Poster: Understanding The Hidden Cost Of Software Vulnerabilities: Measurements And Predictions

Creator

Afsah Anwar, University of Central Florida
Aminollah Khormali, University of Central Florida
Aziz Mohaisen, University of Central Florida

Keywords

NVD; Prediction; Vulnerability Economics

Abstract

In this work, we study the hidden cost of software vulnerabilities reported in the National Vulnerability Database (NVD) through stock price analysis. We perform a high-fidelity data augmentation to ensure data reliability for estimating vulnerability disclosure dates as a baseline for assessing software vulnerabilities' implication. We further build a model for stock price prediction using the NARX Neural Network model to estimate the effect of vulnerability disclosure on the stock price. Compared to prior work, which relies on linear regression models, our approach is shown to provide better accuracy. Our analysis shows that the effect of vulnerabilities on vendors varies, and greatly depends on the specific industry.

Publication Date

5-29-2018

Publication Title

ASIACCS 2018 - Proceedings of the 2018 ACM Asia Conference on Computer and Communications Security

Number of Pages

793-795

Document Type

Article; Proceedings Paper

Personal Identifier

scopus

DOI Link

https://doi.org/10.1145/3196494.3201580

Copyright Status

Unknown

Socpus ID

85049155661 (Scopus)

Source API URL

https://api.elsevier.com/content/abstract/scopus_id/85049155661

STARS Citation

Anwar, Afsah; Khormali, Aminollah; and Mohaisen, Aziz, "Poster: Understanding The Hidden Cost Of Software Vulnerabilities: Measurements And Predictions" (2018). Scopus Export 2015-2019. 10554.
https://stars.library.ucf.edu/scopus2015/10554