Stopping Rules in Security Testing Using a Combined Logistic-MESAT (Compound Poisson) Approach
Susan J. Simmons, Mehmet Sahinoglu, James Matis
Informatics Institute, Auburn University, Montgomery, AL, United States; Mathematics and Statistics, University of North Carolina Wilmington, Wilmington, NC, United States; Statistics, Texas A & M University, College Station, TX, United States

The damage inflicted by security breaches in computer and communication networks as experienced by related businesses or government entities is measured in multiples of billions of dollars. The analysis of such malicious activities as to when to act at the right moment to assure cost efficiency and maximum security are of a paramount interest to computer scientists and risk analysts in addition to the business owners and their customers. This research topic opens new avenues in a very critical area of cyber-security defined to be 'stopping rules in security testing'. A new challenge to software testing lies in the concept of a monitored security testing and most essential cost-optimal time to stop testing. The MESAT software using the Compound Poisson (CP) processes is a powerful and reliable tool that provides a cost-effective stopping rule for security breaches. However, in order to utilize the full potential of the MESAT software, complete information on the total number of security breaches is needed. However, to continue testing until all security breaches have been determined would be counter-intuitive to an efficient stopping rule. We propose estimating the remainder of the breaches with a logistic curve that allows the MESAT software to provide a full cost analysis. This method is illustrated on a couple of real data sets showing the theory and applications of a strong technique to solve a timely problem.

Keywords: Logistic regression; Compound Poisson; Security testing; MESAT

Biography: Dr. Susan Simmons is an Associate Professor and the Assistant Chair in the Department of Mathematics and Statistics at the University of North Carolina Wilmington. Dr. Simmons received her PhD in Statistics from the University of South Carolina (2002) under the direction of Dr. Walter Piegorsch. Dr. Simmons' research interest is in the area of risk assessment in toxicology and trustworthy computing, and she is an Associate Editor of Environmetrics. She is the Chair of the Section of Risk Analysis in the American Statistical Association.