A Novel Architecture for Predictive CyberSecurity Using Non-homogenous Markov Models

Evaluating the security of an enterprise is an important step towards securing its system and resources. However existing research provide limited insight into understanding the impact attacks have on the overall security goals of an enterprise. We still lack effective techniques to accurately measure the predictive security risk of an enterprise taking into account the dynamic attributes associated with vulnerabilities that can change over time. It is therefore critical to establish an effective cyber-security analytics strategy to minimize risk and protect critical infrastructure from external threats before it even starts. In this paper we present an integrated view of security for computer networks within an enterprise, understanding threats and vulnerabilities, performing analysis to evaluate the current as well as future security situation of an enterprise to address potential situations. We formally define a non-homogeneous Markov model for quantitative security evaluation using Attack Graphs which incorporates time dependent covariates, namely the vulnerability age and the vulnerability discovery rate to help visualize the future security state of the network leading to actionable knowledge and insight. We present experimental results from applying this model on a sample network to demonstrate the practicality of our approach.