ghyanAbstract: Quantification of Software Exploitability with a Bayesian Cognitive Approach

Computer hackers or their malware surrogates constantly look for software vulnerabilities in the cyberspace to perform various online crimes, such as identity theft, cyber espionage, and denial of service attacks. It is thus crucial to assess accurately the likelihood that a software can be exploited before it is put into practical use. In this work, we propose a cognitive framework that uses Bayesian reasoning as its first principle to quantify software exploitability. Our framework combines the evaluator’s prior beliefs gained from static program analysis with her empirical observations from dynamic exploitability tests in an organic manner. We will show some preliminary results from this research project.


Guanhua Yan received the PhD degree in Computer Science from Dartmouth College, Hanover, New Hampshire, in 2005. From 2003 to 2005, he was a visiting graduate student in the Coordinated Science Laboratory at the University of Illinois at Urbana-Champaign. After working at Los Alamos National Laboratory in New Mexico for nine years, first as Research Associate and then Research Scientist, he joined Binghamton University, State University of New York as an Assistant Professor in 2014. His current research interests lie in development of principled solutions to automating cyber defenses.