Skip to Main Content
 

Global Search Box

 
 
 
 

Files

File List


Thesis_Enhao Liu.pdf (1.3 MB)

ETD Abstract Container

Abstract Header

Logistic Regression Model for Predicting Warning “Incident” Rates and Implications for the Common Vulnerability Scoring System

Liu, Enhao
http://rave.ohiolink.edu/etdc/view?acc_num=osu1494008131762435

Abstract Details

2017, Master of Science, Ohio State University, Industrial and Systems Engineering.
Sophisticated cyber attackers exploit vulnerabilities to access restricted information. It is critical for cyber security administrator to reveal the associations among vulnerabilities and attacks. Since attacks are rare events, a more general class of cyber security events might be called “warnings” which might be viewed as one type of “incident” and which usually involve no data breach. Yet, even with a warning there are generally significant expenses for investigation and resolution. The purpose of this thesis is to provide a statistic model to analyze what vulnerability factors significantly affect warnings, and to predict the probability of incidents on hosts according to real-world data. The warning incident events are dichotomous outcomes. To fit the binary logistic regression model, there are a number of data preparation steps including aggregation and imputation. By converting vulnerability-based data to host-based data which covers all the information related to the cyber environment factors, the logistic regression model is conducted to evaluate the associations among these factors and warning incidents. After a series of statistical diagnostics conducted to validate the proposed model, the analyses of effects of factors on the probability of waring incidents are presented. Specifically, the worst severity level of vulnerabilities on a host measured by Common Vulnerability Scoring System is found to significantly predict outcomes along with several other variables relevant to clarifying the system state. The resulting models and other factors which including operating system, host type and the mode of management offer important implications for cyber security professionals and for the Common Vulnerability Scoring System itself.
Theodore Allen (Advisor)
Cathy Xia (Committee Member)
60 p.
Industrial Engineering

Recommended Citations

Citations

  • Liu, E. (2017). Logistic Regression Model for Predicting Warning “Incident” Rates and Implications for the Common Vulnerability Scoring System [Master's thesis, Ohio State University]. OhioLINK Electronic Theses and Dissertations Center. http://rave.ohiolink.edu/etdc/view?acc_num=osu1494008131762435

    APA Style (7th edition)

  • Liu, Enhao. Logistic Regression Model for Predicting Warning “Incident” Rates and Implications for the Common Vulnerability Scoring System. 2017. Ohio State University, Master's thesis. OhioLINK Electronic Theses and Dissertations Center, http://rave.ohiolink.edu/etdc/view?acc_num=osu1494008131762435.

    MLA Style (8th edition)

  • Liu, Enhao. "Logistic Regression Model for Predicting Warning “Incident” Rates and Implications for the Common Vulnerability Scoring System." Master's thesis, Ohio State University, 2017. http://rave.ohiolink.edu/etdc/view?acc_num=osu1494008131762435

    Chicago Manual of Style (17th edition)

osu1494008131762435
1,263
© 2017, some rights reserved.Creative Commons License Logistic Regression Model for Predicting Warning “Incident” Rates and Implications for the Common Vulnerability Scoring System by Enhao Liu is licensed under a Creative Commons Attribution-NonCommercial-NoDerivs 3.0 Unported License. Based on a work at etd.ohiolink.edu.
This open access ETD is published by The Ohio State University and OhioLINK.