CONFERENCE PROCEEDINGS
Advanced Search
Home > Proceedings > Volume 10184 > Article
Presentation + Paper
5 May 2017 Vulnerability survival analysis: a novel approach to vulnerability management
Katheryn A. Farris, John Sullivan, George Cybenko
Author Affiliations +
Proceedings Volume 10184, Sensors, and Command, Control, Communications, and Intelligence (C3I) Technologies for Homeland Security, Defense, and Law Enforcement Applications XVI; 101840H (2017) https://doi.org/10.1117/12.2266378
Event: SPIE Defense + Security, 2017, Anaheim, CA, United States
Abstract
Computer security vulnerabilities span across large, enterprise networks and have to be mitigated by security engineers on a routine basis. Presently, security engineers will assess their “risk posture” through quantifying the number of vulnerabilities with a high Common Vulnerability Severity Score (CVSS). Yet, little to no attention is given to the length of time by which vulnerabilities persist and survive on the network. In this paper, we review a novel approach to quantifying the length of time a vulnerability persists on the network, its time-to-death, and predictors of lower vulnerability survival rates. Our contribution is unique in that we apply the cox proportional hazards regression model to real data from an operational IT environment. This paper provides a mathematical overview of the theory behind survival analysis methods, a description of our vulnerability data, and an interpretation of the results.
Conference Presentation
© (2017) COPYRIGHT Society of Photo-Optical Instrumentation Engineers (SPIE). Downloading of the abstract is permitted for personal use only.
Citation Download Citation
Katheryn A. Farris, John Sullivan, and George Cybenko "Vulnerability survival analysis: a novel approach to vulnerability management", Proc. SPIE 10184, Sensors, and Command, Control, Communications, and Intelligence (C3I) Technologies for Homeland Security, Defense, and Law Enforcement Applications XVI, 101840H (5 May 2017); https://doi.org/10.1117/12.2266378
ACCESS THE FULL ARTICLE
ORGANIZATIONAL
Sign in with credentials provided by your organization.
INSTITUTIONAL
Select your institution to access the SPIE Digital Library.
SELECT YOUR INSTITUTION
PERSONAL
Sign in with your SPIE account to access your personal subscriptions or to use specific features such as save to my library, sign up for alerts, save searches, etc.
PERSONAL SIGN IN
No SPIE Account? Create one
PURCHASE THIS CONTENT
SUBSCRIBE TO DIGITAL LIBRARY
50 downloads per 1-year subscription
Members: $195
Non-members: $335 ADD TO CART
25 downloads per 1 - year subscription
Members: $145
Non-members: $250 ADD TO CART
PURCHASE SINGLE ARTICLE
Includes PDF, HTML & Video, when available
Members: $17.00
Non-members: $21.00 ADD TO CART
PROCEEDINGS
 14 PAGES + PRESENTATION
DOWNLOAD PAPER SAVE TO MY LIBRARY
WATCH
PRESENTATION
GET CITATION
Advertisement
Advertisement
RIGHTS & PERMISSIONS
Get copyright permission  Get copyright permission on Copyright Marketplace
KEYWORDS
Operating systems
Hazard analysis
Data modeling
Analytical research
Computer security
Statistical analysis
Databases
RELATED CONTENT
Subscribe to Digital Library
Receive Erratum Email Alert
Back to Top