Estimating Economic Loss by S/W Vulnerability

Min-jeong Kim, Jinho Yoo


These days a lot of cyber attacks are exploiting the vulnerabilities of S/W. According to the trend of vulnerabilities is announced periodically, security directions are suggested and security controls are updated with this trend. Nevertheless, cyber attacks like hacking during the year 2011 are increased by 81% compared to 2010. About 75% of these cyber attacks are exploiting the vulnerabilities of S/W itself. In this paper, we have suggested a VIR model, which is a spread model of malware infection for measuring economic loss by S/W vulnerability, by applying the SIR model which is a epidemic model. It is applied to estimate economic loss by HWP(Hangul word) S/W vulnerabilities.

Full Text:



Chen, Z., “Worm propagation models,” Mathematics Awareness Month : Mathematics and Internet Security Theme Essays, 2006.

Chen, Zesheng, Lixin Gao, and Kevin Kwiat, “Modeling the spread of active worms,” INFOCOM 2003, Twenty-Second Annual Joint Conference of the IEEE Computer and Communications, IEEE Societies, Vol. 3, IEEE, 2003.

Lee, H. W., “On officeSW company beyond the Hanword,”, 2010. 03. 09, available :

Lim, J.-M. and C.-H. Yoon, “Modeling and Network Simulator Implementation for analyzing Slammer Worm Propagation Process, Modeling and Network Simulator Implementation for analyzing Slammer Worm Propagation Process,” Vol. 32, No. 5, pp. 277-285, 2007.

Kim, J. Y. and Lee, S. H., “PC/Mobile Market,” Mirae Asset, Company Insights, 2011.

Kermack William O., and Anderson G. McKendrick, “Contribution to the mathematical theory of epidemics,” Proc. of The Royal Society of London. Series A, Vol. 115, No. 700, 1927.

Korea Information Security Agency, Development of Information Security Forecast Algorithm and Model, KISA-WP- 2009-0025, 2009.

Microsoft, Security Intelligence Report, Vol. 16.

Microsoft, Security Intelligence Report Special Edition 10 Year Review, 2012.

Ministry of public administration and security, SW security vulnerable point diagnosis Guide for E-Government SW development security diagnostician, 11- 1311000-000395-14, 2012.

NIST, The Economic Impacts of Inadequate Infrastructure for Software Testing, 2002.

Lee, S. G., Ko, R. Y., and Lee, J. H., “Mathematical Modelling of the H1N1 Influenza,” Journal of the Korean Society of Mathematical Education Series E : Communications of mathematical education, Vol. 24, No. 4, pp. 877-889, 2010.

Hwang, S.-O., “A Methodology for Security Vulnerability Assessment Process on Binary Code,” JIWIT, Vol. 12, No. 5, pp. 237-242, 2012.

Lim, S. S., Kwak, N. J., and Jung, K. M., “Tipping Point Analysis of SIR Model in Social Networks with Heterogeneous Contact Rates,” 2011.

Park, Y.-J. and Park, E.-J., “A Study on an Estimation of Adjusted Coefficient for the Maintenance of Information Security Software in Korea Industry,” The Journal of Society for e-Business Studies, Vol. 16, No. 4, pp. 109- 123, 2011.

Yukyong Kim, and Doh, K.-G., “SOA Vulnerability Evaluation using Tun-Time Dependency Mesurement,” The Journal of Society for e-Business Studies, Vol. 16, No. 2, pp. 129-142, 2011.

Zou, Cliff Changchun, Weibo Gong, and Don Towsley, Code red worm propagation modeling and analysis, Proceedings of the 9th ACM conference on Computer and communications security, ACM, 2002.


  • There are currently no refbacks.