Cybersecurity: A Statistical Predictive Model for the Expected Path Length
Cybersecurity: A Statistical Predictive Model for the Expected Path Length

Kaluarachchi, P.K., Tsokos, C.P. and Rajasooriya, S.M. (2016) Cybersecurity: A Statistical Predictive Model for the Expected Path Length. Journal of Information Security, 7, 112-128.


“The object of this study is to propose a statistical model for predicting the Expected Path Length (expected number of steps the attacker will take, starting from the initial state to compromise the security goal—EPL) in a cyber-attack. The model we developed is based on utilizing vulnerability information along with having host centric attack graph. Utilizing the developed model, one can identify the interaction among the vulnerabilities and individual variables (risk factors) that drive the Expected Path Length. Gaining a better understanding of the relationship between vulnerabilities and their interactions can provide security administrators a better view and an understanding of their security status. In addition, we have also ranked the attributable variables and their contribution in estimating the subject length. Thus, one can utilize the ranking process to take precautions and actions to minimize Expected Path Length.”

2.1.5. Cyber Situational Awareness

“Tim Bass [9] first introduced this concept and this is the immediate knowledge of friendly, adversary and other relevant information regarding activities in and through cyberspace and the Electromagnetic Spectrum (EMS). It is obtained from a combination of intelligence and operational activity in cyberspace, the EMS, and in the other domains, both unilaterally and through collaboration with our unified action and public-private partners.”

“Cyber situational awareness is the capability that helps security analysts and decision makers:”

  • “Visualize and understand the current state of the IT infrastructure, as well as the defensive posture of the IT environment.
  • Identify what infrastructure components are important to complete key functions.
  • Understand the possible actions an adversary could undertake to damage critical IT infrastructure components.
  • Determine where to look for key indicators of malicious activity”

Download and read full text in PDF here.