Prediction Model for Tendencies in Cybersecurity

Name
Erik Räni
Abstract
Vulnerability disclosure time series data have been previously used to estimate some values in the future. A literature review revealed that researchers have not focused on forecasting the mean Common Vulnerability Scoring System (CVSS) severity scores of Common Weakness Enumeration (CWE) vulnerability types. This could be a problem for software risk management analysts because not knowing the vulnerability categories' upcoming severity scores could result in less accurate risk level assessments. This thesis project provides an R package that addresses the problem. It is eventually used to forecast mean monthly CVSS scores of the year 2018. MAE, RMSE, MAPE and MASE are used to evaluate the accuracy of the forecasts for the years 2016 and 2017. These measures help to choose between the models. Thirteen different types of models are considered when generating the forecasts of 2018 for a subset of 34 CWEs. According to point forecasts, ten CWEs are expected to have "High" severity in 2018.
Graduation Thesis language
English
Graduation Thesis type
Master - Software Engineering
Supervisor(s)
Justinas Janulevičius, Raimundas Matulevičius
Defence year
2018
 
PDF