Markov model of cyber attack life cycle triggered by software vulnerability

Abstract

Software vulnerability life cycles illustrate changes in detection processes of software vulnerabilities during using computer systems. Unfortunately, the detection can be made by cyber-adversaries and a discovered software vulnerability may be consequently exploited for their own purpose. The vulnerability may be exploited by cyber-criminals at any time while it is not patched. Cyber-attacks on organizations by exploring vulnerabilities are usually conducted through the processes divided into many stages. These cyber-attack processes in literature are called cyber-attack live cycles or cyber kill chains. The both type of cycles have their research reflection in literature but so far, they have been separately considered and modeled. This work addresses this deficiency by proposing a Markov model which combine a cyber-attack life cycle with an idea of software vulnerability life cycles. For modeling is applied homogeneous continuous time Markov chain theory.