Data-driven cyber-vulnerability maintenance policies

Anthony Afful-Dadzie, Theodore T. Allen

Research output: Contribution to journalArticlepeer-review

19 Citations (Scopus)


The frequencies of cyber attacks and known cyber vulnerabilities continue to increase and there is a need for models to focus limited administrator attention and build cases for additional resources. A related challenge is the scarcity of available data partly because of security concerns. In this paper, we propose a method based on Markov decision processes (MDP) for the generation and graphical evaluation of relevant maintenance policies for cases with limited data availability. The proposed method also provides an estimate of the cost benefit of collecting additional data. Both Bayesian and non-Bayesian formulations of the transition probabilities and cost models are considered. We apply the proposed method to a realworld cyber-vulnerability dataset and generate specific guidance and cost predictions. We also illustrate the relevance of the proposed method to general MDP modeling using a numerical example involving three levels of data scarcity.

Original languageEnglish
Pages (from-to)234-250
Number of pages17
JournalJournal of Quality Technology
Issue number3
Publication statusPublished - Jul 2014
Externally publishedYes


  • Action clarification
  • Cyber attacks
  • Markov-decision processes
  • Model-uncertainty


Dive into the research topics of 'Data-driven cyber-vulnerability maintenance policies'. Together they form a unique fingerprint.

Cite this