-614.
    8. Vitoratou, Silia & Ntzoufras, Ioannis & Moustaki, Irini, 2016. "Explaining the behavior of joint and marginal Monte Carlo estimators in latent variable models with independence assumptions," LSE Research Online Documents on Economics 57685, London School of Economics and Political Science, LSE Library.
    9. James W. Taylor, 2012. "Density Forecasting of Intraday Call Center Arrivals Using Models Based on Exponential Smoothing," Management Science, INFORMS, vol. 58(3), pages 534-549, March.
    10. René Bekker & Dennis Moeke & Bas Schmidt, 2019. "Keeping pace with the ebbs and flows in daily nursing home operations," Health Care Management Science, Springer, vol. 22(2), pages 350-363, June.
    11. Spezia, Luigi, 2020. "Bayesian variable selection in non-homogeneous hidden Markov models through an evolutionary Monte Carlo method," Computational Statistics & Data Analysis, Elsevier, vol. 143(C).
    12. Kiygi-Calli, Meltem & Weverbergh, Marcel & Franses, Philip Hans, 2021. "Forecasting time-varying arrivals: Impact of direct response advertising on call center performance," Journal of Business Research, Elsevier, vol. 131(C), pages 227-240.
    13. AWLP Thilan & P Menéndez & JM McGree, 2023. "Assessing the ability of adaptive designs to capture trends in hard coral cover," Environmetrics, John Wiley & Sons, Ltd., vol. 34(6), September.
    14. Mustafa Akan & Bar{i}c{s} Ata & Martin A. Lariviere, 2011. "Asymmetric Information and Economies of Scale in Service Contracting," Manufacturing & Service Operations Management, INFORMS, vol. 13(1), pages 58-72, September.
    15. Elaine A. Ferguson & Jason Matthiopoulos & Robert H. Insall & Dirk Husmeier, 2017. "Statistical inference of the mechanisms driving collective cell movement," Journal of the Royal Statistical Society Series C, Royal Statistical Society, vol. 66(4), pages 869-890, August.
    16. Suyi Li & Qiang Meng & Xiaobo Qu, 2012. "An Overview of Maritime Waterway Quantitative Risk Assessment Models," Risk Analysis, John Wiley & Sons, vol. 32(3), pages 496-512, March.
    17. Joshua C. C. Chan & Liana Jacobi & Dan Zhu, 2022. "An automated prior robustness analysis in Bayesian model comparison," Journal of Applied Econometrics, John Wiley & Sons, Ltd., vol. 37(3), pages 583-602, April.
    18. Luigi Spezia & Andy Vinten & Roberta Paroli & Marc Stutter, 2021. "An evolutionary Monte Carlo method for the analysis of turbidity high‐frequency time series through Markov switching autoregressive models," Environmetrics, John Wiley & Sons, Ltd., vol. 32(8), December.
    19. Kaan Kuzu & Refik Soyer, 2018. "Bayesian modeling of abandonments in ticket queues," Naval Research Logistics (NRL), John Wiley & Sons, vol. 65(6-7), pages 499-521, September.
    20. Viktor DOLIA & Irina ENGLEZI, 2015. "Determine the safe transport of dangerous goods route," Transport Problems, Silesian University of Technology, Faculty of Transport, vol. 10(1), pages 31-44, March.

    Corrections

    All material on this site has been provided by the respective publishers and authors. You can help correct errors and omissions. When requesting a correction, please mention this item's handle: RePEc:eee:reensy:v:176:y:2018:i:c:p:52-61. See general information about how to correct material in RePEc.

    If you have authored this item and are not yet registered with RePEc, we encourage you to do it here. This allows to link your profile to this item. It also allows you to accept potential citations to this item that we are uncertain about.

    If CitEc recognized a bibliographic reference but did not link an item in RePEc to it, you can help with this form .

    If you know of missing items citing this one, you can help us creating those links by adding the relevant references in the same way as above, for each refering item. If you are a registered author of this item, you may also want to check the "citations" tab in your RePEc Author Service profile, as there may be some citations waiting for confirmation.

    For technical questions regarding this item, or to correct its authors, title, abstract, bibliographic or download information, contact: Catherine Liu (email available below). General contact details of provider: https://www.journals.elsevier.com/reliability-engineering-and-system-safety .

    Please note that corrections may take a couple of weeks to filter through the various RePEc services.

    IDEAS is a RePEc service. RePEc uses bibliographic data supplied by the respective publishers.